Creating A Hwtacacs Scheme; Configuring Hwtacacs Authentication Servers - H3C S9500 Series Operation Manual

Operation Manual – AAA RADIUS HWTACACS
H3C S9500 Series Routing Switches
In the above configuration tasks, creating HWTACACS scheme and configuring
TACACS authentication/authorization server are required; all other tasks are optional
and you can determine whether to perform these configurations as needed.

1.4.1 Creating a HWTACACS Scheme

As aforementioned, HWTACACS protocol is configured scheme by scheme. Therefore,
you must create a HWTACACS scheme and enter HWTACACS view before you
perform other configuration tasks.
Perform the following operations in system view to create/delete HWTACACS scheme:
Create a HWTACACS
scheme and enter
HWTACACS view
Delete a HWTACACS scheme
By default, no HWTACACS scheme exists.
If the HWTACACS scheme you specify does not exist, the system creates it and enters
HWTACACS view. In HWTACACS view, you can configure the HWTACACS scheme
specifically.
The system supports up to 16 HWTACACS schemes. You can only delete the schemes
that are not being used.

1.4.2 Configuring HWTACACS Authentication Servers

Perform the following operations in HWTACACS view to configure HWTACACS
authentication servers:
Configure the HWTACACS primary
authentication server
Delete the HWTACACS primary
authentication server
Configure the HWTACACS secondary
authentication server
Delete the HWTACACS secondary
authentication server
The primary and secondary authentication servers cannot use the same IP address.
The default port number is 49.
If you execute this command repeatedly, the new settings will replace the old settings.
To do...
To do...
Chapter 1 AAA, RADIUS and HWTACACS
Use the command...
hwtacacs scheme hwtacacs-scheme-name
undo hwtacacs scheme hwtacacs-scheme-name
Use the command...
primary authentication ip-address
[ port-number ]
undo primary authentication
secondary authentication ip-address
[ port-number ]
undo secondary authentication
1-29
Protocol Configuration