HP MSR Series Command Reference Manual page 106
Hide thumbs
Also See for MSR Series:
- Configuration manual (889 pages) ,
- Command reference manual (625 pages) ,
- Wan access configuration manual (293 pages)
Table of Contents
Advertisement
Default
No secondary HWTACACS authentication server is specified.
Views
HWTACACS scheme view
Predefined user roles
network-admin
Parameters
ipv4-address: Specifies the IPv4 address of the secondary HWTACACS authentication server.
ipv6 ipv6-address: Specifies the IPv6 address of the secondary HWTACACS authentication server.
port-number: Specifies the service port number of the secondary HWTACACS authentication server. The
value range for the TCP port number is 1 to 65535, and the default setting is 49.
key { cipher | simple } string: Sets the shared key for secure communication with the secondary
HWTACACS authentication server.
cipher string: Sets a ciphertext shared key. The string argument is case sensitive.
•
In non-FIPS mode, the key is a string of 1 to 373 characters.
In FIPS mode, the key is a string of 15 to 373 characters.
simple string: Sets a plaintext shared key. The string argument is case sensitive.
•
In non-FIPS mode, the key is a string of 1 to 255 characters.
In FIPS mode, the key is a string of 15 to 255 characters. The string must contain digits,
uppercase letters, lowercase letters, and special characters.
single-connection: The device and the secondary HWTACACS authentication server use the same TCP
connection to exchange all authentication packets for all users. If you do not specify this keyword, the
device establishes a new TCP connection each time it exchanges authentication packets with the
secondary authentication server for a user. If the HWTACACS server supports the single-connection
method, HP recommends that you specify this keyword to reduce TCP connections for improving system
performance.
vpn-instance vpn-instance-name: Specifies the MPLS L3VPN to which the secondary HWTACACS
authentication server belongs, where vpn-instance-name is a case-sensitive string of 1 to 31 characters.
If the server is on the public network, do not specify this option.
Usage guidelines
Make sure that the port number and shared key settings of each secondary HWTACACS authentication
server are the same as those configured on the corresponding server.
You can configure up to 16 secondary HWTACACS authentication servers for an HWTACACS scheme.
If the primary server fails, the device tries to communicate with a secondary server in active state. The
device connects to the secondary servers in the order they are configured.
If you do not specify any parameters for the undo secondary authentication command, the command
removes all secondary authentication servers.
Two authentication servers specified for a scheme, primary or secondary, cannot have identical IP
address, port number, and VPN settings.
If the specified server resides on an MPLS L3VPN, specify the VPN by using the vpn-instance
vpn-instance-name option. The VPN specified by this command takes precedence over the VPN specified
for the HWTACACS scheme.
92
Advertisement
Table of Contents
