Secondary Authorization - HPE FlexNetwork HSR6800 Security Command Reference
Hide thumbs
Also See for FlexNetwork HSR6800:
- Configuration manual (503 pages) ,
- Command reference manual (153 pages) ,
- Product end-of-life disassembly instructions (2 pages)
Table of Contents
Advertisement
Examples
# Specify the IP address and port number of the secondary authentication server for HWTACACS
scheme hwt1 as 10.163.155.13 with TCP port number 49.
<Sysname> system-view
[Sysname] hwtacacs scheme hwt1
[Sysname-hwtacacs-hwt1] secondary authentication 10.163.155.13 49
Related commands
•
display hwtacacs
•
vpn-instance (HWTACACS scheme view)
secondary authorization
Use secondary authorization to specify a secondary HWTACACS authorization server.
Use undo secondary authorization to remove the configuration.
Syntax
secondary authorization ip-address [ port-number | vpn-instance vpn-instance-name ] *
undo secondary authorization
Default
No secondary HWTACACS authorization server is specified.
Views
HWTACACS scheme view
Default command level
2: System level
Parameters
ip-address: IP address of the secondary HWTACACS authorization server in dotted decimal notation.
The default is 0.0.0.0.
port-number: Service port number of the secondary HWTACACS authorization server. It is a TCP
port in the range of 1 to 65535 and defaults to 49.
vpn-instance vpn-instance-name: Specifies the MPLS L3VPN to which the secondary HWTACACS
authorization server belongs. The vpn-instance-name argument is a case-sensitive string of 1 to 31
characters. If the server is on the public network, do not specify this option.
Usage guidelines
The IP addresses of the primary and secondary authorization servers cannot be the same.
Otherwise, the configuration fails.
If the specified server resides on an MPLS VPN, you also must specify that VPN with the secondary
authorization command to ensure normal communication with the server. The VPN specified here
takes precedence over the VPN specified for the HWTACACS scheme.
If you execute the command multiple times, the most recent configuration takes effect.
You can remove an authorization server only when it is not used by any active TCP connection to
send authorization packets. Removing an authorization server only affects authorization processes
that occur after the remove operation.
Examples
# Configure the secondary authorization server 10.163.155.13 with TCP port number 49.
<Sysname> system-view
100
Advertisement
Table of Contents
