HP 5120 SI series Command Reference Manual page 97
Hide thumbs
Also See for 5120 SI series:
- Security configuration manual (385 pages) ,
- Installation manual (48 pages) ,
- Specification (33 pages)
Table of Contents
Advertisement
Parameters
ip-address: IP address of the secondary HWTACACS authorization server, a valid unicast address in
dotted decimal notation. The default is 0.0.0.0.
port-number: Port number of the secondary HWTACACS authorization server. It ranges from 1 to 65535
and defaults to 49.
key [ cipher | simple ] key: Sets the shared key for secure communication with the secondary
HWTACACS authorization server. Make sure the shared key configured on the device is the same as the
one configured on the server.
cipher key: Sets a ciphertext shared key. The key argument is case sensitive. If you specify neither this keyword
•
nor the simple keyword, the shared key is set in plain text.
In non-FIPS mode, the key is a string of 1 to 373 characters.
In FIPS mode, the key is a string of 8 to 373 characters.
•
simple key: Sets a plaintext shared key. The key argument is case sensitive. If you specify neither this keyword
nor the cipher keyword, the shared key is set in plain text.
In non-FIPS mode, the key is a string of 1 to 255 characters.
In FIPS mode, the key is a string of 8 to 255 characters and must contain digits, uppercase
letters, lowercase letters, and special characters.
Description
Use the secondary authorization command to specify a secondary HWTACACS authorization server.
Use the undo secondary authorization command to remove secondary HWTACACS authorization
servers. If you specify an IP address, this command removes the secondary HWTACACS authorization
server using that IP address. If you do not specify an IP address, this command removes all secondary
HWTACACS authorization servers.
By default, no secondary HWTACACS authorization server is specified.
The IP addresses of the primary and secondary authorization servers cannot be the same. Otherwise, the
configuration fails.
The shared key configured by using the secondary authorization command takes precedence over the
one configured by using the key authorization [ cipher | simple ] key command.
The HWTACACS service port configured on the device and that of the HWTACACS server must be
consistent.
If you configure the command repeatedly, only the last configuration takes effect.
You can remove an authorization server only when it is not used by any active TCP connection to send
authorization packets.
Related commands: key, display hwtacacs, and hwtacacs scheme.
Examples
# Configure the secondary authorization server 10.163.155.13 with TCP port number 49.
<Sysname> system-view
[Sysname] hwtacacs scheme hwt1
[Sysname-hwtacacs-hwt1] secondary authorization 10.163.155.13 49
86
- Quick Links:
- Command Reference
Hide quick links:
Advertisement
Table of Contents
