[Sysname-hwtacacs-hwt1] secondary accounting 10.163.155.12 49 key simple 123456TESTacct&!
Related commands
display hwtacacs scheme
key (HWTACACS scheme view)
primary accounting (HWTACACS scheme view)
vpn-instance (HWTACACS scheme view)
secondary authentication (HWTACACS scheme view)
Use secondary authentication to specify a secondary HWTACACS authentication server.
Use undo secondary authentication to remove a secondary HWTACACS authentication server.
Syntax
secondary authentication { host-name | ipv4-address | ipv6 ipv6-address } [ port-number | key
{ cipher | simple } string | single-connection | vpn-instance vpn-instance-name ] *
undo secondary authentication [ { host-name | ipv4-address | ipv6 ipv6-address } [ port-number |
vpn-instance vpn-instance-name ] * ]
Default
No secondary HWTACACS authentication servers are specified.
Views
HWTACACS scheme view
Predefined user roles
network-admin
mdc-admin
Parameters
host-name: Specifies the host name of a secondary HWTACACS authentication server, a
case-insensitive string of 1 to 253 characters.
ipv4-address: Specifies the IPv4 address of a secondary HWTACACS authentication server.
ipv6 ipv6-address: Specifies the IPv6 address of a secondary HWTACACS authentication server.
port-number: Specifies the service port number of the secondary HWTACACS authentication server.
The value range for the TCP port number is 1 to 65535. The default setting is 49.
key: Specifies the shared key for secure communication with the secondary HWTACACS
authentication server.
cipher: Specifies the key in encrypted form.
simple: Specifies the key in plaintext form. For security purposes, the key specified in plaintext form
will be stored in encrypted form.
string: Specifies the key. This argument is case sensitive.
•
In non-FIPS mode, the encrypted form of the key is a string of 1 to 373 characters. The plaintext
form of the key is a string of 1 to 255 characters.
•
In FIPS mode, the encrypted form of the key is a string of 15 to 373 characters. The plaintext
form of the key is a string of 15 to 255 characters. The plaintext string must contain digits,
uppercase letters, lowercase letters, and special characters.
single-connection: The device and the secondary HWTACACS authentication server use the same
TCP connection to exchange all authentication packets for all users. If you do not specify this
134