Secondary Authorization - H3C MSR Series Command Reference Manual
Comware 7 security
Hide thumbs
Also See for MSR Series:
- Command reference manual (174 pages) ,
- Configuration manual (80 pages) ,
- Manual (33 pages)
Table of Contents
Advertisement
key (HWTACACS scheme view)
primary authentication (HWTACACS scheme view)
vpn-instance (HWTACACS scheme view)
secondary authorization
Use secondary authorization to specify a secondary HWTACACS authorization server.
Use undo secondary authorization to remove a secondary HWTACACS authorization server.
Syntax
secondary authorization { ipv4-address | ipv6 ipv6-address } [ port-number I key { cipher |
simple } string | single-connection | vpn-instance vpn-instance-name ] *
undo secondary authorization [ { ipv4-address | ipv6 ipv6-address } [ port-number | vpn-instance
vpn-instance-name ] * ]
Default
No secondary HWTACACS authorization servers are specified.
Views
HWTACACS scheme view
Predefined user roles
network-admin
Parameters
ipv4-address: Specifies the IPv4 address of the secondary HWTACACS authorization server.
ipv6 ipv6-address: Specifies the IPv6 address of the secondary HWTACACS authorization server.
port-number: Specifies the service port number of the secondary HWTACACS authorization server.
The value range for the TCP port number is 1 to 65535. The default setting is 49.
key: Specifies the shared key for secure communication with the secondary HWTACACS
authorization server.
cipher: Specifies the key in encrypted form.
simple: Specifies the key in plaintext form. For security purposes, the key specified in plaintext form
will be stored in encrypted form.
string: Specifies the key. This argument is case sensitive.
•
In non-FIPS mode, the encrypted form of the key is a string of 1 to 373 characters. The plaintext
form of the key is a string of 1 to 255 characters.
•
In FIPS mode, the encrypted form of the key is a string of 15 to 373 characters. The plaintext
form of the key is a string of 15 to 255 characters. The plaintext string must contain digits,
uppercase letters, lowercase letters, and special characters.
single-connection: The device and the secondary HWTACACS authorization server use the same
TCP connection to exchange all authorization packets for all users. If you do not specify this
keyword, the device establishes a new TCP connection each time it exchanges authorization
packets with the secondary authorization server for a user. As a best practice, specify this keyword to
reduce TCP connections for improving system performance if the HWTACACS server supports the
single-connection method.
vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance to which the secondary
HWTACACS authorization server belongs. The vpn-instance-name argument is a case-sensitive
string of 1 to 31 characters. If the server is on the public network, do not specify this option.
135
Advertisement
Table of Contents
