Creating A Hwtacas Scheme; Configuring Hwtacacs Authentication Servers - H3C S9500 Series Operation Manual

Operation Manual – Security
H3C S9500 Series Routing Switches
In the above configuration tasks, creating HWTACACS scheme and configuring
TACACS authentication/authorization server are required; all other tasks are optional
and you can determine whether to perform these configurations as needed.

2.4.1 Creating a HWTACAS Scheme

As aforementioned, HWTACACS protocol is configured scheme by scheme. Therefore,
you must create a HWTACACS scheme and enter HWTACACS view before you
perform other configuration tasks.
Perform the following configuration in system view.
Table 2-30 Create a HWTACACS scheme
Create a HWTACACS scheme and
enter HWTACACS view
Delete a HWTACACS scheme
By default, no HWTACACS scheme exists.
If the HWTACACS scheme you specify does not exist, the system creates it and enters
HWTACACS view. In HWTACACS view, you can configure the HWTACACS scheme
specifically.
The system supports up to 16 HWTACACS schemes. You can only delete the schemes
that are not being used.

2.4.2 Configuring HWTACACS Authentication Servers

Perform the following configuration in HWTACACS view.
Table 2-31 Configure HWTACACS authentication servers
Configure the HWTACACS primary
authentication server
Delete
authentication server
Configure the HWTACACS secondary
authentication server
Delete
authentication server
Operation
Operation
the HWTACACS
the HWTACACS secondary
Chapter 2 AAA and RADIUS/HWTACACS
hwtacacs
hwtacacs-scheme-name
undo
hwtacacs-scheme-name
primary authentication
[ port-number ]
primary
undo primary authentication
secondary authentication ip-address
[ port-number ]
undo secondary authentication
2-27
Protocol Configuration
Command
scheme
hwtacacs scheme
Command
ip-address