Operation Manual – AAA RADIUS HWTACACS
H3C S5500-EI Series Ethernet Switches
Note:
The IP addresses of the primary and secondary authentication servers cannot be
the same. Otherwise, the configuration fails.
You can remove an authentication server only when no active TCP connection for
sending authentication packets is using it.
1.5.3 Specifying the HWTACACS Authorization Servers
Follow these steps to specify the HWTACACS authorization servers:
Enter system view
Create a HWTACACS
scheme and enter
HWTACACS scheme
view
Configure the IP address
and port of the primary
HWTACACS
authorization server
Configure the IP address
and port of the secondary
HWTACACS
authorization server
Note:
The IP addresses of the primary and secondary authorization servers cannot be the
same. Otherwise, the configuration fails.
You can remove an authorization server only when no active TCP connection for
sending authorization packets is using it.
1.5.4 Specifying the HWTACACS Accounting Servers
Follow these steps to specify the HWTACACS accounting servers and perform related
configurations:
To do...
system-view
hwtacacs scheme
hwtacacs-scheme-name
primary authorization
ip-address [ port-number ]
secondary authorization
ip-address [ port-number ]
Chapter 1 AAA/RADIUS/HWTACACS
Use the command...
1-35
Configuration
Remarks
—
Required
Not defined by default
Required
The defaults are as
follows:
0.0.0.0 for the IP address,
and
49 for the TCP port.
Required
The defaults are as
follows:
0.0.0.0 for the IP address,
and
49 for the TCP port.