HP 6125XLG R2306-HP 6125XLG Blade Switch Security Configuration Guide - Page 40
Creating an HWTACACS scheme, Specifying the HWTACACS authentication servers
View all HP 6125XLG manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 40 highlights
Tasks at a glance (Optional.) Specifying a VPN for the scheme (Optional.) Setting the username format and traffic statistics units (Optional.) Specifying the source IP address for outgoing HWTACACS packets (Optional.) Setting HWTACACS timers (Optional.) Displaying and maintaining HWTACACS Creating an HWTACACS scheme Create an HWTACACS scheme before performing any other HWTACACS configurations. You can configure up to 16 HWTACACS schemes. An HWTACACS scheme can be referenced by multiple ISP domains. To create an HWTACACS scheme: Step 1. Enter system view. 2. Create an HWTACACS scheme and enter its view. Command system-view hwtacacs scheme hwtacacs-scheme-name Remarks N/A By default, no HWTACACS scheme is defined. Specifying the HWTACACS authentication servers You can specify one primary authentication server and up to 16 secondary authentication servers for an HWTACACS scheme. When the primary server is not available, the device tries to communicate with the secondary servers in the order they are configured, and communicates with the first secondary server in active state. If no redundancy is needed, specify only the primary server. An HWTACACS server can function as the primary authentication server in one scheme and as the secondary authentication server in another scheme at the same time. To specify HWTACACS authentication servers for an HWTACACS scheme: Step 1. Enter system view. 2. Enter HWTACACS scheme view. 3. Specify HWTACACS authentication servers. Command system-view Remarks N/A hwtacacs scheme hwtacacs-scheme-name N/A • Specify the primary HWTACACS authentication server: primary authentication { ipv4-address | ipv6 ipv6-address } [ port-number | key { cipher | simple } string | vpn-instance vpn-instance-name ] * Configure at least one command. By default, no authentication server is specified. • Specify a secondary HWTACACS Two HWTACACS authentication authentication server: servers in a scheme, primary or secondary authentication secondary, cannot have the same { ipv4-address | ipv6 ipv6-address } combination of IP address, port [ port-number | key { cipher | simple } number, and VPN. string | vpn-instance vpn-instance-name ] * 31