HP 6125XLG R2306-HP 6125XLG Blade Switch Security Command Reference - Page 78
secondary authorization
View all HP 6125XLG manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 78 highlights
{ In non-FIPS mode, the key is a string of 1 to 255 characters. { In FIPS mode, the key is a string of 15 to 255 characters and must contain numbers, uppercase letters, lowercase letters, and special characters. vpn-instance vpn-instance-name: Specifies the MPLS L3VPN to which the secondary HWTACACS authentication server belongs, where vpn-instance-name is a case-sensitive string of 1 to 31 characters. If the server is on the public network, do not specify this option. Usage guidelines Make sure that the port number and shared key settings of each secondary HWTACACS authentication server are the same as those configured on the corresponding server. You can configure up to 16 secondary HWTACACS authentication servers for an HWTACACS scheme. With the configuration, if the primary server fails, the device looks for a secondary server in active state (a secondary HWTACACS authentication server configured earlier has a higher priority) and tries to communicate with it. If you use the undo secondary authentication command without specifying any parameter, the command removes all secondary authentication servers. Two authentication servers specified for a scheme, primary or secondary, cannot have identical IP address, port number, and VPN settings. If the specified server resides on an MPLS L3VPN, specify the VPN by using the vpn-instance vpn-instance-name option. The VPN specified by this command takes precedence over the VPN specified for the HWTACACS scheme. You can remove an authentication server only when it is not used for user authentication. Removing an authentication server affects only authentication processes that occur after the remove operation. For security purposes, all shared keys, including shared keys configured in plain text, are saved in ciphertext. Examples # Specify a secondary authentication server with IP address 10.163.155.13, TCP port number 49, and plaintext shared key abc for HWTACACS scheme hwt1 system-view [Sysname] hwtacacs scheme hwt1 [Sysname-hwtacacs-hwt1] secondary authentication 10.163.155.13 49 key simple abc Related commands • display hwtacacs scheme • key (HWTACACS scheme view) • primary authentication (HWTACACS scheme view) • vpn-instance (HWTACACS scheme view) secondary authorization Use secondary authorization to specify a secondary HWTACACS authorization server. Use undo secondary authorization to remove a secondary HWTACACS authorization server. 69