Configuring tacacs authentication servers, Configuring tacacs authorization servers – H3C Technologies H3C WX3000 Series Unified Switches User Manual

25-19

Follow these steps to create a HWTACACS scheme:

To do…

Use the command…

Remarks

Enter system view

system-view

—

Create a HWTACACS
scheme and enter its view

hwtacacs scheme

hwtacacs-scheme-name

Required
By default, no HWTACACS scheme exists.

The system supports up to 16 HWTACACS schemes. You can delete a HWTACACS scheme only
when it is not referenced.

Configuring TACACS Authentication Servers

Follow these steps to configure TACACS authentication servers:

To do…

Use the command…

Remarks

Enter system view

system-view

—

Create a HWTACACS scheme and
enter its view

hwtacacs scheme

hwtacacs-scheme-name

Required
By default, no HWTACACS scheme
exists.

Set the IP address and port
number of the primary TACACS
authentication server

primary authentication
ip-address

[ port ]

Required
By default, the IP address of the primary
authentication server is 0.0.0.0, and the
port number is 0.

Set the IP address and port
number of the secondary TACACS
authentication server

secondary authentication

ip-address

[ port ]

Optional
By default, the IP address of the
secondary authentication server is
0.0.0.0, and the port number is 0.

z

You are not allowed to configure the same IP address for both primary and secondary
authentication servers. If you do this, the system will prompt that the configuration fails.

z

You can remove an authentication server setting only when there is no active TCP connection that
is sending authentication messages to the server.

Configuring TACACS Authorization Servers

Follow these steps to configure TACACS authorization servers:

To do…

Use the command…

Remarks

Enter system view

system-view

—