128• In non-FIPS mode, the encrypted form of the key is a string of 1 to 373 characters. The plaintextform of the key is a string of 1 to 255 characters.• In FIPS mode, the encrypted form of the key is a string of 15 to 373 characters. The plaintextform of the key is a string of 15 to 255 characters. The plaintext string must contain digits,uppercase letters, lowercase letters, and special characters.single-connection: The device and the primary HWTACACS accounting server use the same TCPconnection to exchange accounting packets for all users. If you do not specify this keyword, thedevice establishes a new TCP connection each time it exchanges accounting packets with theprimary accounting server for a user. As a best practice, specify this keyword to reduce TCPconnections for improving system performance if the HWTACACS server supports thesingle-connection method.vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance to which the primaryHWTACACS accounting server belongs. The vpn-instance-name argument is a case-sensitive stringof 1 to 31 characters. If the server is on the public network, do not specify this option.Usage guidelinesMake sure that the port number and shared key settings of the primary HWTACACS accountingserver are the same as those configured on the server.Two accounting servers specified for a scheme, primary or secondary, cannot have identical IPaddress, port number, and VPN instance settings.If the specified server resides on an MPLS L3VPN, specify the VPN instance by using thevpn-instance vpn-instance-name option. The VPN instance specified by this command takesprecedence over the VPN instance specified for the HWTACACS scheme.You can remove an accounting server only when it is not used for user accounting. Removing anaccounting server affects only accounting processes that occur after the remove operation.Examples# In HWTACACS scheme hwt1, specify the primary accounting server with IP address10.163.155.12, TCP port number 49, and plaintext shared key 123456TESTacct&!. system-view[Sysname] hwtacacs scheme hwt1[Sysname-hwtacacs-hwt1] primary accounting 10.163.155.12 49 key simple 123456TESTacct&!Related commandsdisplay hwtacacs schemekey (HWTACACS scheme view)secondary accounting (HWTACACS scheme view)vpn-instance (HWTACACS scheme view)primary authentication (HWTACACS scheme view)Use primary authentication to specify the primary HWTACACS authentication server.Use undo primary authentication to restore the default.Syntaxprimary authentication { ipv4-address | ipv6 ipv6-address } [ port-number | key { cipher | simple }string | single-connection | vpn-instance vpn-instance-name ] *undo primary authenticationDefaultThe primary HWTACACS authentication server is not specified.