Operation Manual – AAAH3C S5600 Series Ethernet Switches Chapter 2 AAA Configuration2-272.3.2 Configuring TACACS Authentication ServersFollow these steps to configure TACACS authentication servers:To do… Use the command… RemarksEnter system view system-view —Create a HWTACACSscheme and enter its viewhwtacacs schemehwtacacs-scheme-nameRequiredBy default, noHWTACACS schemeexists.Set the IP address andport number of theprimary TACACSauthentication serverprimary authenticationip-address [ port ]RequiredBy default, the IP addressof the primaryauthentication server is0.0.0.0, and the portnumber is 0.Set the IP address andport number of thesecondary TACACSauthentication serversecondaryauthenticationip-address [ port ]OptionalBy default, the IP addressof the secondaryauthentication server is0.0.0.0, and the portnumber is 0.Caution:z You are not allowed to configure the same IP address for both primary andsecondary authentication servers. If you do this, the system will prompt that theconfiguration fails.z You can remove an authentication server setting only when there is no active TCPconnection that is sending authentication messages to the server.2.3.3 Configuring TACACS Authorization ServersFollow these steps to configure TACACS authorization servers:To do… Use the command… RemarksEnter system view system-view —Create a HWTACACSscheme and enter its viewhwtacacs schemehwtacacs-scheme-nameRequiredBy default, noHWTACACS schemeexists.