43Step Command Remarks2. Enter HWTACACSscheme view.hwtacacs schemehwtacacs-scheme-name N/A3. Specify HWTACACSauthentication servers.• Specify the primary HWTACACSauthentication server:primary authentication{ ipv4-address | ipv6 ipv6-address }[ port-number | key { cipher |simple } string |single-connection | vpn-instancevpn-instance-name ] *• Specify a secondary HWTACACSauthentication server:secondary authentication{ ipv4-address | ipv6 ipv6-address }[ port-number | key { cipher |simple } string |single-connection | vpn-instancevpn-instance-name ] *By default, no authenticationservers are specified.Two HWTACACS authenticationservers in a scheme, primary orsecondary, cannot have thesame combination of IP address,port number, and VPN instance.Specifying the HWTACACS authorization serversYou can specify one primary authorization server and a maximum of 16 secondary authorizationservers for an HWTACACS scheme. When the primary server is not available, the device searchesfor the secondary servers in the order they are configured. The first secondary server in active stateis used for communication.If redundancy is not required, specify only the primary server. An HWTACACS server can function asthe primary authorization server of one scheme and as the secondary authorization server of anotherscheme at the same time.To specify HWTACACS authorization servers for an HWTACACS scheme:Step Command Remarks1. Enter system view. system-view N/A2. Enter HWTACACSscheme view.hwtacacs schemehwtacacs-scheme-name N/A3. Specify HWTACACSauthorization servers.• Specify the primary HWTACACSauthorization server:primary authorization{ ipv4-address | ipv6ipv6-address } [ port-number | key{ cipher | simple } string |single-connection |vpn-instancevpn-instance-name ] *• Specify a secondary HWTACACSauthorization server:secondary authorization{ ipv4-address | ipv6ipv6-address } [ port-number | key{ cipher | simple } string |single-connection |vpn-instancevpn-instance-name ] *By default, no authorizationservers are specified.Two HWTACACS authorizationservers in a scheme, primary orsecondary, cannot have the samecombination of IP address, portnumber, and VPN instance.