R3303-HP HSR6800 Routers Security Command Reference
97
# Set the shared key for secure HWTACACS accounting communication to
$c$3$jaeN0ej15fjuHKeuVh8mqicHzaHdMw== in cipher text for HWTACACS scheme hwt1.
<Sysname> system-view
[Sysname] hwtacacs scheme hwt1
[Sysname-hwtacacs-hwt1] key accounting cipher $c$3$jaeN0ej15fjuHKeuVh8mqicHzaHdMw==
Related commands
display hwtacacs
nas-ip (HWTACACS scheme view)
Use nas-ip to specify a source IP address for outgoing HWTACACS packets.
Use undo nas-ip to restore the default.
Syntax
nas-ip ip-address
undo nas-ip
Default
The source IP address of an outgoing HWTACACS packet is configured by the hwtacacs nas-ip
command in system view. If the hwtacacs nas-ip command is not configured, the source IP address is the
IP address of the outbound interface.
Views
HWTACACS scheme view
Default command level
2: System level
Parameters
ip-address: IP address in dotted decimal notation. It must be an address of the device and cannot be
0.0.0.0, 255.255.255.255, a class D address, or a class E address.
Usage guidelines
The source IP address of HWTACACS packets that a NAS sends must match the IP address of the NAS
that is configured on the HWTACACS server. An HWTACACS server identifies a NAS by IP address.
Upon receiving an HWTACACS packet, an HWTACACS server checks whether the source IP address of
the packet is the IP address of any managed NAS. If it is, the server processes the packet. If it is not, the
server drops the packet.
If you execute the command multiple times, the most recent configuration takes effect.
The setting configured by the nas-ip command in HWTACACS scheme view is only for the HWTACACS
scheme, whereas that configured by the hwtacacs nas-ip command in system view is for all HWTACACS
schemes. The setting in HWTACACS scheme view takes precedence.
Examples
# Set the source address for outgoing HWTACACS packets to 10.1.1.1.
<Sysname> system-view
[Sysname] hwtacacs scheme hwt1
[Sysname-hwtacacs-hwt1] nas-ip 10.1.1.1