R3721-F3210-F3171-HP High-End Firewalls Access Control Command Reference-6PW101
156
Upon receiving an HWTACACS packet, an HWTACACS server checks whether the source IP address of
the packet is the IP address of any managed NAS. If yes, the server processes the packet. If not, the server
drops the packet.
If you configure the command repeatedly, only the last configuration takes effect.
NOTE:
The setting configured by the nas-ip command in HWTACACS scheme view is only for the HWTACACS
scheme, whereas that configured by the hwtacacs nas-ip command in system view is for all HWTACACS
schemes. The setting in HWTACACS scheme view takes precedence.
Related commands: hwtacacs nas-ip.
Examples
# Set the source address for outgoing HWTACACS packets to 10.1.1.1.
<Sysname> system-view
[Sysname] hwtacacs scheme hwt1
[Sysname-hwtacacs-hwt1] nas-ip 10.1.1.1
primary accounting (HWTACACS scheme view)
Syntax
primary accounting ip-address [ port-number | vpn-instance vpn-instance-name ] *
undo primary accounting
View
HWTACACS scheme view
Default level
2: System level
Parameters
ip-address: IP address of the primary HWTACACS accounting server, in dotted decimal notation. The
default setting is 0.0.0.0.
port-number: Service port number of the primary HWTACACS accounting server. It ranges from 1 to
65535 and defaults to 49.
vpn-instance vpn-instance-name: Specifies the VPN to which the primary HWTACACS accounting
server belongs, where vpn-instance-name is a case-sensitive string of 1 to 31 characters. If the server is
on the public network, do not specify this option.
Description
Use primary accounting to specify the primary HWTACACS accounting server.
Use undo primary accounting to remove the configuration.
By default, no primary HWTACACS accounting server is specified.
The IP addresses of the primary and secondary accounting servers must be different. Otherwise, the
configuration fails.
If the specified server resides on a VPN, specify the VPN by using the vpn-instance vpn-instance-name
option.