Manualshelf

R21xx-HP FlexFabric 11900 Security Command Reference

ManualsBrandsHP ManualsNetwork HardwareHP FlexFabric 11000 Switch Products
61626364656667686970
54
ipv6 ipv6-address: Specifies an IPv6 address, which must be a unicast address of the device and cannot
be a loopback address or a link-local address.
vpn-instance vpn-instance-name: Specifies the MPLS L3VPN to which the source IP address belongs,
where vpn-instance-name is a case-sensitive string of 1 to 31 characters. To configure a public-network
source IPv4 address, do not specify this option.
Usage guidelines
The source IP address of HWTACACS packets that a NAS sends must match the IP address of the NAS
that is configured on the HWTACACS server. An HWTACACS server identifies a NAS by IP address.
Upon receiving an HWTACACS packet, an HWTACACS server checks whether the source IP address of
the packet is the IP address of a managed NAS. If yes, the server processes the packet. If not, the server
drops the packet.
You can specify up to 16 source IP addresses, including zero or one public-network source IPv4 address,
zero or one public-network source IPv6 address, and private-network source IP addresses. A newly
specified public-network source IP address overwrites the previous one. Each VPN can have at most one
private-network source IPv4 address and one private-network source IPv6 address.
The setting configured by using the nas-ip command in HWTACACS scheme view is only for the
HWTACACS scheme, whereas that configured by using the hwtacacs nas-ip command in system view is
for all HWTACACS schemes. The setting in HWTACACS scheme view takes precedence over the setting
in system view.
Examples
# Set the IP address for the device to use as the source address for HWTACACS packets to 129.10 .10 .1.
<Sysname> system-view
[Sysname] hwtacacs nas-ip 129.10.10.1
Related commands
nas-ip (HWTACACS scheme view)
hwtacacs scheme
Use hwtacacs scheme to create an HWTACACS scheme and enter its view.
Use undo hwtacacs scheme to delete an HWTACACS scheme.
Syntax
hwtacacs scheme hwtacacs-scheme-name
undo hwtacacs scheme hwtacacs-scheme-name
Default
No HWTACACS scheme exists.
Views
System view
Predefined user roles
network-admin
Parameters
hwtacacs-scheme-name: HWTACACS scheme name, a case-insensitive string of 1 to 32 characters.