Manualshelf

R21xx-HP FlexFabric 11900 Security Command Reference

ManualsBrandsHP ManualsNetwork HardwareHP FlexFabric 11000 Switch Products
61626364656667686970
56
Examples
# Set the shared key for secure HWTACACS authentication communication to 123456 in plain text for
HWTACACS scheme hwt1.
<Sysname> system-view
[Sysname] hwtacacs scheme hwt1
[Sysname-hwtacacs-hwt1] key authentication simple 123456
# Set the shared key for secure HWTACACS authorization communication to ok in plain text.
[Sysname-hwtacacs-hwt1] key authorization simple ok
# Set the shared key for secure HWTACACS accounting communication to hello in plain text.
[Sysname-hwtacacs-hwt1] key accounting simple hello
Related commands
display hwtacacs scheme
nas-ip (HWTACACS scheme view)
Use nas-ip to specify a source address for outgoing HWTACACS packets.
Use undo nas-ip to delete a source address for outgoing HWTACACS packets.
Syntax
nas-ip { ipv4-address | ipv6 ipv6-address }
undo nas-ip [ ipv6 ]
Default
An outbound HWTACACS packet uses the source IP address specified by the hwtacacs nas-ip command
in system view. If the source IP address is not specified, the packet uses the IP address of the egress
interface as the source IP address.
Views
HWTACACS scheme view
Predefined user roles
network-admin
Parameters
ipv4-address: Specifies an IPv4 address, which must be an address of the device and cannot be 0.0.0.0,
255.255.255.255, a class D address, a class E address, or a loopback address.
ipv6 ipv6-address: Specifies an IPv6 address, which must be a unicast address of the device and cannot
be a loopback address or a link-local address.
Usage guidelines
The source IP address of the HWTACACS packets that a NAS sends must match the IP address of the
NAS that is configured on the HWTACACS server. An HWTACACS server identifies a NAS by IP address.
Upon receiving an HWTACACS packet, an HWTACACS server checks whether the source IP address of
the packet is the IP address of a managed NAS. If yes, the server processes the packet. If not, the server
drops the packet.
The setting configured by using the nas-ip command in HWTACACS scheme view is effective only for the
HWTACACS scheme, whereas that configured by using the hwtacacs nas-ip command in system view is