R0106-HP MSR Router Series Security Command Reference(V7)
83
Examples
# Set the shared key for secure HWTACACS authentication communication to 123456TESTauth&! in
plain text for HWTACACS scheme hwt1.
<Sysname> system-view
[Sysname] hwtacacs scheme hwt1
[Sysname-hwtacacs-hwt1] key authentication simple 123456TESTauth&!
# Set the shared key for secure HWTACACS authorization communication to 123456TESTautr&! in plain
text.
[Sysname-hwtacacs-hwt1] key authorization simple 123456TESTautr&!
# Set the shared key for secure HWTACACS accounting communication to 123456TESTacct&! in plain
text.
[Sysname-hwtacacs-hwt1] key accounting simple 123456TESTacct&!
Related commands
display hwtacacs scheme
nas-ip (HWTACACS scheme view)
Use nas-ip to specify a source address for outgoing HWTACACS packets.
Use undo nas-ip to delete a source address for outgoing HWTACACS packets.
Syntax
nas-ip { ipv4-address | ipv6 ipv6-address }
undo nas-ip [ ipv6 ]
Default
The source IP address of an outgoing HWTACACS packet is the IP address configured by using the
hwtacacs nas-ip command in system view.
If the hwtacacs nas-ip command is not configured, the source IP address is the IP address of the outbound
interface.
Views
HWTACACS scheme view
Predefined user roles
network-admin
Parameters
ipv4-address: Specifies an IPv4 address, which must be an address of the device. The IP address cannot
be 0.0.0.0, 255.255.255.255, a class D address, a class E address, or a loopback address.
ipv6 ipv6-address: Specifies an IPv6 address, which must be a unicast address of the device. The IP
address cannot be a loopback address or a link-local address.
Usage guidelines
The source IP address of HWTACACS packets that a NAS sends must match the IP address of the NAS
that is configured on the HWTACACS server. An HWTACACS server identifies a NAS by IP address.
Upon receiving an HWTACACS packet, an HWTACACS server checks whether the source IP address of
the packet is the IP address of a managed NAS.