Manualshelf

HP MSR2000/3000/4000 Router Series Security Command Reference

ManualsBrandsHP ManualsNetwork HardwareHP MSR3024 TAA-compliant AC Router
71727374757677787980
67
vpn-instance vpn-instance-name: Specifies the MPLS L3VPN to which the source IP address belongs,
where vpn-instance-name is a case-sensitive string of 1 to 31 characters. To configure a public-network
source IPv4 address, do not specify this option.
Usage guidelines
The source IP address of HWTACACS packets that a NAS sends must match the IP address of the NAS
that is configured on the HWTACACS server. An HWTACACS server identifies a NAS by IP address.
Upon receiving an HWTACACS packet, an HWTACACS server checks whether the source IP address of
the packet is the IP address of a managed NAS. If it is, the server processes the packet. If it is not, the
server drops the packet.
You can specify up to 16 source IP addresses, including zero or one public-network source IPv4 address,
zero or one public-network source IPv6 address, and private-network source IP addresses. A newly
specified public-network source IP address overwrites the previous one. Each VPN can have at most one
private-network source IPv4 address and one private-network source IPv6 address.
The setting configured by using the nas-ip command in HWTACACS scheme view is only for the
HWTACACS scheme, whereas that configured by using the hwtacacs nas-ip command in system view is
for all HWTACACS schemes. The setting in HWTACACS scheme view takes precedence over the setting
in system view.
Examples
# Set the IP address for the device to use as the source address for HWTACACS packets to 129.10 .10 .1.
<Sysname> system-view
[Sysname] hwtacacs nas-ip 129.10.10.1
Related commands
nas-ip (HWTACACS scheme view)
hwtacacs scheme
Use hwtacacs scheme to create an HWTACACS scheme and enter its view.
Use undo hwtacacs scheme to delete an HWTACACS scheme.
Syntax
hwtacacs scheme hwtacacs-scheme-name
undo hwtacacs scheme hwtacacs-scheme-name
Default
No HWTACACS scheme exists.
Views
System view
Predefined user roles
network-admin
Parameters
hwtacacs-scheme-name: HWTACACS scheme name, a case-insensitive string of 1 to 32 characters.
Usage guidelines
An HWTACACS scheme can be referenced by more than one ISP domain at the same time.