HP MSR2000/3000/4000 Router Series Security Command Reference
69
For security purposes, all shared keys, including shared keys configured in plain text, are saved in
ciphertext.
Examples
# Set the shared key for secure HWTACACS authentication communication to 123456TESTauth&! in
plain text for HWTACACS scheme hwt1.
<Sysname> system-view
[Sysname] hwtacacs scheme hwt1
[Sysname-hwtacacs-hwt1] key authentication simple 123456TESTauth&!
# Set the shared key for secure HWTACACS authorization communication to 123456TESTauth&! in plain
text.
[Sysname-hwtacacs-hwt1] key authorization simple 123456TESTauth&!
# Set the shared key for secure HWTACACS accounting communication to 123456TESTauth&! in plain
text.
[Sysname-hwtacacs-hwt1] key accounting simple 123456TESTauth&!
Related commands
display hwtacacs scheme
nas-ip (HWTACACS scheme view)
Use nas-ip to specify a source address for outgoing HWTACACS packets.
Use undo nas-ip to delete a source address for outgoing HWTACACS packets.
Syntax
nas-ip { ipv4-address | ipv6 ipv6-address }
undo nas-ip [ ipv6 ]
Default
The source IP address of an outgoing HWTACACS packet is that configured by using the hwtacacs
nas-ip command in system view. If the hwtacacs nas-ip command is not configured, the source IP address
is the IP address of the outbound interface.
Views
HWTACACS scheme view
Predefined user roles
network-admin
Parameters
ipv4-address: Specifies an IPv4 address, which must be an address of the device and cannot be 0.0.0.0,
255.255.255.255, a class D address, a class E address, or a loopback address.
ipv6 ipv6-address: Specifies an IPv6 address, which must be a unicast address of the device and cannot
be a loopback address or a link-local address.
Usage guidelines
The source IP address of the HWTACACS packets that a NAS sends must match the IP address of the
NAS that is configured on the HWTACACS server. An HWTACACS server identifies a NAS by IP address.
Upon receiving an HWTACACS packet, an HWTACACS server checks whether the source IP address of