3Com Switch 8800 Family IPsec Module Configuration and Command reference Guide
HWTACACS Configuration Commands 303
Use the undo key command to delete the configuration.
By default, no key is set for any TACACS server.
The TACACS client (the security gateway) and TACACS server use the MD5
algorithm to encrypt the exchanged packets. The two ends verify packets using a
shared key. Only when the same key is used can both ends accept the packets
from each other and give responses. Therefore, it is necessary to ensure that the
same key is set on the security gateway and the TACACS server. If the
authentication/authorization and accounting are performed on two server devices
with different shared keys, you must set one shared key for each.
Related command: display hwtacacs.
Example
# Use hello as the shared key for HWTACACS accounting.
[SecBlade_FW] hwtacacs scheme test1
[SecBlade_FW-hwtacacs-test1] key accounting hello
nas-ip Syntax
nas-ip ip-address
undo nas-ip
View
HWTACACS view
Parameter
ip-address: IP address in dotted decimal format.
Description
Use the nas-ip command to have all the HWTACACS packets sent by the NAS (the
security gateway) carry the same source address.
Use the undo nas-ip command to delete the setting.
Specifying a source address for the HWTACACS packets to be transmitted can
avoid the situation where the packets sent back by the TACACS server cannot be
received as the result of a physical interface failure. The address of a loopback
interface is usually used as the source address.
By default, the source IP address of a HWTACACS packet sent by the NAS is the IP
address of the output port.
Related command: display hwtacacs.
Example
# Set the source IP address carried in the HWTACACS packets that are sent by the
NAS to 10.1.1.1.
[SecBlade_FW] hwtacacs scheme test1
[SecBlade_FW-hwtacacs-test1] nas-ip 10.1.1.1