123
As a best practice, specify a loopback interface address as the source IP address for outgoing
HWTACACS packets to avoid HWTACACS packet loss caused by physical port errors.
If you use both the
nas-ip
command and
hwtacacs nas-ip
command, the following guidelines apply:
•
The setting configured by using the
nas-ip
command in HWTACACS scheme view applies only
to the HWTACACS scheme.
•
The setting configured by using the
hwtacacs nas-ip
command in system view applies to all
HWTACACS schemes.
•
The setting in HWTACACS scheme view takes precedence over the setting in system view.
You can specify a maximum of 16 source IP addresses in system view, including:
•
Zero or one public-network source IPv4 address.
•
Zero or one public-network source IPv6 address.
•
Private-network source IP addresses.
Each VPN instance can have only one private-network source IPv4 address and one private-network
source IPv6 address in system view.
Examples
# Specify IP address 129.10.10.1 as the source address for HWTACACS packets.
<Sysname> system-view
[Sysname] hwtacacs nas-ip 129.10.10.1
Related commands
nas-ip
(HWTACACS scheme view)
hwtacacs scheme
Use
hwtacacs scheme
to create an HWTACACS scheme and enter its view, or enter the view of an
existing HWTACACS scheme.
Use
undo hwtacacs scheme
to delete an HWTACACS scheme.
Syntax
hwtacacs scheme
hwtacacs-scheme-name
undo hwtacacs scheme
hwtacacs-scheme-name
Default
No HWTACACS schemes exist.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
hwtacacs-scheme-name
: Specifies the HWTACACS scheme name, a case-insensitive string of 1 to
32 characters.
Usage guidelines
An HWTACACS scheme can be used by more than one ISP domain at the same time.
You can configure a maximum of 16 HWTACACS schemes.