hwtacacs nas-ip
Use hwtacacs nas-ip to specify a source IP address for outgoing HWTACACS packets.
Use undo hwtacacs nas-ip to delete a source IP address for outgoing HWTACACS packets.
Syntax
hwtacacs nas-ip { ipv4-address | ipv6 ipv6-address } [ vpn-instance vpn-instance-name ]
undo hwtacacs nas-ip { ipv4-address | ipv6 ipv6-address } [ vpn-instance vpn-instance-name ]
Default
The source IP address of an HWTACACS packet sent to the server is the primary IP address of the outbound interface.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
ipv4-address: Specifies an IPv4 address, which must be an address of the device. The IP address cannot be 0.0.0.0, 255.255.255.255, a class D address, a class E address, or a loopback address.
ipv6 ipv6-address: Specifies an IPv6 address, which must be a unicast address of the device and cannot be a loopback address or a link-local address.
vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance to which the source IP address belongs. The vpn-instance-name argument is a case-sensitive string of 1 to 31 characters. To configure a public-network source IP address, do not specify this option.
Usage guidelines
The source IP address of HWTACACS packets that a NAS sends must match the IP address of the NAS that is configured on the HWTACACS server. An HWTACACS server identifies a NAS by IP address. Upon receiving an HWTACACS packet, an HWTACACS server checks whether the source IP address of the packet is the IP address of a managed NAS.
If the source IP address of the packet is the IP address of a managed NAS, the server processes the packet.
If the source IP address of the packet is not the IP address of a managed NAS, the server drops the packet.
As a best practice, specify a loopback interface address as the source IP address for outgoing HWTACACS packets to avoid HWTACACS packet loss caused by physical port errors.
If you use both the nas-ip command and hwtacacs nas-ip command, the following guidelines apply:
The setting configured by using the nas-ip command in HWTACACS scheme view applies only to the HWTACACS scheme.
The setting configured by using the hwtacacs nas-ip command in system view applies to all HWTACACS schemes.
The setting in HWTACACS scheme view takes precedence over the setting in system view.
You can specify a maximum of 16 source IP addresses in system view, including:
Zero or one public-network source IPv4 address.
Zero or one public-network source IPv6 address.
Private-network source IP addresses.
Each VPN instance can have only one private-network source IPv4 address and one private-network source IPv6 address in system view.
Examples
# Specify IP address 129.10.10.1 as the source address for HWTACACS packets.
<Sysname> system-view [Sysname] hwtacacs nas-ip 129.10.10.1
Related commands
nas-ip (HWTACACS scheme view)