nas-ip (HWTACACS scheme view)

Use nas-ip to specify a source IP address for outgoing HWTACACS packets.

Use undo nas-ip to delete the source IP address of the specified type for outgoing HWTACACS packets.


nas-ip { ipv4-address | ipv6 ipv6-address }

undo nas-ip [ ipv6 ]


The source IP address of an outgoing HWTACACS packet is that configured by using the hwtacacs nas-ip command in system view.

If the hwtacacs nas-ip command is not configured, the source IP address is the primary IP address of the outbound interface.


HWTACACS scheme view

Predefined user roles




ipv4-address: Specifies an IPv4 address, which must be an address of the device. The IP address cannot be,, a class D address, a class E address, or a loopback address.

ipv6 ipv6-address: Specifies an IPv6 address, which must be a unicast address of the device and cannot be a loopback address or a link-local address.

Usage guidelines

The source IP address of HWTACACS packets that a NAS sends must match the IP address of the NAS that is configured on the HWTACACS server. An HWTACACS server identifies a NAS by IP address. Upon receiving an HWTACACS packet, an HWTACACS server checks whether the source IP address of the packet is the IP address of a managed NAS.

As a best practice, specify a loopback interface address as the source IP address for outgoing HWTACACS packets to avoid HWTACACS packet loss caused by physical port errors.

If you use both the nas-ip command and hwtacacs nas-ip command, the following guidelines apply:

You can specify only one source IPv4 address and one source IPv6 address for an HWTACACS scheme.

If you do not specify the ipv6 keyword for the undo nas-ip command, the command deletes the configured source IPv4 address for outgoing HWTACACS packets.


# In HWTACACS scheme hwt1, specify IP address as the source address for outgoing HWTACACS packets.

<Sysname> system-view
[Sysname] hwtacacs scheme hwt1
[Sysname-hwtacacs-hwt1] nas-ip

Related commands

hwtacacs nas-ip