nas-ip (HWTACACS scheme view)

Use nas-ip to specify a source IP address for outgoing HWTACACS packets.

Use undo nas-ip to delete the source IP address of the specified type for outgoing HWTACACS packets.

Syntax

nas-ip { ipv4-address | ipv6 ipv6-address }

undo nas-ip [ ipv6 ]

Default

The source IP address of an outgoing HWTACACS packet is that configured by using the hwtacacs nas-ip command in system view.

If the hwtacacs nas-ip command is not configured, the source IP address is the primary IP address of the outbound interface.

Views

HWTACACS scheme view

Predefined user roles

network-admin

mdc-admin

Parameters

ipv4-address: Specifies an IPv4 address, which must be an address of the device. The IP address cannot be 0.0.0.0, 255.255.255.255, a class D address, a class E address, or a loopback address.

ipv6 ipv6-address: Specifies an IPv6 address, which must be a unicast address of the device and cannot be a loopback address or a link-local address.

Usage guidelines

The source IP address of HWTACACS packets that a NAS sends must match the IP address of the NAS that is configured on the HWTACACS server. An HWTACACS server identifies a NAS by IP address. Upon receiving an HWTACACS packet, an HWTACACS server checks whether the source IP address of the packet is the IP address of a managed NAS.

If the source IP address of the packet is the IP address of a managed NAS, the server processes the packet.
If the source IP address of the packet is not the IP address of a managed NAS, the server drops the packet.

As a best practice, specify a loopback interface address as the source IP address for outgoing HWTACACS packets to avoid HWTACACS packet loss caused by physical port errors.

If you use both the nas-ip command and hwtacacs nas-ip command, the following guidelines apply:

The setting configured by using the nas-ip command in HWTACACS scheme view applies only to the HWTACACS scheme.
The setting configured by using the hwtacacs nas-ip command in system view applies to all HWTACACS schemes.
The setting in HWTACACS scheme view takes precedence over the setting in system view.

You can specify only one source IPv4 address and one source IPv6 address for an HWTACACS scheme.

If you do not specify the ipv6 keyword for the undo nas-ip command, the command deletes the configured source IPv4 address for outgoing HWTACACS packets.

Examples

# In HWTACACS scheme hwt1, specify IP address 10.1.1.1 as the source address for outgoing HWTACACS packets.

<Sysname> system-view
[Sysname] hwtacacs scheme hwt1
[Sysname-hwtacacs-hwt1] nas-ip 10.1.1.1

Related commands

hwtacacs nas-ip

prev	up	next
key (HWTACACS scheme view)	home	primary accounting (HWTACACS scheme view)