Upon receiving an HWTACACS packet, an HWTACACS server checks whether the source IP address of
the packet is the IP address of a managed NAS. If yes, the server processes the packet. If not, the server
drops the packet.
You can specify up to 16 source IP addresses, including zero or one public-network source IPv4 address,
zero or one public-network source IPv6 address, and private-network source IP addresses. A newly
specified public-network source IP address overwrites the previous one. Each VPN can have at most one
private-network source IPv4 address and one private-network source IPv6 address.
The setting configured by using the nas-ip command in HWTACACS scheme view is only for the
HWTACACS scheme, whereas that configured by using the hwtacacs nas-ip command in system view is
for all HWTACACS schemes. The setting in HWTACACS scheme view takes precedence.
Examples
# Set the IP address for the device to use as the source address for HWTACACS packets to 129.10.10.1.
<Sysname> system-view
[Sysname] hwtacacs nas-ip 129.10.10.1
Related commands
nas-ip (HWTACACS scheme view)
hwtacacs scheme
Use hwtacacs scheme to create an HWTACACS scheme and enter its view.
Use undo hwtacacs scheme to delete an HWTACACS scheme.
Syntax
hwtacacs scheme hwtacacs-scheme-name
undo hwtacacs scheme hwtacacs-scheme-name
Default
No HWTACACS scheme exists.
Views
System view
Predefined user roles
network-admin
Parameters
hwtacacs-scheme-name: HWTACACS scheme name, a case-insensitive string of 1 to 32 characters.
Usage guidelines
An HWTACACS scheme can be referenced by more than one ISP domain at the same time.
You can configure up to 16 HWTACACS schemes.
Examples
# Create an HWTACACS scheme named hwt1 and enter its view.
<Sysname> system-view
[Sysname] hwtacacs scheme hwt1
[Sysname-hwtacacs-hwt1]
59