Operation Manual – SecurityH3C S9500 Series Routing SwitchesChapter 2 AAA and RADIUS/HWTACACSProtocol Configuration2-30Table 2-35 Configure the source address for HWTACACS packets sent by the NASOperation CommandConfigure the source address for HWTACACS packetssent from the NAS (HWTACACS view) nas-ip ip-addressDelete the configured source address for HWTACACSpackets sent from the NAS (HWTACACS view) undo nas-ipConfigure the source address for HWTACACS packetssent from the NAS (System view)hwtacacs nas-ipip-addressCancel the configured source address for HWTACACSpackets sent from the NAS (System view) undo hwtacacs nas-ipThe HWTACACS view takes precedence over the system view when configuring thesource address for HWTACACS packets sent from the NAS.By default, the source address is not specified, and the virtual interface of the VLANthat contains the port to which the server connects for packet sending is used as thesource address.2.4.6 Setting a Key for Securing the Communication with TACACS ServerWhen using a TACACS server as an AAA server, you can set a key to improve thecommunication security between the switch and the TACACS server.Perform the following configuration in HWTACACS view.Table 2-36 Set a key for securing the communication with the HWTACACS serverOperation CommandConfigure a key for securing thecommunication with the accounting,authorization or authentication serverkey { accounting | authorization |authentication } stringDelete the configuration undo key { accounting | authorization| authentication }No key is configured by default.2.4.7 Setting the Username Format Acceptable to the TACACS ServerUsername is usually in the “userid@isp-name” format, with the domain name following“@”.If a TACACS server does not accept the username with domain name, you can removethe domain name and resend it to the TACACS server.Perform the following configuration in HWTACACS view.
