Operation Manual – AAA RADIUS HWTACACSH3C S9500 Series Routing SwitchesChapter 1 AAA, RADIUS and HWTACACSProtocol Configuration1-32To do... Use the command...Cancel the configured source address for HWTACACSpackets sent from the NAS (System view) undo hwtacacs nas-ipThe HWTACACS view takes precedence over the system view when configuring thesource address for HWTACACS packets sent from the NAS.By default, the source address is not specified, and the virtual interface of the VLANthat contains the port to which the server connects for packet sending is used as thesource address.1.4.6 Setting a Key for Securing the Communication with TACACS ServerWhen using a TACACS server as an AAA server, you can set a key to improve thecommunication security between the switch and the TACACS server.Perform the following operations in HWTACACS view to set/cancel a key for securingthe communication with the HWTACACS server:To do... Use the command...Configure a key for securing thecommunication with the accounting,authorization or authentication serverkey { accounting | authorization |authentication } stringDelete the configuration undo key { accounting | authorization| authentication }No key is configured by default.1.4.7 Setting the Username Format Acceptable to the TACACS ServerUsername is usually in the “userid@isp-name” format, with the domain name following“@”.If a TACACS server does not accept the username with domain name, you can removethe domain name and resend it to the TACACS server.Perform the following operations in HWTACACS view to configure the username formatacceptable to the TACACS server:To do... Use the command...Send username with domain name user-name-format with-domainSend username without domain name user-name-format without-domainBy default, each username sent to a TACACS server contains a domain name.