Configure a source IP address for S series switches to communicate with an HWTACACS server

7

By default, an S series switch (except the S1700 switch) uses the IP address of the outbound interface as the source IP address in HWTACACS packets for communicating with an HWTACACS server.
To modify the source IP address in HWTACACS packets, perform the following operation:
[HUAWEI] hwtacacs-server template template1
[HUAWEI-hwtacacs-template1] hwtacacs-server source-ip 10.1.1.1

Other related questions:
ACL based on source MAC addresses and destination IP addresses on S series switches
S series switches (except S1700 switches) do not support ACL based on source MAC addresses and destination IP addresses. If only the source MAC address and destination MAC address need to be specified, you can configure a Layer 2 ACL whose number ranges from 4000 to 4999. If only the source IP address and destination IP address need to be specified, you can configure an advanced ACL whose number ranges from 3000 to 3999.

IP address exclusion configuration on S series switch
For S series switches except S1700 switches, some IP addresses in an address pool may be used by other servers and hosts, configured for clients with special requirements, or reserved. These IP addresses need to be excluded from the address pool so that the DHCP server does not assign them to clients, preventing IP address conflicts. For example, you can configure IP addresses in the range of 10.10.10.11 to 10.10.10.20 that cannot be automatically assigned to clients from the address pool on an S series switch except an S1700 switch as follows: - For an interface address pool: [HUAWEI] dhcp enable [HUAWEI] interface vlanif 100 //Enter the view of the interface connected to DHCP clients. [HUAWEI-Vlanif100] ip address 10.10.10.10 24 [HUAWEI-Vlanif100] dhcp select interface [HUAWEI-Vlanif100] dhcp server excluded-ip-address 10.10.10.11 10.10.10.20 - For a global address pool: [HUAWEI] dhcp enable [HUAWEI] interface vlanif 100 //Enter the view of the interface connected to DHCP clients. [HUAWEI-Vlanif100] ip address 10.10.10.10 24 [HUAWEI-Vlanif100] dhcp select global [HUAWEI-Vlanif100] quit [HUAWEI] ip pool global1 [HUAWEI-ip-pool-global1] network 10.10.10.0 mask 24 [HUAWEI-ip-pool-global1] excluded-ip-address 10.10.10.11 10.10.10.20

Whether S series switches support HWTACACS
S series switches (except S1700 switches) support HWTACACS.

Configure source IP address verification
The source IP address verification function enables an interface to check validity of source IP addresses in received packets. Packets with invalid source addresses are discarded.
As defined in RFC 1812, the following IP source addresses cannot be used as source addresses:
Broadcast addresses of Class A, B, and C
Class D addresses (multicast addresses)
Reserved Class E addresses
All-0 or all-1 addresses
Addresses on the network segment 127.0.0.0 on the network outside the host
<HUAWEI> system-view
[~HUAWEI] interface vlanif 100
[*HUAWEI-Vlanif100] ip verify source-address
[*HUAWEI-Vlanif100] commit

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top