HP ProCurve 9304M Security Manual page 49
Routing switches
Hide thumbs
Also See for ProCurve 9304M:
- Management and configuration manual (690 pages) ,
- Installation and configuration manual (504 pages) ,
- Installation and getting started manual (348 pages)
Table of Contents
Advertisement
Configuring an Interface as the Source for All TACACS/TACACS+ Packets
You can designate the lowest-numbered IP address configured an Ethernet port, loopback interface, or virtual
interface as the source IP address for all TACACS/TACACS+ packets from the Routing Switch. Identifying a single
source IP address for TACACS/TACACS+ packets provides the following benefits:
•
If your TACACS/TACACS+ server is configured to accept packets only from specific links or IP addresses, you
can use this feature to simplify configuration of the TACACS/TACACS+ server by configuring the HP device to
always send the TACACS/TACACS+ packets from the same link or source address.
•
If you specify a loopback interface as the single source for TACACS/TACACS+ packets, TACACS/TACACS+
servers can receive the packets regardless of the states of individual links. Thus, if a link to the TACACS/
TACACS+ server becomes unavailable but the client or server can be reached through another link, the client
or server still receives the packets, and the packets still have the source IP address of the loopback interface.
The software contains separate CLI commands for specifying the source interface for Telnet, TACACS/TACACS+,
and RADIUS packets. You can configure a source interface for one or more of these types of packets.
To specify an Ethernet port or a loopback or virtual interface as the source for all TACACS/TACACS+ packets from
the device, use the following CLI method. The software uses the lowest-numbered IP address configured on the
port or interface as the source IP address for TACACS/TACACS+ packets originated by the device.
To specify the lowest-numbered IP address configured on a virtual interface as the device's source for all TACACS/
TACACS+ packets, enter commands such as the following:
ProCurveRS(config)# int ve 1
ProCurveRS(config-vif-1)# ip address 10.0.0.3/24
ProCurveRS(config-vif-1)# exit
ProCurveRS(config)# ip tacacs source-interface ve 1
The commands in this example configure virtual interface 1, assign IP address 10.0.0.3/24 to the interface, then
designate the interface as the source for all TACACS/TACACS+ packets from the Routing Switch.
Syntax: ip tacacs source-interface ethernet <portnum> | loopback <num> | ve <num>
The <num> parameter is a loopback interface or virtual interface number. If you specify an Ethernet port, the
<portnum> is the port's number (including the slot number, if you are configuring a Routing Switch).
Displaying TACACS/TACACS+ Statistics and Configuration Information
The show aaa command displays information about all TACACS+ and RADIUS servers identified on the device.
For example:
ProCurveRS# show aaa
Tacacs+ key: hp
Tacacs+ retries: 1
Tacacs+ timeout: 15 seconds
Tacacs+ dead-time: 3 minutes
Tacacs+ Server: 207.95.6.90 Port:49:
no connection
Radius key: networks
Radius retries: 3
Radius timeout: 3 seconds
Radius dead-time: 3 minutes
Radius Server:
no connection
June 2005
opens=6 closes=3 timeouts=3 errors=0
packets in=4 packets out=4
207.95.6.90 Auth Port=1645 Acct Port=1646:
opens=2 closes=1 timeouts=1 errors=0
packets in=1 packets out=4
Securing Access to Management Functions
2 - 33
Advertisement
Table of Contents
