HP 3500yl Series Access Security Manual page 224
Switch software
Hide thumbs
Also See for 3500yl Series:
- Release notes (219 pages) ,
- Specifications (16 pages) ,
- Features (6 pages)
Table of Contents
Advertisement
TACACS+ Authentication
Configuring TACACS+ on the Switch
Name
• If there are two or more vacant slots in the TACACS+ server priority list and you enter a new IP address, the new
address will take the vacant slot with the highest priority. Thus, if A, B, and C are configured as above and you (1)
remove A and B, and (2) enter X and Y (in that order), then the new TACACS+ server priority list would be X, Y, and C.
• The easiest way to change the order of the TACACS+ servers in the priority list is to remove all server addresses in
the list and then re-enter them in order, with the new first-choice server address first, and so on.
To add a new address to the list when there are already three addresses present, you must first remove one of the currently
listed addresses.
See also "General Authentication Process Using a TACACS+ Server" on page 5-24.
key <key-string>
Specifies the optional, global "encryption key" that is also assigned in the TACACS+ server(s) that the switch will access
for authentication. This option is subordinate to any "per-server" encryption keys you assign, and applies only to
accessing TACACS+ servers for which you have not given the switch a "per-server" key. (See the host <ip-addr> [key
<key-string> entry at the beginning of this table.)
You can configure a TACACS+ encryption key that includes a tilde (~) as part of the key, for example, "hp~switch". It is
not backward compatible; the "~" character is lost if you use a software version that does not support the "~" character
For more on the encryption key, see "Using the Encryption Key" on page 5-26 and the documentation provided with your
TACACS+ server application.
timeout <1 - 255>
Specifies how long the switch waits for a TACACS+ server to respond to an authentication request. If the switch does
not detect a response within the timeout period, it initiates a new request to the next TACACS+ server in the list. If all
TACACS+ servers in the list fail to respond within the timeout period, the switch uses either local authentication (if
configured) or denies access (if none configured for local authentication).
HP Switch(config)# tacacs-server host 10.10.10.2 key hp~switch
Figure 5-6. Example of Configuring a Host-Specific Key
5-20
Default
Range
none (null) n/a
5 sec
1 - 255 sec
Use the show running-config command to display the key information.
Hide quick links:
Advertisement
Chapters
Table of Contents
