HP 445860-B21 - 10Gb Ethernet BL-c Switch Reference Manual page 156
Hp 10gb ethernet bl-c switch browser-based interface reference guide
Hide thumbs
Also See for 445860-B21 - 10Gb Ethernet BL-c Switch:
- Command reference manual (224 pages) ,
- Reference manual (199 pages) ,
- User manual (60 pages)
Table of Contents
Advertisement
TACACS+ offers the following advantages over RADIUS as the authentication device:
TACACS+ is TCP-based, so it facilitates connection-oriented traffic.
It supports full-packet encryption, as opposed to password-only in authentication requests.
It supports decoupled authentication, authorization, and accounting.
The following table describes Switch TACACS+ Configuration controls:
Switch TACACS+ Configuration controls
Table 102
Control
Primary Tacacs+ IP Address
Secondary Tacacs+ IP Address
Tacacs+ port (1-65000)
Tacacs+ timeout (4-15)
Tacacs+ retries (1-3)
Enable/Disable Tacacs+ Server
Enable/Disable Tacacs+ Backdoor for
telnet/ssh/http/https
Enable/Disable Secure Tacacs+ Backdoor for
telnet/ssh/http/https
Enable/Disable Tacacs+ new privilege level
mapping
Tacacs+ Secret
Secondary Tacacs+ Server Secret
Tacacs+ User Mappings Configuration
IMPORTANT:
If TACACS+ is enabled, you must login using TACACS+ authentication when
connecting via the console or Telnet/SSH/HTTP/HTTPS. Backdoor for console is always enabled,
so you can connect using notacacs and the administrator password even if the backdoor or
secure backdoor are disabled.
If Telnet backdoor is enabled, type in notacacs as a backdoor to bypass TACACS+ checking,
and use the administrator password to log into the switch. The switch allows this even if TACACS+
servers are available.
If secure backdoor is enabled, type in notacacs as a backdoor to bypass TACACS+ checking,
and use the administrator password to log into the switch. The switch allows this only if TACACS+
Description
Configures the primary TACACS+ server address.
Configures the secondary TACACS+ server address.
Configures the number of the TCP port to be configured,
between 1 and 65000. The default is 49.
Configures the amount of time, in seconds, before a TACACS+
server authentication attempt is considered to have failed. The
default timeout is 5 seconds.
Configures the number of failed authentication requests before
switching to a different TACACS+ server. The default retry count is
3 requests.
Enables or disables the TACACS+ server.
Enables or disables the TACACS+ backdoor for
telnet/SSH/HTTP/HTTPS.
Enables or disables the TACACS+ back door using secure
password for telnet/SSH/HTTP/HTTPS.
Enables or disables TACACS+ privilege-level mapping.
The default value is disabled.
Configures the shared secret (up to 32 characters) between the
switch and the TACACS+ server.
Configures the secondary shared secret (up to 32 characters)
between the switch and the TACACS+ server.
Maps a TACACS+ privilege level to a HP 10GbE switch user level,
as follows:
Remote Privilege—Enter a TACACS+ privilege level (0-15)
Local Privilege—Select the corresponding switch user level.
Configuring the switch
156
Advertisement
Table of Contents
