Option
tacacs-server key <key>
packet maxsize <size>
tacacs-server timeout
<seconds>
Table 2-7.
Global Settings for TACACS+ Servers
Meaning
Specifies the shared key to use with TACACS+ servers. Any
keys you configure for a particular TACACS+ server
supersede the global key.
Defines the packet size to send to the TACACS+ server. You
can specify a number between 10240 and 65535.
Specifies how long to wait for the TACACS+ server to
respond to a request. You can specify a number between 1
and 1000.
Troubleshooting AAA
The ProCurve Secure Router provides several commands to help you
troubleshoot the AAA subsystem.
debug aaa Command
You can view detailed messages about the AAA subsystem in real time. From
the enable mode context, enter:
Syntax: debug aaa
The Secure Router OS will then display AAA events such as connection
notices, login attempts, and session tracking. Figure 2-4 shows the debug aaa
messages when a user attempts to establish a Telnet session but does not enter
a valid username and password. The AAA subsystem has been enabled on the
router, but no named list has been defined for Telnet access, so the ProCurve
Secure Router uses the default named list.
Controlling Management Access to the ProCurve Secure Router
Troubleshooting AAA
Default Value
none
10240
5 seconds
2-39