HP 445946-001 Application Manual: Configuring Tacacs+ Authentication On The Switch (cli Example)

10gb ethernet bl-c switch.
Configuring TACACS+ authentication on the switch
(CLI example)
Turn TACACS+ authentication on, and then configure the Primary and Secondary TACACS+ servers.
>> Main# /cfg/sys/tacacs
>> TACACS+ Server# on
Current status: OFF
New status: ON
>> TACACS+ Server# prisrv
Current primary TACACS+ server:
New pending primary TACACS+ server:
>> TACACS+ Server# secsrv
Current secondary TACACS+ server:
New pending secondary TACACS+ server:
Configure the TACACS+ secret and second secret.
>> TACACS+ Server# secret
Enter new TACACS+ secret: <1-32 character secret>
>> TACACS+ Server# secret2
Enter new TACACS+ second secret: <1-32 character secret>
If you configure the TACACS+ secret using any method other than a direct console
connection, the secret may be transmitted over the network as clear text.
If desired, you may change the default TCP port number used to listen to TACACS+. The well-known
port for TACACS+ is 49.
>> TACACS+ Server# port
Current TACACS+ port: 49
Enter new TACACS+ port [1-65000]: <TCP port number>
Configure the number retry attempts for contacting the TACACS+ server and the timeout period.
>> TACACS+ Server# retries
Current TACACS+ server retries: 3
Enter new TACACS+ server retries [1-3]: 2
>> TACACS+ Server# time
Current TACACS+ server timeout: 5
Enter new TACACS+ server timeout [4-15]: 10 (Enter the timeout period
Configure custom privilege-level mapping (optional).
>> TACACS+ Server# usermap 2
Current privilege mapping for remote privilege 2: not set
Enter new local privilege mapping: user
>> TACACS+ Server# usermap 3 user
>> TACACS+ Server# usermap 4 user
>> TACACS+ Server# usermap 5 oper
Apply and save the configuration.
Accessing the switch
(Select the TACACS+ Server menu)
(Turn TACACS+ on)
(Enter primary server IP)
(Enter secondary server IP)
in minutes)



