HP ProCurve 3500yl Release Notes page 59

Software version k.13.49
Hide thumbs Also See for ProCurve 3500yl:
Table of Contents

Advertisement

After you enter the complete password port-access command syntax, the password is set. You are not
prompted to enter the password a second time.
TACACS+ Encryption Key Authentication
You can use TACACS+ servers to authenticate users who request access to a switch through Telnet
(remote) or console (local) sessions. TACACS+ uses an authentication hierarchy consisting of:
Remote passwords assigned in a TACACS+ server
Local manager and operator passwords configured on the switch.
When you configure TACACS+, the switch first tries to contact a designated TACACS+ server for
authentication services. If the switch fails to connect to any TACACS+ server, it defaults to its own
locally assigned passwords for authentication control if it has been configured to do so.
For improved security, you can configure a global or server-specific encryption key that encrypts
data in TACACS+ packets transmitted between a switch and a RADIUS server during authentication
sessions. The key configured on the switch must match the encryption key configured in each
TACACS+ server application. (The encryption key is sometimes referred to as "shared secret" or
"secret" key.) For more information, refer to the "TACACS+ Authentication" chapter in the Access
Security Guide.
In software releases earlier than K.12.06, the global and server-specific TACACS+ encryption keys
cannot be saved in a configuration file that can be copied from the switch. These keys are stored only
in flash memory and can be viewed by using the show tacacs command.
In software release K.12.06 and greater, TACACS+ shared secret (encryption) keys can be saved in
a configuration file with the following syntax:
tacacs-server key <keystring>
Where:
<keystring> is the encryption key (in clear text) used for secure communication with all or a specific
TACACS+ server.
RADIUS Shared-Secret Key Authentication
You can use RADIUS servers as the primary authentication method for users who request access to
a switch through Telnet, SSH, Web interface, console, or port-access (802.1X). The shared secret key
is a text string used to encrypt data in RADIUS packets transmitted between a switch and a RADIUS
server during authentication sessions. Both the switch and the server have a copy of the key; the key
is never transmitted across the network. For more information, refer to the "RADIUS Authentication
and Accounting" chapter in the Access Security Guide.
In software releases earlier than K.12.06, the global and server-specific RADIUS encryption keys
cannot be saved in a configuration file that can be copied from the switch. These keys are stored only
in flash memory and can be viewed by using the show radius command.
Enhancements
Release K.12.06 Enhancements
48

Advertisement

Table of Contents
loading

This manual is also suitable for:

Procurve 8212zlProcurve 5400zl6200yl

Table of Contents