HP (Hewlett-Packard) 2500 Switch User Manual


 
180
Enhancements in Release F.02.02
TACACS+ Authentication for Centralized Control of Switch Access Security
To configure westside as a global encryption key:
HP2512(config) tacacs-server key westside
To configure
westside as a per-server encryption key:
HP2512(config)tacacs-server host 10.28.227.63 key westside
An encryption key can contain up to 100 characters, without spaces, and is likely to be case-sensitive
in most TACACS+ server applications.
To delete a global encryption key from the switch, use this command:
HP2512(config)# no tacacs-server key
To delete a per-server encryption key in the switch, re-enter the tacacs-server host command without
the key parameter. For example, if you have
westside configured as the encryption key for a TACACS+
server with the IP address of 10.28.227.104 and you wanted to eliminate the key, you would use this
command:
HP2512(config)# tacacs-server host 10.28.227.104
Note
The show tacacs command lists the global encryption key, if configured. However, to view any
configured per-server encryption keys, you must use
show config running.
Configuring the Timeout Period. The timeout period specifies how long the switch waits for a
response to an authentication request from a TACACS+ server before either sending a new authen-
tication request to the next server in the switch’s Server IP Address list or using the local authenti-
cation option. For example, to change the timeout period from 5 seconds (the default) to 3 seconds:
HP2512(config)# tacacs-server timeout 3