184
Enhancements in Release F.02.02
TACACS+ Authentication for Centralized Control of Switch Access Security
For example, you would use the next command to configure a global encryption key in the switch to
match a key entered as
north40campus in two target TACACS+ servers. (That is, both servers use the
same key for your switch.) Note that you do not need the server IP addresses to configure a global
key in the switch:
HP2512(config)# tacacs-server key north40campus
Suppose that you subsequently add a third TACACS+ server (with an IP address of 10.28.227.87) that
has
south10campus for an encryption key. Because this key is different than the one used for the two
servers in the previous example, you will need to assign a per-server key in the switch that applies
only to the designated server:
HP2512(config)# tacacs-server host 10.28.227.87 key south10campus
With both of the above keys configured in the switch, the
south10campus key overrides the north40campus
key only when the switch tries to access the TACACS+ server having the 10.28.227.87 address.
Controlling Web Browser Interface Access When Using TACACS+
Authentication
In release F.02.02, configuring the switch for TACACS+ authentication does not affect Web browser
interface access. To prevent unauthorized access through the Web browser interface, do one or more
of the following:
■ Configure local authentication (a Manager user name and password and, optionally, an
Operator user name and password) on the switch.
■ Configure the switch’s Authorized IP Manager feature to allow Web browser access only
from authorized management stations. (The Authorized IP Manager feature does not inter-
fere with TACACS+ operation.)
■ Disable Web browser access to the switch.