HP (Hewlett-Packard) 2600 Switch User Manual


 
TACACS+ Authentication
Configuring TACACS+ on the Switch
Configuring the Switch’s TACACS+ Server Access
The tacacs-server command configures these parameters:
The host IP address(es) for up to three TACACS+ servers; one first-
choice and up to two backups. Designating backup servers provides
for a continuation of authentication services in case the switch is
unable to contact the first-choice server.
An optional encryption key. This key helps to improve security, and
must match the encryption key used in your TACACS+ server appli-
cation. In some applications, the term “secret key” or “secret” may be
used instead of “encryption key”. If you need only one encryption key
for the switch to use in all attempts to authenticate through a
TACACS+ server, configure a global key. However, if the switch is
configured to access multiple TACACS+ servers having different
encryption keys, you can configure the switch to use different encryp-
tion keys for different TACACS+ servers.
The timeout value in seconds for attempts to contact a TACACS+
server. If the switch sends an authentication request, but does not
receive a response within the period specified by the timeout value,
the switch resends the request to the next server in its Server IP Addr
list, if any. If the switch still fails to receive a response from any
TACACS+ server, it reverts to whatever secondary authentication
method was configured using the aaa authentication command (local
or none; see
Configuring the Switch’s Authentication Methods” on
page 4-11.)
Note- As described under “General Authentication Setup Procedure” on page 4-5,
HP recommends that you configure, test, and troubleshoot authentication via
Telnet access before you configure authentication via console port access.
This helps to prevent accidentally locking yourself out of switch access due
to errors or problems in setting up authentication in either the switch or your
TACACS+ server.
4-15