KB.15.15

ManualsBrandsHP ManualsNetwork HardwareHP 5406R-8XGT/8SFP+ (No PSU) v2 zl2 Switch

121

122

123

124

125

126

127

128

129

130

1. When there are no TACACS+ servers configured, entering a server IP address makes that

server the first-choice TACACS+ server.

2. When there is one TACACS+ serves already configured, entering another server IP address

makes that server the second-choice (backup) TACACS+ server.

3. When there are two TACACS+ servers already configured, entering another server IP address

makes that server the third-choice (backup) TACACS+ server.

The above position assignments are fixed. If you remove one server and replace it with another,

the new server assumes the priority position that the removed server had. For example, suppose

you configured three servers, A, B, and C, configured in order:

First-Choice:A

Second-Choice:B

Third-Choice: C

If you removed server B and then entered server X, the TACACS+ server order of

priority would be:

First-Choice:A

Second-Choice:X

Third-Choice: C

If there are two or more vacant slots in the TACACS+ server priority list and you enter a new IP

address, the new address will take the vacant slot with the highest priority. Thus, if A, B, and C

are configured as above and you (1) remove A and B, and (2) enter X and Y (in that order), then

the new TACACS+ server priority list would be X, Y, and C. The easiest way to change the order

of the TACACS+ servers in the priority list is to remove all server addresses in the list and then

re-enter them in order, with the new first-choice server address first, and so on. To add a new

address to the list when there are already three addresses present, you must first remove one of

the currently listed addresses. See also “General authentication process using a TACACS+ server”

(page 135). Default: None

Optional, global "encryption key"

Syntax:

key<key-string>

Specifies the optional, global "encryption key" that is also assigned in the TACACS+

servers that the switch will access for authentication. This option is subordinate to

any "per-server" encryption keys you assign, and applies only to accessing

TACACS+ servers for which you have not given the switch a "per-server" key. (See

the

host <ip-addr> [key key-string]

entry above)

You can configure a TACACS+ encryption key that includes a tilde (~) as part of

the key, for example, "hp~switch". It is not backward compatible; the "~" character

is lost if you use a software version that does not support the "~" character

For more on the encryption key, see “Using the encryption key” (page 133) and the

documentation provided with your TACACS+ server application.

Specifies how long the switch waits for a TACACS+ server to respond to an

authentication request

Syntax:

timeout 1 - 255

Configuring 127