Manualshelf

Access Security Guide K/KA/KB.15.15

ManualsBrandsHP ManualsNetwork HardwareHP 5406R-8XGT/8SFP+ (No PSU) v2 zl2 Switch
121122123124125126127128129130
Configuring the Timeout period
The timeout period specifies how long the switch waits for a response to an authentication request
from a TACACS+ server before either sending a new request to the next server in the switch Server
IP Address list or using the local authentication option. For example, to change the timeout period
from 5 seconds (the default) to 3 seconds:
HPswitch(config)# tacacs-server timeout 3
TACACS+ server and optionally assigns a serverspecific encryption key
Syntax
tacacs-server host < ip-addr > [key < key-string > |
encrypted-key <key-string> | [oobm]
Adds a TACACS+ server and optionally assigns a serverspecific encryption key. If
the switch is configured to access multiple TACACS+ servers having different
encryption keys, you can configure the switch to use different encryption keys for
different TACACS+ servers.
NOTE: For the 3800, 5400zl, and 8200zl switches, when the switch is in
enhanced secure mode, commands that take a secret key as a parameter have the
echo of the secret typing replaced with asterisks. The input for <key-string> is
prompted for interactively. See “Secure Mode (3800, 5400zl, and 8200zl
Switches)” (page 498).
[no]tacacs-server host < ip-addr>
Removes a TACACS+ server assignment (including its server-specific encryption key, if any).
tacacs-server [key <key-string>| encrypted-key <key-string>]
Configures an optional global encryption key. Keys configured in the switch must
exactly match the encryption keys configured in the TACACS+ servers that the
switch will attempt to use for authentication. The encrypted-key parameter configures
a global encryption key, specified using a base64-encoded aes-256 encrypted
strin
[no]tacacs-server key
Removes the optional global encryption key. (Does not affect any server-specific
encryption key assignments.)
tacacs-server encrypted-key <key-string>
Encryption key to use with a TACACS+ server, specified using a base64-encoded
aes-256 encrypted string.
tacacs-server timeout < 1-255 >
Changes the wait period for a TACACS server response. (Default: 5 seconds.)
Configuring 129