Manualshelf

Access Security Guide K/KA/KB.15.15

ManualsBrandsHP ManualsNetwork HardwareHP 5406R-8XGT/8SFP+ (No PSU) v2 zl2 Switch
131132133134135136137138139140
< login [privilege-mode] >
The server grants privileges at the operator privilege level. If the privilege-mode
option is entered, TACACS+ is enabled for a single login. The authorized privilege
level (operator or manager) is returned to the switch by the TACACS+ server.
Default: Single login disabled.
< local | tacacs | radius>
Selects the type of security access:
local
Authenticates with the manager and operator password you configure in the switch.
tacacs
Authenticates with a password and other data configured on a TACACS+ server.
radius
Authenticates with a password and other data configured on a RADIUS server.
[ < local | none > ]
If the primary authentication method fails, determines whether to use the local
password as a secondary method or to disallow access.
Syntax
aaa authentication num-attempts < 1-10 >
Specifies the maximum number of login attempts allowed in the current session.
Default: 3
Adding, removing, or changing the priority of a TACACS+ server
Example
Suppose the switch is configured to use TACACS+ servers at 10.28.227.10 and 10.28.227.15.
10.28.227.15 was entered first and so is listed as the first-choice server:
Figure 103 Example of the switch with two TACACS+ server addresses configured
To move the "first-choice" status from the "15" server to the "10" server, use the no
tacacs-server host <ip-addr> command to delete both servers, then use tacacs-server
host <ip-addr> to re-enter the "10" server first, then the "15" server.
The servers would then be listed with the new "first-choice" server, that is:
132 TACACS+ Authentication