KB.15.15

ManualsBrandsHP ManualsNetwork HardwareHP 5406R-8XGT/8SFP+ (No PSU) v2 zl2 Switch

131

132

133

134

135

136

137

138

139

140

the two servers in the previous example, you will need to assign a server-specific key in the switch

that applies only to the designated server:

HPswitch(config)# tacacs-server host 10.28.227.87 key south10campus

With both of the above keys configured in the switch, the south10campus key overrides the

north40campus key only when the switch tries to access the TACACS+ server having the

10.28.227.87 address.

Messages related to TACACS+ operation

The switch generates the CLI messages listed below. However, you may see other messages

generated in your TACACS+ server application. For information on such messages, see the

documentation you received with the application.

MeaningCLI Message

The switch is attempting to contact the TACACS+ server identified in the

switch tacacs-server configuration as the first-choice (or only)

TACACS+ server.

Connecting to Tacacs server

The switch was not able to contact the first-choice TACACS+ server, and

is now attempting to contact the next (secondary) TACACS+ server

identified in the switch tacacs-server configuration.

Connecting to secondary Tacacs server

The system does not recognize the username or the password or both.

Depending on the authentication method (tacacs or local), either the

Invalid password

TACACS+ server application did not recognize the username/password

pair or the username/password pair did not match the username/password

pair configured in the switch.

The switch has not been able to contact any designated TACACS+ servers.

If this message is followed by the Username prompt, the switch is attempting

local authentication.

No Tacacs servers responding

For console access, if you select tacacs as the primary authentication

method, you must select local as the secondary authentication method.

Not legal combination of authentication

methods

This prevents you from being locked out of the switch if all designated

TACACS+ servers are inaccessible to the switch.

When resulting from a tacacs-server host <ip addr> command,

indicates an attempt to enter a duplicate TACACS+ server IP address.

Record already exists

Overview

TACACS+ authentication enables you to use a central server to allow or deny access to switches

and other TACACS-aware devices in your network. This allows use of a central database to create

multiple unique username/password sets with associated privilege levels, for use by individuals

accessing the switch from either its console port (local access) or Telnet (remote access).

134 TACACS+ Authentication