HP 10Gb Ethernet BL-c Switch Browser-based Interface Reference Guide

ManualsBrandsHP ManualsComputer AccessoriesHP 10Gb Ethernet Blade Switch for c-Class BladeSystem

151

152

153

154

155

156

157

158

159

160

Configuring the switch

156

TACACS+ offers the following advantages over RADIUS as the authentication device:

• TACACS+ is TCP-based, so it facilitates connection-oriented traffic.

• It supports full-packet encryption, as opposed to password-only in authentication requests.

• It supports decoupled authentication, authorization, and accounting.

The following table describes Switch TACACS+ Configuration controls:

Table 102 Switch TACACS+ Configuration controls

Control Description

Primary Tacacs+ IP Address Configures the primary TACACS+ server address.

Secondary Tacacs+ IP Address Configures the secondary TACACS+ server address.

Tacacs+ port (1-65000) Configures the number of the TCP port to be configured,

between 1 and 65000. The default is 49.

Tacacs+ timeout (4-15) Configures the amount of time, in seconds, before a TACACS+

server authentication attempt is considered to have failed. The

default timeout is 5 seconds.

Tacacs+ retries (1-3) Configures the number of failed authentication requests before

switching to a different TACACS+ server. The default retry count is

3 requests.

Enable/Disable Tacacs+ Server Enables or disables the TACACS+ server.

Enable/Disable Tacacs+ Backdoor for

telnet/ssh/http/https

Enables or disables the TACACS+ backdoor for

telnet/SSH/HTTP/HTTPS.

Enable/Disable Secure Tacacs+ Backdoor for

telnet/ssh/http/https

Enables or disables the TACACS+ back door using secure

password for telnet/SSH/HTTP/HTTPS.

Enable/Disable Tacacs+ new privilege level

mapping

Enables or disables TACACS+ privilege-level mapping.

The default value is disabled.

Tacacs+ Secret Configures the shared secret (up to 32 characters) between the

switch and the TACACS+ server.

Secondary Tacacs+ Server Secret Configures the secondary shared secret (up to 32 characters)

between the switch and the TACACS+ server.

Tacacs+ User Mappings Configuration Maps a TACACS+ privilege level to a HP 10GbE switch user level,

as follows:

Remote Privilege—Enter a TACACS+ privilege level (0-15)

Local Privilege—Select the corresponding switch user level.

IMPORTANT: If TACACS+ is enabled, you must login using TACACS+ authentication when

connecting via the console or Telnet/SSH/HTTP/HTTPS. Backdoor for console is always enabled,

so you can connect using notacacs and the administrator password even if the backdoor or

secure backdoor are disabled.

If Telnet backdoor is enabled, type in notacacs as a backdoor to bypass TACACS+ checking,

and use the administrator password to log into the switch. The switch allows this even if TACACS+

servers are available.

If secure backdoor is enabled, type in notacacs as a backdoor to bypass TACACS+ checking,

and use the administrator password to log into the switch. The switch allows this only if TACACS+