Manualshelf

ProLiant BL p-Class GbE2 Interconnect Switch Application Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProLiant BL p-Class C-GbE2 Interconnect Switch
21222324252627282930
Accessing the GbE2 Interconnect Switch 22
Alternate mapping between TACACS+ privilege levels and GbE2 management access levels is shown in the
table below. Use the command /cfg/sys/tacacs/cmap ena to use the alternate TACACS+ privilege levels.
Table 5 Alternate TACACS+ privilege levels
User access level TACACS+ level
user 0 - 1
oper 6 - 8
admin 14 - 15
You can customize the mapping between TACACS+ privilege levels and GbE2 management access levels. Use
the /cfg/sys/tacacs/usermap command to manually map each TACACS+ privilege level (0-15) to a
corresponding GbE2 management access level (user, oper, admin, none).
If the remote user is authenticated by the authentication server, the GbE2 verifies the privileges of the remote user
and authorizes the appropriate access. When both the primary and secondary authentication servers are not
reachable, the administrator has an option to allow backdoor access via the console only or console and Telnet
access. The default is disable for Telnet access and enable for console access. The administrator also can enable
secure backdoor (/cfg/sys/tacacs/secbd) to allow access if both the primary and secondary TACACS+ servers
fail to respond.
Accounting
Accounting is the action of recording a user’s activities on the device for the purposes of billing and/or security.
It follows the authentication and authorization actions. If the authentication and authorization is not performed
via TACACS+, no TACACS+ accounting messages are sent out.
You can use TACACS+ to record and track software logins, configuration changes, and interactive commands.
The switch supports the following TACACS+ accounting attributes:
protocol (console/telnet/ssh/http)
start_time
stop_time
elapsed_time
NOTE: When using the Browser-based Interface, the TACACS+ Accounting Stop records are sent only if
the Quit button on the browser is clicked.
Configuring TACACS+ authentication on the switch (CLI example)
1. Turn TACACS+ authentication on, then configure the Primary and Secondary TACACS+ servers.
>> Main# /cfg/sys/tacacs (Select the TACACS+ Server menu)
>> TACACS+ Server# on (Turn TACACS+ on)
Current status: OFF
New status: ON
>> TACACS+ Server# prisrv 10.10.1.1 (Enter primary server IP)
Current primary TACACS+ server: 0.0.0.0
New pending primary TACACS+ server: 10.10.1.1
>> TACACS+ Server# secsrv 10.10.1.2 (Enter secondary server IP)
Current secondary TACACS+ server: 0.0.0.0
New pending secondary TACACS+ server: 10.10.1.2