HP procurve 2500 Manuale Utente

    184

TACACS+ Authentication for Centralized Control of Switch Access Security

For example, you would use the next command to configure a global encryption key in the switch to 
match a key entered as 

 

in two target TACACS+ servers. (That is, both servers use the 

same key for your switch.) Note that you do not need the server IP addresses to configure a global 
key in the switch:

HP2512(config)# tacacs-server key north40campus

Suppose that you subsequently add a third TACACS+ server (with an IP address of 10.28.227.87) that 
has 

 for an encryption key. Because this key is different than the one used for the two 

servers in the previous example, you will need to assign a per-server key in the switch that applies 
only to the designated server:

HP2512(config)# tacacs-server host 10.28.227.87 key south10campus

With both of the above keys configured in the switch, the 

 

key overrides the 

 

key only when the switch tries to access the TACACS+ server having the 10.28.227.87 address.

Controlling Web Browser Interface Access When Using TACACS+ 
Authentication

In release F.02.02, configuring the switch for TACACS+ authentication does not affect Web browser 
interface access. To prevent unauthorized access through the Web browser interface, do one or more 
of the following:

■

Configure local authentication (a Manager user name and password and, optionally, an 
Operator user name and password) on the switch.

■

Configure the switch’s Authorized IP Manager feature to allow Web browser access only 
from authorized management stations. (The Authorized IP Manager feature does not inter-
fere with TACACS+ operation.)

■

Disable Web browser access to the switch.