HP (Hewlett-Packard) Q.11. (2510-24) ユーザーズマニュアル
4-15
TACACS+ Authentication
Configuring TACACS+ on the Switch
Configuring the Switch’s TACACS+ Server Access
The tacacs-server command configures these parameters:
■
The host IP address(es)
for up to three TACACS+ servers; one first-
choice and up to two backups. Designating backup servers provides
for a continuation of authentication services in case the switch is
unable to contact the first-choice server.
for a continuation of authentication services in case the switch is
unable to contact the first-choice server.
■
An optional encryption key.
This key helps to improve security,
and must match the encryption key used in your TACACS+ server
application. In some applications, the term “secret key” or “secret”
may be used instead of “encryption key”. If you need only one encryp-
tion key for the switch to use in all attempts to authenticate through
a TACACS+ server, configure a global key. However, if the switch is
configured to access multiple TACACS+ servers having different
encryption keys, you can configure the switch to use different encryp-
tion keys for different TACACS+ servers.
application. In some applications, the term “secret key” or “secret”
may be used instead of “encryption key”. If you need only one encryp-
tion key for the switch to use in all attempts to authenticate through
a TACACS+ server, configure a global key. However, if the switch is
configured to access multiple TACACS+ servers having different
encryption keys, you can configure the switch to use different encryp-
tion keys for different TACACS+ servers.
■
The timeout value
in seconds for attempts to contact a TACACS+
server. If the switch sends an authentication request, but does not
receive a response within the period specified by the timeout value,
the switch resends the request to the next server in its Server IP Addr
list, if any. If the switch still fails to receive a response from any
TACACS+ server, it reverts to whatever secondary authentication
method was configured using the
receive a response within the period specified by the timeout value,
the switch resends the request to the next server in its Server IP Addr
list, if any. If the switch still fails to receive a response from any
TACACS+ server, it reverts to whatever secondary authentication
method was configured using the
aaa authentication command (local
N o t e
As described under “General Authentication Setup Procedure” on page 4-5,
ProCurve recommends that you configure, test, and troubleshoot authentica-
tion via Telnet access before you configure authentication via console port
access. This helps to prevent accidentally locking yourself out of switch
access due to errors or problems in setting up authentication in either the
switch or your TACACS+ server.
ProCurve recommends that you configure, test, and troubleshoot authentica-
tion via Telnet access before you configure authentication via console port
access. This helps to prevent accidentally locking yourself out of switch
access due to errors or problems in setting up authentication in either the
switch or your TACACS+ server.