HP (Hewlett-Packard) 445946-001 ユーザーズマニュアル

 

 

 

Accessing the switch

 

 

 

  

 

27

 

Alternate mapping between TACACS+ privilege levels and HP 10GbE switch management access levels 
is shown in the table below. Use the command 

/cfg/sys/tacacs/cmap ena

 to use the alternate 

TACACS+ privilege levels.  

 Alternate TACACS+ privilege levels 

user 0—1 

oper 6—8 

admin 14—15 

 

You can customize the mapping between TACACS+ privilege levels and HP 10GbE switch management 
access levels. Use the command 

/cfg/sys/tacacs/usermap

 to manually map each TACACS+ 

privilege level (0-15) to a corresponding HP 10GbE switch management access level (user, oper, admin, 
none).  
If the remote user is authenticated by the authentication server, the HP 10GbE switch verifies the privileges 

of the remote user and authorizes the appropriate access. When both the primary and secondary 

authentication servers are not reachable, the administrator has an option to allow backdoor access via 
the console only or console and Telnet access. The default value is 

disable

 for Telnet access and 

enable

 for console access. The administrator also can enable secure backdoor 

(

/cfg/sys/tacacs/secbd

) to allow access if both the primary and secondary TACACS+ servers fail to 

respond.  

Accounting 

Accounting is the action of recording a user’s activities on the device for the purposes of billing and/or 
security. It follows the authentication and authorization actions. If the authentication and authorization is 

not performed via TACACS+, no TACACS+ accounting messages are sent out.  
You can use TACACS+ to record and track software logins, configuration changes, and interactive 

commands. 
The switch supports the following TACACS+ accounting attributes: 

•

protocol (console/telnet/ssh/http) 

•

start_time 

•

stop_time 

•

elapsed_time 

 

 

 When using the browser-based Interface, the TACACS+ Accounting Stop records are sent 

only if the Quit button on the browser is clicked.