HP (Hewlett-Packard) 2650 (J4899A/B) ユーザーズマニュアル
4-25
TACACS+ Authentication
Configuring TACACS+ on the Switch
Messages Related to TACACS+
Operation
Operation
The switch generates the CLI messages listed below. However, you may see
other messages generated in your TACACS+ server application. For informa-
tion on such messages, refer to the documentation you received with the
application.
other messages generated in your TACACS+ server application. For informa-
tion on such messages, refer to the documentation you received with the
application.
Operating Notes
■
If you configure Authorized IP Managers on the switch, it is not
necessary to include any devices used as TACACS+ servers in the
authorized manager list. That is, authentication traffic between a
TACACS+ server and the switch is not subject to Authorized IP
Manager controls configured on the switch. Also, the switch does not
attempt TACACS+ authentication for a management station that the
Authorized IP Manager list excludes because, independent of
TACACS+, the switch already denies access to such stations.
necessary to include any devices used as TACACS+ servers in the
authorized manager list. That is, authentication traffic between a
TACACS+ server and the switch is not subject to Authorized IP
Manager controls configured on the switch. Also, the switch does not
attempt TACACS+ authentication for a management station that the
Authorized IP Manager list excludes because, independent of
TACACS+, the switch already denies access to such stations.
CLI Message
Meaning
Connecting to Tacacs server
The switch is attempting to contact the TACACS+ server identified in the switch’s
tacacs-
server
configuration as the first-choice (or only) TACACS+ server.
Connecting to secondary
Tacacs server
Tacacs server
The switch was not able to contact the first-choice TACACS+ server, and is now
attempting to contact the next (secondary) TACACS+ server identified in the switch’s
attempting to contact the next (secondary) TACACS+ server identified in the switch’s
tacacs-server
configuration.
Invalid password
The system does not recognize the username or the password or both. Depending on the
authentication method (tacacs or local), either the TACACS+ server application did not
recognize the username/password pair or the username/password pair did not match the
username/password pair configured in the switch.
authentication method (tacacs or local), either the TACACS+ server application did not
recognize the username/password pair or the username/password pair did not match the
username/password pair configured in the switch.
No Tacacs servers
responding
responding
The switch has not been able to contact any designated TACACS+ servers. If this message
is followed by the Username prompt, the switch is attempting local authentication.
is followed by the Username prompt, the switch is attempting local authentication.
Not legal combination of
authentication methods
authentication methods
For console access, if you select tacacs as the primary authentication method, you must
select local as the secondary authentication method. This prevents you from being locked
out of the switch if all designated TACACS+ servers are inaccessible to the switch.
select local as the secondary authentication method. This prevents you from being locked
out of the switch if all designated TACACS+ servers are inaccessible to the switch.
Record already exists
When resulting from a
tacacs-server host
<ip addr> command, indicates an attempt to
enter a duplicate TACACS+ server IP address.