HP procurve 2500 Manual Do Utilizador
179
Enhancements in Release F.02.02
TACACS+ Authentication for Centralized Control of Switch Access Security
TACACS+ Authentication for Centralized Control of Switch Access Security
Adding, Removing, or Changing the Priority of a TACACS+ Server.
Suppose that the switch
was already configured to use TACACS+ servers at 10.28.227.10 and 10.28.227.15. In this case,
10.28.227.15 was entered first, and so is listed as the first-choice server:
10.28.227.15 was entered first, and so is listed as the first-choice server:
Figure 85. Example of the Switch with Two TACACS+ Server Addresses Configured
To move the "first-choice" status from the "15" server to the "10" server, use the
no tacacs-server host <ip-
addr>
command to delete both servers, then use
tacacs-server host <ip-addr>
to re-enter the "10" server
first, then the "15" server.
The servers would then be listed with the new "first-choice" server, that is:
Figure 86.
Example of the Switch After Assigning a Different "First-Choice" Server
To remove the 10.28.227.15 device as a TACACS+ server, you would use this command:
HP2512(config)# no tacacs-server host 10.28.227.15
Configuring an Encryption Key.
Use an encryption key in the switch if the switch will be
requesting authentication from a TACACS+ server that also uses an encryption key. (If the server
expects a key, but the switch either does not provide one, or provides an incorrect key, then the
authentication attempt will fail.) Use a global encryption key
expects a key, but the switch either does not provide one, or provides an incorrect key, then the
authentication attempt will fail.) Use a global encryption key
if the same key applies to all TACACS+
servers the switch may use for authentication attempts. Use a per-server encryption key if different
servers the switch may use will have different keys. (For more details on encryption keys, see
servers the switch may use will have different keys. (For more details on encryption keys, see
First-Choice TACACS+ Server
The "10" server is now the "first-choice" TACACS+ authentication device.