Справочник Пользователя для HP procurve 2500

179    

Enhancements in Release F.02.02
TACACS+ Authentication for Centralized Control of Switch Access Security

Suppose that the switch 

was already configured to use TACACS+ servers at 10.28.227.10 and 10.28.227.15. In this case, 
10.28.227.15 was entered first, and so is listed as the first-choice server:

To move the "first-choice" status from the "15" server to the "10" server, use the 

addr>

 command to delete both servers, then use 

tacacs-server host <ip-addr>

 to re-enter the "10" server 

first, then the "15" server.

The servers would then be listed with the new "first-choice" server, that is:

To remove the 10.28.227.15 device as a TACACS+ server, you would use this command:

HP2512(config)# no tacacs-server host 10.28.227.15

Use an encryption key in the switch if the switch will be 

requesting authentication from a TACACS+ server that also uses an encryption key. (If the server 
expects a key, but the switch either does not provide one, or provides an incorrect key, then the 
authentication attempt will fail.) Use a global encryption key

 

if the same key applies to all TACACS+ 

servers the switch may use for authentication attempts. Use a per-server encryption key if different 
servers the switch may use will have different keys. (For more details on encryption keys, see 

the Encryption Key” on page 183.)

First-Choice TACACS+ Server

The "10" server is now the "first-choice" TACACS+ authentication device.