HP xw460c Blade manual TACACS+ server configuration

Page 94

The following table describes the RADIUS Server Configuration Menu options.

Table 81 RADIUS Server Configuration Menu options

Command

Description

 

 

prisrv <IP address>

Sets the primary RADIUS server address.

 

 

secsrv <IP address>

Sets the secondary RADIUS server address.

 

 

secret <1-32 characters>

This is the shared secret between the switch and the RADIUS server(s).

 

 

secret2 <1-32 characters>

This is the secondary shared secret between the switch and the RADIUS

 

server(s).

 

 

port <UDP port number>

Enter the number of the User Datagram Protocol (UDP) port to be

 

configured, between 1500-3000. The default is 1645.

 

 

retries <1-3>

Sets the number of failed authentication requests before switching to a

 

different RADIUS server. The range is 1-3 requests The default is 3

 

requests.

 

 

timeout <1-10>

Sets the amount of time, in seconds, before a RADIUS server

 

authentication attempt is considered to have failed. The range is 1-10

 

seconds. The default is 3 seconds.

 

 

telnet enabledisable

Enables or disables the RADIUS back door for telnet/SSH/ HTTP/HTTPS.

 

This command does not apply when secure backdoor (secbd) is

 

enabled.

secbd enabledisable

Enables or disables the RADIUS back door using secure password for telnet/SSH/ HTTP/HTTPS. This command does not apply when backdoor (telnet) is enabled.

on

Enables the RADIUS server.

 

 

 

off

Disables the RADIUS server. This is the default.

 

 

 

cur

Displays the current RADIUS server parameters.

 

 

 

 

 

 

IMPORTANT: If RADIUS is enabled, you must login using RADIUS authentication when connecting via the console or Telnet/SSH/HTTP/HTTPS. Backdoor for console is always enabled, so you can connect using noradius and the administrator password even if the backdoor (telnet) or secure backdoor (secbd) are disabled.

If Telnet backdoor is enabled (telnet ena), type in noradius as a backdoor to bypass RADIUS checking, and use the administrator password to log into the switch. The switch allows this even if RADIUS servers are available.

If secure backdoor is enabled (secbd ena), type in noradius as a backdoor to bypass RADIUS checking, and use the administrator password to log into the switch. The switch allows this only if RADIUS servers are not available.

TACACS+ server configuration

Command: /cfg/sys/tacacs+

[TACACS+ Server Menu]

prisrv

- Set IP address of primary TACACS+ server

secsrv

- Set IP address of secondary TACACS+ server

secret

- Set secret for primary TACACS+ server

secret2

- Set secret for secondary TACACS+ server

port

- Set TACACS+ port number

retries - Set number of TACACS+ server retries

timeout

- Set timeout value of TACACS+ server retries

telnet

- Enable/disable TACACS+ back door for telnet/ssh/http/https

secbd

- Enable/disable TACACS+ secure backdoor for telnet/ssh/http/https

cmap

- Enable/disable TACACS+ new privilege level mapping

usermap

- Set user privilege mappings

on

- Enable TACACS+ authentication

off

- Disable TACACS+ authentication

cur

- Display current TACACS+ settings

 

 

Configuration Menu 94

Page 93 Page 95
Image 94
Page 93 Page 95
Contents HP GbE2c Ethernet Blade Switch for c-Class BladeSystem Page Contents Statistics Menu Configuration Menu 111 Index Command line interface Additional references Connecting to the switchIntroduction Establishing a console connectionEstablishing a Telnet connection Setting an IP addressTelnet GbE2c Ethernet Blade Switch IP address Establishing an SSH connectionAccessing the switch # ssh user@GbE2c Ethernet Blade Switch IP addressIdle timeout Typographical conventions AaBbCc123Main Menu Menu summaryDelay Global commandsTraceroute host name IP address max-hops msec Command line history and editing Telnet hostname IP address portCommand abbreviation Command line interface shortcutsCommand stacking Tab completionMain# /cfg Configuring Simple Network Management Protocol support# /cfg/sys/access/snmp disableread onlyread/write # /cfg/sys/ssnmp/rcommwcommChanging the default administrator password Setting passwordsSystem# apply System# save Changing the default user password Changing the default operator password Information Menu Menu overviewSystem Information Menu SNMPv3 Information MenuComm AdminshaSNMPv3 USM User Table information V1v2onlySNMPv3 Access Table information SNMPv3 View Table informationSNMPv3 Community Table information SNMPv3 Group Table informationPrefix SNMPv3 Target Address Table information SNMPv3 Target Parameters Table informationSNMPv3 Notify Table information Command /info/sys/snmpv3/notify NameTag V1v2trapv1v2trapSec Level SNMPv3 dump System information Show last 100 syslog messages System user informationLayer 2 information Cfg/sys/access/user/uid command8021x Stp Find MAC address Vlan FDB information menuPort port number Link Aggregation Control Protocol information Show all FDB informationLacp dump 802.1x information Command /info/l2/stp Port Auth ModeAuthenticator PAE State Spanning Tree informationPriority bridge Current RootPath-Cost HelloDesg 8017 P2P2,Edge Rapid Spanning Tree and Multiple Spanning Tree informationDesignated port Desg 8018Disabled DSB Common Internal Spanning Tree information Trunk group information Disabled DSBDiscarding Disc , Learning LRN , Forwarding FWD , or Layer 2 general information Vlan informationLayer 3 information Gw IP address Route informationFind IP address If IP addressShow all IP Route information Show all ARP entry information Command /info/arp/dump IP address Flags MAC addressARP information VlanNbr nbr router-id A.B.C.D Ospf informationDbase Sumaddr Nsumadd Routes Dump Ospf interface information Ospf general informationOspf Database information menu Ext adv-rtr A.B.C.D linkstateid A.B.C.Dself Advrtr router-id A.B.C.DAsbrsum adv-rtr A.B.C.D Linkstateid A.B.C.Dself Nw adv-rtr A.B.C.D linkstateid A.B.C.DselfRouting Information Protocol information Ospf route codes informationRIP Routes information IP information RIP user configurationIgmp multicast group information Igmp multicast router port information Command /info/l3/vrrp Vrrp informationVrrp information QoS Menu 8021p Show QOS 802.1p information QoS information802.1p information 8021pACL information Rmon Information MenuRmon history information IntervalCommand /info/rmon/event Rmon alarm informationRmon event information Link status information Port information Command /info/port Port Tag Rmon PvidVLANs Logical Port to GEA Port mapping Command /info/geaport Logical Port GEA Port0-based GEA UnitUplink Failure Detection Enabled LtM status Down Member Uplink Failure Detection informationCommand /info/dump Information dumpNtp clear Menu informationUfd clear Port Statistics Menu 802.1x statistics AuthenticatingAuthSuccessesWhile BackendNonNakResponsesFrom Bridging statisticsSupplicant Ethernet statistics Dot3StatsSingleCollisionFrames Dot3StatsFCSErrorsDot3StatsInternalMacTransmitErrors Dot3StatsMultipleCollisionFramesInterface statistics Internet Protocol IP statistics Link statisticsPort Rmon statistics Layer 2 statistics FDB statisticsArp clear Lacp statisticsLayer 3 statistics Clrigmp 1- 4095 allIP statistics GEA Layer 3 statistics menuGEA Layer 3 statistics L3 bucket for An IP address DumpRoute statistics ARP statisticsDNS statistics Icmp statisticsTCP statistics UDP statistics Ospf statistics menu Command /stats/l3/ospfIgmp Multicast Group statistics Ospf stats MenuOspf global statistics Tx ls Updates Nbr changeTimers Kickoff Vrrp statisticsRIP statistics Command /stats/l3/ripManagement Processor statistics Packet statisticsAllocs 10ad41e8/10ad5790CPU statistics Access Control List ACL statistics menuACL statistics Snmp statistics Only NTP statistics Statistics dump Command /stats/dumpUplink Failure Detection statistics Number of times LtM link in BlockingConfiguration Menu Viewing pending changes Saving the configurationViewing, applying, reverting, and saving changes Applying pending changesSystem configuration RemindersBannr 1-80 characters System host log configurationLine to end Host IP addressConsole disableenable Secure Shell Server configurationLog featureall enabledisable Intrval Radius server configurationCommand /cfg/sys/radius Sshport TCP port numberTACACS+ server configuration Telnet enabledisable Port TCP port numberDlight disableenable NTP server configurationSystem Snmp configuration Command /cfg/sys/ssnmpName 1-64 characters SNMPv3 configurationCharacters User Security Model configuration V1v2 disableenableTree 1-32 characters SNMPv3 View configurationName 1-32 characters Mask 1-32 charactersUsmsnmpv1snmpv2 Level View-based Access Control Model configurationSNMPv3 Group configuration NoAuthNoPrivauthNoUsmsnmpv1snmpv2 Uname SNMPv3 Community Table configurationDel Deletes the vacmSecurityToGroup entry Cur Addr transport SNMPv3 Target Address Table configurationSNMPv3 Target Parameters Table configuration Address ip Port transportSNMPv3 Notify Table configuration Snmpv1snmpv2csnmp ModelSystem Access configuration Management Networks configurationUser ID configuration User Access Control configurationUseroperadmin Name Https Access configuration Port configurationAccess enabledisable Name 1-64 characters none Port link configuration Temporarily disabling a port802.1x configuration Layer 2 configurationPort ACL/QoS configuration Mode force 802.1x Global configurationUnauthautoforce-auth 802.1x Port configuration Reauth onoffMode rstpmstp RevPort parameter menu Common Internal Spanning Tree configurationBridge parameter menu 4095Cist bridge configuration Cist port configurationCost Spanning Tree configurationEdge disableenable Link autop2psharedBridge Spanning Tree configuration Spanning Tree port configuration Cur Display current port Spanning Tree parametersStatic FDB configuration Forwarding Database configurationFastfwd disableenable Clear mac MAC AddressVLAN 1-4095 Port port numberAll Trunk configurationMAC address Vlan port Add port numberLayer 2 IP Trunk Hash configuration IP Trunk Hash configurationLink Aggregation Control Protocol configuration Timeout shortlong Lacp Port configurationVlan configuration Mode offactivepassivePort number Layer 3 configurationList of port numbers Addr IP address IP interface configurationMask IP subnet mask IP Static Route configuration Default Gateway configurationNetwork Filter configuration Address Resolution Protocol configurationIP Forwarding configuration Dirbr disableenableAp AS number AS number AS Route Map configurationLp 0-4294967294 none Metric 1-4294967294none IP Access List configurationAutonomous System Path configuration Action permitdenyRouting Information Protocol configuration RIP Interface configuration Add 1-32 1-32all Open Shortest Path First configurationRIP Route Redistribution configuration Remove 1-32 1-32allMd5key 1-255 characters Osfp Area Index configurationDefault 1-16777215 12none Redist fixedstaticripAreaid IP address Ospf Summary Range configurationAuth nonepasswordmd5 Type transitstubnssaKey key stringnone Ospf Interface configurationMask IP address mask Mdkey 1-255noneKey password Ospf Virtual Link configurationNbr IP address Rem 1-32 1-32 ... all Ospf Host Entry configurationOspf Route Redistribution configuration Export 1-16777215 12noneIgmp configuration Ospf MD5 Key configurationFastlv 1-4095 disableenable Igmp snooping configurationAggr disableenable Srcip IP addressAdd port number 1-4095 Igmp static multicast router configurationIgmp filtering configuration FilterRange IP multicast address IP Igmp filtering port configurationIgmp filter definition Multicast addressBootstrap Protocol Relay configuration Domain Name System configurationVirtual Router Redundancy Protocol configuration Vrrp Virtual Router configurationPreem disableenable Vrs disableenable Vrrp Virtual Router Priority Tracking configurationVrrp Virtual Router Group configuration Ifs disableenableVrrp Virtual Router Group Priority Tracking configuration Vrrp Tracking configuration Vrrp Interface configurationPassw password Access Control configuration Quality of Service configurationQoS 802.1p configuration Action permitdenysetprio Access Control List configurationEgrport port number Stats edACL Ethernet Filter configuration ACL IP Version 4 Filter configurationSport 1-65535 port mask ACL TCP/UDP Filter configurationFlags value 0x0-0x3f Enable ed ACL Meter configurationACL Re-mark configuration CirACL Re-mark In-Profile Update User Priority configuration ACL Re-mark In-Profile configurationACL Re-mark Out-of-Profile configuration ACL Packet Format configuration Remote Monitoring configurationACL Group configuration Ifoid 1-127 characters Rmon history configurationOwner 1-127 characters Descn 1-127 characters Rmon event configurationRmon alarm configuration Type nonelogtrapboth2147483647 Port mirroringRlimit -2147483647 to Flimit -2147483647 toAdd mirrored port inoutboth Uplink Failure Detection configurationPort-based port mirroring Rem mirrored portAddport port number Failure Detection Pair configurationLink to Monitor configuration Remport port numberDump Saving the active switch configurationLink to Disable configuration Addport port number Remport port numberCommand /cfg/gtcfg FTP/TFTP server filename Restoring the active switch configurationConfiguration# gtcfg FTP/TFTP server filename Operations Menu Operations-level port optionsOperations-level port 802.1x options Reset ReauthOperations-level Vrrp options Updating the switch software image Downloading new software to the switchSelecting a software image to run AddressBoot Options# ptimg Uploading a software image from the switchSelecting a configuration block Boot Options# confBoot Options# reset Resetting the switchAccessing the Iscli Boot Options# curMaintenance Menu Flags new Nvram flags word as System maintenance optionsForwarding Database options 0xXXXXXXXXDebugging options ARP cache optionsIgmp Multicast Group options IP Route Manipulation optionsBroadcastmartian Igmp Snooping options Igmp Mrouter optionsFTP/TFTP system dump put Uuencode flash dumpClearing dump information Confirm dump and reboot y/n y Panic commandCommand /maint/panic Unscheduled system dumpsIndex
Related manuals
Manual 33 pages 57.51 Kb
Top Page Image Contents