HP xw460c Blade manual Port TCP port number, Telnet enabledisable

Page 95

TACACS+ (Terminal Access Controller Access Control System) is an authentication protocol that allows a remote access server to forward a user's logon password to an authentication server to determine whether access can be allowed to a given system. TACACS+ and Remote Authentication Dial-In User Service (RADIUS) protocols are more secure than the TACACS encryption protocol. TACACS+ is described in RFC 1492.

TACACS+ protocol is more reliable than RADIUS, as TACACS+ uses the Transmission Control Protocol (TCP) whereas RADIUS uses the User Datagram Protocol (UDP). Also, RADIUS combines authentication and authorization in a user profile, whereas TACACS+ separates the two operations.

TACACS+ offers the following advantages over RADIUS as the authentication device:

TACACS+ is TCP-based, so it facilitates connection-oriented traffic.

It supports full-packet encryption, as opposed to password-only in authentication requests.

It supports decoupled authentication, authorization, and accounting.

The following table describes the TACACS+ Server Configuration Menu options.

Table 82 TACACS+ Server Configuration Menu options

Command

Description

 

 

prisrv <IP address>

Defines the primary TACACS+ server address.

 

 

secsrv <IP address>

Defines the secondary TACACS+ server address.

 

 

secret <1-32 characters>

This is the shared secret between the switch and the TACACS+ server(s).

 

 

secret2 <1-32 characters>

This is the secondary shared secret between the switch and the TACACS+

 

server(s).

 

 

port <TCP port number>

Enter the number of the TCP port to be configured, between 1 - 65000. The

 

default is 49.

 

 

retries <1-3>

Sets the number of failed authentication requests before switching to a different

 

TACACS+ server. The range is 1-3 requests. The default is 3 requests.

 

 

timeout <4-15>

Sets the amount of time, in seconds, before a TACACS+ server authentication

 

attempt is considered to have failed. The range is 4-15 seconds. The default is 5

 

seconds.

 

 

telnet enabledisable

Enables or disables the TACACS+ back door for telnet. The telnet command

 

also applies to SSH/SCP connections and the Browser-based Interface (BBI). This

 

command does not apply when secure backdoor (secbd) is enabled.

secbd enabledisable

Enables or disables the TACACS+ back door using secure password for telnet/SSH/ HTTP/HTTPS. This command does not apply when backdoor (telnet) is enabled.

cmap enabledisable

Enables or disables TACACS+ privilege-level mapping. The default value is disabled.

usermap <0-15>

Maps a TACACS+ authorization level to a GbE2c user level. Enter a TACACS+

 

useroperadminnone

authorization level (0-15), followed by the corresponding GbE2c user level.

 

 

 

 

on

Enables the TACACS+ server.

 

 

 

 

off

Disables the TACACS+ server.

 

 

 

 

cur

Displays current TACACS+ configuration parameters.

 

 

 

 

 

 

 

IMPORTANT: If TACACS+ is enabled, you must login using TACACS+ authentication when connecting via the console or Telnet/SSH/HTTP/HTTPS. Backdoor for console is always enabled, so you can connect using notacacs and the administrator password even if the backdoor (telnet) or secure backdoor (secbd) are disabled.

If Telnet backdoor is enabled (telnet ena), type in notacacs as a backdoor to bypass TACACS+ checking, and use the administrator password to log into the switch. The switch allows this even if TACACS+ servers are available.

If secure backdoor is enabled (secbd ena), type in notacacs as a backdoor to bypass TACACS+ checking, and use the administrator password to log into the switch. The switch allows this only if TACACS+ servers are not available.

Configuration Menu 95

Page 94 Page 96
Image 95
Page 94 Page 96
Contents HP GbE2c Ethernet Blade Switch for c-Class BladeSystem Page Contents Statistics Menu Configuration Menu 111 Index Command line interface Establishing a console connection Connecting to the switchIntroduction Additional referencesEstablishing an SSH connection Setting an IP addressTelnet GbE2c Ethernet Blade Switch IP address Establishing a Telnet connection# ssh user@GbE2c Ethernet Blade Switch IP address Accessing the switchIdle timeout AaBbCc123 Typographical conventionsMenu summary Main MenuTraceroute host name IP address max-hops msec Global commandsDelay Telnet hostname IP address port Command line history and editingTab completion Command line interface shortcutsCommand stacking Command abbreviation# /cfg/sys/ssnmp/rcommwcomm Configuring Simple Network Management Protocol support# /cfg/sys/access/snmp disableread onlyread/write Main# /cfgSystem# apply System# save Setting passwordsChanging the default administrator password Changing the default user password Changing the default operator password Menu overview Information MenuSNMPv3 Information Menu System Information MenuV1v2only AdminshaSNMPv3 USM User Table information CommSNMPv3 View Table information SNMPv3 Access Table informationPrefix SNMPv3 Group Table informationSNMPv3 Community Table information SNMPv3 Target Parameters Table information SNMPv3 Target Address Table informationSec Level Command /info/sys/snmpv3/notify NameTag V1v2trapv1v2trapSNMPv3 Notify Table information SNMPv3 dump System information System user information Show last 100 syslog messages8021x Stp Cfg/sys/access/user/uid commandLayer 2 information Port port number FDB information menuFind MAC address Vlan Show all FDB information Link Aggregation Control Protocol informationLacp dump 802.1x information Spanning Tree information Port Auth ModeAuthenticator PAE State Command /info/l2/stpHello Current RootPath-Cost Priority bridgeDesg 8018 Rapid Spanning Tree and Multiple Spanning Tree informationDesignated port Desg 8017 P2P2,EdgeDisabled DSB Common Internal Spanning Tree information Discarding Disc , Learning LRN , Forwarding FWD , or Disabled DSBTrunk group information Layer 3 information Vlan informationLayer 2 general information If IP address Route informationFind IP address Gw IP addressShow all IP Route information Vlan Command /info/arp/dump IP address Flags MAC addressARP information Show all ARP entry informationDbase Sumaddr Nsumadd Routes Dump Ospf informationNbr nbr router-id A.B.C.D Ospf Database information menu Ospf general informationOspf interface information Nw adv-rtr A.B.C.D linkstateid A.B.C.Dself Advrtr router-id A.B.C.DAsbrsum adv-rtr A.B.C.D Linkstateid A.B.C.Dself Ext adv-rtr A.B.C.D linkstateid A.B.C.DselfRIP Routes information Ospf route codes informationRouting Information Protocol information Igmp multicast group information RIP user configurationIP information Vrrp information Command /info/l3/vrrp Vrrp informationIgmp multicast router port information 8021p QoS information802.1p information QoS Menu 8021p Show QOS 802.1p informationRmon Information Menu ACL informationInterval Rmon history informationRmon event information Rmon alarm informationCommand /info/rmon/event Link status information VLANs Command /info/port Port Tag Rmon PvidPort information Uplink Failure Detection information Command /info/geaport Logical Port GEA Port0-based GEA UnitUplink Failure Detection Enabled LtM status Down Member Logical Port to GEA Port mappingInformation dump Command /info/dumpUfd clear Menu informationNtp clear Port Statistics Menu AuthSuccessesWhile Authenticating802.1x statistics Supplicant Bridging statisticsBackendNonNakResponsesFrom Ethernet statistics Dot3StatsMultipleCollisionFrames Dot3StatsFCSErrorsDot3StatsInternalMacTransmitErrors Dot3StatsSingleCollisionFramesInterface statistics Link statistics Internet Protocol IP statisticsPort Rmon statistics FDB statistics Layer 2 statisticsClrigmp 1- 4095 all Lacp statisticsLayer 3 statistics Arp clearL3 bucket for An IP address Dump GEA Layer 3 statistics menuGEA Layer 3 statistics IP statisticsARP statistics Route statisticsIcmp statistics DNS statisticsTCP statistics UDP statistics Ospf stats Menu Command /stats/l3/ospfIgmp Multicast Group statistics Ospf statistics menuOspf global statistics Nbr change Tx ls UpdatesVrrp statistics Timers KickoffPacket statistics Command /stats/l3/ripManagement Processor statistics RIP statistics10ad41e8/10ad5790 AllocsACL statistics Access Control List ACL statistics menuCPU statistics Snmp statistics Only NTP statistics Number of times LtM link in Blocking Command /stats/dumpUplink Failure Detection statistics Statistics dumpConfiguration Menu Applying pending changes Saving the configurationViewing, applying, reverting, and saving changes Viewing pending changesReminders System configurationHost IP address System host log configurationLine to end Bannr 1-80 charactersLog featureall enabledisable Secure Shell Server configurationConsole disableenable Sshport TCP port number Radius server configurationCommand /cfg/sys/radius IntrvalTACACS+ server configuration Port TCP port number Telnet enabledisableCommand /cfg/sys/ssnmp NTP server configurationSystem Snmp configuration Dlight disableenableCharacters SNMPv3 configurationName 1-64 characters V1v2 disableenable User Security Model configurationMask 1-32 characters SNMPv3 View configurationName 1-32 characters Tree 1-32 charactersNoAuthNoPrivauthNo View-based Access Control Model configurationSNMPv3 Group configuration Usmsnmpv1snmpv2 LevelDel Deletes the vacmSecurityToGroup entry Cur SNMPv3 Community Table configurationUsmsnmpv1snmpv2 Uname Address ip Port transport SNMPv3 Target Address Table configurationSNMPv3 Target Parameters Table configuration Addr transportSnmpv1snmpv2csnmp Model SNMPv3 Notify Table configurationManagement Networks configuration System Access configurationUseroperadmin Name User Access Control configurationUser ID configuration Access enabledisable Port configurationHttps Access configuration Name 1-64 characters none Temporarily disabling a port Port link configurationPort ACL/QoS configuration Layer 2 configuration802.1x configuration Unauthautoforce-auth 802.1x Global configurationMode force Reauth onoff 802.1x Port configurationRev Mode rstpmstp4095 Common Internal Spanning Tree configurationBridge parameter menu Port parameter menuCist port configuration Cist bridge configurationLink autop2pshared Spanning Tree configurationEdge disableenable CostBridge Spanning Tree configuration Cur Display current port Spanning Tree parameters Spanning Tree port configurationFastfwd disableenable Forwarding Database configurationStatic FDB configuration Add port number Trunk configurationMAC address Vlan port Clear mac MAC AddressVLAN 1-4095 Port port numberAllLink Aggregation Control Protocol configuration IP Trunk Hash configurationLayer 2 IP Trunk Hash configuration Mode offactivepassive Lacp Port configurationVlan configuration Timeout shortlongList of port numbers Layer 3 configurationPort number Mask IP subnet mask IP interface configurationAddr IP address Default Gateway configuration IP Static Route configurationDirbr disableenable Address Resolution Protocol configurationIP Forwarding configuration Network Filter configurationLp 0-4294967294 none Route Map configurationAp AS number AS number AS Action permitdeny IP Access List configurationAutonomous System Path configuration Metric 1-4294967294noneRouting Information Protocol configuration RIP Interface configuration Remove 1-32 1-32all Open Shortest Path First configurationRIP Route Redistribution configuration Add 1-32 1-32allRedist fixedstaticrip Osfp Area Index configurationDefault 1-16777215 12none Md5key 1-255 charactersType transitstubnssa Ospf Summary Range configurationAuth nonepasswordmd5 Areaid IP addressMdkey 1-255none Ospf Interface configurationMask IP address mask Key key stringnoneNbr IP address Ospf Virtual Link configurationKey password Export 1-16777215 12none Ospf Host Entry configurationOspf Route Redistribution configuration Rem 1-32 1-32 ... allOspf MD5 Key configuration Igmp configurationSrcip IP address Igmp snooping configurationAggr disableenable Fastlv 1-4095 disableenableFilter Igmp static multicast router configurationIgmp filtering configuration Add port number 1-4095Multicast address Igmp filtering port configurationIgmp filter definition Range IP multicast address IPDomain Name System configuration Bootstrap Protocol Relay configurationVrrp Virtual Router configuration Virtual Router Redundancy Protocol configurationPreem disableenable Ifs disableenable Vrrp Virtual Router Priority Tracking configurationVrrp Virtual Router Group configuration Vrs disableenableVrrp Virtual Router Group Priority Tracking configuration Passw password Vrrp Interface configurationVrrp Tracking configuration QoS 802.1p configuration Quality of Service configurationAccess Control configuration Stats ed Access Control List configurationEgrport port number Action permitdenysetprioACL IP Version 4 Filter configuration ACL Ethernet Filter configurationFlags value 0x0-0x3f ACL TCP/UDP Filter configurationSport 1-65535 port mask Cir ACL Meter configurationACL Re-mark configuration Enable edACL Re-mark Out-of-Profile configuration ACL Re-mark In-Profile configurationACL Re-mark In-Profile Update User Priority configuration ACL Group configuration Remote Monitoring configurationACL Packet Format configuration Owner 1-127 characters Rmon history configurationIfoid 1-127 characters Type nonelogtrapboth Rmon event configurationRmon alarm configuration Descn 1-127 charactersFlimit -2147483647 to Port mirroringRlimit -2147483647 to 2147483647Rem mirrored port Uplink Failure Detection configurationPort-based port mirroring Add mirrored port inoutbothRemport port number Failure Detection Pair configurationLink to Monitor configuration Addport port numberAddport port number Remport port number Saving the active switch configurationLink to Disable configuration DumpConfiguration# gtcfg FTP/TFTP server filename Restoring the active switch configurationCommand /cfg/gtcfg FTP/TFTP server filename Operations-level port options Operations MenuOperations-level Vrrp options Reset ReauthOperations-level port 802.1x options Downloading new software to the switch Updating the switch software imageAddress Selecting a software image to runBoot Options# conf Uploading a software image from the switchSelecting a configuration block Boot Options# ptimgBoot Options# cur Resetting the switchAccessing the Iscli Boot Options# resetMaintenance Menu 0xXXXXXXXX System maintenance optionsForwarding Database options Flags new Nvram flags word asARP cache options Debugging optionsBroadcastmartian IP Route Manipulation optionsIgmp Multicast Group options Igmp Mrouter options Igmp Snooping optionsClearing dump information Uuencode flash dumpFTP/TFTP system dump put Unscheduled system dumps Panic commandCommand /maint/panic Confirm dump and reboot y/n yIndex
Related manuals
Manual 33 pages 57.51 Kb
Top Page Image Contents