Enhancements in Release F.02.02

TACACS+ Authentication for Centralized Control of Switch Access Security

To configure westside as a global encryption key:HP2512(config) tacacs-server key westsideTo configure westside as a per-server encryption key:HP2512(config)tacacs-server host 10.28.227.63 key westside

An encryption key can contain up to 100 characters, without spaces, and is likely to be case-sensitive in most TACACS+ server applications.

To delete a global encryption key from the switch, use this command:HP2512(config)# no tacacs-server key

To delete a per-server encryption key in the switch, re-enter the tacacs-server host command without the key parameter. For example, if you have westside configured as the encryption key for a TACACS+ server with the IP address of 10.28.227.104 and you wanted to eliminate the key, you would use this command:

HP2512(config)# tacacs-server host 10.28.227.104

Note

The show tacacs command lists the global encryption key, if configured. However, to view any configured per-server encryption keys, you must use show config running.

Configuring the Timeout Period. The timeout period specifies how long the switch waits for a response to an authentication request from a TACACS+ server before either sending a new authentication request to the next server in the switch’s Server IP Address list or using the local authentication option. For example, to change the timeout period from 5 seconds (the default) to 3 seconds:

HP2512(config)# tacacs-server timeout 3

180