TACACS+ Authentication
Configuring TACACS+ on the Switch
| To delete a |
| host command without the key parameter. For example, if you have north01 |
| configured as the encryption key for a TACACS+ server with an IP address of |
| 10.28.227.104 and you want to eliminate the key, you would use this command: |
| ProCurve(config)# |
|
|
Note | The show tacacs command lists the global encryption key, if configured. |
| However, to view any configured |
| show config or show config running (if you have made TACACS+ configuration |
| changes without executing write mem). |
| Configuring the Timeout Period. The timeout period specifies how long |
| |
| the switch waits for a response to an authentication request from a TACACS+ |
| server before either sending a new request to the next server in the switch’s |
| Server IP Address list or using the local authentication option. For example, |
| to change the timeout period from 5 seconds (the default) to 3 seconds: |
| ProCurve(config)# |
General Authentication Process Using a TACACS+
Server
Authentication through a TACACS+ server operates generally as described below. For specific operating details, refer to the documentation you received with your TACACS+ server application.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| Terminal “A” Directly Accessing This |
| |||||||
|
|
|
|
|
| |||||||||||||
|
|
|
|
|
|
|
|
| Switch Via Switch’s Console Port |
| ||||||||
| TACACS+ Server |
|
|
|
|
|
|
|
| |||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| ||
|
|
|
|
| ProCurve Switch |
|
|
|
| A |
|
|
|
| ||||
|
|
|
|
| Configured for |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| TACACS+ Operation |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| ||
| TACACS+ Server |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| ||
| (Optional) |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| ||||
|
|
|
|
|
|
|
|
|
| Terminal “B” Remotely |
|
| ||||||
|
|
|
|
| ProCurve Switch |
|
|
|
| Accessing This Switch Via Telnet |
|
| ||||||
|
|
| Configured for |
|
|
|
|
|
|
|
|
|
|
|
|
| ||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| ||||
| TACACS+ Server |
|
| TACACS+ Operation |
|
|
|
|
|
|
| B |
|
|
|
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |||
| (Optional) |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|