Configuration Commands

 

Table 80 TACACS+ Server Configuration commands

 

 

 

 

 

Command

Description

 

 

 

 

 

tacacs-server port <TCP port number>

Enter the number of the TCP port to be configured, between 1

 

 

and 65000. The default is 49.

 

 

Command mode: Global configuration

 

 

 

 

 

tacacs-server retransmit <1-3>

Sets the number of failed authentication requests before

 

 

switching to a different TACACS+ server. The range is 1-3

 

 

requests. The default is 3 requests.

 

 

Command mode: Global configuration

 

 

 

 

 

tacacs-server timeout <4-15>

Sets the amount of time, in seconds, before a TACACS+

 

 

server authentication attempt is considered to have failed. The

 

 

range is 4-15 seconds. The default is 5 seconds.

 

 

Command mode: Global configuration

 

 

 

 

 

[no] tacacs-server telnet-backdoor

Enables or disables the TACACS+ back door for

 

 

telnet/SSH/HTTP/HTTPS. This command does not apply when

 

 

secure backdoor is enabled.

 

 

Command mode: Global configuration

 

 

 

 

 

[no] tacacs-server secure-backdoor

Enables or disables the TACACS+ back door using secure

 

 

password for telnet/SSH/HTTP/HTTPS. This command does

 

 

not apply when backdoor (telnet) is enabled.

 

 

Command mode: Global configuration

 

 

 

 

 

[no] tacacs-server privilege-mapping

Enables or disables TACACS+ privilege-level mapping.

 

 

The default value is disabled.

 

 

Command mode: Global configuration

 

 

 

 

 

tacacs-server user-mapping {<0-15>

Maps a TACACS+ authorization level to a switch user level.

 

useroperadmin}

Enter a TACACS+ privilege level (0-15), followed by the

 

 

corresponding HP 10GbE switch user level (user, oper,

 

 

admin).

 

 

Command mode: Global configuration

 

 

 

 

 

tacacs-server enable

Enables the TACACS+ server.

 

 

Command mode: Global configuration

 

 

 

 

 

no tacacs-server enable

Disables the TACACS+ server.

 

 

Command mode: Global configuration

 

 

 

 

 

show tacacs-server

Displays current TACACS+ configuration parameters.

 

 

Command mode: All

 

 

 

 

 

 

 

 

IMPORTANT: If TACACS+ is enabled, you must login using TACACS+ authentication when connecting via the console or Telnet/SSH/HTTP/HTTPS. Backdoor for console is always enabled, so you can connect using notacacs and the administrator password even if the backdoor or secure backdoor are disabled.

If Telnet backdoor is enabled, type in notacacs as a backdoor to bypass TACACS+ checking, and use the administrator password to log into the switch. The switch allows this even if TACACS+ servers are available.

If secure backdoor is enabled, type in notacacs as a backdoor to bypass TACACS+ checking,

108