5-21
TACACS+ Authentication
Configuring TACACS+ on the Switch
Figure 5-7. Example of the Running Configuration File Showing the Host-Specific Key for TACACS+
with the “~” Included
Adding, Removing, or Changing the Priority of a TACACS+ Server.
Suppose that the switch was already configured to use TACACS+ servers at
10.28.227.10 and 10.28.227.15. In this case, 10.28.227.15 was entered first, and
so is listed as the first-choice server:
Figure 5-8. Example of the Switch with Two TACACS+ Server Addresses Configured
To move the “first-choice” status from the “15” server to the “10” server, use
the no tacacs-server host <ip-addr> command to delete both servers, then use
tacacs-server host <ip-addr> to re-enter the “10” server first, then the “15” server.
The servers would then be listed with the new “first-choice” server, that is:
HP Switch(config)# show running-config
Running configuration:
; J8692A Configuration Editor; Created on release #K.14.00x
hostname "HP Switch 3500yl-24G"
module 1 type J86xxA
vlan 1
name "DEFAULT_VLAN"
untagged 1-24
ip address dhcp-bootp
exit
banner motd "good morning
tacacs-server host 10.10.10.2 key "hp~switch"
snmp-server community "public" unrestricted
Shows the key configured for a specific host.
HP Switch(config)# show tacacs
Status and Counters - TACACS Information
Timeout : 5
Encryption Key :
Server IP Addr Opens Closes Aborts Errors Pkts Rx Pkts Tx
--------------- ------ ------ ------ ------ ------- -------
10.28.227.15 0 0 0 0 0 0
10.28.227.10 0 0 0 0 0 0
First-Choice TACACS+ Server
To Next Page
Loading...
