Hewlett-Packard 445942-001 Manual

A SERVICE OF

next previous

Configuration Commands

108

Table 80 TACACS+ Server Configuration commands

Command Description

tacacs-server port <TCP port number>

Enter the number of the TCP port to be configured, between 1

and 65000. The default is 49.

Command mode: Global configuration

tacacs-server retransmit <1-3>

Sets the number of failed authentication requests before

switching to a different TACACS+ server. The range is 1-3

requests. The default is 3 requests.

Command mode: Global configuration

tacacs-server timeout <4-15>

Sets the amount of time, in seconds, before a TACACS+

server authentication attempt is considered to have failed. The

range is 4-15 seconds. The default is 5 seconds.

Command mode: Global configuration

[no] tacacs-server telnet-backdoor

Enables or disables the TACACS+ back door for

telnet/SSH/HTTP/HTTPS. This command does not apply when

secure backdoor is enabled.

Command mode: Global configuration

[no] tacacs-server secure-backdoor

Enables or disables the TACACS+ back door using secure

password for telnet/SSH/HTTP/HTTPS. This command does

not apply when backdoor (telnet) is enabled.

Command mode: Global configuration

[no] tacacs-server privilege-mapping

Enables or disables TACACS+ privilege-level mapping.

The default value is disabled.

Command mode: Global configuration

tacacs-server user-mapping {<0-15>

user|oper|admin}

Maps a TACACS+ authorization level to a switch user level.

Enter a TACACS+ privilege level (0-15), followed by the

corresponding HP 10GbE switch user level (user, oper,

admin).

Command mode: Global configuration

tacacs-server enable

Enables the TACACS+ server.

Command mode: Global configuration

no tacacs-server enable

Disables the TACACS+ server.

Command mode: Global configuration

show tacacs-server

Displays current TACACS+ configuration parameters.

Command mode: All

IMPORTANT: If TACACS+ is enabled, you must login using TACACS+ authentication when

connecting via the console or Telnet/SSH/HTTP/HTTPS. Backdoor for console is always enabled,

so you can connect using notacacs and the administrator password even if the backdoor or

secure backdoor are disabled.

If Telnet backdoor is enabled, type in notacacs as a backdoor to bypass TACACS+ checking,

and use the administrator password to log into the switch. The switch allows this even if TACACS+

servers are available.

If secure backdoor is enabled, type in notacacs as a backdoor to bypass TACACS+ checking,