HP 6120XG HP ProCurve Series 6120 Blade Switches Access Security Guide - Page 156
Note on, Encryption Keys, ip-addr, key-string
View all HP 6120XG manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 156 highlights
TACACS+ Authentication Configuring TACACS+ on the Switch Syntax: tacacs-server host < ip-addr > [oobm] [key < key-string >] Adds a TACACS+ server and optionally assigns a server-specific encryption key. The oobm parameter specifies that the operation will go out from the out-of-band management interface. If this parameter is not specified, the operation goes out from the data interface. Refer to Appendix G, "Network Out-of-Band Management" in the Management and Configuration Guide for more information on out-of-band management. [no] tacacs-server host < ip-addr > Removes a TACACS+ server assignment (including its serverspecific encryption key, if any). tacacs-server key Enters the optional global encryption key. [no] tacacs-server key Removes the optional global encryption key. (Does not affect any server-specific encryption key assignments.) tacacs-server timeout < 1-255 > Changes the wait period for a TACACS server response. (Default: 5 seconds.) Note on Encryption keys configured in the switch must exactly match the encryption E n c r y p t i o n K e y s keys configured in TACACS+ servers the switch will attempt to use for authentication. If you configure a global encryption key, the switch uses it only with servers for which you have not also configured a server-specific key. Thus, a global key is more useful where the TACACS+ servers you are using all have an identical key, and server-specific keys are necessary where different TACACS+ servers have different keys. If TACACS+ server "X" does not have an encryption key assigned for the switch, then configuring either a global encryption key or a server-specific key in the switch for server "X" will block authentication support from server "X". Name Default host [key [oobm] none Range n/a 4-19