Home » HP Manuals » Repeaters & Transceivers » HP GbE2c » Manual Viewer

HP GbE2c HP GbE2c Ethernet Blade Switch for c-Class BladeSystem Browser-based - Page 122

Switch TACACS+ Configuration controls, Table 95, IMPORTANT

UPC - 808736802215

Add to My Manuals
Save this manual to your list of manuals

Page 122 highlights

The following table describes Switch TACACS+ Configuration controls: Table 95 Switch TACACS+ Configuration controls Control Description Primary Tacacs+ IP Address Secondary Tacacs+ IP Address Tacacs+ port (1-65000) Tacacs+ timeout (4-15) Tacacs+ retries (1-3) Enable/Disable Tacacs+ Server Enable/Disable Tacacs+ Backdoor for telnet Enable/Disable Tacacs+ new privilege level mapping Tacacs+ Secret Secondary Tacacs+ Server Secret Tacacs+ User Mappings Configuration Configures the primary TACACS+ server address. Configures the secondary TACACS+ server address. Configures the number of the TCP port to be configured, between 1 and 65000. The default is 49. Configures the amount of time, in seconds, before a TACACS+ server authentication attempt is considered to have failed. The default timeout is 5 seconds. Configures the number of failed authentication requests before switching to a different TACACS+ server. The default retry count is 3 requests. Enables or disables the Tacacs+ server. Enables or disables the Tacacs+ backdoor for telnet. Telnet also applies to SSH/SCP connections. Enables or disables TACACS+ privilege-level mapping. The default value is disabled. Configures the shared secret (up to 32 characters) between the switch and the TACACS+ server. Configures the secondary shared secret (up to 32 characters) between the switch and the TACACS+ server. Maps a TACACS+ privilege level to a GbE2c user level, as follows: Remote Privilege Enter a TACACS+ privilege level (0-15) Local Privilege Select the corresponding GbE2c user level. IMPORTANT: If TACACS+ is enabled, you must login using TACACS+ authentication when connecting via the console or Telnet/SSH/HTTP/HTTPS. Backdoor for console is always enabled, so you can connect using notacacs and the administrator password even if the backdoor (telnet) or secure backdoor (secbd) are disabled. If Telnet backdoor is enabled (telnet ena), type in notacacs as a backdoor to bypass TACACS+ checking, and use the administrator password to log into the switch. The switch allows this even if TACACS+ servers are available. If secure backdoor is enabled (secbd ena), type in notacacs as a backdoor to bypass TACACS+ checking, and use the administrator password to log into the switch. The switch allows this only if TACACS+ servers are not available. Configuring the switch 122

Section	Page
HP GbE2c Ethernet Blade Switch for c-Class BladeSystem Browser-based Interface Reference Guide	1
Notice	2
Contents	3
Getting started	8
Introduction	8
Additional references	8
Features	8
Requirements	8
Switch setup	8
Configuring IP interfaces	8
Enabling or disabling BBI access	9
Web browser setup	9
Starting the BBI	9
Browser-based interface basics	12
Introduction	12
Toolbar	12
Context buttons	12
Commands	13
Navigation window	13
Forms window	14
Dashboard	15
Introduction	15
Steps for displaying dashboards	15
Switch Dashboard	18
User Access Dashboard	19
RADIUS Dashboard	20
TACACS+ Dashboard	21
Switch Image and Configuration Management Dashboard	22
Management Network Definition Dashboard	23
Switch Ports Dashboard	24
802.1x System Information	25
Switch Ports 802.1x Dashboard	26
Port 802.1x Dashboard Operations	27
Forwarding Database Information	29
VLANs Dashboard	30
Switch Spanning Tree Groups Information	31
Switch Spanning Tree Group Information	32
Switch Spanning Tree Port Information	33
Switch Trunk Groups Dashboard	34
Trunk Hash Dashboard	35
LACP Dashboard	35
LACP Port Dashboard	36
Uplink Fast General Information	37
RMON History Group Information	37
RMON Alarm Group Information	38
RMON Event Group Information	40
IP Interfaces Dashboard	41
Route Table Information	42
ARP Cache Information	44
Default Gateways Dashboard	45
IGMP Snooping Dashboard	46
IGMP Multicast Groups	46
IGMP Multicast Routers	47
IGMP Static Multicast Router Configuration	47
OSPF General Dashboard	48
OSPF Areas Dashboard	48
OSPF Summary Ranges Dashboard	49
OSPF IP Interfaces Dashboard	50
OSPF Virtual Links Dashboard	51
RIP General Information	51
RIP Interfaces Dashboard	52
Virtual Router Group Operation	53
Virtual Routers Dashboard	54
Virtual Router Operation	55
Domain Name System Dashboard	55
Bootstrap Protocol Relay Dashboard	56
IP Routing Dashboard	56
802.1p Priority to CoS Dashboard	57
802.1p CoS Weight Dashboard	57
ACL Dashboard	58
Access Control List Dashboard	58
ACL Groups Dashboard Table	59
Access Control List Group Dashboard	59
Uplink Failure Detection Dashboard	60
Viewing statistics	61
Introduction	61
Steps for displaying statistics	61
Management Processor Statistics	63
TCP/IP Statistics (IF and IP Statistics)	64
TCP/IP Statistics (ICMP and TCP Statistics)	66
UDP/SNMP Statistics	68
CPU Utilization	71
FDB Statistics	71
Network Time Protocol Statistics	72
Switch Ports Statistics Summary	73
Port Statistics	74
Bridging (“dot1”) Statistics	75
Interface (“if”) Statistics - Input	75
Interface (“if”) Statistics - Output	76
Ethernet (“dot3”) Statistics	76
GEA IP Statistics	78
Switch Ports 802.1x Statistics	78
Port 802.1x Statistics	79
FDB Statistics	81
LACP Statistics	81
IP Statistics	82
IP Routing Management Statistics (part one)	83
IP Routing Management Statistics (part 2)	85
IP Routing Management Statistics (part 3)	87
ARP Statistics	89
IGMP VLAN Snooping Statistics Summary	90
VLAN - IGMP Snooping Statistics	91
OSPF General Statistics	92
OSPF Areas Statistics	94
OSPF Area Statistics	95
OSPF IP Interfaces Statistics	98
OSPF IP Interface Statistics	99
RIP Statistics	102
Virtual Router Redundancy Protocol Statistics	102
Domain Name System Statistics	103
IP Routing Management Statistics (part one)	104
IP Routing Management Statistics (part two)	106
Access Control Lists Statistics	109
ACL Statistics	110
Uplink Failure Detection Statistics	110
Configuring the switch	111
Introduction	111
Configuration steps	111
Input error checking	113
Switch Management Processor Configuration	114
Basic system configuration	114
SNMP controls	116
Switch Management Processor Configuration buttons	117
User Configuration Table	118
User Access Control Configuration	118
Switch RADIUS Configuration	119
Switch TACACS+ Configuration	121
NTP Configuration	123
Syslog and Trap Feature Configuration	124
Switch Image and Configuration Management	126
Downloading new software to your switch	127
Configuration	127
Switch Image and Configuration Management controls	127
Switch Image and Configuration Management buttons	128
Management Network Definition Configuration	129
Switch Ports Configuration	130
Switch Port Configuration	131
Switch Port ACL Configuration	133
Port-Based Port Mirroring Configuration	134
Monitoring Port Configuration	135
Port Mirroring Configuration for Port	135
802.1x General Configuration	136
802.1x Switch Ports Configuration	136
802.1x Port Configuration	137
FDB Configuration	138
Static FDB Configuration (part one)	138
Static FDB Configuration (part two)	139
VLANs Configuration	139
VLAN Configuration	140
Switch Spanning Tree Groups Configuration	141
Switch Spanning Tree Group Configuration	142
Switch Spanning Tree Group Port Configuration	144
MSTP/RSTP General Configuration	145
Common Internal Spanning Tree Bridge Configuration	146
Ports Common Internal Spanning Tree Configuration	147
Common Internal Spanning Tree Port Configuration	148
Trunk Groups Configuration	149
Switch Trunk Group Configuration	149
Trunk Hash Configuration	150
LACP Configuration	151
LACP Port Configuration	152
Uplink Fast General Configuration	152
RMON History Configuration Table	153
RMON History Configuration	154
RMON Alarm Configuration Table	155
RMON Alarm Configuration	156
RMON Event Configuration Table	157
RMON Event Configuration	158
IP Interfaces Configuration	159
IP Interface Configuration	160
IP Static Routes Configuration	161
IP Static Route Configuration	162
Static ARP Configuration	162
IP Static ARP Configuration	163
Network Filters Configuration	164
Network Filter Configuration	165
Route Maps Configuration	166
Route Map Configuration	167
Route Map Access List Configuration	168
Route Map Access Path Configuration	169
Default Gateways Configuration	170
Default Gateway Configuration	171
IGMP Snooping Configuration	172
IGMP Filters Configuration	173
IGMP Filter Configuration	174
IGMP Filtering Port Configuration	174
IGMP Filtering - Port Configuration	175
IGMP Static Multicast Router Configuration	175
Static Multicast Router Configuration for Port	176
OSPF General Configuration	177
OSPF MD5 Key Configuration	178
OSPF Areas Configuration	178
OSPF Area Configuration	179
OSPF Summary Ranges Configuration	180
OSPF Summary Range Configuration	180
OSPF Interfaces Configuration	181
OSPF Interface Configuration	182
OSPF Virtual Links Configuration	183
OSPF Virtual Link Configuration	183
OSPF Hosts Configuration	184
OSPF Host Configuration	185
OSPF Route Redistribution Configuration	186
RIP Interfaces Configuration	187
RIP Interface Configuration	188
RIP Route Redistribution Configuration	189
RIP General Configuration	190
Virtual Routers Configuration	190
Virtual Router Configuration	191
VRRP Interfaces Configuration	193
VRRP Interface Configuration	194
VRRP General Configuration	195
Domain Name System Configuration	196
Bootstrap Protocol Relay Configuration	197
IP Routing General Configuration	197
QoS Priority CoS Configuration	198
QoS Priority CoS Queue Configuration	198
QoS CoS Weight Configuration	199
QoS CoS Queue Configuration	199
ACL Configuration	200
Access Control List Configuration	202
ACL Metering Configuration	204
ACL Re-Mark Configuration	205
ACL Groups Configuration	206
Access Control Group Configuration	206
Uplink Failure Detection Configuration	207

Match case Limit results 1 per page

Configuring the switch 122

The following table describes Switch TACACS+ Configuration controls:

Table 95

Switch TACACS+ Configuration controls

Control

Description

Primary Tacacs+ IP Address

Configures the primary TACACS+ server address.

Secondary Tacacs+ IP Address

Configures the secondary TACACS+ server address.

Tacacs+ port (1-65000)

Configures the number of the TCP port to be configured, between 1 and

65000. The default is 49.

Tacacs+ timeout (4-15)

Configures the amount of time, in seconds, before a TACACS+ server

authentication attempt is considered to have failed. The default timeout is

5 seconds.

Tacacs+ retries (1-3)

Configures the number of failed authentication requests before switching

to a different TACACS+ server. The default retry count is 3 requests.

Enable/Disable Tacacs+ Server

Enables or disables the Tacacs+ server.

Enable/Disable Tacacs+ Backdoor for telnet

Enables or disables the Tacacs+ backdoor for telnet. Telnet also applies

to SSH/SCP connections.

Enable/Disable Tacacs+ new privilege level

mapping

Enables or disables TACACS+ privilege-level mapping.

The default value is

disabled

Tacacs+ Secret

Configures the shared secret (up to 32 characters) between the switch

and the TACACS+ server.

Secondary Tacacs+ Server Secret

Configures the secondary shared secret (up to 32 characters) between the

switch and the TACACS+ server.

Tacacs+ User Mappings Configuration

Maps a TACACS+ privilege level to a GbE2c user level, as follows:

Remote Privilege

Enter a TACACS+ privilege level (0-15)

Local Privilege

Select the corresponding GbE2c user level.

IMPORTANT:

If TACACS+ is enabled, you must login using TACACS+ authentication when connecting via the

console or Telnet/SSH/HTTP/HTTPS. Backdoor for console is always enabled, so you can connect using

notacacs

and the administrator password even if the backdoor (

telnet

) or secure backdoor (

secbd

) are

disabled.

If Telnet backdoor is enabled (

telnet ena

), type in

notacacs

as a backdoor to bypass TACACS+

checking, and use the administrator password to log into the switch. The switch allows this even if TACACS+

servers are available.

If secure backdoor is enabled (

secbd ena

), type in

notacacs

as a backdoor to bypass TACACS+

checking, and use the administrator password to log into the switch. The switch allows this only if TACACS+

servers are

not available.