Home » HP Manuals » Repeaters & Transceivers » HP GbE2c » Manual Viewer

HP GbE2c HP GbE2c Ethernet Blade Switch for c-Class BladeSystem Command Refere - Page 94

TACACS+ server configuration, secret2 &lt, telnet enable|disable

UPC - 808736802215

Add to My Manuals
Save this manual to your list of manuals

Page 94 highlights

The following table describes the RADIUS Server Configuration Menu options. Table 81 RADIUS Server Configuration Menu options Command Description prisrv secsrv secret secret2 port retries timeout telnet enable|disable secbd enable|disable on off cur Sets the primary RADIUS server address. Sets the secondary RADIUS server address. This is the shared secret between the switch and the RADIUS server(s). This is the secondary shared secret between the switch and the RADIUS server(s). Enter the number of the User Datagram Protocol (UDP) port to be configured, between 1500-3000. The default is 1645. Sets the number of failed authentication requests before switching to a different RADIUS server. The range is 1-3 requests The default is 3 requests. Sets the amount of time, in seconds, before a RADIUS server authentication attempt is considered to have failed. The range is 1-10 seconds. The default is 3 seconds. Enables or disables the RADIUS back door for telnet/SSH/ HTTP/HTTPS. This command does not apply when secure backdoor (secbd) is enabled. Enables or disables the RADIUS back door using secure password for telnet/SSH/ HTTP/HTTPS. This command does not apply when backdoor (telnet) is enabled. Enables the RADIUS server. Disables the RADIUS server. This is the default. Displays the current RADIUS server parameters. IMPORTANT: If RADIUS is enabled, you must login using RADIUS authentication when connecting via the console or Telnet/SSH/HTTP/HTTPS. Backdoor for console is always enabled, so you can connect using noradius and the administrator password even if the backdoor (telnet) or secure backdoor (secbd) are disabled. If Telnet backdoor is enabled (telnet ena), type in noradius as a backdoor to bypass RADIUS checking, and use the administrator password to log into the switch. The switch allows this even if RADIUS servers are available. If secure backdoor is enabled (secbd ena), type in noradius as a backdoor to bypass RADIUS checking, and use the administrator password to log into the switch. The switch allows this only if RADIUS servers are not available. TACACS+ server configuration Command: /cfg/sys/tacacs+ [TACACS+ Server Menu] prisrv - Set IP address of primary TACACS+ server secsrv - Set IP address of secondary TACACS+ server secret - Set secret for primary TACACS+ server secret2 - Set secret for secondary TACACS+ server port - Set TACACS+ port number retries - Set number of TACACS+ server retries timeout - Set timeout value of TACACS+ server retries telnet - Enable/disable TACACS+ back door for telnet/ssh/http/https secbd - Enable/disable TACACS+ secure backdoor for telnet/ssh/http/https cmap - Enable/disable TACACS+ new privilege level mapping usermap - Set user privilege mappings on - Enable TACACS+ authentication off - Disable TACACS+ authentication cur - Display current TACACS+ settings Configuration Menu 94

Section	Page
HP GbE2c Ethernet Blade Switch for c-Class BladeSystem Command Reference Guide	1
Notice	2
Contents	3
Command line interface	9
Introduction	9
Additional references	9
Connecting to the switch	9
Establishing a console connection	9
Setting an IP address	10
Establishing a Telnet connection	10
Establishing an SSH connection	10
Accessing the switch	11
Idle timeout	12
Typographical conventions	13
Menu basics	14
Introduction	14
Main Menu	14
Menu summary	14
Global commands	15
Command line history and editing	16
Command line interface shortcuts	17
Command stacking	17
Command abbreviation	17
Tab completion	17
First-time configuration	18
Introduction	18
Configuring Simple Network Management Protocol support	18
Setting passwords	19
Changing the default administrator password	19
Changing the default user password	20
Changing the default operator password	21
Information Menu	22
Introduction	22
Menu overview	22
System Information Menu	23
SNMPv3 Information Menu	23
SNMPv3 USM User Table information	24
SNMPv3 View Table information	25
SNMPv3 Access Table information	25
SNMPv3 Group Table information	26
SNMPv3 Community Table information	26
SNMPv3 Target Address Table information	27
SNMPv3 Target Parameters Table information	27
SNMPv3 Notify Table information	28
SNMPv3 dump	29
System information	30
Show last 100 syslog messages	31
System user information	31
Layer 2 information	32
FDB information menu	33
Show all FDB information	34
Clearing entries from the forwarding database	34
Link Aggregation Control Protocol information	34
LACP dump	35
802.1x information	36
Spanning Tree information	37
Rapid Spanning Tree and Multiple Spanning Tree information	39
Common Internal Spanning Tree information	41
Trunk group information	42
VLAN information	43
Layer 2 general information	43
Layer 3 information	43
Route information	44
Show all IP Route information	45
ARP information	46
Show all ARP entry information	46
ARP address list information	46
OSPF information	47
OSPF general information	48
OSPF interface information	48
OSPF Database information menu	48
OSPF route codes information	50
Routing Information Protocol information	50
RIP Routes information	50
RIP user configuration	51
IP information	51
IGMP multicast group information	51
IGMP multicast router port information	52
VRRP information	52
QoS information	53
802.1p information	53
ACL information	54
RMON Information Menu	54
RMON history information	55
RMON alarm information	56
RMON event information	56
Link status information	57
Port information	58
Logical Port to GEA Port mapping	59
Uplink Failure Detection information	59
Information dump	60
Statistics Menu	61
Introduction	61
Menu information	61
Port Statistics Menu	62
802.1x statistics	63
Bridging statistics	64
Ethernet statistics	65
Interface statistics	67
Internet Protocol (IP) statistics	68
Link statistics	68
Port RMON statistics	69
Layer 2 statistics	70
FDB statistics	70
LACP statistics	71
Layer 3 statistics	71
GEA Layer 3 statistics menu	72
GEA Layer 3 statistics	72
IP statistics	72
Route statistics	73
ARP statistics	73
DNS statistics	74
ICMP statistics	74
TCP statistics	75
UDP statistics	76
IGMP Multicast Group statistics	77
OSPF statistics menu	77
OSPF global statistics	78
VRRP statistics	80
RIP statistics	81
Management Processor statistics	81
Packet statistics	81
TCP statistics	82
UDP statistics	83
CPU statistics	83
Access Control List (ACL) statistics menu	83
ACL statistics	83
SNMP statistics	84
NTP statistics	86
Uplink Failure Detection statistics	87
Statistics dump	87
Configuration Menu	88
Introduction	88
Menu information	88
Viewing, applying, reverting, and saving changes	89
Viewing pending changes	89
Applying pending changes	89
Reverting changes	89
Saving the configuration	89
Reminders	90
System configuration	90
System host log configuration	91
Secure Shell Server configuration	92
RADIUS server configuration	93
TACACS+ server configuration	94
NTP server configuration	96
System SNMP configuration	96
SNMPv3 configuration	97
User Security Model configuration	98
SNMPv3 View configuration	99
View-based Access Control Model configuration	100
SNMPv3 Group configuration	100
SNMPv3 Community Table configuration	101
SNMPv3 Target Address Table configuration	102
SNMPv3 Target Parameters Table configuration	102
SNMPv3 Notify Table configuration	103
System Access configuration	104
Management Networks configuration	104
User Access Control configuration	105
User ID configuration	105
HTTPS Access configuration	106
Port configuration	106
Temporarily disabling a port	108
Port link configuration	108
Port ACL/QoS configuration	109
Layer 2 configuration	109
802.1x configuration	109
802.1x Global configuration	110
802.1x Port configuration	111
Rapid Spanning Tree Protocol / Multiple Spanning Tree Protocol configuration	112
Common Internal Spanning Tree configuration	113
CIST bridge configuration	114
CIST port configuration	114
Spanning Tree configuration	115
Bridge Spanning Tree configuration	116
Spanning Tree port configuration	117
Forwarding Database configuration	118
Static FDB configuration	118
Trunk configuration	119
IP Trunk Hash configuration	120
Layer 2 IP Trunk Hash configuration	120
Link Aggregation Control Protocol configuration	120
LACP Port configuration	121
VLAN configuration	121
Layer 3 configuration	122
IP interface configuration	123
Default Gateway configuration	124
IP Static Route configuration	124
Address Resolution Protocol configuration	125
IP Forwarding configuration	125
Network Filter configuration	125
Route Map configuration	126
IP Access List configuration	127
Autonomous System Path configuration	127
Routing Information Protocol configuration	128
RIP Interface configuration	129
RIP Route Redistribution configuration	130
Open Shortest Path First configuration	130
OSFP Area Index configuration	131
OSPF Summary Range configuration	132
OSPF Interface configuration	133
OSPF Virtual Link configuration	134
OSPF Host Entry configuration	135
OSPF Route Redistribution configuration	135
OSPF MD5 Key configuration	136
IGMP configuration	136
IGMP snooping configuration	137
IGMP static multicast router configuration	138
IGMP filtering configuration	138
IGMP filter definition	139
IGMP filtering port configuration	139
Domain Name System configuration	140
Bootstrap Protocol Relay configuration	140
Virtual Router Redundancy Protocol configuration	141
VRRP Virtual Router configuration	141
VRRP Virtual Router Priority Tracking configuration	143
VRRP Virtual Router Group configuration	143
VRRP Virtual Router Group Priority Tracking configuration	144
VRRP Interface configuration	145
VRRP Tracking configuration	145
Quality of Service configuration	146
QoS 802.1p configuration	146
Access Control configuration	146
Access Control List configuration	147
ACL Ethernet Filter configuration	148
ACL IP Version 4 Filter configuration	148
ACL TCP/UDP Filter configuration	149
ACL Meter configuration	150
ACL Re-mark configuration	150
ACL Re-mark In-Profile configuration	151
ACL Re-mark In-Profile Update User Priority configuration	151
ACL Re-mark Out-of-Profile configuration	151
ACL Packet Format configuration	152
ACL Group configuration	152
Remote Monitoring configuration	152
RMON history configuration	153
RMON event configuration	154
RMON alarm configuration	154
Port mirroring	155
Port-based port mirroring	156
Uplink Failure Detection configuration	156
Failure Detection Pair configuration	157
Link to Monitor configuration	157
Link to Disable configuration	158
Dump	158
Saving the active switch configuration	158
Restoring the active switch configuration	159
Operations Menu	160
Introduction	160
Menu information	160
Operations-level port options	160
Operations-level port 802.1x options	161
Operations-level VRRP options	161
Boot Options Menu	162
Introduction	162
Menu information	162
Updating the switch software image	162
Downloading new software to the switch	162
Selecting a software image to run	163
Uploading a software image from the switch	164
Selecting a configuration block	164
Resetting the switch	165
Accessing the ISCLI	165
Maintenance Menu	166
Introduction	166
Menu information	166
System maintenance options	167
Forwarding Database options	167
Debugging options	168
ARP cache options	168
IP Route Manipulation options	169
IGMP Multicast Group options	169
IGMP Snooping options	170
IGMP Mrouter options	170
Uuencode flash dump	171
FTP/TFTP system dump put	171
Clearing dump information	171
Panic command	172
Unscheduled system dumps	172

Match case Limit results 1 per page

Configuration Menu 94

The following table describes the RADIUS Server Configuration Menu options.

Table 81

RADIUS Server Configuration Menu options

Command

Description

prisrv <

IP address

Sets the primary RADIUS server address.

secsrv <

IP address

Sets the secondary RADIUS server address.

secret <

1-32 characters

This is the shared secret between the switch and the RADIUS server(s).

secret2 <

1-32 characters

This is the secondary shared secret between the switch and the RADIUS

server(s).

port <

UDP port number

Enter the number of the User Datagram Protocol (UDP) port to be

configured, between 1500-3000. The default is 1645.

retries <

1-3

Sets the number of failed authentication requests before switching to a

different RADIUS server. The range is 1-3 requests The default is 3

requests.

timeout <

1-10

Sets the amount of time, in seconds, before a RADIUS server

authentication attempt is considered to have failed. The range is 1-10

seconds. The default is 3 seconds.

telnet enable|disable

Enables or disables the RADIUS back door for telnet/SSH/ HTTP/HTTPS.

This command does not apply when secure backdoor (

secbd

) is

enabled.

secbd enable|disable

Enables or disables the RADIUS back door using secure password for

telnet/SSH/ HTTP/HTTPS. This command does not apply when backdoor

(

telnet

) is enabled.

Enables the RADIUS server.

off

Disables the RADIUS server. This is the default.

cur

Displays the current RADIUS server parameters.

IMPORTANT:

If RADIUS is enabled, you must login using RADIUS authentication when connecting via the

console or Telnet/SSH/HTTP/HTTPS. Backdoor for console is always enabled, so you can connect using

noradius and the administrator password even if the backdoor (

telnet

) or secure backdoor (

secbd

) are

disabled.

If Telnet backdoor is enabled (

telnet ena

), type in

noradius

as a backdoor to bypass RADIUS checking,

and use the administrator password to log into the switch. The switch allows this even if RADIUS servers are

available.

If secure backdoor is enabled (

secbd ena

), type in

noradius

as a backdoor to bypass RADIUS checking,

and use the administrator password to log into the switch. The switch allows this only if RADIUS servers are not

available.

TACACS+ server configuration

Command:

/cfg/sys/tacacs+

[TACACS+ Server Menu]

prisrv

- Set IP address of primary TACACS+ server

secsrv

- Set IP address of secondary TACACS+ server

secret

- Set secret for primary TACACS+ server

secret2 - Set secret for secondary TACACS+ server

port

- Set TACACS+ port number

retries - Set number of TACACS+ server retries

timeout - Set timeout value of TACACS+ server retries

telnet

- Enable/disable TACACS+ back door for telnet/ssh/http/https

secbd

- Enable/disable TACACS+ secure backdoor for telnet/ssh/http/https

cmap

- Enable/disable TACACS+ new privilege level mapping

usermap - Set user privilege mappings

- Enable TACACS+ authentication

off

- Disable TACACS+ authentication

cur

- Display current TACACS+ settings