HP 2600 Series User Manual

4-16

TACACS+ Authentication
Configuring TACACS+ on the Switch

N o t e o n
E n c r y p t i o n K e y s

Encryption keys configured in the switch must exactly match the encryption

keys configured in TACACS+ servers the switch will attempt to use for

authentication.

If you configure a global encryption key, the switch uses it only with servers
for which you have not also configured a server-specific key. Thus, a global

key is more useful where the TACACS+ servers you are using all have an

identical key, and server-specific keys are necessary where different
TACACS+ servers have different keys.

If TACACS+ server “X” does not have an encryption key assigned for the

switch, then configuring either a global encryption key or a server-specific key

in the switch for server “X” will block authentication support from server “X”.

Syntax: tacacs-server host < ip-addr >

[key < key-string >]

Adds a TACACS+ server and optionally assigns

a server-specific

encryption key

.

[no] tacacs-server host < ip-addr >

Removes a TACACS+ server assignment (including its server-

specific encryption key, if any)

.

tacacs-server key <key-string>

Enters the optional global encryption key.

[no] tacacs-server key

Removes the optional global encryption key. (Does not affect any
server-specific encryption key assignments.)

tacacs-server timeout < 1-255 >

Changes the wait period for a TACACS server response. (Default:
5 seconds.)