Configuring an encryption key – HP 2800 User Manual

TACACS+ Authentication

Configuring TACACS+ on the Switch

The “10” server is now the “first-choice” TACACS+ authentication device.

Figure 4-5.

Example of the Switch After Assigning a Different “First-Choice” Server

To remove the 10.28.227.15 device as a TACACS+ server, you would use this
command:

HPswitch

(config)# no tacacs-server host 10.28.227.15

Configuring an Encryption Key.

Use an encryption key in the switch if the

switch will be requesting authentication from a TACACS+ server that also uses
an encryption key. (If the server expects a key, but the switch either does not
provide one, or provides an incorrect key, then the authentication attempt will
fail.) Use a global encryption key if the same key applies to all TACACS+
servers the switch may use for authentication attempts. Use a per-server
encryption key

if different servers the switch may use will have different keys.

(For more details on encryption keys, see “Using the Encryption Key” on page
4-23.)

To configure

north01

as a global encryption key:

HPswitch

(config) tacacs-server key north01

To configure

north01

as a per-server encryption key:

HPswitch

(config)# tacacs-server host 10.28.227.63 key

north01

An encryption key can contain up to 100 characters, without spaces, and is
likely to be case-sensitive in most TACACS+ server applications.

To delete a global encryption key from the switch, use this command:

HPswitch

(config)# no tacacs-server key

4-19