Configuring an encryption key – HP 4100GL User Manual
Page 47
TACACS+ Authentication
Configuring TACACS+ on the Switch
The "10" server is now the "first-choice" TACACS+ authentication device.
Figure 2-5.
Example of the Switch After Assigning a Different "First-Choice" Server
To remove the 10.28.227.15 device as a TACACS+ server, you would use this
command:
HPswitch(config)# no tacacs-server host 10.28.227.15
Configuring an Encryption Key.
Use an encryption key in the switch if the
switch will be requesting authentication from a TACACS+ server that also uses
an encryption key. (If the server expects a key, but the switch either does not
provide one, or provides an incorrect key, then the authentication attempt will
fail.) Use a global encryption key if the same key applies to all TACACS+
servers the switch may use for authentication attempts. Use a per-server
encryption key
if different servers the switch may use will have different keys.
(For more details on encryption keys, see
“Using the Encryption Key” on page
To configure
north01
as a global encryption key:
HPswitch(config) tacacs-server key north01
To configure
north01
as a per-server encryption key:
HPswitch(config)tacacs-server host 10.28.227.63 key
north01
An encryption key can contain up to 100 characters, without spaces, and is
likely to be case-sensitive in most TACACS+ server applications.
To delete a global encryption key from the switch, use this command:
HPswitch(config)# no tacacs-server key
2-19