HP procurve 5300xl Series Access Security Manual

Also see for ProCurve 5300xl: Specification sheet Supplementary guide Management and configuration guide Management guide Access security guide

TACACS+ AuthenticationMessages Related to TACACS+ OperationMessages Related to TACACS+OperationThe switch generates the CLI messages listed below. However, you may seeother messages generated in your TACACS+ server application. For information on such messages, refer to the documentation you received with theapplication.CLI Message MeaningConnecting to Tacacs server The switch is attempting to contact the TACACS+ server identified in the switch’s tacacs-server configuration as the first-choice (or only) TACACS+ server.Connecting to secondary The switch was not able to contact the first-choice TACACS+ server, and is nowTacacs server attempting to contact the next (secondary) TACACS+ server identified in the switch’stacacs-server configuration.Invalid password The system does not recognize the username or the password or both. Depending on theauthentication method (tacacs or local), either the TACACS+ server application did notrecognize the username/password pair or the username/password pair did not match theusername/password pair configured in the switch.No Tacacs serversrespondingThe switch has not been able to contact any designated TACACS+ servers. If this messageis followed by the Username prompt, the switch is attempting local authentication.Not legal combination ofauthentication methodsFor console access, if you select tacacs as the primary authentication method, you mustselect local as the secondary authentication method. This prevents you from being lockedout of the switch if all designated TACACS+ servers are inaccessible to the switch.Record already exists When resulting from a tacacs-server host <ip addr> command, indicates an attempt toenter a duplicate TACACS+ server IP address.Operating Notes■ If you configure Authorized IP Managers on the switch, it is notnecessary to include any devices used as TACACS+ servers in theauthorized manager list. That is, authentication traffic between aTACACS+ server and the switch is not subject to Authorized IPManager controls configured on the switch. Also, the switch does notattempt TACACS+ authentication for a management station that theAuthorized IP Manager list excludes because, independent ofTACACS+, the switch already denies access to such stations.4-25