HPE Networking
Showing results for 
Search instead for 
Do you mean 

TACACS+ authorization on HP switch

Go to Solution

TACACS+ authorization on HP switch

Hi guys!


I'm trying to reinforce access security on my HP E6600 switch by configuring aaa with a tac_plus server.

I was succesfull testing authentication, but I can't figure out how to setup commands authorizations,  for example tac_plus config :


user = username {
        default service = deny
         service = exec {
                priv-lvl = 0
        cmd = show { deny .* }


doesn't has any effect on the switch, and the user can still execute all commands of level 0.


Is authorization feature (with tacacs+) supported on this switch, and how to configure it if yes?


Thank you,


PS : the firmware version is K.15.07.0008

Honored Contributor

Re: TACACS+ authorization on HP switch



AFAIK, provision only supports tacacs authentication, not authorization. Command authorization can be achieved through a RADIUS server with some VSAs listing the allowed/disallowed commands.



Best regards,Peter


Re: TACACS+ authorization on HP switch

Thank you for answering. That was helpful

Occasional Advisor

Re: TACACS+ authorization on HP switch

According to HP manuals for Procurve switches You should be able to set Privilige Level to either 1 or 15 giving you operator or manager rights. This is made by the command:


aaa authentication login privilege-mode


But the switch (e.g 3500 or 6600 switch) doesn´t acknowledge the setting "priv-lvl=1" setting on TACACS+ or TACACS.net server. I am guessing the attribute name is different on Procurve but I am not able to find it.


Anybody who knows more on this?


Best Regards // Kristian Modess