Email Subscription Notifications Suspended Temporarily
We are in the process of making navigation in the Servers and Operating Systems forums simpler and more direct. While doing this, we have to temporarily suspend email notifications for subscriptions. If you are subscribed to one or more discussion boards or blogs in the community, please check them daily to see new content. Notifications will be turned back on in a few days. We apologize for any inconvenience this may cause. Thanks, Warren_Admin
Security e-Series
Showing results for 
Search instead for 
Did you mean: 

TACACS+ authorization on HP switch

Go to solution

TACACS+ authorization on HP switch

Hi guys!


I'm trying to reinforce access security on my HP E6600 switch by configuring aaa with a tac_plus server.

I was succesfull testing authentication, but I can't figure out how to setup commands authorizations,  for example tac_plus config :


user = username {
        default service = deny
         service = exec {
                priv-lvl = 0
        cmd = show { deny .* }


doesn't has any effect on the switch, and the user can still execute all commands of level 0.


Is authorization feature (with tacacs+) supported on this switch, and how to configure it if yes?


Thank you,


PS : the firmware version is K.15.07.0008

Honored Contributor

Re: TACACS+ authorization on HP switch



AFAIK, provision only supports tacacs authentication, not authorization. Command authorization can be achieved through a RADIUS server with some VSAs listing the allowed/disallowed commands.



Best regards,Peter


Re: TACACS+ authorization on HP switch

Thank you for answering. That was helpful

Occasional Advisor

Re: TACACS+ authorization on HP switch

According to HP manuals for Procurve switches You should be able to set Privilige Level to either 1 or 15 giving you operator or manager rights. This is made by the command:


aaa authentication login privilege-mode


But the switch (e.g 3500 or 6600 switch) doesn´t acknowledge the setting "priv-lvl=1" setting on TACACS+ or server. I am guessing the attribute name is different on Procurve but I am not able to find it.


Anybody who knows more on this?


Best Regards // Kristian Modess