HPE Community
Switches, Hubs, and Modems
1753552 Members
4781 Online
108795 Solutions
New Discussion

PCM3 issue with TACACS configuration template

 
PDnet
Advisor

‎03-22-2010 07:46 PM

‎03-22-2010 07:46 PM

PCM3 issue with TACACS configuration template

I have an eval copy of PCM+ 3 running now. I am trying to grab a config from a switch to use as a template for a number of other devices. However, when I open the config in PCM, the line for TACACS does not include the key statement. This causes TACACS to not function correctly. The original config used for the template creation does include the key statement. I have tried adding the TACACS key to both the tacacs-server host command and also as a stand-alone command in the config. It doesn't seem to matter, as neither works.

This behavior seems to be common among both PCM2.3 and 3. My 2.3 server is a fully licensed PCM+ server, so I know there are no concerns with eval features there.

Any ideas?


thanks

stu...
0 Kudos
1 REPLY 1
Jeff Carrell
Honored Contributor

‎03-22-2010 10:58 PM

‎03-22-2010 10:58 PM

Re: PCM3 issue with TACACS configuration template

This is not a PCM problem.

The issue you are experiencing is the way ProCurve allows config files to be copied to a tftp server.

ProCurve does not allow the TACACS or RADIUS keys to be "saved" to a config file when you perform either a manual copy (CLI/GUI) or via PCM (which uses its own tftp server/service).

If you are using a ProVision-ASIC switch (3500/5400/6200/6600/8200) you can add a config option called 'include-credentials' which then allows local the switch uid/pw, TACACS/RADIUS, SNMP, etc., "security" info to be saved in the config file and then all that info is portable.

Otherwise, you can manually modify a saved config for the key info, save it, and then upload this "new" config file to a switch.

ref this chapter for more info: http://cdn.procurve.com/training/Manuals/3500-5400-6200-6600-8200-ASG-Mar10-2-Passwords.pdf page 2-10

hth...Jeff
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.