Overview, Overview -2 – HP 2800 User Manual
Page 76
TACACS+ Authentication
Overview
Overview
Feature
Default
Menu
CLI
Web
view the switch’s authentication configuration
n/a
—
—
view the switch’s TACACS+ server contact
n/a
—
page
—
configuration
configure the switch’s authentication methods
disabled
—
page
4-11
—
configure the switch to contact TACACS+ server(s) disabled
—
page
4-15
—
TACACS+ authentication enables you to use a central server to allow or deny
access to the switch (and other TACACS-aware devices) in your network. This
means that you can use a central database to create multiple unique username/
password sets with associated privilege levels for use by individuals who have
reason to access the switch from either the switch’s console port (local
access) or Telnet (remote access).
B
HP ProCurve Switch
Configured for
TACACS+ Operation
Terminal “A” Directly
Accessing the Switch
Via Switch’s Console
Port
Terminal “B” Remotely Accessing The Switch Via Telnet
A
Primary
TACACS+
Server
The switch passes the login
requests from terminals A and B
to the TACACS+ server for
authentication. The TACACS+
server determines whether to
allow access to the switch and
what privilege level to allow for
a given access request.
Access Request
A1 - A4: Path for Request from
Terminal A (Through Console Port)
TACACS Server
B1 - B4: Path for Request from
Response
Terminal B (Through Telnet)
B1
A2 or
B2
A3 or
B3
B4
A1
A4
Figure 4-1. Example of TACACS+ Operation
TACACS+ in the switch manages authentication of logon attempts through
either the Console port or Telnet. TACACS+ uses an authentication hierarchy
consisting of (1) remote passwords assigned in a TACACS+ server and (2)
local passwords configured on the switch. That is, with TACACS+ configured,
the switch first tries to contact a designated TACACS+ server for authentica-
4-2