HP procurve 2500 Manuale Utente
169
Enhancements in Release F.02.02
TACACS+ Authentication for Centralized Control of Switch Access Security
TACACS+ Authentication for Centralized Control of Switch Access Security
TACACS+ Operation
TACACS+ in Series 2500 switches manages authentication of logon attempts through either the
Console port or Telnet. For both Console and Telnet you can configure a login (read-only) and an
enable (read/write) privilege level access. When your primary authentication control for switch
access is a TACACS+ server, you can also specify a local (switch-based) secondary authentication
control.
Console port or Telnet. For both Console and Telnet you can configure a login (read-only) and an
enable (read/write) privilege level access. When your primary authentication control for switch
access is a TACACS+ server, you can also specify a local (switch-based) secondary authentication
control.
N o t e
In release F.02.02, TACACS+ does not affect Web browser interface access. See "Controlling Web
Browser Interface Access" on page 184.
Browser Interface Access" on page 184.
General Authentication Setup Procedure
It is important to test the TACACS+ service before fully implementing it. Depending on the process
and parameter settings you use to set up and test TACACS+ authentication in your network, you
could accidentally lock all users, including yourself, out of access to a switch. While recovery is
simple, it may pose an inconvenience that can be avoided.To prevent an unintentional lockout on a
Series 2500 switch, use a procedure that configures and tests TACACS+ protection for one access
type (for example, Telnet access), while keeping the other access type (console, in this case) open
in case the Telnet access fails due to a configuration problem. The following procedure outlines a
general setup procedure.
and parameter settings you use to set up and test TACACS+ authentication in your network, you
could accidentally lock all users, including yourself, out of access to a switch. While recovery is
simple, it may pose an inconvenience that can be avoided.To prevent an unintentional lockout on a
Series 2500 switch, use a procedure that configures and tests TACACS+ protection for one access
type (for example, Telnet access), while keeping the other access type (console, in this case) open
in case the Telnet access fails due to a configuration problem. The following procedure outlines a
general setup procedure.
N o t e
If a complete access lockout occurs on the switch as a result of a TACACS+ configuration, see
"Troubleshooting TACACS+ Operation" on page 186 for recovery methods.
"Troubleshooting TACACS+ Operation" on page 186 for recovery methods.
1.
Familiarize yourself with the requirements for configuring your TACACS+ server application to
respond to requests from a Series 2500 switch. (Refer to the documentation provided with the
TACACS+ server software.) This includes knowing whether you need to configure an encryption
key. (See
respond to requests from a Series 2500 switch. (Refer to the documentation provided with the
TACACS+ server software.) This includes knowing whether you need to configure an encryption
key. (See