HP procurve 2500 Manuale Utente

181    

Enhancements in Release F.02.02
TACACS+ Authentication for Centralized Control of Switch Access Security

How Authentication Operates

General Authentication Process Using a TACACS+ Server

Authentication through a TACACS+ server operates generally as described below. For specific 
operating details, refer to the documentation you received with your TACACS+ server application.

Using figure 87, above, after either switch detects an operator’s logon request from a remote or 
directly connected terminal, the following events occur:

1.

The switch queries the first-choice TACACS+ server for authentication of the request. 

•

If the switch does not receive a response from the first-choice TACACS+ server, it 
attempts to query a secondary server. If the switch does not receive a response from any 
TACACS+ server, then it uses its own local username/password pairs to authenticate the 
logon request. (See "Local Authentication Process", on page 182.)

•

If a TACACS+ server recognizes the switch, it forwards a username prompt to the 
requesting terminal via the switch.

2.

When the requesting terminal responds to the prompt with a username, the switch forwards it 
to the TACACS+ server.

3.

After the server receives the username input, the requesting terminal receives a password 
prompt from the server via the switch.

4.

When the requesting terminal responds to the prompt with a password, the switch forwards it 
to the TACACS+ server and one of the following actions occurs:

Series 2500 Switch 
Configured for 
TACACS+ Operation

First-Choice 
TACACS+ Server

    

Series 2500 Switch 
Configured for 
TACACS+ Operation

Terminal "A" Directly Accessing This 
Switch Via Switch’s Console Port

Terminal  "B" Remotely Accessing 
This Switch Via Telnet

    

Second-Choice 
TACACS+ Server
(Optional)

Third-Choice 
TACACS+ Server
(Optional)