HP (Hewlett-Packard) Q.11. (2510-24) ユーザーズマニュアル
4-2
TACACS+ Authentication
Configuring TACACS+ on the Switch
Configuring TACACS+ on the Switch
Overview
TACACS+ authentication enables you to use a central server to allow or deny
access to the switch (and other TACACS-aware devices) in your network. This
means that you can use a central database to create multiple unique username/
password sets with associated privilege levels for use by individuals who have
reason to access the switch from either the switch’s console port (local
access) or Telnet (remote access).
access to the switch (and other TACACS-aware devices) in your network. This
means that you can use a central database to create multiple unique username/
password sets with associated privilege levels for use by individuals who have
reason to access the switch from either the switch’s console port (local
access) or Telnet (remote access).
Figure 4-1. Example of TACACS+ Operation
TACACS+ in the switch manages authentication of logon attempts through
either the Console port or Telnet. TACACS+ uses an authentication hierarchy
consisting of (1) remote passwords assigned in a TACACS+ server and (2)
local passwords configured on the switch. That is, with TACACS+ configured,
the switch first tries to contact a designated TACACS+ server for authentica-
either the Console port or Telnet. TACACS+ uses an authentication hierarchy
consisting of (1) remote passwords assigned in a TACACS+ server and (2)
local passwords configured on the switch. That is, with TACACS+ configured,
the switch first tries to contact a designated TACACS+ server for authentica-
Feature
Default
Menu
CLI
Web
view the switch’s authentication configuration
n/a
—
page 4-9 —
view the switch’s TACACS+ server contact
configuration
configuration
n/a
—
page
4-10
4-10
—
configure the switch’s authentication methods
disabled
—
page
4-11
4-11
—
configure the switch to contact TACACS+ server(s) disabled
—
page
4-15
4-15
—
B
ProCurve Switch
Configured for
TACACS+ Operation
Configured for
TACACS+ Operation
Terminal “A” Directly
Accessing the Switch
Via Switch’s Console
Port
Accessing the Switch
Via Switch’s Console
Port
Terminal “B” Remotely Accessing The Switch Via Telnet
A
Primary
TACACS+
Server
TACACS+
Server
The switch passes the login
requests from terminals A and B
to the TACACS+ server for
authentication. The TACACS+
server determines whether to
allow access to the switch and
what privilege level to allow for
a given access request.
requests from terminals A and B
to the TACACS+ server for
authentication. The TACACS+
server determines whether to
allow access to the switch and
what privilege level to allow for
a given access request.
Access Request A1 - A4: Path for Request from
Terminal A (Through Console Port)
Terminal A (Through Console Port)
TACACS Server B1 - B4: Path for Request from
Response Terminal B (Through Telnet)
Response Terminal B (Through Telnet)
B1
A2 or
B2
B2
A3 or
B3
B3
B4
A1
A4