HP (Hewlett-Packard) 2650 (J4899A/B) ユーザーズマニュアル
4-5
TACACS+ Authentication
Configuring TACACS+ on the Switch
General System Requirements
To use TACACS+ authentication, you need the following:
■
A TACACS+ server application installed and configured on one or
more servers or management stations in your network. (There are
several TACACS+ software packages available.)
more servers or management stations in your network. (There are
several TACACS+ software packages available.)
■
A switch configured for TACACS+ authentication, with access to one
or more TACACS+ servers.
or more TACACS+ servers.
N o t e s
The effectiveness of TACACS+ security depends on correctly using your
TACACS+ server application. For this reason, ProCurve recommends that you
thoroughly test all TACACS+ configurations used in your network.
TACACS+ server application. For this reason, ProCurve recommends that you
thoroughly test all TACACS+ configurations used in your network.
TACACS-aware ProCurve switches include the capability of configuring
multiple backup TACACS+ servers. ProCurve recommends that you use a
TACACS+ server application that supports a redundant backup installation.
This allows you to configure the switch to use a backup TACACS+ server if it
loses access to the first-choice TACACS+ server.
multiple backup TACACS+ servers. ProCurve recommends that you use a
TACACS+ server application that supports a redundant backup installation.
This allows you to configure the switch to use a backup TACACS+ server if it
loses access to the first-choice TACACS+ server.
TACACS+ does not affect web browser interface access. Refer to “Controlling
Web Browser Interface Access When Using TACACS+ Authentication” on
page 4-24.
Web Browser Interface Access When Using TACACS+ Authentication” on
page 4-24.
General Authentication Setup Procedure
It is important to test the TACACS+ service before fully implementing it.
Depending on the process and parameter settings you use to set up and test
TACACS+ authentication in your network, you could accidentally lock all
users, including yourself, out of access to a switch. While recovery is simple,
it may pose an inconvenience that can be avoided.To prevent an unintentional
lockout on a switch, use a procedure that configures and tests TACACS+
protection for one access type (for example, Telnet access), while keeping the
Depending on the process and parameter settings you use to set up and test
TACACS+ authentication in your network, you could accidentally lock all
users, including yourself, out of access to a switch. While recovery is simple,
it may pose an inconvenience that can be avoided.To prevent an unintentional
lockout on a switch, use a procedure that configures and tests TACACS+
protection for one access type (for example, Telnet access), while keeping the