To Next Page

To Previous Page

9-9

Using Passwords and TACACS+ To Protect Against Unauthorized Access

TACACS+ Authentication for Central Control of Switch Access Security

Using Passwords and

TACACS+

TACACS+ in the Switch 4108GL manages authentication of logon attempts

through either the Console port or Telnet. TACACS+ uses an authentication

hierarchy consisting of (1) remote passwords assigned in a TACACS+ server

and (2) local passwords configured on the switch. That is, with TACACS+

configured, the switch first tries to contact a designated TACACS+ server for

authentication services. If the switch fails to connect to any TACACS+ server,

it defaults to its own locally assigned passwords for authentication control if

it has been configured to do so. For both Console and Telnet access you can

configure a login (read-only) and an enable (read/write) privilege level access.

Notes Regarding Software Release G.01.xx

Software release G.01.xx for the Switch 4108GL enables TACACS+ authenti-

cation, which allows or denies access to a Switch 4108GL on the basis of

correct username/password pairs managed by the TACACS+ server, and to

specify the privilege level to allow if access is granted. This release does not

support TACACS+ authorization or accounting services.

In release G.01.xx, TACACS+ does not affect web browser interface access.

See "Controlling Web Browser Interface Access" on page 28.

Terminology Used in TACACS Applications:

■ NAS (Network Access Server): This is an industry term for a

TACACS-aware device that communicates with a TACACS server for

authentication services. Some other terms you may see in literature

describing TACACS operation are communication server, remote

access server, or terminal server. These terms apply to a Switch

4108GL when TACACS+ is enabled on the switch (that is, when the

switch is TACACS-aware).

■ TACACS+ Server: The server or management station configured as

an access control server for TACACS-enabled devices. To use

TACACS+ with the Switch 4108GL and any other TACACS-capable

devices in your network, you must purchase, install, and configure a

TACACS+ server application on a networked server or management

station in the network. The TACACS+ server application you install

will provide various options for access control and access notifica-

tions. For more on the TACACS+ services available to you, see the

documentation provided with the TACACS+ server application you

will use.

Brand

Model

4108GL

HP 4108GL User Manual

Table of Contents

Questions and Answers:

HP 4108GL Specifications

Related product manuals