5-24
TACACS+ Authentication
How Authentication Operates
How Authentication Operates
General Authentication Process Using a TACACS+ 
Server
Authentication through a TACACS+ server operates generally as described 
below. For specific operating details, refer to the documentation you received 
with your TACACS+ server application.
Figure 5-10. Using a TACACS+ Server for Authentication
Using figure 5-10, above, after either switch detects an operator’s logon 
request from a remote or directly connected terminal, the following events 
occur:
1. The switch queries the first-choice TACACS+ server for authentication 
of the request. 
• If the switch does not receive a response from the first-choice 
TACACS+ server, it attempts to query a secondary server. If the 
switch does not receive a response from any TACACS+ server, 
then it uses its own local username/password pairs to authenti-
cate the logon request. (See “Local Authentication Process” on 
page 5-25.)
• If a TACACS+ server recognizes the switch, it forwards a user-
name prompt to the requesting terminal via the switch.
2. When the requesting terminal responds to the prompt with a username, 
the switch forwards it to the TACACS+ server.
HP Switch Configured 
for TACACS+ Operation
First-Choice 
TACACS+ Server
 B
HP Switch 
Configured for 
TACACS+ Operation
Terminal “A” Directly Accessing This 
Switch Via Switch’s Console Port
Terminal “B” Remotely 
Accessing This Switch Via Telnet
 A
Second-Choice 
TACACS+ Server
(Optional)
Third-Choice 
TACACS+ Server
(Optional)