EasyManua.ls Logo

HP ProCurve 6400cl Series - Page 127

HP ProCurve 6400cl Series
404 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
TACACS+ Authentication
Configuring TACACS+ on the Switch
Table 5-2. Primary/Secondary Authentication Table
Access Method and Authentication Options Effect on Access Attempts
Privilege Level
Primary Secondary
Console — Login
Console — Enable
Telnet — Login
Telnet — Enable
local
tacacs
local
tacacs
local
tacacs
tacacs
local
tacacs
tacacs
none* Local username/password access only.
local If Tacacs+ server unavailable, uses local username/password access.
none* Local username/password access only.
local If Tacacs+ server unavailable, uses local username/password access.
none* Local username/password access only.
local If Tacacs+ server unavailable, uses local username/password access.
none If Tacacs+ server unavailable, denies access.
none* Local username/password access only.
local If Tacacs+ server unavailable, uses local username/password access.
none If Tacacs+ server unavailable, denies access.
*When “local” is the primary option, you can also select “local” as the secondary option. However, in this case, a
secondary “local” is meaningless because the switch has only one local level of username/password protection.
Caution Regarding
the Use of Local for
Login Primary
Access
During local authentication (which uses passwords configured in the switch
instead of in a TACACS+ server), the switch grants read-only access if you
enter the Operator password, and read-write access if you enter the Manager
password. For example, if you configure authentication on the switch with
Telnet Login Primary as Local and Telnet Enable Primary as Tacacs, when you
attempt to Telnet to the switch, you will be prompted for a local password. If
you enter the switch’s local Manager password (or, if there is no local Manager
password configured in the switch) you can bypass the TACACS+ server
authentication for Telnet Enable Primary and go directly to read-write (Man
-
ager) access. Thus, for either the Telnet or console access method, configuring
Login Primary for Local authentication while configuring Enable Primary for
TACACS+ authentication is not recommended, as it defeats the purpose of
using the TACACS+ authentication. If you want Enable Primary log-in
attempts to go to a TACACS+ server, then you should configure both Login
Primary and Enable Primary for Tacacs authentication instead of configuring
Login Primary to Local authentication.
5-13

Table of Contents

Other manuals for HP ProCurve 6400cl Series

Preview: Management Guide
Management Guide664 pages

Related product manuals