2-15
Controlling Management Access to the ProCurve Secure Router
Using the AAA Subsystem to Control Management Access
Figure 2-1. Viewing the Users Who Are Accessing the Router Through the
Console, Telnet, SSH, FTP, and Web Browser Interface
Using the AAA Subsystem to Control
Management Access
Authentication, authorization, and accounting (AAA) is an industry standard
for controlling:
■ which users can access a system (authentication)
■ what they can do once they are granted access (authorization)
■ what is recorded about their activities (accounting)
The AAA subsystem on the ProCurve Secure Router currently supports:
■ authentication methods configured on the router itself
■ authentication through Remote Authentication Dial-In User Service
(RADIUS) servers
■ authentication, authorization, and accounting through Terminal Access
Controller Access-Control System Plus (TACACS+) servers
Advantages of Using the AAA Subsystem
The AAA subsystem provides more flexibility than simple password-based
authentication. If you enable the AAA subsystem, you can configure a list of
authentication methods for the enable mode and for each access method. For
example, you could configure a list of authentication methods for Telnet
access or for SSH access. The authentication methods include:
■ the Telnet password
■ the enable mode password
■ the local userlist
■ a RADIUS server
■ a TACACS+ server
- CONSOLE 0 ‘password-only’ logged in and enabled
Idle for 00:00:00
- TELNET 0 (192.168.20.25:1029) 'geoff' logged in and enabled
Idle for 00:00:09
To Next Page
Loading...
Need help?
General
