2-20
Controlling Management Access to the ProCurve Secure Router
Using the AAA Subsystem to Control Management Access
Table 2-2. Authentication Options for Named Lists
Note If you select the enable password as an authentication method for an access
method that requires a username, the username is, by default, $enab15$.
You can change this username for RADIUS servers when you enter the
radius-server command, as explained in “Define the RADIUS Server” on
page 2-31.
There is one difference between the list of options for the enable mode and
the list of options for authenticating users: the local user database is not an
option for the enable mode.
For example, when you configure a named list for user authentication, you
may want to call this list UserLogin. You may also decide to use the following
authentication methods:
■ enable password
■ line password
■ local user database
In this case, you would enter:
ProCurve(config)# aaa authentication login UserLogin enable line local
Option Meaning
enable Requires users to enter the password configured for the enable
mode context.
line Requires users to enter the password configured for the Telnet or
the console line.
local Requires users to enter a username and password from the local
user database (which is defined on the router) for authentication.
none No password is required.
group [<groupname> |
radius | tacacs+]
Specifies that the ProCurve Secure Router should contact an
access server to authenticate users:
• group of RADIUS or TACACS+ servers that you have
configured
• all the RADIUS servers that you have defined (if you have not
defined a group of RADIUS servers)
• all the TACACS+ servers that you have defined (if you have not
defined a group of TACACS+ servers)
To Next Page
Loading...
Need help?
General
