2-29
Controlling Management Access to the ProCurve Secure Router
Using the AAA Subsystem to Control Management Access
Include the group tacacs+ option if you want the ProCurve Secure Router to
send the accounting information to the default group of TACACS+ servers.
Replace group <groupname> if you want to specify a TACACS+ group that
you created. You can specify more than one group. (For information on
creating a TACACS+ group, see “Creating a TACACS+ Group” on page 2-37.)
Create a Named List to Track New Connections or Outbound
Telnet Connections
You can configure the ProCurve Secure Router to send updates to the
TACACS+ server for either of the following events:
■ all new connections or logins
■ outbound Telnet connections
Note You can initiate an outbound Telnet session from both the basic and enable
mode context. You simply enter telnet <A.B.C.D>, replacing <A.B.C.D>
with the IP address of the device that you want to access.
You use the aaa accounting command to both create the named list and
specify its contents. From the global configuration mode context, enter:
Syntax: aaa accounting [exec | connection] [default | <named list>] [none | start-stop
| stop-only] [group {tacacs+ | <groupname>}]
Specify the exec option to send records of all new connections, or specify the
connection option to send records for outbound Telnet connections.
Include the default option to create the default accounting list, or replace
<named list> to create an accounting list with the name you specify.
Include the start-stop option if you want an accounting record to be gener-
ated both when the user begins and ends his or her session. Include the stop-
only option if you want an accounting record to be generated only when the
user ends his or her session. Include the none option if you do not want an
accounting record to be generated. If you specify the none option, you cannot
include the group option (because a TACACS+ server is not required).
Include the group tacacs+ option if you want the ProCurve Secure Router to
send the accounting information to the default group of TACACS+ servers.
Replace group <groupname> with a group of TACACS+ servers that you
created. You can specify more than one group.
To Next Page
Loading...
Need help?
General
