2-35
Controlling Management Access to the ProCurve Secure Router
Using the AAA Subsystem to Control Management Access
You must enter this command from the global configuration mode context.
Table 2-5 lists all the options and what they do.
Table 2-5. Global Settings for RADIUS Servers
The following is an example configuration for global RADIUS settings:
ProCurve(config)# radius-server challenge-noecho
ProCurve(config)# radius-server deadtime 10
ProCurve(config)# radius-server timeout 2
ProCurve(config)# radius-server retry 4
ProCurve(config)# radius-server key my secret key
Configuring the TACACS+ Server
In addition to supporting authentication, the ProCurve Secure Router supports
authorization and accounting with TACACS+ servers. If you want to use a
TACACS+ server to authenticate, authorize, or keep track of users who want
to manage the ProCurve Secure Router, you must first define the TACACS+
server.
Define the TACACS+ Server
In order to authenticate, authorize, and track users who try to access the
ProCurve Secure Router, the TACACS+ server must be able to communicate
with the router. (See Figure 2-3.)
Option Meaning Default Value
challenge-noecho disables echoing of user challenge-entry; users will see the
text of the challenge as they type responses (enabling this
option hides the text as it is being entered)
on
deadtime <minutes> specifies how long a RADIUS server is considered “dead” if
a timeout occurs; the router will not contact the server again
until after the deadtime expires
1 minute
enable-username <name> specifies a username to be used for enable authentication enable-username
$enab15$
key <key> specifies the shared key to use with RADIUS servers none
retry <attempts> specifies how many times the ProCurve Secure Router
should try to contact a RADIUS server before marking it as
“dead”
3
timeout <seconds> specifies how long to wait for a RADIUS server to respond
to a request
5 seconds
To Next Page
Loading...
Need help?
General
