TACACS+ Authentication
Configuring TACACS+ on the Switch
A3 or
B3
Primary
TACACS+
Server
The switch passes the login
requests from terminals A and B
to the TACACS+ server for
authentication. The TACACS+
server determines whether to
allow access to the switch and
what privilege level to allow for
a given access request.
Figure 4-1. Example of TACACS+ Operation
4-2
Overview
Feature
view the switch's authentication configuration
view the switch's TACACS+ server contact
configuration
configure the switch's authentication methods
configure the switch to contact TACACS+ server(s) disabled
TACACS+ (Terminal Access Controller Access Control System+) authentica-
tion enables you to use a central server to allow or deny access to the switch
(and other TACACS-aware devices) in your network. This means that you can
use a central database to create multiple unique username/password sets with
associated privilege levels for use by individuals who have reason to access
the switch either locally (from the switch's console port) or remotely (Telnet
or SSH).
ProCurve Switch
Configured for
A2 or
TACACS+ Operation
B2
B4
B1
Access Request
TACACS Server
Response
TACACS+ in the switch manages authentication of logon attempts through
either the Console port or remote connection (Telnet, SSH). TACACS+ uses
an authentication hierarchy consisting of (1) remote passwords assigned in a
TACACS+ server and (2) local passwords configured on the switch. That is,
Default
n/a
n/a
disabled
A4
A1
A
B
Terminal "B" Remotely Accessing The Switch Via Telnet
Menu
CLI
Web
—
page 4-9
—
page
4-10
—
page
4-11
—
page
4-18
Terminal "A" Directly
Accessing the Switch
Via Switch's Console
Port
A1 - A4: Path for Request from
Terminal A (Through Console Port)
B1 - B4: Path for Request from
Terminal B (Through Telnet)
—
—
—
—