HP (Hewlett-Packard) 2300 Switch User Manual


 
171
Enhancements in Release F.02.02
TACACS+ Authentication for Centralized Control of Switch Access Security
Caution
You should ensure that the switch has a local Manager password. Otherwise, if authentication
through a TACACS+ server fails for any reason, then unauthorized access will be available
through the console port or Telnet.
6. Using a terminal device connected to the switch’s console port, configure the switch for
TACACS+ authentication only for
telnet login access and telnet enable access. At this stage, do not
configure TACACS+ authentication for console access to the switch, as you may need to use
the console for access if the configuration for the Telnet method needs debugging.
7. On a remote terminal device, use Telnet to attempt to access the switch. If the attempt fails, use
the console access to check the TACACS+ configuration on the switch. If you make changes in
the switch configuration, check Telnet access again. If Telnet access still fails, check the
configuration in your TACACS+ server application for mis-configurations or missing data that
could affect the server’s interoperation with the switch.
8. After your testing shows that Telnet access using the TACACS+ server is working properly,
configure your TACACS+ server application for console access. Then test the console access.
If access problems occur, check for and correct any problems in the switch configuration, and
then test console access again. If problems persist, check your TACACS+ server application for
mis-configurations or missing data that could affect the console access.
9. When you are confident that TACACS+ access through both Telnet and the switch’s console
operates properly, use the
write memory command to save the switch’s running-config file to flash.