HP (Hewlett-Packard) 2600 Series Switch User Manual


 
4-11
TACACS+ Authentication
Configuring TACACS+ on the Switch
Configuring the Switch’s Authentication Methods
The aaa authentication command configures the access control for console
port and Telnet access to the switch. That is, for both access methods, aaa
authentication specifies whether to use a TACACS+ server or the switch’s local
authentication, or (for some secondary scenarios) no authentication (meaning
that if the primary method fails, authentication is denied). This command also
reconfigures the number of access attempts to allow in a session if the first
attempt uses an incorrect username/password pair.
Syntax: aaa authentication
< console | telnet >
Selects either console (serial port) or Telnet access for
configuration.
< enable | login >
Selects either the Manager (enable) or Operator (login)
access level.
< local | tacacs | radius >
Selects the type of security access:
localAuthenticates with the Manager and Operator
password you configure in the switch.
tacacsAuthenticates with a password and other
data configured on a TACACS+ server.
radiusAuthenticates with a password and other
data configured on a RADIUS server. (Refer to
“RADIUS Authentication and Accounting” on page
5-1.)
[< local | none >]
If the primary authentication method fails, determines
whether to use the local password as a secondary method
or to disallow access.
aaa authentication num-attempts < 1-10 >
Specifies the maximum number of login attempts allowed in
the current session. Default: 3