HP (Hewlett-Packard) 2650 (J4899A/B) Switch User Manual


 
4-6
TACACS+ Authentication
Configuring TACACS+ on the Switch
other access type (console, in this case) open in case the Telnet access fails
due to a configuration problem. The following procedure outlines a general
setup procedure.
Note If a complete access lockout occurs on the switch as a result of a TACACS+
configuration, see “Troubleshooting TACACS+ Operation” in the Trouble-
shooting chapter of the Management and Configuration Guide for your
switch.
1. Familiarize yourself with the requirements for configuring your
TACACS+ server application to respond to requests from a switch. (Refer
to the documentation provided with the TACACS+ server software.) This
includes knowing whether you need to configure an encryption key. (See
“Using the Encryption Key” on page 4-23.)
2. Determine the following:
3. Plan and enter the TACACS+ server configuration needed to support
TACACS+ operation for Telnet access (login and enable) to the switch.
This includes the username/password sets for logging in at the Operator
(read-only) privilege level and the sets for logging in at the Manager (read/
write) privilege level.
The IP address(es) of the TACACS+
server(s) you want the switch to use
for authentication. If you will use
more than one server, determine
which server is your first-choice for
authentication services.
The encryption key, if any, for
allowing the switch to communicate
with the server. You can use either a
global key or a server-specific key,
depending on the encryption
configuration in the TACACS+
server(s).
The number of log-in attempts you
will allow before closing a log-in
session. (Default: 3)
The period you want the switch to
wait for a reply to an authentication
request before trying another
server.
The username/password pairs you
want the TACACS+ server to use for
controlling access to the switch.
The privilege level you want for
each username/password pair
administered by the TACACS+
server for controlling access to the
switch.
The username/password pairs you
want to use for local authentication
(one pair each for Operator and
Manager levels).