Filter
Top Products
TACACS+ Authentication
Configuring TACACS+ on the Switch
Configuring the Switch’s Authentication Methods
The aaa authentication command configures access control for the following
access methods:
■ Console
■ Telnet
■ SSH
■ Web
■ Port-access (802.1X)
However, TACACS+ authentication is only used with the console, Telnet, or
SSH access methods. The command specifies whether to use a TACACS+
server or the switch’s local authentication, or (for some secondary scenarios)
no authentication (meaning that if the primary method fails, authentication is
denied). The command also reconfigures the number of access attempts to
allow in a session if the first attempt uses an incorrect username/password
pair.
Using the Privilege-Mode Option for Login
When using TACACS+ to control user access to the switch, you must first login
with your username at the Operator privilege level using the password for
Operator privileges, and then login again with the same username but using
the Manger password to obtain Manager privileges. You can avoid this double
login process by entering the privilege-mode option with the aaa authentication
login command to enable TACACS+ for a single login. The switch authenti-
cates your username/password, then requests the privilege level (Operator or
Manager) that was configured on the TACACS+ server for this username/
password. The TACACS+ server returns the allowed privilege level to the
switch. You are placed directly into Operator or Manager mode, depending on
your privilege level.
ProCurve(config) aaa authentication login privilege-mode
The no version of the above command disables TACACS+ single login capa-
bility.
4-11