Hewlett-Packard BMD00022 Manual

A SERVICE OF

next previous

Configuration Menu 116

Table 82 RADIUS Server Configuration Menu options

Command Description

on

Enables the RADIUS server.

off

Disables the RADIUS server. This is the default.

cur

Displays the current RADIUS server parameters.

IMPORTANT: If RADIUS is enabled, you must login using RADIUS authentication when connecting

via the console or Telnet/SSH/HTTP/HTTPS. Backdoor for console is always enabled, so you can

connect using noradius and the administrator password even if the backdoor (telnet) or secure

backdoor (secbd) are disabled.

If Telnet backdoor is enabled (telnet ena), type in noradius as a backdoor to bypass RADIUS

checking, and use the administrator password to log into the switch. The switch allows this even if

RADIUS servers are available.

If secure backdoor is enabled (secbd ena), type in noradius as a backdoor to bypass RADIUS

checking, and use the administrator password to log into the switch. The switch allows this only if

RADIUS servers are not available.

TACACS+ server configuration

Command: /cfg/sys/tacacs+

[TACACS+ Server Menu]

prisrv - Set IP address of primary TACACS+ server

secsrv - Set IP address of secondary TACACS+ server

secret - Set secret for primary TACACS+ server

secret2 - Set secret for secondary TACACS+ server

port - Set TACACS+ port number

retries - Set number of TACACS+ server retries

timeout - Set timeout value of TACACS+ server retries

bckdoor - Enable/disable TACACS+ back door for telnet/ssh/http/https

secbd - Enable/disable TACACS+ secure backdoor for telnet/ssh/http/https

cmap - Enable/disable TACACS+ new privilege level mapping

usermap - Set user privilege mappings

on - Enable TACACS+ authentication

off - Disable TACACS+ authentication

cur - Display current TACACS+ settings

TACACS+ (Terminal Access Controller Access Control System) is an authentication protocol that

allows a remote access server to forward a user's logon password to an authentication server to

determine whether access can be allowed to a given system. TACACS+ and Remote Authentication

Dial-In User Service (RADIUS) protocols are more secure than the TACACS encryption protocol.

TACACS+ is described in RFC 1492.

TACACS+ protocol is more reliable than RADIUS, as TACACS+ uses the Transmission Control

Protocol (TCP) whereas RADIUS uses the User Datagram Protocol (UDP). Also, RADIUS combines

authentication and authorization in a user profile, whereas TACACS+ separates the two operations.