TACACS+ Authentication
General System Requirements
General System Requirements
To use TACACS+ authentication, you need the following:
■ A TACACS+ server application installed and configured on one or more
servers or management stations in your network. (There are several
TACACS+ software packages available.)
■ A switch configured for TACACS+ authentication, with access to one or
more TACACS+ servers.
Notes The effectiveness of TACACS+ security depends on correctly using your
TACACS+ server application. For this reason, ProCurve recommends that you
thoroughly test all TACACS+ configurations used in your network.
TACACS-aware ProCurve switches include the capability of configuring
multiple backup TACACS+ servers. ProCurve recommends that you use a
TACACS+ server application that supports a redundant backup installation.
This allows you to configure the switch to use a backup TACACS+ server if it
loses access to the first-choice TACACS+ server.
TACACS+ does not affect web browser interface access. Refer to “Controlling
Web Browser Interface Access When Using TACACS+ Authentication” on
page 4-27.
General Authentication Setup Procedure
It is important to test the TACACS+ service before fully implementing it.
Depending on the process and parameter settings you use to set up and test
TACACS+ authentication in your network, you could accidentally lock all
users, including yourself, out of access to a switch. While recovery is simple,
it may pose an inconvenience that can be avoided.To prevent an unintentional
lockout on the switch, use a procedure that configures and tests TACACS+
protection for one access type (for example, Telnet access), while keeping the
other access type (console, in this case) open in case the Telnet access fails
due to a configuration problem. The following procedure outlines a general
setup procedure.
4-5
