HP ProCurve 9304M Security Manual page 37

Routing switches

Hide thumbs Also See for ProCurve 9304M:

Management and configuration manual (690 pages)

Installation and configuration manual (504 pages)

Installation and getting started manual (348 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

page of 172

/ 172
Contents
Table of Contents
Bookmarks

Table of Contents

NOTE: TACACS+ provides for authentication, authorization, and accounting, but an implementation or

configuration is not required to employ all three.

TACACS/TACACS+ Authentication, Authorization, and Accounting

When you configure an HP device to use a TACACS/TACACS+ server for authentication, the device prompts users

who are trying to access the CLI for a user name and password, then verifies the password with the TACACS/

TACACS+ server.

If you are using TACACS+, HP recommends that you also configure authorization, in which the HP device

consults a TACACS+ server to determine which management privilege level (and which associated set of

commands) an authenticated user is allowed to use. You can also optionally configure accounting, which causes

the HP device to log information on the TACACS+ server when specified events occur on the device.

NOTE: By default, a user logging into the device via Telnet or SSH would first enter the User EXEC level. The

user can enter the enable command to get to the Privileged EXEC level.

Starting with release 07.1.08, a user that is successfully authenticated can be automatically placed at the

Privileged EXEC level after login. See "Entering Privileged EXEC Mode After a Telnet or SSH Login" on page 2

28.

TACACS Authentication

When TACACS authentication takes place, the following events occur:

A user attempts to gain access to the HP device by doing one of the following:

•

Logging into the device using Telnet, SSH, or the Web management interface

•

Entering the Privileged EXEC level or CONFIG level of the CLI

The user is prompted for a username and password.

The user enters a username and password.

The HP device sends a request containing the username and password to the TACACS server.

The username and password are validated in the TACACS server's database.

If the password is valid, the user is authenticated.

TACACS+ Authentication

When TACACS+ authentication takes place, the following events occur:

A user attempts to gain access to the HP device by doing one of the following:

•

Logging into the device using Telnet, SSH, or the Web management interface

•

Entering the Privileged EXEC level or CONFIG level of the CLI

The user is prompted for a username.

The user enters a username.

The HP device obtains a password prompt from a TACACS+ server.

The user is prompted for a password.

The user enters a password.

The HP device sends the password to the TACACS+ server.

The password is validated in the TACACS+ server's database.

If the password is valid, the user is authenticated.

June 2005

Securing Access to Management Functions

2 - 21

Table of Contents

This manual is also suitable for:

J4139aProcurve 9308mJ4874a Procurve 9408sl J4138a J8680a ... Show all

HP ProCurve 9304M Security Manual page 37

Related Manuals for HP ProCurve 9304M

Related Products for HP ProCurve 9304M

This manual is also suitable for:

Table of Contents