HP ProCurve 9304M Security Manual page 40

Routing switches

Hide thumbs Also See for ProCurve 9304M:

Management and configuration manual (690 pages)

Installation and configuration manual (504 pages)

Installation and getting started manual (348 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

page of 172

/ 172
Contents
Table of Contents
Bookmarks

Table of Contents

Security Guide for ProCurve 9300/9400 Series Routing Switches

User Action

User enters the command:

[no] aaa accounting system default

start-stop <method-list>

User enters other commands

AAA Security for Commands Pasted Into the Running-Config

If AAA security is enabled on the device, commands pasted into the running-config are subject to the same AAA

operations as if they were entered manually.

When you paste commands into the running-config, and AAA command authorization and/or accounting is

configured on the device, AAA operations are performed on the pasted commands. The AAA operations are

performed before the commands are actually added to the running-config. The server performing the AAA

operations should be reachable when you paste the commands into the running-config file. If the device

determines that a pasted command is invalid, AAA operations are halted on the remaining commands. The

remaining commands may not be executed if command authorization is configured.

TACACS/TACACS+ Configuration Considerations

•

You must deploy at least one TACACS/TACACS+ server in your network.

•

HP devices support authentication using up to eight TACACS/TACACS+ servers. The device tries to use the

servers in the order you add them to the device's configuration.

•

You can select only one primary authentication method for each type of access to a device (CLI through

Telnet, CLI Privileged EXEC and CONFIG levels). For example, you can select TACACS+ as the primary

authentication method for Telnet CLI access, but you cannot also select RADIUS authentication as a primary

method for the same type of access. However, you can configure backup authentication methods for each

access type.

•

You can configure the HP device to authenticate using a TACACS or TACACS+ server, not both.

TACACS Configuration Procedure

For TACACS configurations, use the following procedure:

1. Identify TACACS servers. See "Identifying the TACACS/TACACS+ Servers" on page 2-25.

2. Set optional parameters. See "Setting Optional TACACS/TACACS+ Parameters" on page 2-26.

3. Configure authentication-method lists. See "Configuring Authentication-Method Lists for TACACS/TACACS+"

on page 2-27.

TACACS+ Configuration Procedure

For TACACS+ configurations, use the following procedure:

1. Identify TACACS+ servers. See "Identifying the TACACS/TACACS+ Servers" on page 2-25.

2 - 24

Applicable AAA Operations

Command authorization (TACACS+):

aaa authorization commands <privilege-level> default <method-list>

Command accounting (TACACS+):

aaa accounting commands <privilege-level> default start-stop

<method-list>

System accounting start (TACACS+):

aaa accounting system default start-stop <method-list>

Command authorization (TACACS+):

aaa authorization commands <privilege-level> default <method-list>

Command accounting (TACACS+):

aaa accounting commands <privilege-level> default start-stop

<method-list>

June 2005

Table of Contents

This manual is also suitable for:

J4139aProcurve 9308mJ4874a Procurve 9408sl J4138a J8680a ... Show all

HP ProCurve 9304M Security Manual page 40

Related Manuals for HP ProCurve 9304M

Related Products for HP ProCurve 9304M

This manual is also suitable for:

Table of Contents