HP ProCurve 9304M Security Manual page 72
Routing switches
Hide thumbs
Also See for ProCurve 9304M:
- Management and configuration manual (690 pages) ,
- Installation and configuration manual (504 pages) ,
- Installation and getting started manual (348 pages)
Table of Contents
Advertisement
Security Guide for ProCurve 9300/9400 Series Routing Switches
User level password is configured, then access through SNMP management applications is not
authenticated. To use local user accounts to authenticate access through SNMP management applications,
configure an authentication-method list for SNMP access and specify "local" as the primary authentication
method.
Examples of Authentication-Method Lists
Example 1: The following example shows how to configure authentication-method lists for the Web management
interface, SNMP management applications, and the Privileged EXEC and CONFIG levels of the CLI. In this
example, the primary authentication method for each is "local". The device will authenticate access attempts
using the locally configured user names and passwords first.
To configure an authentication-method list for the Web management interface, enter a command such as the
following:
ProCurveRS(config)# aaa authentication web-server default local
This command configures the device to use the local user accounts to authenticate access to the device through
the Web management interface. If the device does not have a user account that matches the user name and
password entered by the user, the user is not granted access.
To configure an authentication-method list for SNMP management applications, enter a command such as the
following:
ProCurveRS(config)# aaa authentication snmp-server default local
This command configures the device to use the local user accounts to authenticate access attempts through any
network management software, such as SNMP management applications.
To configure an authentication-method list for the Privileged EXEC and CONFIG levels of the CLI, enter the
following command:
ProCurveRS(config)# aaa authentication enable default local
This command configures the device to use the local user accounts to authenticate attempts to access the
Privileged EXEC and CONFIG levels of the CLI.
Example 2: To configure the device to consult a RADIUS server first to authenticate attempts to access the
Privileged EXEC and CONFIG levels of the CLI, then consult the local user accounts if the RADIUS server is
unavailable, enter the following command:
ProCurveRS(config)# aaa authentication enable default radius local
Syntax: [no] aaa authentication snmp-server | web-server | enable | login default <method1> [<method2>]
[<method3>] [<method4>] [<method5>] [<method6>] [<method7>]
The snmp-server | web-server | enable | login parameter specifies the type of access this authentication
method list controls. You can configure one authentication-method list for each type of access.
NOTE: TACACS/TACACS+ and RADIUS are supported only with the enable and login parameters.
The <method1> parameter specifies the primary authentication method. The remaining optional <method>
parameters specify additional methods to try if an error occurs with the primary method. A method can be one of
the values listed in the Method Parameter column in the following table.
Method Parameter
line
2 - 56
Table 2.8: Authentication Method Values
Description
Authenticate using the password you configured for Telnet access. The
Telnet password is configured using the enable telnet password...
command. See "Setting a Telnet Password" on page 2-13.
June 2005
Advertisement
Table of Contents
