Installation and Getting Started Guide
User Action
User enters system commands
(for example, reload, boot system)
User enters the command:
[no] aaa accounting system default
start-stop <method-list>
User enters other commands
TACACS/TACACS+ Configuration Considerations
•
You must deploy at least one TACACS/TACACS+ server in your network.
•
HP devices support authentication using up to eight TACACS/TACACS+ servers. The device tries to use the
servers in the order you add them to the device's configuration.
•
You can select only one primary authentication method for each type of access to a device (CLI through
Telnet, CLI Privileged EXEC and CONFIG levels). For example, you can select TACACS+ as the primary
authentication method for Telnet CLI access, but you cannot also select RADIUS authentication as a primary
method for the same type of access. However, you can configure backup authentication methods for each
access type.
•
You can configure the HP device to authenticate using a TACACS or TACACS+ server, not both.
TACACS Configuration Procedure
For TACACS configurations, use the following procedure:
1.
Identify TACACS servers. See "Identifying the TACACS/TACACS+ Servers" on page 3-21.
2.
Set optional parameters. See "Setting Optional TACACS/TACACS+ Parameters" on page 3-21.
3.
Configure authentication-method lists. See "Configuring Authentication-Method Lists for TACACS/
TACACS+" on page 3-22.
TACACS+ Configuration Procedure
For TACACS+ configurations, use the following procedure:
1.
Identify TACACS+ servers. See "Identifying the TACACS/TACACS+ Servers" on page 3-21.
3 - 20
Applicable AAA Operations
Command authorization (TACACS+):
aaa authorization commands <privilege-level> default <method-list>
Command accounting (TACACS+):
aaa accounting commands <privilege-level> default start-stop
<method-list>
System accounting stop (TACACS+):
aaa accounting system default start-stop <method-list>
Command authorization (TACACS+):
aaa authorization commands <privilege-level> default <method-list>
Command accounting (TACACS+):
aaa accounting commands <privilege-level> default start-stop
<method-list>
System accounting start (TACACS+):
aaa accounting system default start-stop <method-list>
Command authorization (TACACS+):
aaa authorization commands <privilege-level> default <method-list>
Command accounting (TACACS+):
aaa accounting commands <privilege-level> default start-stop
<method-list>