HP ProCurve 2510G Series Manual page 88
Access security guide
Hide thumbs
Also See for ProCurve 2510G Series:
- Specifications (2 pages) ,
- Installation and getting started manual (96 pages)
Table of Contents
Advertisement
TACACS+ Authentication
Configuring TACACS+ on the Switch
Table 4-2.
Primary/Secondary Authentication Table for Console and Telnet
Access Method and
Authentication Options
Privilege Level
Primary
Console — Login
local
tacacs
Console — Enable
local
tacacs
Telnet — Login
local
tacacs
tacacs
Telnet — Enable
local
tacacs
tacacs
*When "local" is the primary option, you can also select "local" as the secondary option. However, in this case, a
secondary "local" is meaningless because the switch has only one local level of username/password protection.
C a u t i o n
R e g a r d i n g t h e
U s e of L o c a l f or
L o gi n P ri mar y
Access
4-14
As shown in the next table, login and enable access is always available locally
through a direct terminal connection to the switch's console port. However,
for Telnet access, you can configure TACACS+ to deny access if a TACACS+
server goes down or otherwise becomes unavailable to the switch.
Secondary
none*
Local username/password access only.
local
If Tacacs+ server unavailable, uses local username/password access.
none*
Local username/password access only.
local
If Tacacs+ server unavailable, uses local username/password access.
none*
Local username/password access only.
local
If Tacacs+ server unavailable, uses local username/password access.
none
If Tacacs+ server unavailable, denies access.
none*
Local username/password access only.
local
If Tacacs+ server unavailable, uses local username/password access.
none
If Tacacs+ server unavailable, denies access.
During local authentication (which uses passwords configured in the switch
instead of in a TACACS+ server), the switch grants read-only access if you
enter the Operator password, and read-write access if you enter the Manager
password. For example, if you configure authentication on the switch with
Telnet Login Primary as local and Telnet Enable Primary as tacacs and then
attempt to Telnet to the switch, you will be prompted for a local password. If
you enter the switch's local Manager password (or, if there is no local Manager
password configured in the switch), you bypass the TACACS+ server authen-
tication for Telnet Enable Primary and go directly to Manager access. Thus,
for either Telnet or Console access method, configuring Login Primary for
local authentication while configuring Enable Primary for tacacs authentica-
tion is not recommended, as it defeats the purpose of using the TACACS+
authentication. If you want Enable Primary log-in attempts to go to a
TACACS+ server, you should configure both Login Primary and Enable Pri-
mary for tacacs authentication.
Effect on Access Attempts
Hide quick links:
Advertisement
Table of Contents
