Controlling Management Access to the ProCurve Secure Router
Using the AAA Subsystem to Control Management Access
2-16
After you enable the AAA subsystem, the complete set of AAA commands
becomes available in the ProCurve Secure Router OS. For example, you can
then configure AAA-based authentication, authorization, and accounting for
SSH lines. The AAA authentication settings that you configure override any
other authentication settings you have configured.
Configuring AAA for Authentication
Configuring AAA for authentication involves the following steps:
1.
Create a list of authentication methods, called a named list. You can create
a named list for the enable mode and a named list for each access method.
2.
Assign the named list to the console line, Telnet lines, SSH lines, FTP
server, or HTTP server. You do not have to complete this step to configure
AAA authentication methods for the enable mode.
3.
Configure the RADIUS or TACACS+ server if you want to use one of these
servers to authenticate VPN users or users who try to manage the
ProCurve Secure Router. (To learn how to configure these servers, see
"Define the RADIUS Server" on page 2-27 and "Define the TACACS+
Server" on page 2-31.)
Creating a Named List for the Enable Mode Authentication
To create a named list for the enable mode, you must determine the authenti-
cation methods you want to use and the order in which you want the authenti-
cation methods applied. From the global configuration mode context, enter:
Syntax: aaa authentication enable default {none | line | enable | [group <groupname>
| radius | tacacs+]}