HP 3500yl Series Access Security Manual page 207

• Local Authentication: This method uses username/password
pairs configured locally on the switch; one pair each for manager-
level and operator-level access to the switch. You can assign local
usernames and passwords through the CLI or WebAgent. (Using
the menu interface you can assign a local password, but not a
username.) Because this method assigns passwords to the switch
instead of to individuals who access the switch, you must
distribute the password information on each switch to everyone
who needs to access the switch, and you must configure and
manage password protection on a per-switch basis. (For more on
local authentication, refer to chapter 2, "Configuring Username
and Password Security".)
• TACACS+ Authentication: This method enables you to use a
TACACS+ server in your network to assign a unique password,
user name, and privilege level to each individual or group who
needs access to one or more switches or other TACACS-aware
devices. This allows you to administer primary authentication
from a central server, and to do so with more options than you
have when using only local authentication. (You will still need to
use local authentication as a backup if your TACACS+ servers
become unavailable.) This means, for example, that you can use
a central TACACS+ server to grant, change, or deny access to a
specific individual on a specific switch instead of having to
change local user name and password assignments on the switch
itself, and then have to notify other users of the change.
TACACS+ Authentication
Terminology Used in TACACS Applications:
5-3