Authentication Parameters; Configuring The Tacacs+ Server For Single Login - HP 3500yl Series Access Security Manual
Switch software
Hide thumbs
Also See for 3500yl Series:
- Release notes (219 pages) ,
- Specifications (16 pages) ,
- Features (6 pages)
Table of Contents
Advertisement
TACACS+ Authentication
Configuring TACACS+ on the Switch
Table 5-1.
AAA Authentication Parameters
Name
Default
console, Telnet,
n/a
SSH, web or port-
access
enable
n/a
login <privilege-
privilege-mode
mode>
disabled
local
local
- or -
tacacs
local
none
- or -
none
num-attempts
3
5-12
Authentication Parameters
Range
Function
n/a
Specifies the access method used when authenticating. TACACS+
authentication only uses the console, Telnet or SSH access methods.
n/a
Specifies the Manager (read/write) privilege level for the access
method being configured.
n/a
login: Specifies the Operator (read-only) privilege level for the
access method being configured.
The privilege-mode option enables TACACS+ for a single login. The
authorized privilege level (Operator or Manager) is returned to the
switch by the TACACS+ server.
n/a
Specifies the primary method of authentication for the access
method being configured.
local: Use the username/password pair configured locally in the
switch for
tacacs: Use a TACACS+ server.
n/a
Specifies the secondary (backup) type of authentication being
configured.
local: The username/password pair configured locally in the switch
for the
none: No secondary type of authentication for the specified
Note: If you do not specify this parameter in the command line, the
switch automatically assigns the secondary method as follows:
• If the primary method is
• If the primary method is
1 - 10
In a given session, specifies how many tries at entering the correct
username/password pair are allowed before access is denied and
the session terminated.
Configuring the TACACS+ Server for Single Login
In order for the single login feature to work correctly, you need to check some
entries in the User Setup on the TACACS+ server.
In the User Setup, scroll to the Advanced TACACS+ Settings section. Make
sure the radio button for "Max Privilege for any AAA Client" is checked and
the level is set to 15, as shown in Figure 5-4. Privileges are represented by the
the privilege level being configured
privilege level being configured
method/privilege path. (Available only if the primary method of
authentication for the access being configured is local.)
tacacs
local
.
local
none
.
, the only secondary method is
, the default secondary method is
Hide quick links:
Advertisement
Chapters
Table of Contents
