Enabling the AAA Subsystem
By default, the AAA subsystem is disabled. To enable it, move to the global
configuration mode context and enter:
ProCurve(config)# aaa on
After you enable the AAA subsystem, the complete set of AAA commands
becomes available in the ProCurve Secure Router OS. For example, you can
then configure AAA-based authentication, authorization, and accounting for
SSH lines. The AAA authentication settings that you configure override any
other authentication settings you have configured.
Configuring AAA for Authentication
Configuring AAA for authentication involves the following steps:
1.
Create a list that includes the authentication methods that you want to
use to authenticate users who attempt to access and manage the ProCurve
Secure Router. In this guide and in the SROS Command Line Interface
Reference Guide, this list of authentication methods is called a "named
list." You create this named list on the router.
You can create a named list to authenticate users who try to access the
enable mode context, and you can create multiple named lists to authen-
ticate users who try to use the router's access lines (such as Telnet or
SSH).
2.
Assign the named list to the appropriate access line (such console line,
Telnet lines, SSH lines, FTP server, or HTTP server). You do not have to
complete this step to configure AAA authentication methods for the
enable mode.
3.
Configure the RADIUS or TACACS+ server if you want to use one of these
servers to authenticate users who try to manage the ProCurve Secure
Router. (To learn how to configure these servers, see "Define the RADIUS
Server" on page 2-31 and "Define the TACACS+ Server" on page 2-35.)
Controlling Management Access to the ProCurve Secure Router
Using the AAA Subsystem to Control Management Access
2-17