HP ProCurve 7000dl Series Basic Management And Configuration Manual page 144

Controlling Management Access to the ProCurve Secure Router
Using the AAA Subsystem to Control Management Access
N o t e
2-20
Table 2-2. Authentication Options for Named Lists
Option
enable
line
local
none
group [<groupname> |
radius | tacacs+]
If you select the enable password as an authentication method for an access
method that requires a username, the username is, by default, $enab15$.
You can change this username for RADIUS servers when you enter the
radius-server command, as explained in "Define the RADIUS Server" on
page 2-31.
There is one difference between the list of options for the enable mode and
the list of options for authenticating users: the local user database is not an
option for the enable mode.
For example, when you configure a named list for user authentication, you
may want to call this list UserLogin. You may also decide to use the following
authentication methods:
enable password
line password
local user database
In this case, you would enter:
ProCurve(config)# aaa authentication login UserLogin enable line local
Meaning
Requires users to enter the password configured for the enable
mode context.
Requires users to enter the password configured for the Telnet or
the console line.
Requires users to enter a username and password from the local
user database (which is defined on the router) for authentication.
No password is required.
Specifies that the ProCurve Secure Router should contact an
access server to authenticate users:
• group of RADIUS or TACACS+ servers that you have
configured
• all the RADIUS servers that you have defined (if you have not
defined a group of RADIUS servers)
• all the TACACS+ servers that you have defined (if you have not
defined a group of TACACS+ servers)