Controlling Management Access to the ProCurve Secure Router
Using the AAA Subsystem to Control Management Access
If no enable password has been defined, the AAA subsystem moves to the line
username and password. If no username and password have been defined for
the line, the AAA subsystem moves to the local user database and tries to
match the username and password that the user enters to a username and
password in that database.
Assign the Named List
After you create a named list for an access line, you must assign the list to the
appropriate access line. To assign a named list to the console, Telnet, or SSH
lines, move to the appropriate line configuration mode context and enter:
Syntax: login authentication <named list>
For example, to assign ListA to the console line, enter:
ProCurve(config)# line console 0
ProCurve(config-con0)# login authentication ListA
To assign ListA to the Telnet 0 line, enter:
ProCurve(config)# line telnet 0
ProCurve(config-telnet0)# login authentication ListA
To assign ListA to all of the SSH lines, enter:
ProCurve(config)# line ssh 0 4
ProCurve(config-ssh0-4)# login authentication ListA
For FTP and HTTP access, you assign the list from the global configuration
mode context. If you want to assign a named list to control FTP access, enter:
Syntax: ftp authentication <named list>
If you want to assign a named list to control Web access, enter the following
command from the global configuration mode context:
Syntax: ip http authentication <named list>
No Named List Assigned. If you enable the AAA subsystem but do not
configure a named list and assign it to an access method (console, Telnet, FTP,
SSH, or HTTP), the ProCurve Secure Router handles authentication as outlined
in Table 2-3.
2-21