HP 4108GL Management And Configuration Manual page 171
Procurve switch
Hide thumbs
Also See for 4108GL:
- Management and configuration manual (547 pages) ,
- Function manual (306 pages) ,
- Installation and getting started manual (94 pages)
Table of Contents
Advertisement
Table 9-3.
Access Method and
Authentication Options
Privilege Level
Primary
Console — Login
local
tacacs
Console — Enable
local
tacacs
Telnet — Login
local
tacacs
tacacs
Telnet — Enable
local
tacacs
tacacs
*When "local" is the primary option, you can also select "local" as the secondary option. However, in this case, a secondary
"local" is meaningless because the switch has only one local level of username/password protection.
C a u t i o n
During local authentication (which uses passwords configured in the switch
R e g a r d i n g t h e
instead of in a TACACS+ server), the switch grants read-only access if you
U s e o f L o c a l
enter the Operator password, and read-write access if you enter the Manager
f o r L o g i n
password. For example, if you configure authentication on the switch with
P r i m a r y
Telnet Login Primary as Local and Telnet Enable Primary as Tacacs, when you
A c c e s s
attempt to Telnet to the switch, you will be prompted for a local password. If
you enter the switch's local Manager password (or, if there is no local Manager
password configured in the switch) you can bypass the TACACS+ server
authentication for Telnet Enable Primary and go directly to read-write (Man-
ager) access. Thus, for either the Telnet or console access method, configuring
Login Primary for Local authentication while configuring Enable Primary for
TACACS+ authentication is not recommended, as it defeats the purpose of
using the TACACS+ authentication. If you want Enable Primary log-in
attempts to go to a TACACS+ server, then you should configure both Login
Primary and Enable Primary for Tacacs authentication instead of configuring
Login Primary to Local authentication.
Using Passwords and TACACS+ To Protect Against Unauthorized Access
TACACS+ Authentication for Central Control of Switch Access Security
Primary/Secondary Authentication Table
Secondary
none*
Local username/password access only.
local
If Tacacs+ server unavailable, uses local username/password access.
none*
Local username/password access only.
local
If Tacacs+ server unavailable, uses local username/password access.
none*
Local username/password access only.
local
If Tacacs+ server unavailable, uses local username/password access.
none
If Tacacs+ server unavailable, denies access.
none*
Local username/password access only.
local
If Tacacs+ server unavailable, uses local username/password access.
none
If Tacacs+ server unavailable, denies access.
Effect on Access Attempts
9-17
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
