HP Q.11.XX Manual page 87

Procurve 2510 series switches
Table of Contents

Advertisement

Table 4-1.
AAA Authentication Parameters
Name
Default
console, Telnet,
n/a
SSH, web ,
port-access,
mac-based*,
web-based*
enable
n/a
- or -
login
local
local
- or -
tacacs
- or -
radius
local
none
- or -
none
- or -
authorized
login privilege-
privilege-
mode
mode
disabled
num-attempts
3
Range
Function
n/a
Specifies the access method used when authenticating. TACACS+
authentication only uses the console, Telnet or SSH access methods.
* 2510-48 only
n/a
Specifies the privilege level to be configured.
enable: Specifies the "enable" (Manager/read-write) privilege level for the
access method being configured.
login: Specifies the "login" (Operator/read-only) privilege level for the
access method being configured.
n/a
Specifies the primary method of authentication for the access method being
configured.
local: Use the username/password pair configured locally in the switch for
the privilege level being configured
tacacs: Use a TACACS+ server.
radius: Use a RADIUS server.
n/a
Specifies the secondary (backup) method for the access method being config-
ured.
local: The username/password pair configured locally in the switch for the
privilege level being configured. Cannot be used if the primary
authentication is local.
none: No secondary type of authentication for the specified
method/privilege path. (Available only if the primary method of
authentication for the access being configured is local.)
authorized: Allow access without authentication.
Note: If you do not specify this parameter in the command line, the switch
automatically assigns the secondary method as follows:
• If the primary method is
• If the primary method is
n/a
Specifies that the switch will respect the authentication server's privilege level.
login p
The
authorized privilege level (Operator or Manager) is returned to the switch by
the TACACS+ server.
1 - 10
In a given session, specifies how many tries at entering the correct username/
password pair are allowed before access is denied and the session terminated.
As shown in the next table, login and enable access is always available locally
through a direct terminal connection to the switch's console port. However,
for Telnet access, you can configure TACACS+ to deny access if a TACACS+
server goes down or otherwise becomes unavailable to the switch.
tacacs
, the secondary method is
local
, the secondary method is
rivilege-mode option enables TACACS+ for a single login. The
TACACS+ Authentication
Configuring TACACS+ on the Switch
local
.
none
.
4-13

Hide quick links:

Advertisement

Table of Contents
loading

This manual is also suitable for:

U.11.xxProcurve 2510-24Procurve 2510-48

Table of Contents