Controlling Management Access to the ProCurve Secure Router
Using the AAA Subsystem to Control Management Access
Include newinfo if you want all new records sent immediately, or include
periodic if you want the records sent at specific intervals. If you specify
periodic, replace <minutes> with a number between 1 and 2147483647.
Do Not Send Records for Null Users
By default, the ProCurve Secure Router does not send accounting information
for the null usernames. Null usernames are any users that the TACACS+
system cannot identify. For example, if you do not control access to the
console line through the TACACS+ servers, users who access and make
changes through the console line will not be known to the TACACS+ server.
The ProCurve Secure Router will not send information about such users to
the TACACS+ server unless you change this default setting. To do so, enter:
Syntax: no aaa accounting suppress null-username
Configuring a RADIUS Server for Authentication
In order to use a RADIUS server in a named list, you must configure the Secure
Router OS to locate and contact that RADIUS server. If your network includes
multiple RADIUS servers, you can add these servers to the default group of
RADIUS servers or define a group of RADIUS servers. In addition, you can
configure specific settings for each RADIUS server, or you can configure
global settings for all of the RADIUS servers you define.
Define the RADIUS Server
The ProCurve Secure Router must be able to locate and communicate with
the RADIUS server. (See Figure 2-2.)