Manualshelf

Access Security Guide K/KA/KB.15.15

ManualsBrandsHP ManualsNetwork HardwareHP 5406R-8XGT/8SFP+ (No PSU) v2 zl2 Switch
121122123124125126127128129130
Configuring
Configuring TACACS+ on the switch
Before you begin
If you are new to TACACS+ authentication, HP recommends that you first read the “Getting ready
for TACACS+ authentication (page 122) and configure your TACACS+ servers before configuring
authentication on the switch.
The switch offers three command areas for TACACS+ operation:
showauthentication and show tacacs: Displays the switch TACACS+ configuration
and status.
aaa authentication: A command for configuring the switch authentication methods.
tacacs-server: A command for configuring the switch contact with TACACS+ servers.
Configuring the switch authentication methods
The aaa authentication command configures access control for the following access methods:
Console
Telnet
SSH
Web
Port-access (802.1X)
However, TACACS+ authentication is only used with the console, Telnet, or SSH access methods.
The command specifies whether to use a TACACS+ server or the switch local authentication, or
(for some secondary scenarios) no authentication. This means that if the primary method fails,
authentication is denied. The command also reconfigures the number of access attempts to allow
in a session if the first attempt uses an incorrect username/password pair.
Configuring the TACACS+ server for single login
For the single login feature to work correctly you must check some entries in the User Setup on the
TACACS+ server:
1. In the User Setup, scroll to the Advanced TACACS+ Settings section.
2. Make sure the radio button for "Max Privilege for any AAA Client" is checked and the level
is set to 15, as shown in Figure 97 (page 124).
3. Privileges are represented by the numbers 0 through 15, with zero allowing only operator
privileges (and requiring two logins) and 15 representing root privileges. The root privilege
level is the only level that will allow manager level access on the switch.
Figure 97 Advanced TACACS+ settings section of the TACACS+ server user setup
4. Scroll down to the section that begins with "Shell", see Figure 98 (page 125). Check the Shell
box.
124 TACACS+ Authentication