KB.15.15

ManualsBrandsHP ManualsNetwork HardwareHP 5406R-8XGT/8SFP+ (No PSU) v2 zl2 Switch

131

132

133

134

135

136

137

138

139

140

can configure using the CLI password command, the WebAgent, or the menu interface—which

enables only local password configuration).

• If the operator at the requesting terminal correctly enters the username/password pair for

either access level, access is granted.

• If the username/password pair entered at the requesting terminal does not match either

username/password pair previously configured locally in the switch, access is denied. In this

case, the terminal is again prompted to enter a username/password pair. In the default

configuration, the switch allows up to three attempts. If the requesting terminal exhausts the

attempt limit without a successful authentication, the login session is terminated and the operator

at the requesting terminal must initiate a new session before trying again.

NOTE: The switch menu allows you to configure only the local operator and manager passwords,

and not any usernames. In this case, all prompts for local authentication will request only a local

password. However, if you use the CLI or the WebAgent to configure usernames for local access,

you will see a prompt for both a local username and a local password during local authentication.

Authentication parameters

Table 6 AAA Authentication Parameters

FunctionRangeDefaultName

Specifies the access method used

when authenticating. TACACS+

n/an/aconsole, Telnet, SSH, web or port-access

authentication only uses the console,

Telnet or SSH access methods.

Specifies the manager (read/write)

privilege level for the access method

being configured.

n/an/aenable

(read-only) privilege level for the

access method being configured.

n/aprivilege-mode disabledlogin <privilege-mode>

The privilege-mode option enables

TACACS+ for a single login. The

authorized privilege level (operator

or manager) is returned to the switch

by the TACACS+ server.

Specifies the primary method of

authentication for the access method

being configured.

local: Use the username/password

pair configured locally in the switch

n/alocallocal - or - tacacs

for the privilege level being

configured

tacacs: Use a TACACS+ server.

Specifies the secondary (backup)

type of authentication being

configured.

local: The username/password pair

configured locally in the switch for

the

n/anonelocal - or - none

privilege level being configured

none: No secondary type of

authentication for the specified

method/privilege path. (Available

only if the primary method of

authentication for the access being

configured is local.)

Overview 137