Manualshelf

Access Security Guide K/KA/KB.15.15

ManualsBrandsHP ManualsNetwork HardwareHP 5406R-8XGT/8SFP+ (No PSU) v2 zl2 Switch
12345678910
Concepts........................................................................................................................121
5 TACACS+ Authentication.........................................................................122
TACACS..............................................................................................................................122
Getting ready for TACACS+ authentication..........................................................................122
General Authentication Setup Procedure.............................................................................122
Configuring.........................................................................................................................124
Configuring TACACS+ on the switch...................................................................................124
Configuring the switch authentication methods.....................................................................124
Configuring the TACACS+ server for single login.................................................................124
Configuring the switch TACACS+ Server Access...................................................................125
Device running a TACACS+ server application....................................................................126
Optional, global "encryption key"......................................................................................127
Specifies how long the switch waits for a TACACS+ server to respond to an authentication
request...........................................................................................................................127
Configuring an encryption key...........................................................................................128
Configuring a global encryption key..............................................................................128
Configuring a per-server encryption key.........................................................................128
Deleting a global encryption key...................................................................................128
Deleting a per-server encryption key..............................................................................128
Configuring the Timeout period.....................................................................................129
TACACS+ server and optionally assigns a serverspecific encryption key..................................129
Viewing...............................................................................................................................130
Viewing the current authentication configuration...................................................................130
Viewing the current TACACS+ server contact configuration....................................................130
Viewing key information....................................................................................................131
Using TACACS+...................................................................................................................131
Using the privilege-mode option for login............................................................................131
Selecting the access method for configuration......................................................................131
Adding, removing, or changing the priority of a TACACS+ server..........................................132
Using the encryption key...................................................................................................133
General operation.......................................................................................................133
Encryption options in the switch.....................................................................................133
Messages related to TACACS+ operation............................................................................134
Overview............................................................................................................................134
Operating notes..............................................................................................................135
About TACACS+ authentication.........................................................................................135
General authentication process using a TACACS+ server..................................................135
Local authentication process.........................................................................................136
Authentication parameters............................................................................................137
Controlling webagent access when using TACACS+ authentication........................................139
Messages related to RADIUS Operation..............................................................................140
6 RADIUS Authentication, Authorization, and Accounting...............................141
Configuring.........................................................................................................................141
Preparation procedures for RADIUS....................................................................................141
Configuring the switch for RADIUS authentication.................................................................143
Configuring authentication for access methods RADIUS is to protect...................................144
Enabling manager access privilege (optional).................................................................146
Configuring the switch to access a RADIUS server...........................................................147
Configuring the switch global RADIUS parameters...........................................................150
Connecting a RADIUS server with a server group.................................................................152
Configuring the primary password authentication method for console, Telnet, SSH and
WebAgent......................................................................................................................153
Configuring the primary password authentication method for port-access, MAC-based, and
web-based access............................................................................................................153
8 Contents