HP StorageWorks Enterprise File Services WAN Accelerator 2.1.5 deployment guide (June 2006)

HP STORAGEWORKS ENTERPRISE FILE SERVICES WAN ACCELERATOR 2.1.5 DEPLOYMENT GUIDE 97

9 - RADIUS AND TACACS+

UTHENTICATION

CHAPTER 9 RADIUS and TACACS+

Authentication

In This Chapter This chapter describes how to configure Remote Authentication Dial-In User Service

(RADIUS) or Terminal Access Controller Access Control System (TACACS+)

authentication for the HP EFS WAN Accelerator. It contains the following sections:

 “Introduction to Authentication,” next

 “Configuring a RADIUS Server with FreeRADIUS” on page 98

 “Configuring a TACACS+ Server with Free TACACS+” on page 100

 “Configuring RADIUS Authentication in the HP EFS WAN Accelerator” on

page 101

 “Configuring TACACS+ Authentication in the HP EFS WAN Accelerator” on

page 103

Introduction to Authentication

The HP EFS WAN Accelerator can use a RADIUS or TACACS+ authentication

system for logging in administrative and monitor users. The following methods for

user authentication are provided with the HP EFS WAN Accelerator:

 local

 radius

 tacacs+

The order in which authentication is attempted is based on the order specified in the

Authentication, Authorization, Accounting (AAA) method list. The local value must

always be specified in the method list.

The authentication methods list provides backup methods if a method fails to

authenticate a user. Failure is defined as no response for the method. If a deny is

received from the method being tried, no other methods are attempted.

The HP EFS WAN Accelerator does not have the ability to set a per interface

authentication policy. The same authentication method list is used for all interfaces

(that is, default). You cannot configure authentication methods with subsets of the

RADIUS or TACACS+ servers specified (that is, there are no server groups).