HP Intelligent Management Center v5.1 TACACS+ Authentication Manager Administrator Guide
11
Figure 9 Entering the page for configuring a device user
Configuring a device
When you configure a device, the following order is recommended:
1. Creating a TACACS+ scheme.
2. Creating a domain.
3. Configuring scheme authentication and enabling command line authorization and accounting.
Creating a TACACS+ scheme
A device cooperates with the TAM server to implement TACACS+ authentication according to the
configured TACACS+ scheme. Follow these guidelines when you configure a TACACS+ scheme:
• The IP address specified for the AAA server in the TACACS+ scheme must be the IP address of the
TAM server.
• The shared key, authentication, authorization, and accounting ports specified in the TACACS+
scheme must be the same as those configured on the TAM server.
• If you specify the nas-ip in the TACACS+ scheme, configure the IP address of the device as the
nas-ip on TAM. If you do not specify the nas-ip in the TACACS+ scheme, configure the IP address
of the device as the IP address of the interface that connects the device to the TAM server on TA M.
Creating a domain
The scheme used in a domain for login, raising the right, and command line authorization must be the
TACACS+ scheme that you have just created.
Configuring scheme authentication and enabling command line authorization and accounting
Configure the scheme authentication on different interfaces for different login methods.
Enable command line authorization and accounting on different interfaces according to different login
methods.
Configuration example
Take an HP A series device or H3C device as an example. The command lines needed for TACACS+
authentication and authorization are as follows: