ProCurve Series 2300 and 2500 Switches Release Notes
162
Enhancements in Release F.02.02
TACACS+ Authentication for Centralized Control of Switch Access Security
TACACS+ Authentication for Centralized Control of Switch
Access Security
TACACS+ Features
TACACS+ authentication enables you to use a central server to allow or deny access to Series 2500
switches (and other TACACS-aware devices) in your network. This means that you can use a central
database to create multiple unique username/password sets with associated privilege levels for use
by individuals who have reason to access the switch from either the switch’s console port (local
access) or Telnet (remote access).
Note
In release F.02.02, TACACS+ authentication does not affect web browser interface access. For
steps to block unauthorized access through the web browser interface, see “Controlling Web
Browser Interface Access When Using TACACS+ Authentication” on page 181.
Figure 79. Example of TACACS+ Operation
Feature Default Menu CLI Web
view the switch’s authentication configuration n/a — page 170 —
view the switch’s TACACS+ server contact configuration n/a — page 170 —
configure the switch’s authentication methods disabled — page 171 —
configure the switch to contact TACACS+ server(s) disabled — page 174 —
B
Series 2500 Switch
Configured for
TACACS+ Operation
Terminal "A" Directly
Accessing the Switch
Via Switch’s Console
Port
Terminal "B" Remotely Accessing The Switch Via Telnet
A
Primary
TACAC S+
Server
The switch passes the login
requests from terminals A and B
to the TACACS+ server for
authentication. The TACACS+
server determines whether to
allow access to the switch and
what privilege level to allow for
a given access request.
Access Request A1 - A4 : Path for Request from
Terminal A (Through Console Port)
TACACS Server B1 - B4: Path for Request from
Response Terminal B (Through Telnet)
B1
A2 or
B2
A3 or
B3
B4
A1
A4