TACACS+ Authentication

Configuring TACACS+ on the Switch

Table 4-1. AAA Authentication Parameters

Name

Default

Range

Function

console

n/a

n/a

Specifies whether the command is configuring authentication for the console port

- or -

 

 

or Telnet access method for the switch.

telnet

 

 

 

 

 

 

 

enable

n/a

n/a

Specifies the privilege level for the access method being configured.

- or -

 

 

login: Operator (read-only) privileges

login

 

 

enable: Manager (read-write) privileges

 

 

 

 

local

local

n/a

Specifies the primary method of authentication for the access method being

- or -

 

 

configured.

tacacs

 

 

local: Use the username/password pair configured locally in the switch for

 

 

 

the privilege level being configured

 

 

 

tacacs: Use a TACACS+ server.

 

 

 

 

local

none

n/a

Specifies the secondary (backup) type of authentication being configured.

- or -

 

 

local: The username/password pair configured locally in the switch for the

none

 

 

privilege level being configured

 

 

 

none: No secondary type of authentication for the specified

 

 

 

method/privilege path. (Available only if the primary method of

 

 

 

authentication for the access being configured is local.)

 

 

 

Note: If you do not specify this parameter in the command line, the switch

 

 

 

automatically assigns the secondary method as follows:

 

 

 

• If the primary method is tacacs, the only secondary method is local.

 

 

 

• If the primary method is local, the default secondary method is none.

 

 

 

 

num-attempts

3

1 - 10

In a given session, specifies how many tries at entering the correct username/

 

 

 

password pair are allowed before access is denied and the session terminated.

 

 

 

 

As shown in the next table, login and enable access is always available locally through a direct terminal connection to the switch’s console port. However, for Telnet access, you can configure TACACS+ to deny access if a TACACS+ server goes down or otherwise becomes unavailable to the switch.

4-12

Page 86
Image 86
HP 2626 (J4900A/B), 4100gl, 2650 (J4899A/B), 2600-PWR, 6108 manual AAA Authentication Parameters, Name Default Range Function