TACACS+ Authentication
Configuring TACACS+ on the Switch
For example, you would use the next command to configure a global encryption key in the switch to match a key entered as north40campus in two target TACACS+ servers. (That is, both servers use the same key for your switch.) Note that you do not need the server IP addresses to configure a global key in the switch:
ProCurve(config)#
Suppose that you subsequently add a third TACACS+ server (with an IP address of 10.28.227.87) that has south10campus for an encryption key. Because this key is different than the one used for the two servers in the previous example, you will need to assign a
ProCurve(config)#
With both of the above keys configured in the switch, the south10campus key overrides the north40campus key only when the switch tries to access the TACACS+ server having the 10.28.227.87 address.
Controlling Web Browser InterfaceAccess When Using TACACS+Authentication
Configuring the switch for TACACS+ authentication does not affect web browser interface access. To prevent unauthorized access through the web browser interface, do one or more of the following:
■Configure local authentication (a Manager user name and password and, optionally, an Operator user name and password) on the switch.
■Configure the switch’s Authorized IP Manager feature to allow web browser access only from authorized management stations. (The Authorized IP Manager feature does not interfere with TACACS+ operation.)
■Disable web browser access to the switch by going to the System Information screen in the Menu interface and configuring the Web Agent Enabled parameter to No.