CHAPTER 9 RADIUS and TACACS+

Authentication

In This Chapter

This chapter describes how to configure Remote Authentication Dial-In User Service

 

(RADIUS) or Terminal Access Controller Access Control System (TACACS+)

 

authentication for the HP EFS WAN Accelerator. It contains the following sections:

 

‹ “Introduction to Authentication,” next

 

‹ “Configuring a RADIUS Server with FreeRADIUS” on page 98

 

‹ “Configuring a TACACS+ Server with Free TACACS+” on page 100

 

‹ “Configuring RADIUS Authentication in the HP EFS WAN Accelerator” on

 

page 101

 

‹ “Configuring TACACS+ Authentication in the HP EFS WAN Accelerator” on

 

page 103

Introduction to Authentication

The HP EFS WAN Accelerator can use a RADIUS or TACACS+ authentication system for logging in administrative and monitor users. The following methods for user authentication are provided with the HP EFS WAN Accelerator:

‹local

‹radius

‹tacacs+

The order in which authentication is attempted is based on the order specified in the Authentication, Authorization, Accounting (AAA) method list. The local value must always be specified in the method list.

The authentication methods list provides backup methods if a method fails to authenticate a user. Failure is defined as no response for the method. If a deny is received from the method being tried, no other methods are attempted.

The HP EFS WAN Accelerator does not have the ability to set a per interface authentication policy. The same authentication method list is used for all interfaces (that is, default). You cannot configure authentication methods with subsets of the RADIUS or TACACS+ servers specified (that is, there are no server groups).

9 - RADIUS AND TACACS+

AUTHENTICATION

HP STORAGEWORKS ENTERPRISE FILE SERVICES WAN ACCELERATOR 2.1.5 DEPLOYMENT GUIDE

97

Page 103
Image 103
HP Enterprise File Services WAN Accelerator manual Radius and TACACS+ Authentication, Introduction to Authentication