IronPort Systems 4108GL Controlling Web Browser Interface Access When Using TACACS+ Authentication, Messages

9-28

Using Passwords and TACACS+ To Protect Against Una uthorized Access

TACACS+ Authentication for Central Control of Switch Access Security

Using Passwords and

TACACS+

Controlling Web Browser Interface Access When Using TACACS+ Authentication

In release G.01.xx, configuring the switch for TACACS+ authentication does

not affect web browser interface access. To prevent unauthorized access

through the web browser interface, do one or more of the following:

■Configure local authentication (a Manager user name a nd password

and, optionally, an Operator user name and password) on the switch.

■Configure the switch’s Authorized IP Manager feature to allow web

browser access only from authorized management stations. (The

Authorized IP Manager feature does not i nterfere with TACACS+

operation.)

■Disable web browser access to the switch by going to the System

Information screen in the Menu interface and configuring the Web

Agent Enabled parameter to No.

Messages

The switch generates the CLI messages listed below. However, you may see

other messages generated in your TACACS+ server application. For informa-

tion on such messages, refer to the documentation you received with the

application.

CLI Message Meaning

Connecting to Tacacs server The switch is attempting to contact the TACACS+ server identifie d in the switch’s tacacs-

server configuration as the first-choice (or only) TACACS+ server.

Connecting to secondary

Tacacs server

The switch was not able to contact the first-choice TACACS+ server, and is now

attempting to contact the next (secondary) TACACS+ server ide ntified in the switch’s

tacacs-server configuration.

Invalid password The system does not recognize the username or the password or both. Depending on th e

authentication method (tacacs or local), either the TACACS+ server application did not

recognize the username/password pair or the username/password pair did not match the

username/password pair configured in the switch.

No Tacacs servers

responding

The switch has not been able to contact any desi gnated TACACS+ servers. If this message

is followed by the Username prompt, the switch is attempting local authentication.

Not legal combination of

authentication methods

For console access, if you select tacacs as the primary authentication method, you must

select local as the secondary authentication method. This prevents you f rom being locked

out of the switch if all designated TACACS+ servers are inaccessible to the switch.

Record already exists When resulting from a tacacs-server host <ip addr> command, indicates an attempt to

enter a duplicate TACACS+ server IP address.