General authentication setup procedure, General authentication setup procedure -11 – IronPort Systems 4108GL User Manual

Page 165

Advertising
background image

9-11

Using Passwords and TACACS+ To Protect Against Unauthorized Access

TACACS+ Authentication for Central Control of Switch Access Security

Usi
n

g P
a

sswor

ds and

TA
C

A

CS+

N o t e s

The effectiveness of TACACS+ security depends on correctly using your
TACACS+ server application. For this reason, HP recommends that you
thoroughly test all TACACS+ configurations used in your network.

TACACS-aware HP switches include the capability of configuring multiple
backup TACACS+ servers. HP recommends that you use a TACACS+ server
application that supports a redundant backup installation. This allows you to
configure the switch to use a backup TACACS+ server if it loses access to the
first-choice TACACS+ server.

In release G.01.xx, TACACS+ does not affect web browser interface access.
See "Controlling Web Browser Interface Access" on page 28.

General Authentication Setup Procedure

It is important to test the TACACS+ service before fully implementing it.
Depending on the process and parameter settings you use to set up and test
TACACS+ authentication in your network, you could accidentally lock all
users, including yourself, out of access to a switch. While recovery is simple,
it may pose an inconvenience that can be avoided.To prevent an unintentional
lockout on a Switch 4108GL, use a procedure that configures and tests
TACACS+ protection for one access type (for example, Telnet access), while
keeping the other access type (console, in this case) open in case the Telnet
access fails due to a configuration problem. The following procedure outlines
a general setup procedure.

N o t e

If a complete access lockout occurs on the switch as a result of a TACACS+
configuration, see "Troubleshooting TACACS+ Operation" on page “Trouble-
shooting TACACS+ Operation” on page 18-13 for recovery methods.

1.

Familiarize yourself with the requirements for configuring your
TACACS+ server application to respond to requests from a Switch
4108GL. (Refer to the documentation provided with the TACACS+ server
software.) This includes knowing whether you need to configure an
encryption key. (See “Using the Encryption Key” on page 26.)

Advertising
Popular Brands
Popular manuals