HP 2600 Series User Manual

4-12

TACACS+ Authentication
Configuring TACACS+ on the Switch

Table 4-1.

AAA Authentication Parameters

As shown in the next table, login and enable access is always available locally
through a direct terminal connection to the switch’s console port. However,
for Telnet access, you can configure TACACS+ to deny access if a TACACS+
server goes down or otherwise becomes unavailable to the switch.

Name

Default

Range

Function

console
- or -
telnet

n/a

n/a

Specifies whether the command is configuring authentication for the console port
or Telnet access method for the switch.

enable
- or -
login

n/a

n/a

Specifies the privilege level for the access method being configured.
login: Operator (read-only) privileges
enable: Manager (read-write) privileges

local
- or -
tacacs

local

n/a

Specifies the primary method of authentication for the access method being
configured.
local: Use the username/password pair configured locally in the switch for
the privilege level being configured
tacacs: Use a TACACS+ server.

local
- or -
none

none

n/a

Specifies the secondary (backup) type of authentication being configured.
local: The username/password pair configured locally in the switch for the
privilege level being configured
none: No secondary type of authentication for the specified
method/privilege path. (Available only if the primary method of
authentication for the access being configured is local.)
Note: If you do not specify this parameter in the command line, the switch
automatically assigns the secondary method as follows:
• If the primary method is

tacacs

, the only secondary method is

local

.

• If the primary method is

local

, the default secondary method is

none

.

num-attempts

3

1 - 10

In a given session, specifies how many tries at entering the correct username/
password pair are allowed before access is denied and the session terminated.