Configuring the switch’s authentication methods – HP 2800 User Manual

TACACS+ Authentication

Configuring TACACS+ on the Switch

Configuring the Switch’s Authentication Methods

The

aaa authentication command configures the access control for console

port and Telnet access to the switch. That is, for both access methods,

aaa

authentication specifies whether to use a TACACS+ server or the switch’s local
authentication, or (for some secondary scenarios) no authentication (meaning
that if the primary method fails, authentication is denied). This command also
reconfigures the number of access attempts to allow in a session if the first
attempt uses an incorrect username/password pair.

Syntax: aaa authentication

< console | telnet >

Selects either console (serial port) or Telnet access for
configuration.

< enable | login >

Selects either the Manager (enable) or Operator (login)
access level.

< local | tacacs | radius >

Selects the type of security access:

local — Authenticates with the Manager and Operator
password you configure in the switch.
tacacs — Authenticates with a password and other
data configured on a TACACS+ server.
radius — Authenticates with a password and other
data configured on a RADIUS server. (Refer to
“RADIUS Authentication and Accounting” on page
5-1.)

[< local | none >]

If the primary authentication method fails, determines
whether to use the local password as a secondary method
or to disallow access.

aaa authentication num-attempts < 1-10 >

Specifies the maximum number of login attempts allowed in
the current session. Default: 3

4-11