General System Requirements; General Authentication Setup Procedure - HP procurve 5300xl Series Access Security Manual

Notes

General System Requirements

To use TACACS+ authentication, you need the following:
A TACACS+ server application installed and configured on one or
■
more servers or management stations in your network. (There are
several TACACS+ software packages available.)
A switch configured for TACACS+ authentication, with access to one
■
or more TACACS+ servers.
The effectiveness of TACACS+ security depends on correctly using your
TACACS+ server application. For this reason, HP recommends that you
thoroughly test all TACACS+ configurations used in your network.
TACACS-aware HP switches include the capability of configuring multiple
backup TACACS+ servers. HP recommends that you use a TACACS+ server
application that supports a redundant backup installation. This allows you to
configure the switch to use a backup TACACS+ server if it loses access to the
first-choice TACACS+ server.
In release E.05.xx, TACACS+ does not affect web browser interface access.
Refer to "Controlling Web Browser Interface Access When Using TACACS+
Authentication" on page 4-24.

General Authentication Setup Procedure

It is important to test the TACACS+ service before fully implementing it.
Depending on the process and parameter settings you use to set up and test
TACACS+ authentication in your network, you could accidentally lock all
users, including yourself, out of access to a switch. While recovery is simple,
it may pose an inconvenience that can be avoided.To prevent an unintentional
lockout on a Series 5300XL switch, use a procedure that configures and tests
TACACS+ protection for one access type (for example, Telnet access), while
TACACS+ Authentication

General System Requirements

4-5