Details

Authenticating users through RADIUS/TACACS provides a centralized way to manage access to the switch. This allows the administrator to make modifications to the set of authorized users without having to make changes on every network device. RADIUS/TACACS authentication is supported by Aruba ClearPass Policy Manager.

Solution

To enable RADIUS authentication for switch login as the primary authentication method, with local authenticationas the secondary method, use the following configuration command:

switch(config)# aaa authentication login default group radius local

To enable TACACS+ authentication as the primary method and local authentication as the secondary method formanagement access, use the following configuration command:

switch(config)# aaa authentication login default group tacacs local

Supportive Information

The following resource is also helpful.

• https://support.hpe.com/hpesc/public/docDisplay?docId=a00053695en_us

This security hardening control applies to the following category of controls within NIST 800-53: Identification and Authentication.This control applies to the following type of system ArubaOS.

References

• 800-53|IA-2.

Source

• Tenable.com/audits