174 Controlling Management Access• Console—Authenticates access through the console port (CLI only).• Telnet—Authenticates users accessing the CLI by using a Telnet or SSHclient.• Secure HTTP—Authenticates users accessing OpenManage SwitchAdministrator by using an HTTPS connection.• HTTP—Authenticates users accessing OpenManage SwitchAdministrator by using an HTTP connection.• DOT1X—Authenticates hosts connecting through the in-band switchports. This access type is for network authentication and not managementinterface authentication.The switch has three preconfigured authentication profiles. For informationabout these profiles, see "Default Management Security Values" on page 180.How Does TACACS+ Control Management Access?TACACS+ (Terminal Access Controller Access Control System) providesaccess control for networked devices via one or more centralized servers.TACACS+ simplifies authentication by making use of a single database thatcan be shared by many clients on a large network. TACACS+ uses TCP toensure reliable delivery and a shared key configured on the client and daemonserver to encrypt all messages.If you configure TACACS+ as the authentication method for user login and auser attempts to access the user interface on the switch, the switch promptsfor the user login credentials and requests services from the TACACS+client. The client then uses the configured list of servers for authentication,and provides results back to the switch.Figure 9-1 shows an example of access management using TACACS+.NOTE: For information about port-based authentication, see "Configuring 802.1Xand Port-Based Security" on page 509.
