Table Of Contents - HP A5830 Series Configuration Manual

Contents
Configuring AAA ························································································································································· 1
RADIUS ······································································································································································ 2
HWTACACS ····························································································································································· 7
Domain-based user management ··························································································································· 9
RADIUS server feature of the switch ···················································································································· 10
Protocols and standards ······································································································································· 11
RADIUS attributes ·················································································································································· 11
AAA configuration considerations and task list ·········································································································· 14
Configuring AAA schemes ············································································································································ 16
Configuring local users ········································································································································· 16
Configuring RADIUS schemes ······························································································································ 20
Configuring HWTACACS schemes ····················································································································· 31
Configuring AAA methods for ISP domains ················································································································ 36
Configuration prerequisites ·································································································································· 36
Creating an ISP domain ······································································································································· 36
Configuring ISP domain attributes ······················································································································· 37
Configuring AAA authentication methods for an ISP domain ·········································································· 38
Configuring AAA authorization methods for an ISP domain ··········································································· 39
Configuring AAA accounting methods for an ISP domain ··············································································· 41
Tearing down user connections ···································································································································· 42
Configuring a NAS ID-VLAN binding ·························································································································· 42
Configuring a switch as a RADIUS server ··················································································································· 43
RADIUS server functions configuration task list ·································································································· 43
Configuring a RADIUS user ·································································································································· 43
Specifying a RADIUS client ·································································································································· 44
Displaying and maintaining AAA ································································································································ 44
AAA configuration examples ········································································································································ 44
AAA for Telnet users by an HWTACACS server ······························································································· 44
AAA for Telnet users by separate servers ··········································································································· 46
Authentication/authorization for SSH/Telnet users by a RADIUS server ························································ 47
AAA for 802.1X users by a RADIUS server ······································································································· 50
Level switching authentication for Telnet users by an HWTACACS server ····················································· 56
RADIUS authentication and authorization for Telnet users by a switch ·························································· 59
Troubleshooting AAA ···················································································································································· 61
Troubleshooting RADIUS ······································································································································ 61
Troubleshooting HWTACACS······························································································································ 62
802.1X fundamentals ················································································································································ 63
802.1X architecture ······················································································································································· 63
Controlled/uncontrolled port and port authorization status ······················································································ 63
802.1X-related protocols ·············································································································································· 64
Packet formats ························································································································································ 64
EAP over RADIUS ·················································································································································· 65
Initiating 802.1X authentication ··································································································································· 66
802.1X client as the initiator ······························································································································· 66
Access device as the initiator ······························································································································· 66
802.1X authentication procedures ······························································································································ 66
A comparison of EAP relay and EAP termination ······························································································ 67
EAP relay ································································································································································ 67
EAP termination ····················································································································································· 70
iii