HP ProCurve 9304M Security Manual page 55

Routing switches

Hide thumbs Also See for ProCurve 9304M:

Management and configuration manual (690 pages)

Installation and configuration manual (504 pages)

Installation and getting started manual (348 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

page of 172

/ 172
Contents
Table of Contents
Bookmarks

Table of Contents

•

Access to the Privileged EXEC level and CONFIG levels of the CLI

NOTE: HP devices do not support RADIUS security for SNMP access.

RADIUS Authentication, Authorization, and Accounting

When RADIUS authentication is implemented, the HP device consults a RADIUS server to verify user names

and passwords. You can optionally configure RADIUS authorization, in which the HP device consults a list of

commands supplied by the RADIUS server to determine whether a user can execute a command he or she has

entered, as well as accounting, which causes the HP device to log information on a RADIUS accounting server

when specified events occur on the device.

NOTE: By default, a user logging into the device via Telnet or SSH first enters the User EXEC level. The user

can then enter the enable command to get to the Privileged EXEC level.

Starting with release 07.1.00, a user that is successfully authenticated can be automatically placed at the

Privileged EXEC level after login. See "Entering Privileged EXEC Mode After a Telnet or SSH Login" on page 2

46.

RADIUS Authentication

When RADIUS authentication takes place, the following events occur:

1. A user attempts to gain access to the HP device by doing one of the following:

•

Logging into the device using Telnet, SSH, or the Web management interface

•

Entering the Privileged EXEC level or CONFIG level of the CLI

2. The user is prompted for a username and password.

3. The user enters a username and password.

4. The HP device sends a RADIUS Access-Request packet containing the username and password to the

RADIUS server.

5. The RADIUS server validates the HP device using a shared secret (the RADIUS key).

6. The RADIUS server looks up the username in its database.

7. If the username is found in the database, the RADIUS server validates the password.

8. If the password is valid, the RADIUS server sends an Access-Accept packet to the HP device, authenticating

the user. Within the Access-Accept packet are three HP vendor-specific attributes that indicate:

•

The privilege level of the user

•

A list of commands

•

Whether the user is allowed or denied usage of the commands in the list

The last two attributes are used with RADIUS authorization, if configured.

9. The user is authenticated, and the information supplied in the Access-Accept packet for the user is stored on

the HP device. The user is granted the specified privilege level. If you configure RADIUS authorization, the

user is allowed or denied usage of the commands in the list.

RADIUS Authorization

When RADIUS authorization takes place, the following events occur:

1. A user previously authenticated by a RADIUS server enters a command on the HP device.

2. The HP device looks at its configuration to see if the command is at a privilege level that requires RADIUS

command authorization.

June 2005

Securing Access to Management Functions

2 - 39

Table of Contents

This manual is also suitable for:

J4139aProcurve 9308mJ4874a Procurve 9408sl J4138a J8680a ... Show all

HP ProCurve 9304M Security Manual page 55

Related Manuals for HP ProCurve 9304M

Related Products for HP ProCurve 9304M

This manual is also suitable for:

Table of Contents