HP ProCurve 9304M Security Manual page 56

Routing switches

Hide thumbs Also See for ProCurve 9304M:

Management and configuration manual (690 pages)

Installation and configuration manual (504 pages)

Installation and getting started manual (348 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

page of 172

/ 172
Contents
Table of Contents
Bookmarks

Table of Contents

Security Guide for ProCurve 9300/9400 Series Routing Switches

3. If the command belongs to a privilege level that requires authorization, the HP device looks at the list of

commands delivered to it in the RADIUS Access-Accept packet when the user was authenticated. (Along

with the command list, an attribute was sent that specifies whether the user is permitted or denied usage of

the commands in the list.)

NOTE: After RADIUS authentication takes place, the command list resides on the HP device. The RADIUS

server is not consulted again once the user has been authenticated. This means that any changes made to

the user's command list on the RADIUS server are not reflected until the next time the user is authenticated

by the RADIUS server, and the new command list is sent to the HP device.

4. If the command list indicates that the user is authorized to use the command, the command is executed.

RADIUS Accounting

RADIUS accounting works as follows:

1. One of the following events occur on the HP device:

•

A user logs into the management interface using Telnet or SSH

•

A user enters a command for which accounting has been configured

•

A system event occurs, such as a reboot or reloading of the configuration file

2. The HP device checks its configuration to see if the event is one for which RADIUS accounting is required.

3. If the event requires RADIUS accounting, the HP device sends a RADIUS Accounting Start packet to the

RADIUS accounting server, containing information about the event.

4. The RADIUS accounting server acknowledges the Accounting Start packet.

5. The RADIUS accounting server records information about the event.

6. When the event is concluded, the HP device sends an Accounting Stop packet to the RADIUS accounting

server.

7. The RADIUS accounting server acknowledges the Accounting Stop packet.

AAA Operations for RADIUS

The following table lists the sequence of authentication, authorization, and accounting operations that take place

when a user gains access to an HP device that has RADIUS security configured.

User Action

User attempts to gain access to the

Privileged EXEC and CONFIG levels of

the CLI

User logs in using Telnet/SSH

2 - 40

Applicable AAA Operations

Enable authentication:

aaa authentication enable default <method-list>

System accounting start:

aaa accounting system default start-stop <method-list>

aaa authentication login default <method-list>

EXEC accounting Start:

aaa accounting exec default start-stop <method-list>

System accounting Start:

aaa accounting system default start-stop <method-list>

June 2005

Table of Contents

This manual is also suitable for:

J4139aProcurve 9308mJ4874a Procurve 9408sl J4138a J8680a ... Show all

HP ProCurve 9304M Security Manual page 56

Related Manuals for HP ProCurve 9304M

Related Products for HP ProCurve 9304M

This manual is also suitable for:

Table of Contents