HP ProCurve 9304M Security Manual page 58

Routing switches

Hide thumbs Also See for ProCurve 9304M:

Management and configuration manual (690 pages)

Installation and configuration manual (504 pages)

Installation and getting started manual (348 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

page of 172

/ 172
Contents
Table of Contents
Bookmarks

Table of Contents

Security Guide for ProCurve 9300/9400 Series Routing Switches

NOTE: Since RADIUS command authorization relies on a list of commands received from the RADIUS server

when authentication is performed, it is important that you use RADIUS authentication when you also use RADIUS

command authorization.

RADIUS Configuration Considerations

•

You must deploy at least one RADIUS server in your network.

•

HP devices support authentication using up to eight RADIUS servers. The device tries to use the servers in

the order you add them to the device's configuration. If one RADIUS server is not responding, the HP device

tries the next one in the list.

•

You can select only one primary authentication method for each type of access to a device (CLI through

Telnet, CLI Privileged EXEC and CONFIG levels). For example, you can select RADIUS as the primary

authentication method for Telnet CLI access, but you cannot also select TACACS+ authentication as the

primary method for the same type of access. However, you can configure backup authentication methods for

each access type.

RADIUS Configuration Procedure

Use the following procedure to configure an HP device for RADIUS:

1. Configure HP vendor-specific attributes on the RADIUS server. See "Configuring HP-Specific Attributes on

the RADIUS Server" on page 2-42.

2. Identify the RADIUS server to the HP device. See "Identifying the RADIUS Server to the HP Device" on

page 2-43.

3. Set RADIUS parameters. See "Setting RADIUS Parameters" on page 2-44.

4. Configure authentication-method lists. See "Configuring Authentication-Method Lists for RADIUS" on page 2

45.

5. Optionally configure RADIUS authorization. See "Configuring RADIUS Authorization" on page 2-47.

6. Optionally configure RADIUS accounting. "Configuring RADIUS Accounting" on page 2-48.

Configuring HP-Specific Attributes on the RADIUS Server

During the RADIUS authentication process, if a user supplies a valid username and password, the RADIUS server

sends an Access-Accept packet to the HP device, authenticating the user. Within the Access-Accept packet are

three HP vendor-specific attributes that indicate:

•

The privilege level of the user

•

A list of commands

•

Whether the user is allowed or denied usage of the commands in the list

You must add these three HP vendor-specific attributes to your RADIUS server's configuration, and configure the

attributes in the individual or group profiles of the users that will access the HP device.

2 - 42

June 2005

Table of Contents

This manual is also suitable for:

J4139aProcurve 9308mJ4874a Procurve 9408sl J4138a J8680a ... Show all

HP ProCurve 9304M Security Manual page 58

Related Manuals for HP ProCurve 9304M

Related Products for HP ProCurve 9304M

This manual is also suitable for:

Table of Contents