Radius Client And Server Requirements; Optional Hp Pcm And Idm Network Management Applications; Radius Server Configuration For Cos (802.1P Priority) And Rate-Limiting - HP 2530 Manual Supplement

Table 3 RADIUS services supported on the switch
Service
CoS (Priority)
Ingress Rate-Limiting
Egress Rate-Limiting
ACLs
IPv6 and/or IPv4 ACEs
(NAS-Filter-Rule)
NAS-Rules-IPv6 (sets IP mode to
IPv4-only or IPv4 and IPv6)
HP recommends using the Standard RADIUS attribute if available. Where both a standard attribute and a VSA are
available, the VSA is maintained for backwards compatibility with configurations based on earlier software releases.
If multiple clients are authenticated on a port where per-port rules are assigned by a RADIUS server, then the most
recently assigned rule is applied to the traffic of all clients authenticated on the port.

RADIUS client and server requirements

Clients can be dual-stack, IPv4-only, or IPv6 only.
Client authentication can be through 802.1X, MAC authentication, or web-based authentication.
(clients using web-based authentication must be IPv4-capable.)
Servers must support IPv4 and have an IPv4 address.

Optional HP PCM and IDM network management applications

For information on support for the above services in the PCM application using the HP PMC
Identity-Driven Manager (HP PMC IDM) plug-in, see the documentation for these applications on
the HP Networking website at www.hp.com/support/manuals. All RADIUS-based services described
in this chapter can be used without PCM or HP PMC IDM support.

RADIUS server configuration for CoS (802.1p priority) and rate-limiting

This section provides guidelines for configuring RADIUS servers to dynamically apply the features
listed in Table 4 (page 30)
Table 4 CoS and rate-limiting services
Service
802.1p
Assigns a RADIUS-configured 802.1p priority to inbound
packets received from a specific client authenticated on a
switch port.
NOTE: This attribute is assigned per-authenticated-user,
not per-port.
30 Updates for the HP Switch Software Access Security Guide
Application
per-user
per-user
per-port
per-user
per-user
on ports supporting authenticated clients:
Control method and operating notes
Standard Attribute used in the RADIUS server: 59
Preferred attribute for new or updated configurations.
Vendor-Specific Attribute (VSA) used in the RADIUS server.
Attribute maintained for legacy configurations.
HP vendor-specific ID:1 1
VSA: 40
Setting: User-Priority-Table=xxxxxxxx where: x=desired
802.1p priority
Note: This is an eight-digit field. Enter the same x-value for
all eight digits.
Requires a port-access authentication method (802.1X,
Web Auth, or MAC Auth) configured on the client's switch
port.
Standard RADIUS HP Vendor-Specific RADIUS
Attribute
59
—
—
92
—
Attribute (VSA)
40
46
48
61
63