Configuring The Switch For Radius Authentication - HP ProCurve 2910al Access Security Manual

RADIUS Authentication and Accounting

Configuring the Switch for RADIUS Authentication

• Determine how many times you want the switch to try contacting a RADIUS server before trying another RADIUS
server or quitting. (This depends on how many RADIUS servers you have configured the switch to access.)
• Determine whether you want to bypass a RADIUS server that fails to respond to requests for service. To shorten
authentication time, you can set a bypass period in the range of 1 to 1440 minutes for non-responsive servers. This
requires that you have multiple RADIUS servers accessible for service requests.
• Optional: Determine whether the switch access level (Manager or Operator) for authenticated clients can be set by
a Service Type value the RADIUS server includes in its authentication message to the switch. (Refer to "2. Enable the
(Optional) Access Privilege Option" on page 5-13.)
• Configure RADIUS on the server(s) used to support authentication on the switch.
5-8
Configuring the Switch for RADIUS
Authentication
RADIUS Authentication Commands
aaa authentication
console | telnet | ssh | web | < enable | login <local | radius>>
web-based | mac-based <chap-radius | peap-radius>
[ local | none | authorized]
[login privilege-mode]*
[no] radius-server host < IP-address >
[auth-port < port-number >]
[acct-port < port-number >]
[key < server-specific key-string >]
[no] radius-server key < global key-string >
radius-server timeout < 1 - 15>
radius-server retransmit < 1 - 5 >
[no] radius-server dead-time < 1 - 1440 >
show radius
[< host < ip-address>]
show authentication
show radius authentication
*The web authentication option for the web browser interface is available on
the switches covered in this guide.
Page
5-10
5-10
5-10
5-13
5-15
5-15
5-15, 5-38
5-15
5-18
5-18
5-18
5-19
5-43
5-44
5-45
5-46