Configuring The Switch For Radius Authentication - HP 3500yl Series Access Security Manual
Switch software
Hide thumbs
Also See for 3500yl Series:
- Release notes (219 pages) ,
- Specifications (16 pages) ,
- Features (6 pages)
Table of Contents
Advertisement
• Determine the IP address(es) of the RADIUS server(s) you want to support the switch. (You can configure the switch
for up to fifteen RADIUS servers.)
• If you need to replace the default UDP destination port (1812) the switch uses for authentication requests to a specific
RADIUS server, select it before beginning the configuration process.
• If you need to replace the default UDP destination port (1813) the switch uses for accounting requests to a specific
Radius server, select it before beginning the configuration process.
• Determine whether you can use one, global encryption key for all RADIUS servers or if unique keys will be required
for specific servers. With multiple RADIUS servers, if one key applies to two or more of these servers, then you can
configure this key as the global encryption key. For any server whose key differs from the global key you are using,
you must configure that key in the same command that you use to designate that server's IP address to the switch.
• Determine an acceptable timeout period for the switch to wait for a server to respond to a request. HP recommends
that you begin with the default (five seconds).
• Determine how many times you want the switch to try contacting a RADIUS server before trying another RADIUS
server or quitting. (This depends on how many RADIUS servers you have configured the switch to access.)
• Determine whether you want to bypass a RADIUS server that fails to respond to requests for service. To shorten
authentication time, you can set a bypass period in the range of 1 to 1440 minutes for non-responsive servers. This
requires that you have multiple RADIUS servers accessible for service requests.
• Optional: Determine whether the switch access level (Manager or Operator) for authenticated clients can be set by
a Service Type value the RADIUS server includes in its authentication message to the switch. (Refer to "2. Enable the
(Optional) Access Privilege Option" on page 6-13.)
• Configure RADIUS on the server(s) used to support authentication on the switch.
Configuring the Switch for RADIUS
Authentication
RADIUS Authentication Commands
aaa authentication
console | telnet | ssh | web | < enable | login <local | radius>>
web-based | mac-based <chap-radius | peap-radius>
[login privilege-mode]*
[no] radius-server host < IP-address >
[key < server-specific key-string >]
RADIUS Authentication, Authorization, and Accounting
Configuring the Switch for RADIUS Authentication
Page
6-10
6-10
6-10
6-13
6-15
6-15
6-15, 6-58
6-16
6-15
6-19
6-7
Hide quick links:
Advertisement
Chapters
Table of Contents
