Enable The (Optional) Access Privilege Option - HP 3500yl Series Access Security Manual

HP Switch
(config)# aaa authentication telnet login radius none
HP Switch
(config)# aaa authentication telnet enable radius none
HP Switch
(config)# aaa authentication ssh login radius none
HP Switch
(config)# aaa authentication ssh enable radius none
HP Switch
(config)# show authentication
Status and Counters - Authentication Information
Login Attempts : 3
Respect Privilege : Disabled
| Login
Access Task | Primary
----------- + ---------- ------------ ----------
Console | Local
Telnet | Radius
Port-Access | Local
Webui | Local
SSH | Radius
Web-Auth | ChapRadius radius
MAC-Auth | ChapRadius radius
| Enable
Access Task | Primary
----------- + ---------- ------------ ----------
Console | Local
Telnet | Radius
Webui | Local
SSH | Radius
Figure 6-3. Example Configuration for RADIUS Authentication
Note
Login
Server Group Secondary
Enable
Server Group Secondary
If you configure the Login Primary method as local instead of radius (and local
passwords are configured on the switch), then clients connected to your
network can gain access to either the Operator or Manager level without
encountering the RADIUS authentication specified for Enable Primary. Refer
to "Local Authentication Process" on page 6-36.

2. Enable the (Optional) Access Privilege Option

In the default RADIUS operation, the switch automatically admits any authen-
ticated client to the Login (Operator) privilege level, even if the RADIUS server
specifies Enable (Manager) access for that client. Thus, an authenticated user
authorized for the Manager privilege level must authenticate again to change
privilege levels. Using the optional login privilege-mode command overrides
RADIUS Authentication, Authorization, and Accounting
Configuring the Switch for RADIUS Authentication
Login
None
None
None
None
None
None
None
Enable
None
None
None
None
The switch now
allows Telnet and
SSH authentication
only through
RADIUS.
6-13