Switch Operating Rules For Radius - HP ProCurve 6200yl Series Access Security Manual
Hide thumbs
Also See for ProCurve 6200yl Series:
- Multicast and routing manual (308 pages) ,
- Software update npi technical training (19 pages) ,
- Access security manual (778 pages)
Table of Contents
Advertisement
NAS (Network Access Server): In this case, a ProCurve switch configured
for RADIUS security operation.
RADIUS (Remote Authentication Dial In User Service):
RADIUS Client: The device that passes user information to designated
RADIUS servers.
RADIUS Host: See RADIUS server.
RADIUS Server: A server running the RADIUS application you are using on
your network. This server receives user connection requests from the switch,
authenticates users, and then returns all necessary information to the switch.
For the ProCurve switch, a RADIUS server can also perform accounting
functions. Sometimes termed a RADIUS host.
Shared Secret Key: A text value used for encrypting data in RADIUS packets.
Both the RADIUS client and the RADIUS server have a copy of the key, and
the key is never transmitted across the network.
Vendor-Specific Attribute: A vendor-defined value configured in a RADIUS
server to specific an optional switch feature assigned by the server during an
authenticated client session.
Switch Operating Rules for RADIUS
You must have at least one RADIUS server accessible to the switch.
■
The switch supports authentication and accounting using up to three
■
RADIUS servers. The switch accesses the servers in the order in
which they are listed by show radius (page 6-29). If the first server does
not respond, the switch tries the next one, and so-on. (To change the
order in which the switch accesses RADIUS servers, refer to
"Changing RADIUS-Server Access Order" on page 6-33.)
■
You can select RADIUS as the primary authentication method for each
type of access. (Only one primary and one secondary access method
is allowed for each access type.)
■
In the ProCurve switch, EAP RADIUS uses MD5 and TLS to encrypt
a response to a challenge from a RADIUS server.
■
When primary/secondary authentication is set to Radius/Local (for
either Login or Enable) and the RADIUS server fails to respond to a
client attempt to authenticate, the failure is noted in the Event Log
with the message radius: Can't reach RADIUS server < server-ip-addr >.
RADIUS Authentication and Accounting
Switch Operating Rules for RADIUS
6-5
Hide quick links:
Advertisement
Chapters
Table of Contents
