Ssh/Scp Integration With Radius And Tacacs+ Authentication; User Access Control - HP 438031-B21 - 1:10Gb Ethernet BL-c Switch Application Manual

Hp 1:10gb ethernet bl-c switch for c-class bladesystem application guide

Hide thumbs Also See for 438031-B21 - 1:10Gb Ethernet BL-c Switch:

Reference manual (252 pages)

Command reference manual (208 pages)

Cli reference manual (190 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

Table of Contents

A value of 0 denotes that RSA server key autogeneration is disabled. When greater than 0, the switch will

auto generate the RSA server key every specified interval; however, RSA server key generation is skipped

if the switch is busy doing other key or cipher generation when the timer expires.

The switch will perform only one session of key/cipher generation at a time. Thus, an SSH/SCP client will

not be able to log in if the switch is performing key generation at that time, or if another client has logged

in immediately prior. Also, key generation will fail if an SSH/SCP client is logging in at that time.

SSH/SCP integration with RADIUS and TACACS+ authentication

SSH/SCP is integrated with RADIUS and TACACS+ authentication. After the RADIUS or TACACS+ server

is enabled on the switch, all subsequent SSH authentication requests will be redirected to the specified

RADIUS or TACACS+ servers for authentication. The redirection is transparent to the SSH clients.

User access control

The switch allows an administrator to define end user accounts that permit end users to perform limited

actions on the switch. Once end user accounts are configured and enabled, the switch requires

username/password authentication.

For example, an administrator can assign a user who can log into the switch and perform operational

commands (effective only until the next switch reboot).

The administrator defines access levels for each switch user, as shown in the following table.

User access levels

Table 6

User account

Administrator

Operator

User

Passwords can be up to 128 characters in length for TACACS+, Telnet, SSH, console, and BBI access.

When RADIUS authentication is used, the maximum password length is 16 characters.

If RADIUS authentication is used, the user password on the Radius server will override the user password

on the switch. Also note that the password-change command on the switch modifies only the use

switch password and has no effect on the user password on the Radius server. RADIUS authentication

and user password cannot be used concurrently to access the switch.

Description

The Administrator has complete access to all menus, information, and

configuration commands on the switch, including the ability to change both

the user and administrator passwords.

The Operator manages all functions of the switch. The Operator can reset

ports or the entire switch.

The User has no direct responsibility for switch management.

Users can view all switch status information and statistics but cannot make

any configuration changes to the switch.

Accessing the switch

Password

admin

oper

user

Table of Contents

Troubleshooting

This manual is also suitable for:

1:10gbe

Ssh/Scp Integration With Radius And Tacacs+ Authentication; User Access Control - HP 438031-B21 - 1:10Gb Ethernet BL-c Switch Application Manual

SSH/SCP integration with RADIUS and TACACS+ authentication

User access control

Troubleshooting

Related Manuals for HP 438031-B21 - 1:10Gb Ethernet BL-c Switch

Related Content for HP 438031-B21 - 1:10Gb Ethernet BL-c Switch

This manual is also suitable for:

Table of Contents