Configure Authentication For The Access Methods You Want Radius To Protect - HP ProCurve 6120G/XG Manual
Hp procurve series 6120 blade switches access security guide
Hide thumbs
Also See for ProCurve 6120G/XG:
- Configuration manual (662 pages) ,
- Manual (469 pages) ,
- Management manual (222 pages)
Table of Contents
Advertisement
RADIUS Authentication, Authorization, and Accounting
Configuring the Switch for RADIUS Authentication
(For RADIUS accounting features, refer to "Configuring RADIUS Accounting"
on page 5-47.)
1. Configure Authentication for the Access Methods
This section describes how to configure the switch for RADIUS authentication
through the following access methods:
■
■
■
■
You can configure RADIUS as the primary password authentication method
for the above access methods. You also need to select either local, none, or
authorized as a secondary, or backup, method. Note that for console access, if
you configure radius (or tacacs) for primary authentication, you must config
5-10
•
Timeout Period: The timeout period the switch waits for a RADIUS
server to reply. (Default: 5 seconds; range: 1 to 15 seconds.)
•
Retransmit Attempts: The number of retries when there is no server
response to a RADIUS authentication request. (Default: 3; range of 1
to 5.)
•
Server Dead-Time: The period during which the switch will not send
new authentication requests to a RADIUS server that has failed to
respond to a previous request. This avoids a wait for a request to time
out on a server that is unavailable. If you want to use this feature,
select a dead-time period of 1 to 1440 minutes. (Default: 0—disabled;
range: 1 - 1440 minutes.) If your first-choice server was initially
unavailable, but then becomes available before the dead-time expires,
you can nullify the dead-time by resetting it to zero and then trying to
log on again. As an alternative, you can reboot the switch, (thus
resetting the dead-time counter to assume the server is available) and
then try to log on again.
•
Number of Login Attempts: This is actually an aaa authentication
command. It controls how many times per session a RADIUS client
(and clients using other forms of access) can try to log in with the
correct username and password. (Default: Three times per session.)
You Want RADIUS To Protect
Console: Either direct serial-port connection or modem connection.
Telnet: Inbound Telnet must be enabled (the default).
SSH: To use RADIUS for SSH access, first configure the switch for
SSH operation. Refer to chapter 7, "Configuring Secure Shell (SSH)" .
Web: You can enable RADIUS authentication for web browser inter
face access to the switch.
Hide quick links:
Advertisement
Table of Contents
