Installation and Getting Started Guide
When RADIUS authorization takes place, the following events occur:
A user previously authenticated by a RADIUS server enters a command on the HP device.
The HP device looks at its configuration to see if the command is at a privilege level that requires RADIUS
If the command belongs to a privilege level that requires authorization, the HP device looks at the list of
commands delivered to it in the RADIUS Access-Accept packet when the user was authenticated. (Along
with the command list, an attribute was sent that specifies whether the user is permitted or denied usage of
the commands in the list.)
NOTE: After RADIUS authentication takes place, the command list resides on the HP device. The RADIUS
server is not consulted again once the user has been authenticated. This means that any changes made to
the user's command list on the RADIUS server are not reflected until the next time the user is authenticated
by the RADIUS server, and the new command list is sent to the HP device.
If the command list indicates that the user is authorized to use the command, the command is executed.
RADIUS accounting works as follows:
One of the following events occur on the HP device:
A user logs into the management interface using Telnet or SSH
A user enters a command for which accounting has been configured
A system event occurs, such as a reboot or reloading of the configuration file
The HP device checks its configuration to see if the event is one for which RADIUS accounting is required.
If the event requires RADIUS accounting, the HP device sends a RADIUS Accounting Start packet to the
RADIUS accounting server, containing information about the event.
The RADIUS accounting server acknowledges the Accounting Start packet.
The RADIUS accounting server records information about the event.
When the event is concluded, the HP device sends an Accounting Stop packet to the RADIUS accounting
The RADIUS accounting server acknowledges the Accounting Stop packet.
AAA Operations for RADIUS
The following table lists the sequence of authentication, authorization, and accounting operations that take place
when a user gains access to an HP device that has RADIUS security configured.
User attempts to gain access to the
Privileged EXEC and CONFIG levels of
3 - 32
Applicable AAA Operations
aaa authentication enable default <method-list>
System accounting start:
aaa accounting system default start-stop <method-list>