Installation and Getting Started Guide
RADIUS Configuration Considerations
You must deploy at least one RADIUS server in your network.
HP devices support authentication using up to eight RADIUS servers. The device tries to use the servers in
the order you add them to the device's configuration. If one RADIUS server is not responding, the HP device
tries the next one in the list.
You can select only one primary authentication method for each type of access to a device (CLI through
Telnet, CLI Privileged EXEC and CONFIG levels). For example, you can select RADIUS as the primary
authentication method for Telnet CLI access, but you cannot also select TACACS+ authentication as the
primary method for the same type of access. However, you can configure backup authentication methods for
each access type.
RADIUS Configuration Procedure
Use the following procedure to configure an HP device for RADIUS:
Configure HP vendor-specific attributes on the RADIUS server. See "Configuring HP-Specific Attributes on
the RADIUS Server" on page 3-34.
Identify the RADIUS server to the HP device. See "Identifying the RADIUS Server to the HP Device" on
Set RADIUS parameters. See "Setting RADIUS Parameters" on page 3-36.
Configure authentication-method lists. See "Configuring Authentication-Method Lists for RADIUS" on page 3
Optionally configure RADIUS authorization. See "Configuring RADIUS Authorization" on page 3-38.
Optionally configure RADIUS accounting. "Configuring RADIUS Accounting" on page 3-38.
Configuring HP-Specific Attributes on the RADIUS Server
During the RADIUS authentication process, if a user supplies a valid username and password, the RADIUS server
sends an Access-Accept packet to the HP device, authenticating the user. Within the Access-Accept packet are
three HP vendor-specific attributes that indicate:
The privilege level of the user
A list of commands
Whether the user is allowed or denied usage of the commands in the list
You must add these three HP vendor-specific attributes to your RADIUS server's configuration, and configure the
attributes in the individual or group profiles of the users that will access the HP device.
3 - 34