Table of Contents
Advertisement
RADIUS Authentication and Accounting
Switch Operating Rules for RADIUS
5-6
Vendor-Specific Attribute: A vendor-defined value configured in a RADIUS
server to specific an optional switch feature assigned by the server during an
authenticated client session.
Switch Operating Rules for RADIUS
■
You must have at least one RADIUS server accessible to the switch.
■
The switch supports authentication and accounting using up to three
RADIUS servers. The switch accesses the servers in the order in
which they are listed by show radius (page 5-42). If the first server does
not respond, the switch tries the next one, and so-on. (To change the
order in which the switch accesses RADIUS servers, refer to
"Changing RADIUS-Server Access Order" on page 5-46.)
You can select RADIUS as the primary authentication method for
■
each type of access. (Only one primary and one secondary access
method is allowed for each access type.)
In the ProCurve switch, EAP RADIUS uses MD5 and TLS to encrypt
■
a response to a challenge from a RADIUS server.
■
When primary/secondary authentication is set to Radius/Local (for
either Login or Enable) and the RADIUS server fails to respond to a
client attempt to authenticate, the failure is noted in the Event Log
with the message radius: Can't reach RADIUS server < server-ip-addr >.
When this type of failure occurs, the switch prompts the client again
to enter a username and password. In this case, use the local user-
name (if any) and password configured on the switch itself.
Zero-length usernames or passwords are not allowed for RADIUS
■
authentication, even though allowed by some RADIUS servers.
TACACS+ is not supported for the web browser interface access.
■
Hide quick links:
Advertisement
Table of Contents
Need help?
Do you have a question about the 2900 and is the answer not in the manual?
Questions and answers