Configuring the switch, Displaying the current radius configuration – HP StorageWorks 2.128 SAN Director Switch User Manual

50

Configuring standard security features

15.

In the Add Remote Access Policy window, confirm that the Conditions section displays the groups that

you selected and click Next.

16.

After the Add Remote Access Policy window refreshes, select the Grant remote access permission

radio button and click Next.

17.

After the Add Remote Access Policy window refreshes again, click Edit Profile.

18.

In the Edit Dial-in Profile window, select the Authentication tab and then select only the Encrypted

Authentication (CHAP) and Unencrypted Authentication (PAP, SPAP) check boxes.

19.

Select the Advanced tab and click Add.

20.

In the Add Attributes window, select Vendor-Specific and click Add.

21.

In the Multivalued Attribute Information window, click Add.

22.

In the VSA Information window, select the Enter Vendor Code radio button and enter the value

1588

.

23.

Select the Yes. It conforms radio button, and then click Configure Attribute.

24.

In the Configure VSA (RFC compliant) window, enter the following:
a. For the vendor-assigned attribute number, enter the value

1

.

b. For the attribute format, enter

String

.

c. For the attribute value, enter the login role (

root

,

admin

,

factory

,

switchAdmin

, or

user

) the

user group must use to log in to the switch.

d. Click OK.

25.

In the Multivalued Attribute Information window, click OK.

26.

In the Edit Dial-in Profile window, remove all additional parameters (except the one you just added,

Vendor-Specific) and click OK.

27.

In the Add Remote Access Policy window, click Finish.

28.

After returning to the Internet Authentication Service window, repeat

step 6

through

step 27

to add

additional policies for all login types you want to use the RADIUS server. After this is done, you can

configure the switch.

Configuring the switch

RADIUS configuration of the switch is controlled by the

aaaConfig

command.

NOTE:

On dual-CP switches (Core Switch 2/64, SAN Director 2/128, and 4/256 SAN Director), the

switch sends its RADIUS request using the IP address of the active CP. When adding clients, add both the

active and standby CP IP addresses so that users can still log in to the event of a failover.

The following procedures show how to use the

aaaConfig

command to set up a switch for

RADIUS service.

Displaying the current RADIUS configuration

1.

Connect to the switch and log in as admin.

2.

Issue the following command:

switch:admin> aaaConfig --show

If a configuration exists, its parameters are displayed. If RADIUS service is not configured, only the

parameter heading line is displayed. Parameters include:

•

Position

: The order in which servers are contacted to provide service

•

Server

: The server names or IP addresses

•

Port

: The server ports

•

Secret

: The shared secrets

•

Timeouts

: The length of time servers have to respond before the next server is contacted

•

Authentication

: The type of authentication being used on servers