Radius, Tacacs – HP ProLiant xw460c Blade Workstation User Manual

Introduction 12

configurable from the browser-based interface, but because the connection is based on an IP address for
these interfaces, users will have to reconnect with the newly assigned IP address.

NTP

The switch maintains the current date and time. This information displays on the management interfaces
and is used to record the date and time of switch events. Current date and time information are manually
set on the switch or are obtained through NTP. NTP allows the switch to send a request to a primary NTP
server in each polling period asking for GMT.

RADIUS

The switch supports the RADIUS method to authenticate and authorize remote administrators for managing
the switch. This method is based on a client/server model. The RAS, the switch, is a client to the back-end
database server. A remote user (the remote administrator) interacts only with the RAS, not the back-end
server and database.

RADIUS authentication consists of:

•

A protocol with a frame format that utilizes UDP over IP, based on RFC 2138 and 2866

•

A centralized server that stores all the user authorization information

•

A client, in this case, the switch

The switch, acting as the RADIUS client, communicates to the RADIUS server to authenticate and authorize
a remote administrator using the protocol definitions specified in RFC 2138 and 2866. Transactions
between the client and the RADIUS server are authenticated using a shared key that is not sent over the
network. In addition, the remote administrator passwords are sent encrypted between the RADIUS client
(the switch) and the back-end RADIUS server.

The benefits of using RADIUS are:

•

Authentication of remote administrators

•

Identification of the administrator using name/password

•

Authorization of remote administrators

•

Determination of the permitted actions and customizing service for individual administrators

TACACS+

The switch supports the TACACS+ method to authenticate, authorize, and account for remote
administrators managing the switch. This method is based on a client/server model. The switch is a client
to the back-end TACACS+ AAA server. A remote user (the remote administrator) interacts only with the
client, and not with the back end AAA server.

The TACACS+ AAA method consists of:

•

A protocol with a frame format that utilizes TCP over IP

•

A centralized AAA server that stores all the user authentication, authorization, and accounting (of
usage) information

•

A NAS or client (in this case, the switch)

The switch, acting as the TACACS+ client or NAS, communicates to the TACACS+ server to authenticate,
authorize, and account for user access. Transactions between the client and the TACACS+ server are
authenticated using a shared key that is not sent over the network. In addition, the remote administrator
passwords are sent encrypted between the TACACS+ client (the switch) and the back-end TACACS+
server.

The switch supports: