HP 2600 Series User Manual

Page 109

Advertising
background image

5-9

RADIUS Authentication and Accounting

Configuring the Switch for RADIUS Authentication

For example, suppose you have already configured local passwords on the
switch, but want to use RADIUS to protect primary Telnet and SSH access
without allowing a secondary Telnet or SSH access option (which would be
the switch’s local passwords):

Figure 5-2. Example Configuration for RADIUS Authentication

N o t e

In the above example, if you configure the Login Primary method as

local

instead of

radius (and local passwords are configured on the switch), then you

can gain access to either the Operator or Manager level without encountering
the RADIUS authentication specified for Enable Primary. Refer to “Local
Authentication Process” on page 5-16.

Syntax:

aaa authentication < console | telnet | ssh | web > < enable | login > < radius >

Configures RADIUS as the primary password authentication
method for console, Telnet, SSH and/or the Web browser interface.
(The default primary

< enable | login > authentication is local.)

[< local | none >]

Provides options for secondary authentication (default:
none). Note that for console access, secondary authenti-
cation must be

local if primary access is not local. This

prevents you from being completely locked out of the
switch in the event of a failure in other access methods.

ProCurve(config)# aaa authentication telnet login radius none

ProCurve(config)# aaa authentication telnet enable radius none

ProCurve(config)# aaa authentication ssh login radius none

ProCurve(config)# aaa authentication ssh enable radius none

ProCurve(config)# show authentication

Status and Counters - Authentication Information

Login Attempts : 3

Respect Privilege : Disabled

| Login Login Enable Enable

Access Task | Primary Secondary Primary Secondary

----------- + ---------- ---------- ---------- ----------

Console | Local None Local None

Telnet | Radius None Radius None

Port-Access | Local

Webui | Local None Local None

SSH | Radius None Radius None

The switch now
allows Telnet and
SSH authentication
only through
RADIUS.

Advertising
Popular Brands
Popular manuals