Radius authentication features, User accounts for radius users – HP 445946-001 User Manual

Accessing the switch

24

2.

Apply, verify, and save the configuration.

RADIUS authentication features

The switch supports the following RADIUS authentication features:

•

Supports RADIUS client on the switch, based on the protocol definitions in RFC 2138 and

RFC 2866.

•

Allows RADIUS secret password up to 32 bytes.

•

Supports secondary authentication server so that when the primary authentication server is

unreachable, the switch can send client authentication requests to the secondary authentication

server. Use the

/cfg/sys/radius/cur

command to show the currently active RADIUS

authentication server.

•

Supports user-configurable RADIUS server retry and time-out values:

○

Time-out value = 1-10 seconds

○

Retries = 1-3

•

The switch will time out if it does not receive a response from the RADIUS server in one to three

retries. The switch will also automatically retry connecting to the RADIUS server before it declares the

server down.

•

Supports user-configurable RADIUS application port. The default is 1645/User Datagram Protocol

(UDP)-based on RFC 2138. Port 1812 is also supported.

•

Allows network administrator to define privileges for one or more specific users to access the switch

at the RADIUS user database.

•

Allows the administrator to configure RADIUS backdoor and secure backdoor for Telnet, SSH, HTTP,

and HTTPS access.

User accounts for RADIUS users

The user accounts listed in the following table can be defined in the RADIUS server dictionary file.

Table 2

User access levels

User account

Description and tasks performed

User

User interaction with the switch is completely passive; nothing can be changed on the
switch. Users may display information that has no security or privacy implications, such as

switch statistics and current operational state information.

Operator

Operators can only effect temporary changes on the switch. These changes are lost when

the switch is rebooted/reset. Operators have access to the switch management features
used for daily switch operations. Because any changes an operator makes are undone by a

reset of the switch, operators cannot severely impact switch operation, but do have access

to the Maintenance menu. By default, the operator account is disabled and has no
password.