Modifying a security group member, Removing a member from a group, Using radius servers – HP H-series Enterprise Fabric Management Suite Software User Manual
Page 74: Using radius, Servers
74
Managing Fabric Security
You can also click Generate to create a random secondary secret. Re-type the secondary secret in the
Confirm Secondary field. If the initiator does not support either hash, the link becomes isolated.
8.
For ISL groups when fabric binding is enabled (see ”
Configuring the security data base
” (page 69)), in
the Domain ID Binding field, enter the domain ID (1–239) for the switch. The WWN of the switch must
correspond to the specified domain ID when attempting to enter the fabric, otherwise the switch
becomes isolated.
9.
Click OK to close the Create a Security Group Member dialog box.
10.
Click Apply to display the Save Security dialog box.
11.
Click Save Security to apply changes to switch.
12.
In the Security Set Activation dialog box, click Yes to save and activate the security set, or click No to
save the security set without activation.
13.
Click Close to close the Save Security dialog box.
Modifying a security group member
To modify a group member:
1.
Select the entry switch in the fabric tree.
2.
Click Security on the toolbar, or select Security > Edit Security to open the Edit Security dialog box
(
).
3.
Select a member, and select Edit > Edit security group member.
4.
In the Edit a Security Group Member dialog box, make the necessary changes, and click OK.
5.
Click Apply to display the Save Security dialog box.
6.
Click Save Security to apply changes to switch.
7.
In the Security Set Activation dialog box, click Yes to save and activate the security set, or click No to
save the security set without activation.
8.
Click Close to close the Save Security dialog box.
Removing a member from a group
to remove a member from a group:
1.
Select the entry switch in the fabric tree.
2.
Click Security on the toolbar, or select Security > Edit Security to open the Edit Security dialog box
(
).
3.
Select a member in a group, and select Edit > Remove Security Group Member.
4.
Click Yes to confirm the group member removal.
5.
Click Apply to display the Save Security dialog box.
6.
Click Save Security to apply changes to switch.
7.
In the Security Set Activation dialog box, click Yes to save and activate the security set, or click No to
save the security set without activation.
8.
Click Close to close the Save Security dialog box.
Using RADIUS servers
Remote Authentication Dial In User Service (RADIUS) provides a method to centralize the management of
authentication passwords in larger networks. It has a client/server model, where the server is the password
repository and third party authentication point and the clients are all of the managed devices. You can
configure RADIUS for just the switch, or both the switch and the initiator device, and user accounts. When
using a RADIUS server, every switch in the fabric must have a network connection. You can configure up to
five RADIUS servers to provide failover.
RADIUS authenticates users and devices using a challenge/response protocol. Basic implementations
consist of a central RADIUS server containing a database of authorized users as well as authentication
information. A RADIUS client wishing to verify the authenticity of a user issues a challenge to the user and
collects the response to the challenge. This information is forwarded to the RADIUS server for
authentication and the server responds with the results, either an accept or reject. The RADIUS client does
not need to be configured with any user authentication information. All of this information resides on the