Adding a radius server, 38 radius server information dialog box—add server – HP H-series Enterprise Fabric Management Suite Software User Manual

HP StorageWorks 8/20q and SN6000 Fibre Channel Switch Enterprise Fabric Management Suite User Guide

75

RADIUS server and can be managed centrally and separately from the clients. In addition, no passwords

are exchanged between the RADIUS server and its clients. Authentication of requests from a RADIUS client

to the server and responses from the server to a client can also be authenticated. This requires sharing a

secret between the server and client. The accounting RADIUS supports the auditing of the users and switch

services such as Telnet, FTP, and switch management applications.

NOTE:

The RADIUS server dialog boxes are available only on a secure (SSL) fabric and on the entry

switch. For more information about SSL, see ”

Connection security

” (page 65). For information about the

SSL service, see ”

Managing system services

” (page 97). You may need to configure a security set for

RADIUS device security to be used in authenticating other switches. For information about configuring a

security set, see ”

Creating a security set

” (page 70).

Adding a RADIUS server

When you add a RADIUS server, you provide a method to centralize the management of authentication

passwords over a network.

Figure 38

Radius Server Information dialog box—Add server

To add a RADIUS server:

1.

Select a switch in the fabric tree.

2.

Select Switch > Radius Servers to open the Radius Server Information dialog box (

Figure 38

).

3.

Click the Add Server tab, and select the server type (Device, User, Account).

4.

In the Server Address field, enter the remote IP address of the server.

5.

In the UDP Port field, enter the remote UDP port number of the Authentication Radius Server. The Radius

Accounting Server UDP port is the value of Device/User Authentication Server UDP Port plus one.

6.

In the Timeout field, enter the timeout value in seconds (minimum of 1 second, maximum of 30

seconds). This is the number of seconds the RADIUS client waits for a response from the RADIUS server

before retrying, or giving up on a request.

7.

In the Retries field, enter the number of retries. This is the maximum number of times the RADIUS client

retries a request sent to the primary RADIUS server.

8.

Select the Sign Packets option to enable the switch to include a digital signature

(Message-Authenticator) in all RADIUS access request packets sent to the RADIUS server. A valid

Message-Authenticator attribute is required in all RADIUS server responses.