HP 2800 User Manual

RADIUS Authentication and Accounting
Configuring the Switch for RADIUS Authentication

1. Configure Authentication for the Access Methods You

Want RADIUS To Protect

This section describes how to configure the switch for RADIUS authentication
through the following access methods:

■

Console:

Either direct serial-port connection or modem connection.

■

Telnet:

Inbound Telnet must be enabled (the default).

■

SSH:

To employ RADIUS for SSH access, you must first configure the

switch for SSH operation. Refer to “Configuring Secure Shell (SSH)”
on page 6-1.

You can also use RADIUS for Port-Based Access authentication. Refer to
“Configuring Port-Based Access Control (802.1X)” on page 8-1.

You can configure RADIUS as the primary password authentication method
for the above access methods. You will also need to select either

local or none

as a secondary, or backup, method. Note that for console access, if you
configure

radius (or tacacs) for primary authentication, you must configure

local for the secondary method. This prevents the possibility of being com­
pletely locked out of the switch in the event that all primary access methods
fail.

Syntax: aaa authentication < console | telnet | ssh > < enable | login > < radius >

Configures RADIUS as the primary password authentication
method for console, Telnet, and/or SSH. (The default primary
< enable | login > authentication is local.)

[< local | none >]

Provides options for secondary authentication
(default:

none). Note that for console access, secondary

authentication must be

local if primary access is not

local. This prevents you from being completely locked
out of the switch in the event of a failure in other access
methods.

5-8