HP 8/20q HP StorageWorks 8/20q and SN6000 Fibre Channel Switch Enterprise Fabr - Page 75
Adding a RADIUS server
View all HP 8/20q manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 75 highlights
RADIUS server and can be managed centrally and separately from the clients. In addition, no passwords are exchanged between the RADIUS server and its clients. Authentication of requests from a RADIUS client to the server and responses from the server to a client can also be authenticated. This requires sharing a secret between the server and client. The accounting RADIUS supports the auditing of the users and switch services such as Telnet, FTP, and switch management applications. NOTE: The RADIUS server dialog boxes are available only on a secure (SSL) fabric and on the entry switch. For more information about SSL, see "Connection security" (page 65). For information about the SSL service, see "Managing system services" (page 97). You may need to configure a security set for RADIUS device security to be used in authenticating other switches. For information about configuring a security set, see "Creating a security set" (page 70). Adding a RADIUS server When you add a RADIUS server, you provide a method to centralize the management of authentication passwords over a network. Figure 38 Radius Server Information dialog box-Add server To add a RADIUS server: 1. Select a switch in the fabric tree. 2. Select Switch > Radius Servers to open the Radius Server Information dialog box (Figure 38). 3. Click the Add Server tab, and select the server type (Device, User, Account). 4. In the Server Address field, enter the remote IP address of the server. 5. In the UDP Port field, enter the remote UDP port number of the Authentication Radius Server. The Radius Accounting Server UDP port is the value of Device/User Authentication Server UDP Port plus one. 6. In the Timeout field, enter the timeout value in seconds (minimum of 1 second, maximum of 30 seconds). This is the number of seconds the RADIUS client waits for a response from the RADIUS server before retrying, or giving up on a request. 7. In the Retries field, enter the number of retries. This is the maximum number of times the RADIUS client retries a request sent to the primary RADIUS server. 8. Select the Sign Packets option to enable the switch to include a digital signature (Message-Authenticator) in all RADIUS access request packets sent to the RADIUS server. A valid Message-Authenticator attribute is required in all RADIUS server responses. HP StorageWorks 8/20q and SN6000 Fibre Channel Switch Enterprise Fabric Management Suite User Guide 75