HP StorageWorks 2/16V HP StorageWorks Fabric OS 5.X Procedures User Guide (AA- - Page 52
Enabling and disabling local authentication, Configuring for the SSL protocol
View all HP StorageWorks 2/16V manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 52 highlights
-p port Is an optional argument; enter a server port. -s secret Is an optional argument; enter a shared secret. -t timeout Is an optional argument; enter the length of time (in seconds) the server has to respond before the next server is contacted. -a[pap|chap] Specifies PAP or CHAP as authentication protocol. Changing the order in which RADIUS servers are contacted for service 1. Connect to the switch and log in as admin. 2. Issue the following command: switch:admin> aaaConfig --move server to_position where: server Is a list of servers by either name or IP address. Enter either the name or IP address of the server whose position is to be changed. to_position Is the position number to which the server is to be moved. When the command succeeds, the event log indicates that a server configuration is changed. Enabling and disabling local authentication It is useful to enable local authentication so that the switch can take over authentication locally if the RADIUS servers fail to respond because of power outage or network problems. To enable or disable local authentication, issue the following command: switch:admin> aaaConfig --switchdb on | off Specifying on enables local authentication; specifying off disables it. When local authentication is enabled and RADIUS servers fail to respond, you can log in to the default switch accounts (admin and user) or any user-defined account. You must know the passwords of these accounts. RADIUS authentication must be enabled when local database authentication is turned off from the on state; otherwise, an error is returned. Because local database authentication might be disabled or enabled when enabling or disabling RADIUS authentication, set the local database authentication explicitly to enabled or disabled after setting the desired RADIUS authentication configuration. When the command succeeds, the event log indicates that local database authentication is disabled or enabled. Configuring for the SSL protocol Fabric OS 4.4.0 and later support SSL protocol, which provides secure access to a fabric through Web-based management tools like Advanced Web Tools. SSL support is a standard Fabric OS feature; it is independent of Secure Fabric OS, which requires a license and separate certification. Switches configured for SSL grant access to management tools through hypertext transfer protocol-secure links (which begin with https://) instead of standard links (which begin with http://). SSL uses public key infrastructure (PKI) encryption to protect data transferred over SSL connections. PKI is based on digital certificates obtained from an Internet Certificate Authority (CA), which acts as the trusted key agent. Certificates are based on the switch IP address or fully-qualified domain name (FQDN), depending on the issuing CA. If you change a switch IP address or FQDN after activating an associated certificate, you might have to obtain and install a new certificate. Check with the CA to verify this possibility, and plan these types of changes accordingly. 52 Configuring standard security features