HP 6120XG HP ProCurve Series 6120 Blade Switches Access Security Guide - Page 173
Switch Operating Rules for RADIUS, Vendor-Specific Attribute
View all HP 6120XG manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 173 highlights
RADIUS Authentication, Authorization, and Accounting Switch Operating Rules for RADIUS Vendor-Specific Attribute: A vendor-defined value configured in a RADIUS server to specific an optional switch feature assigned by the server during an authenticated client session. Switch Operating Rules for RADIUS ■ You must have at least one RADIUS server accessible to the switch. ■ The switch supports authentication and accounting using up to three RADIUS servers. The switch accesses the servers in the order in which they are listed by show radius (page 5-46). If the first server does not respond, the switch tries the next one, and so-on. (To change the order in which the switch accesses RADIUS servers, refer to "Changing RADIUS-Server Access Order" on page 5-50.) ■ You can select RADIUS as the primary authentication method for each type of access. (Only one primary and one secondary access method is allowed for each access type.) ■ In the ProCurve switch, EAP RADIUS uses MD5 and TLS to encrypt a response to a challenge from a RADIUS server. ■ When primary/secondary authentication is set to Radius/Local (for either Login or Enable) and the RADIUS server fails to respond to a client attempt to authenticate, the failure is noted in the Event Log with the message radius: Can't reach RADIUS server < server-ip-addr >. When this type of failure occurs, the switch prompts the client again to enter a username and password. In this case, use the local username (if any) and password configured on the switch itself. ■ Zero-length usernames or passwords are not allowed for RADIUS authentication, even though allowed by some RADIUS servers. ■ TACACS+ is not supported for the web browser interface access. 5-6