HP SAN manual Configuring Radius servers

Page 54

Configuring RADIUS servers

IMPORTANT: RADIUS server support is available only with the McDATA SANtegrity Enhanced PFE key and can be managed only with the CLI and Element Manager. Element Manager also requires a PFE key. See ”Installing Product Feature Enablement keys” on page 82 for more information about installing a PFE key. To obtain the McDATA 4Gb SAN Switch serial number and PFE key, follow the step-by-step instructions on the firmware feature entitlement request certificate for the PFE key. You can obtain a PFE key from the web at: www.webkey.external.hp.com.

A RADIUS server authenticates users and devices using a challenge/response protocol over a secure SSL connection. Basic implementations consist of a central RADIUS server containing a database of authorized users as well as authentication information. A RADIUS client wishing to verify the authenticity of a user issues a challenge to the user and collects the response to the challenge. This information is forwarded to the RADIUS server for authentication and the server responds with the results, either an accept or reject.

The RADIUS client does not need to be configured with any user authentication information, this all resides on the RADIUS server and can be managed centrally and separately from the clients. In addition, no passwords are exchanged between the RADIUS server and its clients. Authentication of requests from a RADIUS client to the server and responses from the server to a client can also be authenticated. This requires sharing a secret between the server and client.

The accounting RADIUS supports the auditing of the users and switch services such as Telnet, FTP, and switch management applications. The RADIUS Accounting Server enables (True) or disables (False) the auditing of activity during a user session. The default is False. When enabled, user activity is audited whether UserAuthServer is enabled or not. The accounting server UDP port number is the ServerUDPPort value plus 1 (default 1813).

Configuring RADIUS servers involves the following tasks:

Adding a RADIUS server, page 55

Removing a RADIUS server, page 56

Editing RADIUS server information, page 57

Modifying RADIUS server authentication order, page 58

54

Page 53 Page 55
Image 54
Page 53 Page 55
Contents McDATA 4Gb SAN Switch Page Contents Managing switches Managing ports Glossary IndexTables Intended audience PrerequisitesRelated documentation Document conventions and symbols Jdom licenseHP technical support HP-authorized resellerHelpful web sites Using McDATA Web Server/Element Manager Workstation requirements Starting McDATA Web ServerStarting Element Manager in Hafm Exiting McDATA Web Server or Element ManagerSetting preferences Enabling call home Using online helpViewing software version and copyright information Enabling e-mail supportUser interface McDATA Web Server interfaceMenu bar Popup menus Shortcut keysMcDATA Web Server Fabric tree Graphic windowSelecting switches Data windows and tabsSelecting ports Security consistency checklist Securing a fabricRemote authentication Connection securityUser account security Device security Edit Security dialog Create Security Set dialog Create Security Group dialogCreate Security Group Member dialog McDATA 4Gb SAN Switch for HP p-Class BladeSystem user guide Editing the security configuration on a switch Viewing properties of a security set, group, or memberSecurity Config dialog Archiving a security configuration to a fileActivating a security set Fabric services Rediscovering a fabricDisplaying the event browser Events browserSorting the event browser Filtering the event browser Saving the event browser to a fileWorking with device information and nicknames Devices data windowDisplaying detailed device information Managing device port nicknamesDeleting a nickname Creating a nicknameEditing a nickname Exporting nicknames to a fileZoning a fabric Zoning conceptsZones Zone sets Zoning databaseZoning limits and properties Managing the zoning database Editing the zoning databaseMcDATA 4Gb SAN Switch for HP p-Class BladeSystem user guide Configuring the zoning database Saving the zoning database to a fileRestoring the zoning database from a file Restoring the default zoning database Managing the active zone setRemoving all zoning definitions Displaying the configured and active zone sets Active zone set data windowRemoving a zone from a zone set Creating a zone setActivating and deactivating a zone set Removing a zone setManaging zones Creating a zone in a zone setAdding zone members Renaming a zone or a zone setRemoving a zone member Zone merge failure recovery Merging fabrics and zoningZone merge failure Managing switches Managing user accountsUser Account Administration dialog Add Account tab Creating user accountsUser Account Administration Dialog Remove Account tab Removing a user accountChanging a user account password User Account Administration dialog Change Password tabUser Account Administration dialog Modify Account tab Modifying a user accountConfiguring Radius servers Adding a Radius server Removing a Radius server Editing Radius server information Modifying Radius server authentication order Displaying switch information Switch event logDevice and Host Bus Adapter information Switch status and operational information Switch data windowMcDATA 4Gb SAN Switch for HP p-Class BladeSystem user guide With a switch Ratov McDATA Web Server Configured Zonesets data window Port performance statisticsPort status and operational information Configuring port threshold alarms Paging a switch Setting the date/time and enabling NTP clientResetting a switch Configuring a switch Switch propertiesDomain ID and domain ID lock Symbolic name SyslogSwitch administrative states Broadcast supportIn-band management Advanced switch properties Fabric Device Management InterfaceSystem services Timeout valuesInterop mode Page Network properties Snmp properties Snmp configuration Snmp trap configurationArchiving a switch Switch bindingRestoring a switch Restoring the factory default configuration Downloading a support file Installing Product Feature Enablement keys Installing firmware Displaying hardware status Hardware status LEDsManaging ports Port information data windowPersistent and will be lost on a switch reset VIEnable and LCFEnable features based on Port statistics data window LIP ALPD,ALPS Alps Viewing and configuring ports Port symbolic namePort states Port types Port speeds Port transceiver media statusDevice scan Resetting a port Testing portsPort binding Page Glossary FRU SFP 100 Index 102 System Fault LED 84 system services 104
Top Page Image Contents