HP SAN manual Adding a Radius server

Page 55

Adding a RADIUS server

A RADIUS server provides a method to centralize user and device authentication over a network.

Figure 22 RADIUS Server Information dialog—Add Server tab page

To add a RADIUS server:

1.Select Switch > Radius Servers in the faceplate display. The Radius Servers... option will not be available unless the SSL service is enabled. See ”System services ” on page 73 for information about enabling the SSL service.

2.Click the Add Server tab in the Radius Server Information dialog shown in Figure 22 .

3.Select Device, User, or Account for the server type.

4.Enter the remote IP address of the server in the IP Address field.

5.Enter the remote UDP port number of the Authentication RADIUS Server in the UDP Port field.

The RADIUS Accounting Server UDP port will always be the value of Device/User Authentication Server UDP Port + 1. When enabled, the RADIUS Accounting Server audits user activity whether UserAuthServer is enabled or not. The RADIUS Accounting Server default is False.

6.Enter the timeout value in seconds (minimum of 1 second, maximum of 30 seconds) in the Timeout field. This is the number of seconds the RADIUS client will wait for a response from the RADIUS server before retrying, or giving up on a request.

7.Enter the number of retries in the Retries field. This is the maximum number of times the RADIUS client will retry a request sent to the primary RADIUS server.

8.Select Sign Packet to enable the switch to include a digital signature (Message-Authenticator) in all RADIUS access request packets sent to the RADIUS server. A valid Message-Authenticator attribute will be required in all RADIUS server responses.

9.Enter the server secret in the Secret field. A secret is required for all RADIUS servers. The secret is used when generating and checking the Message-Authenticator attribute.

10.Click Add Server to add the server.

11.Click Modify Authentication Order tab, and verify that Device Authentication Order and User Authentication Order options are set to Radius or Radius Local. See ”Modifying RADIUS server authentication order ” on page 58 for more information.

a.RADIUS—Only attempts to authenticate using the RADIUS server (another computer that provides authentication).

b.RADIUS Local—Attempts to authenticate using the RADIUS server. If the switch can not contact the RADIUS server due to a network or some other problem, the switch will authenticate using the local password database.

12.Click Close to close the Radius Server Information dialog.

McDATA® 4Gb SAN Switch for HP p-Class BladeSystem user guide 55

Image 55

Contents McDATA 4Gb SAN Switch Page Contents Managing switches Glossary Index Managing portsTables Prerequisites Intended audienceRelated documentation Jdom license Document conventions and symbolsHP-authorized reseller HP technical supportHelpful web sites Using McDATA Web Server/Element Manager Starting McDATA Web Server Workstation requirementsExiting McDATA Web Server or Element Manager Starting Element Manager in HafmSetting preferences Enabling e-mail support Using online helpViewing software version and copyright information Enabling call homeMcDATA Web Server interface User interfaceMenu bar Shortcut keys Popup menusGraphic window McDATA Web Server Fabric treeData windows and tabs Selecting switchesSelecting ports Securing a fabric Security consistency checklistConnection security Remote authenticationUser account security Device security Edit Security dialog Create Security Group dialog Create Security Set dialogCreate Security Group Member dialog McDATA 4Gb SAN Switch for HP p-Class BladeSystem user guide Viewing properties of a security set, group, or member Editing the security configuration on a switchArchiving a security configuration to a file Security Config dialogActivating a security set Rediscovering a fabric Fabric servicesEvents browser Displaying the event browserSorting the event browser Saving the event browser to a file Filtering the event browserDevices data window Working with device information and nicknamesManaging device port nicknames Displaying detailed device informationExporting nicknames to a file Creating a nicknameEditing a nickname Deleting a nicknameZoning concepts Zoning a fabricZones Zoning database Zone setsZoning limits and properties Editing the zoning database Managing the zoning databaseMcDATA 4Gb SAN Switch for HP p-Class BladeSystem user guide Saving the zoning database to a file Configuring the zoning databaseRestoring the zoning database from a file Managing the active zone set Restoring the default zoning databaseRemoving all zoning definitions Active zone set data window Displaying the configured and active zone setsRemoving a zone set Creating a zone setActivating and deactivating a zone set Removing a zone from a zone setCreating a zone in a zone set Managing zonesRenaming a zone or a zone set Adding zone membersRemoving a zone member Merging fabrics and zoning Zone merge failure recoveryZone merge failure Managing user accounts Managing switchesCreating user accounts User Account Administration dialog Add Account tabRemoving a user account User Account Administration Dialog Remove Account tab User Account Administration dialog Change Password tab Changing a user account passwordModifying a user account User Account Administration dialog Modify Account tabConfiguring Radius servers Adding a Radius server Removing a Radius server Editing Radius server information Modifying Radius server authentication order Switch event log Displaying switch informationDevice and Host Bus Adapter information Switch data window Switch status and operational informationMcDATA 4Gb SAN Switch for HP p-Class BladeSystem user guide With a switch Ratov Port performance statistics McDATA Web Server Configured Zonesets data windowPort status and operational information Configuring port threshold alarms Setting the date/time and enabling NTP client Paging a switchResetting a switch Switch properties Configuring a switchDomain ID and domain ID lock Syslog Symbolic nameBroadcast support Switch administrative statesIn-band management Fabric Device Management Interface Advanced switch propertiesTimeout values System servicesInterop mode Page Network properties Snmp properties Snmp trap configuration Snmp configurationSwitch binding Archiving a switchRestoring a switch Restoring the factory default configuration Downloading a support file Installing Product Feature Enablement keys Installing firmware Hardware status LEDs Displaying hardware statusPort information data window Managing portsPersistent and will be lost on a switch reset VIEnable and LCFEnable features based on Port statistics data window LIP ALPD,ALPS Alps Port symbolic name Viewing and configuring portsPort states Port types Port transceiver media status Port speedsDevice scan Testing ports Resetting a portPort binding Page Glossary FRU SFP 100 Index 102 System Fault LED 84 system services 104