HP Ethernet BL-c manual Radius

Page 13

RADIUS

The switch supports the RADIUS method to authenticate and authorize remote administrators for managing the switch. This method is based on a client/server model. The RAS, the switch, is a client to the back-end database server. A remote user (the remote administrator) interacts only with the RAS, not the back-end server and database.

RADIUS authentication consists of:

A protocol with a frame format that utilizes UDP over IP, based on RFC 2138 and 2866

A centralized server that stores all the user authorization information

A client, in this case, the switch

The switch, acting as the RADIUS client, communicates to the RADIUS server to authenticate and authorize a remote administrator using the protocol definitions specified in RFC 2138 and 2866. Transactions between the client and the RADIUS server are authenticated using a shared key that is not sent over the network. In addition, the remote administrator passwords are sent encrypted between the RADIUS client (the switch) and the back-end RADIUS server.

The benefits of using RADIUS are:

Authentication of remote administrators

Identification of the administrator using name/password

Authorization of remote administrators

Determination of the permitted actions and customizing service for individual administrators

TACACS+

The switch supports the TACACS+ method to authenticate, authorize, and account for remote administrators managing the switch. This method is based on a client/server model. The switch is a client to the back-end TACACS+ AAA server. A remote user (the remote administrator) interacts only with the client, and not with the back end AAA server.

The TACACS+ AAA method consists of:

A protocol with a frame format that utilizes TCP over IP

A centralized AAA server that stores all the user authentication, authorization, and accounting (of usage) information

A NAS or client (in this case, the switch)

The switch, acting as the TACACS+ client or NAS, communicates to the TACACS+ server to authenticate, authorize, and account for user access. Transactions between the client and the TACACS+ server are authenticated using a shared key that is not sent over the network. In addition, the remote administrator passwords are sent encrypted between the TACACS+ client (the switch) and the back-end TACACS+ server.

The switch supports:

Only standard ASCII inbound login authentication. PAP, CHAP, or ARAP login methods are not supported. One-time password authentication is also not supported.

Authorization privilege levels of only 0, 3, and 6. These map to management levels of user, oper, and admin, respectively.

Introduction 13

Page 12 Page 14
Image 13
Page 12 Page 14
Contents HP 110Gb Ethernet BL-c Switch User Guide Audience assumptions Contents Replacing a switch Acronyms and abbreviations Index Introduction FeaturesAdditional references Enterprise class performanceIntroduction Configuration and management Switch redundancyDiagnostic tools Switch architecturePort Mapping Dual switches Layer 3 switching Layer 2 switching Supported technologies Redundant crosslinksSpanning Tree Protocol Ieee 802.1 Q-based VlanPort mirroring Store and forward switching schemePort trunking and load balancing Tftp supportRadius XModem SSH and SCPIgmp Snooping Jumbo framesRedundant images in firmware Component identification 110Gb Ethernet Blade Switch front panelGreen-Link LED top Preparing for installation Installing the switchPlanning the switch configuration Default settingsUser, operator, and administrator access rights Switch securityConfiguring multiple switches Manually configuring a switchInstalling the switch Accessing the switch Logging on and configuring the switch Supporting software and special considerations Installing XFP transceiversInstalling the switch Replacing an existing switch Replacing a switchReplacing a switch Class a equipment Regulatory compliance noticesModifications CablesBsmi notice Japanese class a notice European Union regulatory noticeKorean class a notice Laser compliance General specifications Technical specificationsSTP Port names, VLANs, STP, trunking default settingsGeneral default settings Runtime switching software default settingsSTP Algorithm Setting Value Mstp UFD Igmp Performance specifications Physical and environmental specificationsCategory Specification Performing a serial download Serial upgrade of boot code firmware image procedureIntroduction Performing a serial download Performing a serial download 10G100.bin Serial upgrade of operating system firmware procedurePerforming a serial download Performing a serial download MIB overview Snmp MIBs supportSnmp Manager software Supported traps Supported MIBsSnmp MIBs support Preventing electrostatic discharge Electrostatic dischargeGrounding methods to prevent electrostatic discharge Standard RJ-45 receptacle/connector RJ-45 pin specificationRJ-45 signals RJ-45 pins DB-9 pins DB-9 signals Health LED on the switch is not on TroubleshootingTroubleshooting Bootp Page Troubleshooting Troubleshooting XFP transceiver port is disabled Switch configuration is corruptDownload fails after starting to download the firmware file Acronyms and abbreviations Ieee NTP SCP Index Switch self-test, troubleshooting
Top Page Image Contents