Enhancements

Release M.10.39 Enhancements

Enhancement (PR_1000428213) — This software enhancement adds the ability to configure a secondary authentication method to be used when the RADIUS server is unavailable for the primary port-access method.

RADIUS Server Unavailable

Overview

In certain situations, RADIUS servers can become isolated from the network. Users are not able to access the network resources configured with RADIUS access protection and are rejected. To address this situation, configuring the “authorized” secondary authentication method allows users unconditional access to the network when the primary authentication method fails because the RADIUS servers are unreachable.

Configuring RADIUS Authentication

You can configure the switch for RADIUS authentication through the following access methods:

Console: Either direct serial-port connection or modem connection.

Telnet: Inbound Telnet must be enabled (the default).

SSH: To use RADIUS for SSH access, first configure the switch for SSH operation.

Web: Enables RADIUS authentication for web browser interface access to the switch.

You can configure radius as the primary password authentication method for the above access methods. You also need to select either local, none, or authorized as a secondary, or backup, method..

Syntax: aaa authentication < console telnet ssh web > < enable login > radius

Configures RADIUS as the primary password authentication method for console, Telnet, SSH, and the web browser interface. (The default primary < enable login > authentica- tion is local.)

[< local none authorized >]

Provides options for secondary authentication (default: none).

C a u t i o n

Configuring authorized as the secondary authentication method used when there is a failure accessing the RADIUS servers allows clients to access the network unconditionally. Use this method with care.

121

Page 131
Image 131
HP 3400CL-24G manual Radius Server Unavailable, Overview, Configuring Radius Authentication