RADIUS Authentication and Accounting

Configuring the Switch for RADIUS Authentication

1.Configure Authentication for the Access Methods You Want RADIUS To Protect

This section describes how to configure the switch for RADIUS authentication through the following access methods:

Console: Either direct serial-port connection or modem connection.

Telnet: Inbound Telnet must be enabled (the default).

SSH: To employ RADIUS for SSH access, you must first configure the switch for SSH operation. Refer to “Configuring Secure Shell (SSH)” on page 4-1.

You can also use RADIUS for Port-Based Access authentication. Refer to “Configuring Port-Based Access Control (802.1x)” on page 6-1.

You can configure RADIUS as the primary password authentication method for the above access methods. You will also need to select either local or none as a secondary, or backup, method. Note that for console access, if you configure radius (or tacacs) for primary authentication, you must configure local for the secondary method. This prevents the possibility of being com- pletely locked out of the switch in the event that all primary access methods fail.

Syntax: aaa authentication < console telnet ssh > < enable login > < radius >

Configures RADIUS as the primary password authentication method for console, Telnet, and/or SSH. (The default primary < enable login > authentication is local.)

[< local none >]

Provides options for secondary authentication (default: none). Note that for console access, secondary authentication must be local if primary access is not local. This prevents you from being completely locked out of the switch in the event of a failure in other access methods.

3-8

Page 62
Image 62
HP 4100gl manual Local none