![](/images/backgrounds/285815/hp-4100gl-users-manual-54993769x1.png)
RADIUS Authentication and Accounting
Controlling Web Browser Interface Access When Using RADIUS Authentication
For local authentication, the switch uses the
■If the operator at the requesting terminal correctly enters the user- name/password pair for either access level (Operator or Manager), access is granted on the basis of which username/password pair was used. For example, suppose you configure Telnet primary access for RADIUS and Telnet secondary access for local. If a RADIUS access
attempt fails, then you can still get access to either the Operator or Manager level of the switch by entering the correct username/pass-
word pair for the level you want to enter.
■If the username/password pair entered at the requesting terminal does not match either local username/password pair previously configured
in the switch, access is denied. In this case, the terminal is again prompted to enter a username/password pair. In the default configu-
ration, the switch allows up to three attempts. If the requesting terminal exhausts the attempt limit without a successful authentica-
tion, the login session is terminated and the operator at the requesting terminal must initiate a new session before trying again.
Controlling Web Browser Interface
Access When Using RADIUSAuthentication
Configuring the switch for RADIUS authentication does not affect web browser interface access. To prevent unauthorized access through the web browser interface, do one or more of the following:
■Configure local authentication (a Manager user name and password and, optionally, an Operator user name and password) on the switch.
■Configure the switch’s Authorized IP Manager feature to allow web browser access only from authorized management stations. (The Authorized IP Manager feature does not interfere with TACACS+ operation.)
■Disable web browser access to the switch.