Configuring Radius on the switch CLI example | HP 445946-001

Accessing the switch

Configuring RADIUS on the switch (CLI example)

To configure RADIUS on the switch, do the following:

1.Turn RADIUS authentication on, and then configure the Primary and Secondary RADIUS servers. For example:

>> Main# /cfg/sys/radius			(Select the RADIUS Server menu)
>> RADIUS Server#		on	(Turn RADIUS on)
Current status: OFF
New status:	ON
>> RADIUS Server#		prisrv 10.10.1.1	(Enter primary server IP)
Current primary RADIUS server:			0.0.0.0
New pending primary RADIUS server: 10.10.1.1
>> RADIUS Server#		secsrv 10.10.1.2	(Enter secondary server IP)
Current secondary		RADIUS server:	0.0.0.0

New pending secondary RADIUS server: 10.10.1.2

2.Configure the primary RADIUS secret and secondary RADIUS secret.


>>	RADIUS		Server# secret
Enter		new	RADIUS secret: <1-32 character secret>
>>	RADIUS		Server# secret2
Enter		new	RADIUS second secret: <1-32 character secret>

CAUTION: If you configure the RADIUS secret using any method other than a direct console connection, the secret may be transmitted over the network as clear text.

3.If desired, you may change the default User Datagram Protocol (UDP) port number used to listen to RADIUS. The well-known port for RADIUS is 1645.

>>RADIUS Server# port

Current RADIUS port: 1645

Enter new RADIUS port [1500-3000]: <UDP port number>

4.Configure the number of retry attempts for contacting the RADIUS server and the timeout period.

>>RADIUS Server# retries

Current RADIUS server retries: 3

Enter new RADIUS server retries [1-3]:<server retries> >> RADIUS Server# time

Current RADIUS server timeout: 3

Enter new RADIUS server timeout [1-10]: 10 (Enter the timeout period in seconds)

5.Apply and save the configuration.

>>RADIUS Server# apply

>>RADIUS Server# save

22

Image 22

HP 445946-001 manual Configuring Radius on the switch CLI example, Apply and save the configuration

Contents

HP 10Gb Ethernet BL-c Switch Part number First edition June Legal notices Contents Configuring port-based traffic control Configuring Lacp802.1x authentication process 802.1x port states Adding a Vlan to a Spanning Tree Group Creating a Vlan Configuration guidelinesBridge priority Port priority Port path cost Edge port Link type 106 100105 109 141 131Internal versus external routing 134 155 173 Configuring the switch for tracking 177167 175 Accessing the switch Accessing the switchIntroduction Typographical conventions Typeface or Meaning Example SymbolAdditional references Management Network Connecting through Telnet Connecting through the console portConnecting through Secure Shell Using the command line interfaces Configuring an IP interface Using the Browser-based Interface Apply, verify, and save the configuration For more details, see Configuring Snmp trap hosts Using Simple Network Management ProtocolDefault configuration Snmp User configuration Cfg/sys/ssnmp/snmpv3/usm x/auth md5sha View based configurations CLI user equivalent CLI oper equivalent Configuring Snmp trap hostsConfigure a user with no authentication or password SNMPv1 trap host Accessing the switch Configure an entry in the notify table Sys/ssnmp/snmpv3/tparam x/uname SNMPv2 trap host configuration SNMPv3 trap host configuration Secure access to the switch Setting allowable source IP address ranges Configuring an IP address range for the management network Radius authentication and authorizationHow Radius authentication works Configuring Radius on the switch CLI example Apply and save the configuration Configuring Radius on the switch BBI example Click Submit User account Radius authentication featuresUser accounts for Radius users Description and tasks performed User name/access User service type Value TACACS+ authenticationAccessing the switch User access levels Radius attributes for user privileges Authorization How TACACS+ authentication worksTACACS+ authentication features User access level TACACS+ level Accounting Configure the TACACS+ secret and second secret Configure custom privilege-level mapping optional Configuring TACACS+ authentication on the switch BBI example Secure Shell and Secure Copy Configuring SSH and SCP features CLI example Enabling or disabling SSH Switch prompts you for the scpadmin password Using SSH and SCP client commandsEnter the following command to log in to the switch For example Generating RSA host and server keys for SSH access SSH and SCP encryption of management messages SSH/SCP integration with Radius and TACACS+ authentication User access controlUser account Description Password Define the user name and password Setting up user IDsEnable the user ID Ports and trunking Ports on the switchPorts and trunking Port number Port alias Ports and trunking Ethernet switch port names Before you configure trunksBuilt-in fault tolerance Port trunk groups Trunk group configuration rules Cfg/port x/cur Port trunking example On Switch 1, configure trunk groups 5 Configuring trunk groups CLI exampleOn Switch 2, configure trunk groups 4 Configuring trunk groups BBI example Click Submit Page Actor Switch Partner Switch Configurable Trunk Hash algorithmLink Aggregation Control Protocol Page Apply and verify the configuration Configuring LacpDefine the admin key on port Save your new configuration changes Extensible authentication protocol over LAN Port-based Network Access and traffic controlPort-based Network Access control Port-based Network Access and traffic control 802.1x authentication process EAPoL Message Exchange 802.1x port states Supported Radius attributes Attribute Attribute Value EAPoL configuration guidelines Port-based traffic control Configuring port-based traffic control VLANs and port Vlan ID numbers VLANsOverview Vlan numbers Pvid numbers Viewing and configuring PVIDsPort configuration Viewing VLANs Vlan tagging VLANs VLANs VLANs and IP interfaces Vlan topologies and design considerations Vlan configuration rules Multiple Vlans with tagging Component Description Configuring ports and VLANs on Switch 1 CLI example Configuring the example networkVLANs Multiple VLANs with tagging # add Add port 18 to Vlan Current Ports for Configuring ports and VLANs on Switch 2 CLI example Configuring ports and VLANs on Switch 1 BBI example VLANs Enable the port and enable Vlan tagging FDB static entries Cfg/l2/fdb/static Configuring a static FDB entry Trunking support for FDB static entries Bridge Protocol Data Units Spanning Tree ProtocolSpanning Tree Protocol Default Spanning Tree configuration Spanning Tree Group configuration guidelinesDetermining the path for forwarding BPDUs Rules for Vlan tagged ports Adding a Vlan to a Spanning Tree GroupCreating a Vlan Adding and removing ports from STGs Multiple Spanning Trees Why do we need Multiple Spanning Trees?Switch element Belongs to Assigning cost to ports and trunk groups Vlan participation in Spanning Tree Groups Two VLANs on separate instances of Spanning Tree Protocol Configuring Switch 1 CLI example Configuring Multiple Spanning Tree GroupsConfiguring Switch 2 CLI example Configuring Switch 1 BBI example Page Configuring Fast Uplink Convergence Configuring Port Fast ForwardingConfiguration guidelines Port Fast Forwarding Port state changes Rstp and MstpRapid Spanning Tree Protocol Rstp and Mstp Rstp configuration example Rstp configuration guidelinesPort type and link type Configuring Rapid Spanning Tree Protocol BBI example Mstp region Rstp and Mstp Apply, verify, and save the configurationMultiple Spanning Tree Protocol Common Internal Spanning Tree Configuring Multiple Spanning Tree Protocol CLI example Mstp configuration guidelinesMstp configuration example Assign VLANs to Spanning Tree Groups Configuring Multiple Spanning Tree Protocol BBI example Click Submit Page Apply, verify, and save the configuration Quality of Service Quality of Service Summary of packet classifiers Using ACL filtersNumber Protocol Name Application Quality of Service Well-known protocol typesNumber Well-krown TCP flag values Understanding ACL precedence Summary of ACL actionsPrecedence Group ACLs Precedence Level Using ACL Groups Metering ACL Metering and Re-markingViewing ACL statistics Re-marking ACL configuration examples Configure Access Control Lists CLI example Configure Access Control Lists and Groups BBI example Click Submit Page Quality of Service Add the ACL to the port Per Hop Behavior Using Dscp values to provide QoSDifferentiated Services concepts Drop Precedence Class QoS levels Using 802.1p priorities to provide QoSService Level Default PHB 802.1p Priority Class selector priority classesPage 802.1p configuration BBI example 802.1p configuration CLI exampleConfigure a port’s default 802.1 priority Quality of Service Select a port 101 Quality of Service Set the 802.1p priority value 102 103 Page Queuing and scheduling Routing between IP subnets Basic IP routingIP routing benefits Basic IP routingPage Page Subnet Devices IP Addresses Example of subnet routingInterface Devices IP Interface Address Devices IP Interface Switch Port Using VLANs to segregate broadcast domainsEnable, apply, and verify the configuration Add the switch ports to their respective VLANs 110 111 Dynamic Host Configuration Protocol Dhcp relay agent Dhcp relay agent configuration Distance vector protocol Routing updatesRouting Information Protocol Stability RIPv1 RIPv2 in RIPv1 compatibility modeRIP Features RIPv2 Multicast DefaultAuthentication Metric Add IP interfaces to VLANs RIP configuration exampleAdd VLANs for routing interfaces Cfg/l3/frwd/on before you turn RIP on Igmp Snooping Igmp Snooping IGMPv3 FastLeave Configuring the action Configuring the rangeIgmp Filtering Enable IGMPv3 Snooping optional Igmp Snooping configuration exampleConfiguring Igmp Snooping CLI example Static multicast router Enable Igmp Filtering on the switch Configuring Igmp Filtering CLI exampleConfiguring a Static Mrouter CLI example Define an Igmp Filter Configuring Igmp Snooping BBI example Igmp Snooping Enable Igmp Snooping Apply, verify, and save the configuration 124 Configuring Igmp Filtering BBI example Select Layer 3 Igmp Igmp Filters Add Filter Igmp Snooping Define the Igmp Filter126 Page Apply, verify, and save the configuration 128 Configuring a Static Multicast Router BBI example Configure Static Mrouter Click the Configure context button Apply, verify, and save the configuration Igmp Snooping 130 Ospf overview Types of Ospf areas Types of Ospf routing devices Ospf area types Link-State Database Neighbors and adjacenciesShortest Path First Tree Configurable parameters Ospf implementation in HP 10GbE switch softwareInternal versus external routing Assigning the area index Defining areasArea index set to an arbitrary value Interface cost Using the area ID to assign the Ospf area numberAttaching an area to a network Electing the designated router and backup Default routesSummarizing routes Virtual links Router ID Enable Ospf authentication for Area 2 on switch Enable Ospf MD5 authentication for Area 2 on switch Configure MD5 key ID for Area 0 on switches 1, 2,Assign MD5 key ID to Ospf interfaces on switches 1, 2, Assign MD5 key ID to Ospf virtual link on switches 2 Ospf features not supported in this release Ospf configuration examplesExample 1 Simple Ospf domain CLI example Example 1 Simple Ospf domain BBI example Apply, verify, and save the configuration 143 Ospf Click Submit Click Submit Select Add Ospf Area Configure the Ospf area146 Ospf Click Submit Select Add Ospf Interface 148 Apply, verify, and save the configuration 149 Example 2 Virtual links Configuring Ospf for a virtual link on Switch aDefine the backbone Switch B in step Configuring Ospf for a virtual link on Switch BConfigure the virtual link Attach the network interface to the transit area Other Virtual Link Options Example 3 Summarizing routesDefine the transit area 153 Verifying Ospf configuration Rmon group 1-statistics Remote monitoringRemote monitoring Configuring Rmon Statistics BBI example Configuring Rmon Statistics CLI exampleView Rmon statistics for the port Remote monitoring Select a port 157 Remote monitoring Enable Rmon on the port Rmon group 2-history Configure the Rmon History parameters History MIB objects Configure Rmon History BBI example Apply, verify, and save the configuration 160 Rmon group 3-alarms Alarm MIB objects Configure Rmon Alarms BBI example Configure the Rmon Alarm parameters to track Icmp messages Apply, verify, and save the configuration 163 164 Configure the Rmon Event parameters Configuring Rmon Events CLI exampleRemote monitoring Apply, verify, and save the configuration Rmon group 9-events Configuring Rmon Events BBI example Apply, verify, and save the configuration 166 Uplink Failure Detection High availabilityHigh availability Failure Detection Pair Spanning Tree Protocol with UFD Configuring Uplink Failure Detection Monitoring Uplink Failure Detection Turn UFD on Configuring UFD on Switch 1 CLI exampleConfiguring UFD on Switch 2 CLI example Create a trunk group of uplink ports 18-21 to monitor Configuring Uplink Failure Detection BBI example Apply, verify, and save the configuration 172 Virtual router Vrrp overviewVrrp components Virtual router MAC address Selecting the master Vrrp router Master and backup virtual routerVrrp operation Virtual Interface Router Failover methods Active-Active redundancy Tracking Vrrp router priority HP 10GbE switch extensions to VrrpParameter Virtual router deployment considerations Configuring the switch for trackingAssigning Vrrp virtual router ID Task 1 Configure Switch a High availability configurationsActive-Active configuration Configure ports Turn off Spanning Tree Protocol globally High availability Configure client and server interfacesTurn on Vrrp and configure two Virtual Interface Routers 179 Task 2 Configure Switch B Task 1 Configure Switch a BBI example Vrrp Virtual Router 1# Click Submit 183 184 Page High availability Enable Vrrp processing Click Submit Select Add Virtual Router 187 Click Submit High availability 189 Apply, verify, and save the configuration 190 Troubleshooting tools Troubleshooting toolsPort Mirroring View the current configuration Configuring Port Mirroring CLI exampleEnable Port Mirroring Select the ports that you want to mirror Configuring Port Mirroring BBI example Click Add Mirrored Port Other network troubleshooting techniques Page Index Index197 198