RADIUS Authentication, Authorization, and Accounting

Overview

Note

The switch does not support RADIUS security for SNMP (network manage-

 

ment) access. For information on blocking access through the web browser

 

interface, refer to “Controlling Web Browser Interface Access” on page 5-25.

 

 

Accounting Services

RADIUS accounting on the switch collects resource consumption data and forwards it to the RADIUS server. This data can be used for trend analysis, capacity planning, billing, auditing, and cost analysis.

RADIUS-Administered CoS and Rate-Limiting

The switches covered in this guide take advantage of vendor-specific attributes (VSAs) applied in a RADIUS server to support these optional, RADIUS- assigned attributes:

802.1p (CoS) priority assignment to inbound traffic on the specified port(s) (port-access authentication only)

Per-Port Rate-Limiting on a port with an active link to an authenti- cated client (port-access authentication only)

RADIUIS-Administered Commands Authorization

This feature enables RADIUS server control of an authenticated client’s access to CLI commands on the switch. Refer to “Commands Authorization” on page 5-26.

SNMP Access to the Switch’s Authentication

Configuration MIB

The switch’s default configuration allows SNMP access to the hpSwitchAuth MIB (Management Information Base). A management station running an SNMP networked device management application such as ProCurve Manager Plus (PCM+) or HP OpenView can access the switch’s MIB for read access to the switch’s status and read/write access to the switch’s configuration. For more information, including the CLI command to use for disabling this feature, refer to “Using SNMP To View and Configure Switch Authentication Features” on page 5-21.

5-4