RADIUS Authentication, Authorization, and Accounting

Configuring the Switch for RADIUS Authentication

Figure 5-2shows an example of the show authentication command displaying authorized as the secondary authentication method for port-access, Web-auth access, and MAC-auth access. Since the configuration of authorized means no authentication will be performed and the client has unconditional access to the network, the “Enable Primary” and “Enable Secondary” fields are not applicable (N/A).

ProCurve(config)# show authentication

Status and Counters - Authentication Information

Login Attempts : 3

Respect Privilege : Disabled

 

Login

Login

Enable

Enable

 

Access Task

Primary

Secondary

Primary

Secondary

 

----------- +

----------

----------

----------

----------

 

 

The access methods

Console

Local

None

Local

None

Telnet

Local

None

Local

None

with secondary

authentication

Port-Access

Local

Authorized N/A

N/A

 

 

 

 

configured as authorized

Webui

Local

None

Local

None

allows the client access

SSH

Local

None

Local

None

to the network even if the

Web-Auth

ChapRadius

Authorized N/A

N/A

RADIUS server is

MAC-Auth

ChapRadius

Authorized N/A

N/A

unreachable.

 

 

 

 

 

 

 

 

 

Figure 5-2. Example of AAA Authentication Using Authorized for the Secondary Authentication Method

Suppose you already configured local passwords on the switch, but want RADIUS to protect primary Telnet and SSH access without allowing a secondary Telnet or SSH access option (the switch’s local passwords):

5-12