Manuals / HP / Computer Equipment / Accelerators

HP Enterprise File Services WAN Accelerator RADIUS and TACACS+ Authentication, In This Chapter

Models: Enterprise File Services WAN Accelerator

1 124

Download 124 pages 48.85 Kb

Page 103

CHAPTER 9 RADIUS and TACACS+

CHAPTER 9 RADIUS and TACACS+

Authentication

In This Chapter	This chapter describes how to configure Remote Authentication Dial-In User Service
	(RADIUS) or Terminal Access Controller Access Control System (TACACS+)
	authentication for the HP EFS WAN Accelerator. It contains the following sections:
	“Introduction to Authentication,” next
	“Configuring a RADIUS Server with FreeRADIUS” on page 98
	“Configuring a TACACS+ Server with Free TACACS+” on page 100
	“Configuring RADIUS Authentication in the HP EFS WAN Accelerator” on
	page 101
	“Configuring TACACS+ Authentication in the HP EFS WAN Accelerator” on
	page 103

Introduction to Authentication

The HP EFS WAN Accelerator can use a RADIUS or TACACS+ authentication system for logging in administrative and monitor users. The following methods for user authentication are provided with the HP EFS WAN Accelerator:

local

radius

tacacs+

The order in which authentication is attempted is based on the order specified in the Authentication, Authorization, Accounting (AAA) method list. The local value must always be specified in the method list.

The authentication methods list provides backup methods if a method fails to authenticate a user. Failure is defined as no response for the method. If a deny is received from the method being tried, no other methods are attempted.

The HP EFS WAN Accelerator does not have the ability to set a per interface authentication policy. The same authentication method list is used for all interfaces (that is, default). You cannot configure authentication methods with subsets of the RADIUS or TACACS+ servers specified (that is, there are no server groups).

9 - RADIUS AND TACACS+

AUTHENTICATION

HP STORAGEWORKS ENTERPRISE FILE SERVICES WAN ACCELERATOR 2.1.5 DEPLOYMENT GUIDE

97

Image 103

HP Enterprise File Services WAN Accelerator manual RADIUS and TACACS+ Authentication, Introduction to Authentication, page

Contents

407118-002 Part number Second edition June HP StorageWorks Enterprise File Services WAN Accelerator407118-001 deployment guideLegal and notice information Enterprise File Services WAN Accelerator 2.1.5 deployment guideChapter 1 Designing an HP EFS WAN Accelerator Deployment ContentsChapter 2 In-Path Deployments Chapter ChapterConfiguring Connection Forwarding ChapterChapter 7 WCCP Deployments Chapter 6 Policy-Based Routing DeploymentsGlossary Chapter 8 Proxy File Service DeploymentsChapter 9 RADIUS and TACACS+ Authentication Chapter 10 Serial Cluster and Cascade Deployments‹ “About This Guide,” next IntroductionAbout This Guide In This IntroductionINTRODUCTION Organization of This Guidedelete filename upload filename Document ConventionsCourier ntp peer addr version numberEthernet Network Compatibility Hardware and Software DependenciesAntivirus Compatibility ‹ “Related HP Documentation” on page ‹ “Online Documentation” on page Additional Resources‹ “Related Reading” on page Related HP Documentation Online Documentation Related ReadingHP Storage Web Site Contacting HPTechnical Support INTRODUCTION ‹ “Introduction to the HP EFS WAN Accelerator” next CHAPTER 1 Designing an HP EFS WAN Accelerator DeploymentIntroduction to the HP EFS WAN Accelerator In This ChapterHow Does SDR Work? Transaction AccelerationScalable Data Referencing Virtual Window ExpansionTransaction Prediction Design and Deployment Overview4. Choose a network template Bypass Mode Definition of TermsFailover Mode ‹ optimization is lost on the current connections on the master HP EFS WAN Accelerator 1 - DESIGNING AN HP EFS WAN ACCELERATOR DEPLOYMENT ‹ “In-Path, Failover Support Deployment” on page Configuration GuideCHAPTER 2 In-Path Deployments ‹ “Introduction to Physical In-Path Deployments,” nextIn-Path, Failover Support Deployment Introduction to Physical In-Path DeploymentsBasic Steps Client-Side 4. Enable failover support. For example Basic Steps Server-Side In-Path, Two Routing Points DeploymentBasic Steps Client-Side Basic Steps Server-Side In-Path, Server-Side DeploymentBasic Steps Client-Side Basic Steps Server-Side In-Path, Server-Side, One to One DeploymentFigure 2-5. In-Path, Server-Side Deployment Figure 2-6. In-Path, Server-Side, One to One Deployment Basic Steps Client-Side Basic Steps Server-SideFigure 2-7. Setup Advanced Networking - Failover Settings Page ‹ “Introduction to Virtual In-Path Deployments,” next ‹ “In-Path, Load Balanced, Layer-4 Switch” on pageCHAPTER 3 Virtual In-Path Network Deployments Introduction to Virtual In-Path Deployments3 - VIRTUAL IN-PATH NETWORK DEPLOYMENTS In-Path, Load Balanced, Layer-4 SwitchBasic Steps Client-Side Basic Steps Server-Side Figure 3-1. In-Path, Load-Balanced, Layer-4 Switch Deployment7. Enable Layer-4 switch support. For example ‹ “Out-of-Path, Failover Deployment” on page CHAPTER 4 Out-of-Path Network DeploymentsIntroduction to Out-of-Path Deployments ‹ “Introduction to Out-of-Path Deployments,” nextFigure 4-1. Physical Out-of-Path Deployment Out-of-Path, Failover DeploymentFigure 4-2. Out-of-Path, Server-Side, Failover Support Deployment Basic Steps Client-Side4 - OUT-OF-PATH NETWORK DEPLOYMENTS Figure 4-3. Setup Optimization Service - In-Path Rules PageBasic Steps Server-Side Out-of-Path, Static Cluster DeploymentBasic Steps Client-Side Page Client-Side Hybrid In-Path and Out-of-Path DeploymentBasic Steps Server-Side4 - OUT-OF-PATH NETWORK DEPLOYMENTS Figure 4-7. Setup Optimization Service - In-Path Rules PageBasic Steps Server-Side Figure 4-8. Setup Optimization Service - General Settings Page4 - OUT-OF-PATH NETWORK DEPLOYMENTS ‹ “Introduction to Connection Forwarding,” next CHAPTER 5 Configuring Connection Forwarding‹ “Configuring Connection Forwarding” on page Introduction to Connection ForwardingFigure 5-1. Connection Forwarding in an Asymmetric Network Neighbors in Connection ForwardingOne-to-One Failover Deployment Configuring Connection ForwardingFigure 5-2. One-to-One Failover Deployment Figure 5-3. Connection Forwarding in an Asymmetric Network Configuring Connection Forwarding Usingthe Management Console Basic Steps Client-Side Basic Steps Server-SideFigure 5-4. Setup Advanced Networking - Connection Forwarding Page ‹ Click Update SettingsTo enable connection Configuring Connection Forwarding Using the CLIFile Services WAN Accelerator Command-Line Interface Reference Manual At the system prompt, enter the following set of commands‹ “Overview of CDP” on page ‹ “Connecting the HP EFS WAN Accelerator to Your Network in PBRCHAPTER 6 Policy-Based Routing Deployments ‹ “Introduction to PBR,” nextOverview of CDP Introduction to PBRAutodiscovery, and CDP” on page How PBR works on a Cisco 6500 Platform Version 12.217d SXB1Your Network in PBR Deployments Connecting the HP EFS WAN Accelerator toAutodiscovery, and CDP” on page Asymmetric HP EFS WAN Accelerator Deployments With PBR Configuring PBR Using the CLIside router To configure the client- side HP EFS WAN AcceleratorTo configure the client Basic Steps Client-SideBasic Steps Client-Side Configuring PBR Using the Management ConsoleBasic Steps Server-Side TIP Enter configuration commands, one per line. End with CRTL-ZFigure 6-2. Setup Optimization Service - General Settings Page Basic Steps Server-Side Figure 6-3. Setup Optimization Service - In-Path Rules PagePerform the steps for “Basic Steps Server-Side” on page Perform the steps for “Basic Steps Client-Side” on pageBasic Steps Client-Side Basic Steps Server-Side Perform the steps for “Basic Steps Server-Side” on page Client-Side HP EFS WAN Accelerator Attached to an Inside RouterPBR Between VLANs Basic Steps Client-Side Basic Steps Server-Siderouter To configure the HPTo configure the Cisco EFS WAN AcceleratorEFS WAN Accelerators Symmetric HP EFS WAN AcceleratorDeployments With PBR and Autodiscovery Right-side. Clients=10.1.1.0/24, Servers=10.1.2.0/24, HP EFS WANTIP Enter configuration commands, one per line end with CTRL-Z Accelerator service for your changes to take effectRouterconfig#interface fastEthernet 0/0.3 Routerconfig-subif#encapsulation dot1Q 3 Routerconfig-subif#ip address 10.1.3.1 255.255.0.0 Routerconfig-subif#exit Routerconfig#interface fastEthernet 0/1 Routerconfig-subif#ip address 10.1.4.1 EFS WAN Accelerators Symmetric Deployments with PBR Autodiscovery, and CDPTo configure the HP Right-side. Clients=10.1.1.0/24, Servers=10.1.2.0/24, HP EFS WANTIP Enter configuration commands, one per line end with CTRL-Z Accelerator service for your changes to take effectTroubleshooting ‹ “Additional WCCP Features” on page ‹ “Connecting the HP EFS WAN Accelerator to Your Network in WCCP‹ “A Basic WCCP Configuration” on page ‹ “Configuring WCCP Using the Management Console” on pageIntroduction to WCCP Traffic is redirected using one of the following schemes “Failover Support” on pageBasic Steps 7 - WCCP DEPLOYMENTS WCCP CLI CommandsConnecting the HP EFS WAN Accelerator to Your Network in WCCP Deploymentsservice group Connecting the HP EFS WAN Accelerator A Basic WCCP ConfigurationConfiguring the WCCP Router or Multi-Layer Switch fastEthernet0/0 Configuring the Client-Side HP EFS WAN AcceleratorTo configure the To configure the HP EFS WAN AcceleratorTo add the WCCP service group to the HP EFS WAN Accelerator Configuring WCCP Using the Management ConsoleBasic Steps Client-Side Figure 7-3. Setup Optimization Service - General Settings Page Figure 7-4. Setup Advanced Networking - WCCP Service Groups Page 6. Navigate to the Setup Advanced Networking - WCCP Groups page7 - WCCP DEPLOYMENTS 8. Click Add Group to display your new group in the Service Group list 13. Save and apply the new configuration in the Management Console To define in-path rules to reach the server- side appliance7 - WCCP DEPLOYMENTS Basic Steps Server-Side Figure 7-7. Setup Optimization Service - In-Path Rules Page7 - WCCP DEPLOYMENTS Dual WCCP DeploymentWCCP 3640 router To configure the7 - WCCP DEPLOYMENTS boot-start-marker boot-end-markerboot bootldr bootflashc6msfc2-boot-mz.121-19.E1.bin WCCP 6209 routerTo configure the boot system flash sup-slot0c6msfc2-jsv-mz.121-23.E.bin1. On the router, at the system prompt, enter the following command Additional WCCP FeaturesTo configure the server-side HP EFS WAN Accelerator To set the passwordMulticast To configure multicastTo configure multicast groups on the HP EFS WAN Accelerator To configure TCP portFailover Support To configure specific traffic redirection on the routerTo change the hashing scheme and assign a weight Load Balancing7 - WCCP DEPLOYMENTS To check the router configurationTo trace WCCP packets and events on the router Troubleshooting‹ “Introduction to PFS,” next CHAPTER 8 Proxy File Service Deployments‹ “Configuring PFS Using the Management Console” on page Introduction to PFSPFS provides PFS TermsThe following terms are used to describe processes and devices in PFS PFS Operating Modes How Does PFS Work? Figure 8-1. PFS Deployment When to Use PFSConfiguration Checklist for When to use Global ModeInstallation and Configuration Guide Configuring PFS Using the Management ConsoleTo join a domain for Figure 8-2. Setup Proxy File Service PFS - Configuration Page 14. Click Save to write your settings to memory After you have setup the PFS domain, you can configure your shares 4. Type the remote path for the share in the Remote Path text box 9. Click Save to write your settings to memory8. Click Add Share to add the share to the Shares list initialize a share To synchronize andTo map a share information Navigate to the Setup Proxy File Service - Shares pageto modify to display the Shares Detailed Settings page To modify sharepage To view share statusdetails 8 - PROXY FILE SERVICE DEPLOYMENTS‹ “Introduction to Authentication,” next CHAPTER 9 RADIUS and TACACS+ AuthenticationIntroduction to Authentication RADIUS or Terminal Access Controller Access Control System TACACS+‹ show authentication method Configuring a RADIUS Server with FreeRADIUS‹ aaa authentication login default ‹ aaa authorization map default-user ‹ aaa authorization map orderRADIUS server To add acceptanceIn a text editor, open the /usr/local/etc/raddb/clients.conf file requests on theTo download Configuring a TACACS+ Server with Free TACACS+At your system prompt, enter the following set of commands 9 - RADIUS AND TACACS+ AUTHENTICATIONConfiguring RADIUS Authentication Configuring RADIUS Authentication in the HP EFS WAN AcceleratorBasic Steps Figure 9-1. Setup Authentication - General Settings PageConfiguring TACACS+ Authentication Configuring TACACS+ Authentication in the HP EFS WAN AcceleratorBasic Steps Figure 9-3. Setup Authentication - General Settings Page7. Click Save 5. Navigate to the Setup Authentication - TACACS+ Servers pageFigure 9-4. Setup Authentication - TACACS+ Servers Page AUTHENTICATION9 - RADIUS AND TACACS+ AUTHENTICATION ‹ “Cascade Deployment” on page CHAPTER 10 Serial Cluster and Cascade DeploymentsSerial Cluster Deployment ‹ “Serial Cluster Deployment,” nextIn serial cluster deployments A Basic Serial Cluster Deployment To configure HP EFS WAN Accelerator1WAN Accelerator3 To configure HP EFSWAN Accelerator2 Interface Reference ManualFigure 10-3. Cascade Deployment Cascade DeploymentFixed-Target Rules Glossary Host. A computer or other computing device that resides on a network NFS. Network File System. The file sharing protocol in a UNIX network state algorithms to send routing information to all nodes in an internetwork by calculating the shortest path to each node based on a topography of the Internet constructed by each node. Each router sends that portion of the routing table keeps track of routes to particular network destinations that describes the state of its own links. It also sends the complete routing structure topography Index INDEX R RADIUS