Configuring Radius servers | HP SAN guide

Configuring RADIUS servers

IMPORTANT: RADIUS server support is available only with the McDATA SANtegrity Enhanced PFE key and can be managed only with the CLI and Element Manager. Element Manager also requires a PFE key. See ”Installing Product Feature Enablement keys” on page 82 for more information about installing a PFE key. To obtain the McDATA 4Gb SAN Switch serial number and PFE key, follow the step-by-step instructions on the firmware feature entitlement request certificate for the PFE key. You can obtain a PFE key from the web at: www.webkey.external.hp.com.

A RADIUS server authenticates users and devices using a challenge/response protocol over a secure SSL connection. Basic implementations consist of a central RADIUS server containing a database of authorized users as well as authentication information. A RADIUS client wishing to verify the authenticity of a user issues a challenge to the user and collects the response to the challenge. This information is forwarded to the RADIUS server for authentication and the server responds with the results, either an accept or reject.

The RADIUS client does not need to be configured with any user authentication information, this all resides on the RADIUS server and can be managed centrally and separately from the clients. In addition, no passwords are exchanged between the RADIUS server and its clients. Authentication of requests from a RADIUS client to the server and responses from the server to a client can also be authenticated. This requires sharing a secret between the server and client.

The accounting RADIUS supports the auditing of the users and switch services such as Telnet, FTP, and switch management applications. The RADIUS Accounting Server enables (True) or disables (False) the auditing of activity during a user session. The default is False. When enabled, user activity is audited whether UserAuthServer is enabled or not. The accounting server UDP port number is the ServerUDPPort value plus 1 (default 1813).

Configuring RADIUS servers involves the following tasks:

•Adding a RADIUS server, page 55

•Removing a RADIUS server, page 56

•Editing RADIUS server information, page 57

•Modifying RADIUS server authentication order, page 58

54

Image 54

HP SAN manual Configuring Radius servers

Contents

McDATA 4Gb SAN Switch Page Contents Managing switches Managing ports Glossary Index Tables Intended audience PrerequisitesRelated documentation Document conventions and symbols Jdom license HP technical support HP-authorized reseller Helpful web sites Using McDATA Web Server/Element Manager Workstation requirements Starting McDATA Web Server Starting Element Manager in Hafm Exiting McDATA Web Server or Element Manager Setting preferences Enabling call home Using online helpViewing software version and copyright information Enabling e-mail support User interface McDATA Web Server interface Menu bar Popup menus Shortcut keys McDATA Web Server Fabric tree Graphic window Selecting switches Data windows and tabsSelecting ports Security consistency checklist Securing a fabric Remote authentication Connection securityUser account security Device security Edit Security dialog Create Security Set dialog Create Security Group dialog Create Security Group Member dialog McDATA 4Gb SAN Switch for HP p-Class BladeSystem user guide Editing the security configuration on a switch Viewing properties of a security set, group, or member Security Config dialog Archiving a security configuration to a fileActivating a security set Fabric services Rediscovering a fabric Displaying the event browser Events browser Sorting the event browser Filtering the event browser Saving the event browser to a file Working with device information and nicknames Devices data window Displaying detailed device information Managing device port nicknames Deleting a nickname Creating a nicknameEditing a nickname Exporting nicknames to a file Zoning a fabric Zoning conceptsZones Zone sets Zoning database Zoning limits and properties Managing the zoning database Editing the zoning database McDATA 4Gb SAN Switch for HP p-Class BladeSystem user guide Configuring the zoning database Saving the zoning database to a fileRestoring the zoning database from a file Restoring the default zoning database Managing the active zone setRemoving all zoning definitions Displaying the configured and active zone sets Active zone set data window Removing a zone from a zone set Creating a zone setActivating and deactivating a zone set Removing a zone set Managing zones Creating a zone in a zone set Adding zone members Renaming a zone or a zone setRemoving a zone member Zone merge failure recovery Merging fabrics and zoningZone merge failure Managing switches Managing user accounts User Account Administration dialog Add Account tab Creating user accounts User Account Administration Dialog Remove Account tab Removing a user account Changing a user account password User Account Administration dialog Change Password tab User Account Administration dialog Modify Account tab Modifying a user account Configuring Radius servers Adding a Radius server Removing a Radius server Editing Radius server information Modifying Radius server authentication order Displaying switch information Switch event logDevice and Host Bus Adapter information Switch status and operational information Switch data window McDATA 4Gb SAN Switch for HP p-Class BladeSystem user guide With a switch Ratov McDATA Web Server Configured Zonesets data window Port performance statisticsPort status and operational information Configuring port threshold alarms Paging a switch Setting the date/time and enabling NTP client Resetting a switch Configuring a switch Switch properties Domain ID and domain ID lock Symbolic name Syslog Switch administrative states Broadcast supportIn-band management Advanced switch properties Fabric Device Management Interface System services Timeout valuesInterop mode Page Network properties Snmp properties Snmp configuration Snmp trap configuration Archiving a switch Switch binding Restoring a switch Restoring the factory default configuration Downloading a support file Installing Product Feature Enablement keys Installing firmware Displaying hardware status Hardware status LEDs Managing ports Port information data window Persistent and will be lost on a switch reset VIEnable and LCFEnable features based on Port statistics data window LIP ALPD,ALPS Alps Viewing and configuring ports Port symbolic name Port states Port types Port speeds Port transceiver media statusDevice scan Resetting a port Testing portsPort binding Page Glossary FRU SFP 100 Index 102 System Fault LED 84 system services 104