Configuring RADIUS servers

IMPORTANT: RADIUS server support is available only with the McDATA SANtegrity Enhanced PFE key and can be managed only with the CLI and Element Manager. Element Manager also requires a PFE key. See ”Installing Product Feature Enablement keys” on page 82 for more information about installing a PFE key. To obtain the McDATA 4Gb SAN Switch serial number and PFE key, follow the step-by-step instructions on the firmware feature entitlement request certificate for the PFE key. You can obtain a PFE key from the web at: www.webkey.external.hp.com.

A RADIUS server authenticates users and devices using a challenge/response protocol over a secure SSL connection. Basic implementations consist of a central RADIUS server containing a database of authorized users as well as authentication information. A RADIUS client wishing to verify the authenticity of a user issues a challenge to the user and collects the response to the challenge. This information is forwarded to the RADIUS server for authentication and the server responds with the results, either an accept or reject.

The RADIUS client does not need to be configured with any user authentication information, this all resides on the RADIUS server and can be managed centrally and separately from the clients. In addition, no passwords are exchanged between the RADIUS server and its clients. Authentication of requests from a RADIUS client to the server and responses from the server to a client can also be authenticated. This requires sharing a secret between the server and client.

The accounting RADIUS supports the auditing of the users and switch services such as Telnet, FTP, and switch management applications. The RADIUS Accounting Server enables (True) or disables (False) the auditing of activity during a user session. The default is False. When enabled, user activity is audited whether UserAuthServer is enabled or not. The accounting server UDP port number is the ServerUDPPort value plus 1 (default 1813).

Configuring RADIUS servers involves the following tasks:

Adding a RADIUS server, page 55

Removing a RADIUS server, page 56

Editing RADIUS server information, page 57

Modifying RADIUS server authentication order, page 58

54

Page 54
Image 54
HP SAN manual Configuring Radius servers