Manualshelf

Access Security Guide K/KA/KB.15.15

ManualsBrandsHP ManualsNetwork HardwareHP 5406R-8XGT/8SFP+ (No PSU) v2 zl2 Switch
151152153154155156157158159160
Configuring a switch to access a RADIUS server
Before you configure the actual accounting parameters, configure the switch to use a RADIUS
server. This process is outlined in “Configuring the switch to access a RADIUS server” (page 147).
Repeat this now only if one of the following applies:tt
The switch is not yet configured to use a RADIUS server
Your server data has changed
You need to specify a non-default UDP destination port for accounting requests.
NOTE: Switch operation expects a RADIUS server to accommodate both authentication and
accounting.
Syntax:
[no] radius-server host < ip-address>
Adds a server to the RADIUS configuration or (with no) deletes a server from the
configuration.
[acct-port < port-number >
Optional. Changes the UDP destination port for accounting requests to the specified
RADIUS server. If you do not use this option, the switch automatically assigns the
default accounting port number. (Default: 1813)
[key < key-string>
Optional. Specifies an encryption key for use during accounting or authentication
sessions with the specified server. This key must match the encryption key used on
the RADIUS server. Use this command only if the specified server requires a different
encryption key than configured for the global encryption key.
Note: If you save the config file using Xmodem or TFTP, the key information is not
saved in the file. This causes RADIUS authentication to fail when the config file is
loaded back onto the switch.
[encrypted-key <key-string>]
Encryption key to use with the RADIUS server, specified using a base64-encoded
aes-256 encrypted string.
Example
Suppose you want the switch to use the RADIUS server described below for both authentication
and accounting purposes.
IP address: 10.33.18.151
A non-default UDP port number of 1750 for accounting.
An encryption key of "source0151" for accounting sessions.
For this example, assume that all other RADIUS authentication parameters for accessing this server
are acceptable at their default settings, and RADIUS is already configured as an authentication
method for one or more types of access to the switch (Telnet, Console, etc.).
158 RADIUS Authentication, Authorization, and Accounting