Manualshelf

Access Security Guide K/KA/KB.15.15

ManualsBrandsHP ManualsNetwork HardwareHP 5406R-8XGT/8SFP+ (No PSU) v2 zl2 Switch
181182183184185186187188189190
Authentication with RADIUS allows for a unique password for each user, instead of the need to
maintain and distribute switch-specific passwords to all users. RADIUS verifies identity for the
following types of primary password access to the HP switch:
Serial port (console)
Telnet
SSH
SFTP/SCP
WebAgent (8212zl, 5400zl, 4200vl, 2800s as of software version I.08.60, and 2600s as
of software version H.08.58 switches)
Port-Access (802.1X)
NOTE: The switch does not support RADIUS security for SNMP (network management) access.
For information on blocking access through the WebAgent, see “Controlling WebAgent access
(page 183).
HP Switches support RADIUS accounting for web-based authentication and MAC authentication
sessions, collecting resource consumption data and forwarding it to the RADIUS server. This data
can be used for trend analysis, capacity planning, billing, auditing, and cost analysis.
RADIUIS-administered commands authorization enables RADIUS server control of an authenticated
client's access to CLI commands on the switch. See “Commands authorization” (page 183).
Accounting services
RADIUS accounting on the switch collects resource consumption data and forwards it to the RADIUS
server. This data can be used for trend analysis, capacity planning, billing, auditing, and cost
analysis. Accounting support is provided for WebAgent sessions on the switch.
RADIUS accounting collects data about user activity and system events and sends it to a RADIUS
server when specified events occur on the switch, such as a logoff or a reboot.
Accounting Service Types
The switch supports four types of accounting services:
Network accounting
Exec accounting
System accounting
Commands accounting
Networks accounting
Provides records containing the information listed below on clients directly connected to the switch
and operating under Port-Based Access Control (802.1X):
Service-TypeAcct-Output-PacketsAcct-Session-ID
NAS-IP-AddressAcct-Input-OctetsAcct-Status-Type
NAS-IdentifierNas-PortAcct-Terminate-Cause
Calling-Station-IdAcct-Output-OctetsAcct-Authentic
HP-acct-terminatecauseAcct-Session-TimeAcct-Delay-Time
MS-RAS-VendorUser-NameAcct-Input-Packets
190 RADIUS Authentication, Authorization, and Accounting