KB.15.15

ManualsBrandsHP ManualsNetwork HardwareHP 5406R-8XGT/8SFP+ (No PSU) v2 zl2 Switch

211

212

213

214

215

216

217

218

219

220

Table 16 RADIUS services supported on the switch (continued)

HP vendor-specific

RADIUS attribute (VSA)

Standard RADIUS

attribute

ApplicationService

6192per-userIPv6 and/or IPv4 ACEs(NAS-Filter-Rule)

63—per-userNAS-Rules-IPv6 (sets IP mode to IPv4-only or IPv4

and IPv6)

HP recommends using theStandard RADIUS attribute if available. Where both a standard attribute and a VSA are

available, the VSA is maintained for backwards compatibility with configurations based on earlier software releases.

If multiple clients are authenticated on a port where per-port rules are assigned by a RADIUS server, then the most recently

assigned rule is applied to the traffic of all clients authenticated on the port.

About RADIUS server support

RADIUS client and server requirements

• Clients can be dual-stack, IPv4-only or IPv6 only.

• Client authentication can be through 802.1X, MAC authentication, or web-based authentication.

(clients using web-based authentication must be IPv4-capable.)

• Server must support IPv4 and have an IPv4 address.

Optional HP PCM and IDM network management applications

All RADIUS-based services described here can be used without PCM+ or HP PMC IDM

(Identity-Driven Management) support, if desired. For information on these services in the HP PCM+

application using the IDM plug-in, see the documentation for these applications on the HP Support

web site.

RADIUS server configuration for CoS (802.1p priority) and rate-limiting

The following information provides general guidelines for configuring RADIUS servers, so that the

features listed in Table 17 (page 211) can be dynamically applied on ports that support authenticated

clients.

Table 17 CoS and rate-limiting services

Control method and operating notesService

Standard Attribute used in the RADIUS server: 59 (This is

the preferred attribute for new or updated configurations.)

802.1p

Assigns a RADIUS-configured 802.1p priority to the

inbound packets received from a specific client

authenticated on a switch port.

Vendor-Specific Attribute used in the RADIUS server.

(This attribute is maintained for legacy configurations.)

NOTE: Beginning with software release K.14.01, this

attribute is assigned per-authenticated-user instead of

per-port.

HP vendor-specific ID:11

VSA: 40

Setting: User-Priority-Table=xxxxxxxx where: x=desired

802.1p priority

Note: This is an eight-digit field. Enter the same x-value for

all eight digits.

Requires a port-access authentication method (802.1X,

Web Auth, or MAC Auth) configured on the client's port

on the switch.

For more on 802.1p priority levels, see "Quality of Service

(QoS)" in the Advanced Traffic Management Guide for

your switch.

Vendor-Specific Attribute used in the RADIUS server.Ingress (inbound) rate-limiting per-user

HP vendor-specific ID:11

Overview 211