Manualshelf

Access Security Guide K/KA/KB.15.15

ManualsBrandsHP ManualsNetwork HardwareHP 5406R-8XGT/8SFP+ (No PSU) v2 zl2 Switch
81828384858687888990
AABBCCDDEEFF
AABBCC-DDEEFF
AA-BB-CC-DD-EE-FF
AA:BB:CC:DD:EE:FF
If the device is a switch or other VLAN capable device, use the base MAC address assigned
to the device, and not the MAC address assigned to the VLAN through which the device
communicates with the authenticator switch. The switch applies a single MAC address to all
VLANs configured in the switch. Thus, for a given switch, the MAC address is the same for
all VLANs configured on the switch. (See “Static Virtual LANs (VLANs)” in the Advanced Traffic
Management Guide for your switch.)
Configuring the switch to access a RADIUS server
Configuring a RADIUS server to support web-based authentication and MAC Authentication require
the following minimal commands.
(See “RADIUS Authentication, Authorization, and Accounting” (page 141) for information on other
RADIUS command options.)
Syntax
[no]radius-server
Adds a server to the RADIUS configuration or, when [no] is used, deletes a server from the
configuration. You can configure up to three RADIUS server addresses. The switch uses the first
server it successfully accesses. (See “RADIUS Authentication, Authorization, and Accounting”
(page 141)).
host <ip-addresss> [oobm]
For switches that have a separate out-of-band management port, the OOBM
parameter specifies that the RADIUS traffic will go through the out-of-band
management (OOBM) port.
[key<global-key-string>]
Specifies the global encryption key the switch uses with servers for which the switch
does not have a server specific key assignment (below). This key is optional if all
RADIUS server addresses configured in the switch include a server-specific encryption
key. The tilde (~) character is allowed in the string, for example, radius server key
hp~switch. It is not backward compatible; the “~” character is lost if you use a
software version that does not support the “~” character.
(Default: Null.)
NOTE: For the 3800, 5400zl, and 8200zl switches, when the switch is in
enhanced secure mode, commands that take a secret key as a parameter have the
echo of the secret typing replaced with asterisks. The input for <key-string>is
prompted for interactively. See “Secure Mode (3800, 5400zl, and 8200zl
Switches)” (page 498).
Syntax
radius-server host <ip-address> key <server-specific
key-string>
[no]
radius-server host <ip-address>key
Optional
Configuring web-based authentication 89