BLADE OS™ Application Guide HP GbE2c Ethernet Blade Switch for c-Class BladeSystem Version 5.1 Advanced Functionality Software
Table Of Contents
- Contents
- Figures
- Tables
- Preface
- Part 1: Basic Switching
- Accessing the Switch
- The Management Network
- Local Management Using the Console Port
- The Command Line Interface
- Remote Management Access
- Client IP Address Agents
- Securing Access to the Switch
- Setting Allowable Source IP Address Ranges
- RADIUS Authentication and Authorization
- TACACS+ Authentication
- LDAP Authentication and Authorization
- Secure Shell and Secure Copy
- Configuring SSH/SCP Features on the Switch
- Configuring the SCP Administrator Password
- Using SSH and SCP Client Commands
- SSH and SCP Encryption of Management Messages
- Generating RSA Host and Server Keys for SSH Access
- SSH/SCP Integration with Radius Authentication
- SSH/SCP Integration with TACACS+ Authentication
- End User Access Control
- Ports and Trunking
- Port-Based Network Access Control
- VLANs
- Spanning Tree Protocol
- RSTP and MSTP
- Link Layer Discovery Protocol
- Quality of Service
- Accessing the Switch
- Part 2: IP Routing
- Basic IP Routing
- Routing Information Protocol
- IGMP
- OSPF
- OSPF Overview
- OSPF Implementation in BLADE OS
- OSPF Configuration Examples
- Remote Monitoring
- Part 3: High Availability Fundamentals
- High Availability
- Layer 2 Failover
- Server Link Failure Detection
- VRRP Overview
- Failover Methods
- BLADE OS Extensions to VRRP
- Virtual Router Deployment Considerations
- High Availability Configurations
- High Availability
- Part 4: Appendices
- Index
BLADE OS 5.1 Application Guide
BMD00113, September 2009 Chapter 1: Accessing the Switch 45
RADIUS Authentication Features in BLADE OS
BLADE OS supports the following RADIUS authentication features:
Supports RADIUS client on the switch, based on the protocol definitions in RFC 2138 and
RFC 2866.
Allows a RADIUS secret password of up to 32 characters.
Supports secondary authentication server so that when the primary authentication server is
unreachable, the switch can send client authentication requests to the secondary authentication
server. Use the /cfg/sys/radius/cur command to show the currently active RADIUS
authentication server.
Supports user-configurable RADIUS server retry and time-out values:
Time-out value = 1-10 seconds
Retries = 1-3
The switch will time out if it does not receive a response from the RADIUS server within 1-10
seconds. The switch automatically retries connecting to the RADIUS server 1-3 times before it
declares the server down.
Supports user-configurable RADIUS application port. The default is 1645/UDP-based on
RFC 2138. Port 1812 is also supported.
Allows network administrator to define privileges for one or more specific users to access the
switch at the RADIUS user database.
SecurID is supported if the RADIUS server can do an ACE/Server client proxy. The password
is the PIN number, plus the token code of the SecurID card.
Switch User Accounts
The following user accounts can be defined in the RADIUS server dictionary file:
User
Operator
Administrator
Privileges for these uses are listed in Table 2 on page 30.