BLADE OS™ Application Guide HP GbE2c Ethernet Blade Switch for c-Class BladeSystem Version 5.1 Advanced Functionality Software
Table Of Contents
- Contents
- Figures
- Tables
- Preface
- Part 1: Basic Switching
- Accessing the Switch
- The Management Network
- Local Management Using the Console Port
- The Command Line Interface
- Remote Management Access
- Client IP Address Agents
- Securing Access to the Switch
- Setting Allowable Source IP Address Ranges
- RADIUS Authentication and Authorization
- TACACS+ Authentication
- LDAP Authentication and Authorization
- Secure Shell and Secure Copy
- Configuring SSH/SCP Features on the Switch
- Configuring the SCP Administrator Password
- Using SSH and SCP Client Commands
- SSH and SCP Encryption of Management Messages
- Generating RSA Host and Server Keys for SSH Access
- SSH/SCP Integration with Radius Authentication
- SSH/SCP Integration with TACACS+ Authentication
- End User Access Control
- Ports and Trunking
- Port-Based Network Access Control
- VLANs
- Spanning Tree Protocol
- RSTP and MSTP
- Link Layer Discovery Protocol
- Quality of Service
- Accessing the Switch
- Part 2: IP Routing
- Basic IP Routing
- Routing Information Protocol
- IGMP
- OSPF
- OSPF Overview
- OSPF Implementation in BLADE OS
- OSPF Configuration Examples
- Remote Monitoring
- Part 3: High Availability Fundamentals
- High Availability
- Layer 2 Failover
- Server Link Failure Detection
- VRRP Overview
- Failover Methods
- BLADE OS Extensions to VRRP
- Virtual Router Deployment Considerations
- High Availability Configurations
- High Availability
- Part 4: Appendices
- Index
BLADE OS 5.1 Application Guide
46 Chapter 1: Accessing the Switch BMD00113, September 2009
RADIUS Attributes for BLADE OS User Privileges
If the authentication server successfully authenticates the remote user, the switch verifies the
privileges of the remote user and authorizes the appropriate access. The administrator has the option
to allow backdoor access through the console port only, or through the console and Telnet, SSH,
HTTP, and HTTPS access.
When backdoor access is enabled, their use is allowed even if the primary and secondary authentication
servers are reachable. However, when both the primary and secondary authentication servers are not
reachable, the administrator has the option to allow secure backdoor (secbd) access through the
console port only, or through the console and Telnet, SSH, HTTP, and HTTPS access. When RADIUS
is on, you can have either backdoor or secure backdoor enabled, but not both at the same time.
The default value for backdoor access through the console port only is enabled. You always can
access the switch via the console port, by using noradius and the administrator password,
whether backdoor or secure backdoor are enabled or not. The default value for backdoor and secure
backdoor access through Telnet, SSH, HTTP, and HTTPS is disabled.
All user privileges, other than those assigned to the administrator, must be defined in the RADIUS
dictionary. RADIUS attribute 6, which is built into all RADIUS servers, defines the administrator.
The file name of the dictionary is RADIUS vendor-dependent. The RADIUS attributes shown in the
following table are defined for user privilege levels:
Table 3 Proprietary Attributes for RADIUS
User Name/Access User-Service-Type Value
User Vendor supplied 255
Operator Vendor supplied 252