BLADE OS™ Application Guide HP GbE2c Ethernet Blade Switch for c-Class BladeSystem Version 5.1 Advanced Functionality Software
Table Of Contents
- Contents
- Figures
- Tables
- Preface
- Part 1: Basic Switching
- Accessing the Switch
- The Management Network
- Local Management Using the Console Port
- The Command Line Interface
- Remote Management Access
- Client IP Address Agents
- Securing Access to the Switch
- Setting Allowable Source IP Address Ranges
- RADIUS Authentication and Authorization
- TACACS+ Authentication
- LDAP Authentication and Authorization
- Secure Shell and Secure Copy
- Configuring SSH/SCP Features on the Switch
- Configuring the SCP Administrator Password
- Using SSH and SCP Client Commands
- SSH and SCP Encryption of Management Messages
- Generating RSA Host and Server Keys for SSH Access
- SSH/SCP Integration with Radius Authentication
- SSH/SCP Integration with TACACS+ Authentication
- End User Access Control
- Ports and Trunking
- Port-Based Network Access Control
- VLANs
- Spanning Tree Protocol
- RSTP and MSTP
- Link Layer Discovery Protocol
- Quality of Service
- Accessing the Switch
- Part 2: IP Routing
- Basic IP Routing
- Routing Information Protocol
- IGMP
- OSPF
- OSPF Overview
- OSPF Implementation in BLADE OS
- OSPF Configuration Examples
- Remote Monitoring
- Part 3: High Availability Fundamentals
- High Availability
- Layer 2 Failover
- Server Link Failure Detection
- VRRP Overview
- Failover Methods
- BLADE OS Extensions to VRRP
- Virtual Router Deployment Considerations
- High Availability Configurations
- High Availability
- Part 4: Appendices
- Index
BLADE OS 5.1 Application Guide
52 Chapter 1: Accessing the Switch BMD00113, September 2009
LDAP Authentication and Authorization
BLADE OS supports the LDAP (Lightweight Directory Access Protocol) method to authenticate
and authorize remote administrators to manage the switch. LDAP is based on a client/server model.
The switch acts as a client to the LDAP server. A remote user (the remote administrator) interacts
only with the switch, not the back-end server and database.
LDAP authentication consists of the following components:
A protocol with a frame format that utilizes TCP over IP
A centralized server that stores all the user authorization information
A client, in this case, the switch
Each entry in the LDAP server is referenced by its Distinguished Name (DN). The DN consists of
the user-account name concatenated with the LDAP domain name. If the user-account name is
John, the following is an example DN:
uid=John,ou=people,dc=domain,dc=com
Configuring the LDAP Server
The GbE2c user groups and user accounts must reside within the same domain. On the LDAP
server, configure the domain to include GbE2c user groups and user accounts, as follows:
User Accounts:
Use the uid attribute to define each individual user account.
User Groups:
Use the members attribute in the groupOfNames object class to create the user groups. The first
word of the common name for each user group must be equal to the user group names defined
in the GbE2c, as follows:
admin
oper
user