BLADE OS™ Application Guide HP GbE2c Ethernet Blade Switch for c-Class BladeSystem Version 5.1 Advanced Functionality Software
Table Of Contents
- Contents
- Figures
- Tables
- Preface
- Part 1: Basic Switching
- Accessing the Switch
- The Management Network
- Local Management Using the Console Port
- The Command Line Interface
- Remote Management Access
- Client IP Address Agents
- Securing Access to the Switch
- Setting Allowable Source IP Address Ranges
- RADIUS Authentication and Authorization
- TACACS+ Authentication
- LDAP Authentication and Authorization
- Secure Shell and Secure Copy
- Configuring SSH/SCP Features on the Switch
- Configuring the SCP Administrator Password
- Using SSH and SCP Client Commands
- SSH and SCP Encryption of Management Messages
- Generating RSA Host and Server Keys for SSH Access
- SSH/SCP Integration with Radius Authentication
- SSH/SCP Integration with TACACS+ Authentication
- End User Access Control
- Ports and Trunking
- Port-Based Network Access Control
- VLANs
- Spanning Tree Protocol
- RSTP and MSTP
- Link Layer Discovery Protocol
- Quality of Service
- Accessing the Switch
- Part 2: IP Routing
- Basic IP Routing
- Routing Information Protocol
- IGMP
- OSPF
- OSPF Overview
- OSPF Implementation in BLADE OS
- OSPF Configuration Examples
- Remote Monitoring
- Part 3: High Availability Fundamentals
- High Availability
- Layer 2 Failover
- Server Link Failure Detection
- VRRP Overview
- Failover Methods
- BLADE OS Extensions to VRRP
- Virtual Router Deployment Considerations
- High Availability Configurations
- High Availability
- Part 4: Appendices
- Index
BLADE OS 5.1 Application Guide
82 Chapter 3: Port-Based Network Access Control BMD00113, September 2009
Supported RADIUS Attributes
The 802.1X Authenticator relies on external RADIUS servers for authentication with EAP. Table 9
lists the RADIUS attributes that are supported as part of RADIUS-EAP authentication based on the
guidelines specified in Annex D of the 802.1X standard and RFC 3580.
Table 9 Support for RADIUS Attributes
# Attribute Attribute Value A-R A-A A-C A-R
1 User-Name The value of the Type-Data field from the
supplicant’s EAP-Response/Identity message.
If the Identity is unknown (i.e. Type-Data field
is zero bytes in length), this attribute will have
the same value as the Calling-Station-Id.
10-10 0
4 NAS-IP-Address IP address of the authenticator used for Radius
communication.
1000
5 NAS-Port Port number of the authenticator port to which
the supplicant is attached.
1000
24 State Server-specific value. This is sent unmodified
back to the server in an Access-Request that is
in response to an Access-Challenge.
0-1 0-1 0-1 0
30 Called-Station-ID The MAC address of the authenticator encoded
as an ASCII string in canonical format, e.g.
000D5622E3 9F.
1000
31 Calling-Station-ID The MAC address of the supplicant encoded as
an ASCII string in canonical format, e.g.
00034B436206.
1000
79 EAP-Message Encapsulated EAP packets from the supplicant
to the authentication server (Radius) and
vice-versa. The authenticator relays the decoded
packet to both devices.
1+ 1+ 1+ 1+