3Com Switch 8800 Family Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module

251

252

253

254

255

256

257

258

259

260

256 CHAPTER 26: AAA AND RADIUS/HWTACACS PROTOCOL CONFIGURATION

By default, the IP address of local RADIUS authentication server group is 127.0.0.1

and the password is 3Com.

When using local RADIUS server function, note that,

1 The number of UDP port used for authentication/authorization is 1645 and that

for accounting is 1646.

2 The password configured by local-server command must be the same as that of

the RADIUS authentication/authorization packet configured by the command key

authentication in radius scheme view.

3 Switch 8800 Family series serving as local RADIUS authentication servers currently

only support the CHAP and PAP authentication modes; they do not support the

MD5-challenge mode.

Configuring

HWTACACS Protocol

The following sections describe HWTACACS configuration tasks.

■ “Creating a HWTACAS Scheme”

■ “Configuring HWTACACS Authentication Servers”

■ “Configuring HWTACACS Authorization Servers”

■ “Configuring HWTACACS Accounting Servers and the Related Attributes”

■ “Configuring the Source Address for HWTACACS Packets Sent by NAS”

■ “Setting a Key for Securing the Communication with TACACS Server”

■ “Setting the Username Format Acceptable to the TACACS Server”

■ “Setting the Unit of Data Flows Destined for the TACACS Server”

■ “Setting Timers Regarding TACACS Server”

Pay attention to the following when configuring a TACACS server:

■ HWTACACS server does not check whether a scheme is being used by users

when changing most of HWTACS attributes, unless you delete the scheme.

■ By default, the TACACS server has no key.

In the above configuration tasks, creating HWTACACS scheme and configuring

TACACS authentication/authorization server are required; all other tasks are

optional and you can determine whether to perform these configurations as

needed.

Creating a HWTACAS

Scheme

As aforementioned, HWTACACS protocol is configured scheme by scheme.

Therefore, you must create a HWTACACS scheme and enter HWTACACS view

before you perform other configuration tasks.

Perform the following configuration in system view.

Tabl e 228 Create/Delete a local RADIUS authentication server

Operation Command

Create a local RADIUS authentication server local-server nas-ip ip-address key password

Delete a local RADIUS authentication server undo local-server nas-ip ip-address