Manualshelf

ProLiant BL p-Class GbE2 Interconnect Switch Application Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProLiant BL p-Class C-GbE2 Interconnect Switch
11121314151617181920
Accessing the GbE2 Interconnect Switch 17
The GbE2 Interconnect Switch, acting as the RADIUS client, communicates to the RADIUS server to authenticate
and authorize a remote administrator using the protocol definitions specified in RFC 2138 and 2866.
Transactions between the client and the RADIUS server are authenticated using a shared key that is not sent over
the network. In addition, the remote administrator passwords are sent encrypted between the RADIUS client (the
switch) and the back-end RADIUS server.
How RADIUS authentication works
RADIUS authentication works as follows:
1. A remote administrator connects to the GbE2 Interconnect Switch and provides the user name and
password.
2. Using Authentication/Authorization protocol, the GbE2 Interconnect Switch sends the request to the
authentication server.
3. The authentication server checks the request against the user ID database.
4. Using RADIUS protocol, the authentication server instructs the GbE2 Interconnect Switch to grant or deny
administrative access.
Configuring RADIUS on the switch (CLI example)
To configure RADIUS on the GbE2 Interconnect Switch, do the following:
1. Turn RADIUS authentication on, and then configure the Primary and Secondary RADIUS servers. For
example:
>> Main# /cfg/sys/radius (Select the RADIUS Server menu)
>> RADIUS Server# on (Turn RADIUS on)
Current status: OFF
New status: ON
>> RADIUS Server# prisrv 10.10.1.1 (Enter primary server IP)
Current primary RADIUS server: 0.0.0.0
New pending primary RADIUS server: 10.10.1.1
>> RADIUS Server# secsrv 10.10.1.2 (Enter secondary server IP)
Current secondary RADIUS server: 0.0.0.0
New pending secondary RADIUS server: 10.10.1.2
2. Configure the primary RADIUS secret and secondary RADIUS secret.
>> RADIUS Server# secret
Enter new RADIUS secret: <1-32 character secret>
>> RADIUS Server# secret2
Enter new RADIUS second secret: <1-32 character secret>
CAUTION: If you configure the RADIUS secret using any method other than a direct console connection, the
secret may be transmitted over the network as clear text.
3. If desired, you may change the default User Datagram Protocol (UDP) port number used to listen to RADIUS.
The well-known port for RADIUS is 1645.
>> RADIUS Server# port
Current RADIUS port: 1645
Enter new RADIUS port [1500-3000]: <port number>