HP StorageWorks Fabric OS 5.3.x administrator guide (5697-0244, November 2009)

ManualsBrandsHP ManualsStorageHP StorageWorks TAA SAN Switch 2/8V Power Pack

Fabric OS 5.3.0 administrator guide 65

Configuring the authentication model

This section explains how to configure authentication of the switch management channel connections.

Fabric OS 5.3.0 supports use of both the local user database and RADIUS service at the same time. Use

the aaaConfig command to set the authentication model for Fabric OS switch management channel

connection authentication model as shown in Table 12.

How to set the switch authentication model

1. Connect to the switch and log in.

2. Enter this command:

Managing the local database user accounts

User add, change, and delete operations are subject to the

subset

rule: an admin with ADlist 0-10 cannot

perform operations on an

admin

user

, or

any

role with an ADlist 11-25. The user account being changed

must have an ADlist that is a subset of the account that is making the change.

Table 12 Authentication configuration options

aaaConfig Option Description Equivalent setting in

Fabric OS 5.1.x and later

--radius --switchdb

1. Fabric OS 5.1.x and earlier aaaConfig --switchdb <on | off> setting.

--localonly Default setting. Authenticates management

connections against the local database only.

If the password does not match or the user is not

defined, the login fails.

Off On

--radiusonly

2. The console login will never be set to --radiusonly mode for login recovery purposes. When

--radiusonly mode is turned on, console login uses the --radiuslocalbackup mode.

Authenticates management connections against

the RADIUS database(s) only.

If the RADIUS service is not available or the

credentials do not match, the log in fails.

On Off

--radiuslocal Authenticates management connections against

any RADIUS databases first.

If RADIUS fails for any reason, authenticates

against the local user database.

not supported not supported

--radiuslocalbackup Authenticates management connections against

any RADIUS databases.

If RADIUS fails because the service is not

available, authenticates against the local user

database.

On On

switch:admin> aaaConfig [--localonly | --radiusonly | --radiuslocal |

--radiuslocalbackup]