HP (Hewlett-Packard) 2500 Switch User Manual


 
103
Enhancements in Release F.04.08
Configuring RADIUS Authentication and Accounting
Note
The Series 2500 switches do not support RADIUS security for SNMP (network management) access
or Web browser interface access. For steps to block unauthorized access through the Web browser
interface, see “Controlling Web Browser Interface Access When Using RADIUS Authentication” on
page 114.
Accounting. RADIUS accounting on the Series 2500 switches collects resource consumption data
and forwards it to the RADIUS server. This data can be used for trend analysis, capacity planning,
billing, auditing, and cost analysis.
Terminology
CHAP (Challenge-Handshake Authentication Protocol): A challenge-response authentication
protocol that uses the Message Digest 5 (MD5) hashing scheme to encrypt a response to a challenge
from a RADIUS server.
EAP(Extensible Authentication Protocol): A general PPP authentication protocol that supports
multiple authentication mechanisms. A specific authentication mechanism is known as an EAP type,
such as MD5-Challenge, Generic Token Card, and TLS (Transport Level Security).
Host: See RADIUS Server.
NAS (Network Access Server): In this case, a Switch 2512 or 2524 configured for RADIUS security
operation.
RADIUS (Remote Authentication Dial In User Service):
RADIUS Client: The device that passes user information to designated RADIUS servers.
RADIUS Host: See RADIUS server.
RADIUS Server: A server running the RADIUS application you are using on your network. This
server receives user connection requests from the switch, authenticates users, and then returns all
necessary information to the switch. For the Switch 2512 and 2524 a RADIUS server can also perform
accounting functions. Sometimes termed a RADIUS host.
Shared Secret Key: A text value used for encrypting data in RADIUS packets. Both the RADIUS
client and the RADIUS server have a copy of the key, and the key is never transmitted across the
network.