HP (Hewlett-Packard) 2500 Switch User Manual


 
106
Enhancements in Release F.04.08
Configuring RADIUS Authentication and Accounting
Outline of the Steps for Configuring RADIUS Authentication
There are three main steps to configuring RADIUS authentication:
1. Configure RADIUS authentication for controlling access through one or more of the following
Serial port
•Telnet
•SSH
Port-Access (802.1X)
2. Configure the switch for accessing one or more RADIUS servers (one primary server and up to
two backup servers):
Note
This step assumes you have already configured the RADIUS server(s) to support the switch.
Refer to the documentation provided with the RADIUS server documentation.)
Server IP address
(Optional) UDP destination port for authentication requests (default: 1812; recom-
mended)
(Optional) UDP destination port for accounting requests (default: 1813; recommended)
(Optional) encryption key for use during authentication sessions with a RADIUS server.
This key overrides the global encryption key you can also configure on the switch, and
must match the encryption key used on the specified RADIUS server. (Default: null)
3. Configure the global RADIUS parameters.
Server Key: This key must match the encryption key used on the RADIUS servers the
switch contacts for authentication and accounting services unless you configure one or
more per-server keys. (Default: null.)
Timeout Period: The timeout period the switch waits for a RADIUS server to reply.
(Default: 5 seconds; range: 1 to 15 seconds.)
Retransmit Attempts: The number of retries when there is no server response to a
RADIUS authentication request. (Default: 3; range of 1 to 5.)
Server Dead-Time: The period during which the switch will not send new authentica-
tion requests to a RADIUS server that has failed to respond to a previous request. This
avoids a wait for a request to time out on a server that is unavailable. If you want to use
this feature, select a dead-time period of 1 to 1440 minutes. (Default: 0—disabled; range:
1 - 1440 minutes.) If your first-choice server was initially unavailable, but then becomes
available before the dead-time expires, you can nullify the dead-time by resetting it to