HP (Hewlett-Packard) 2600 Series Switch User Manual


 
5-9
RADIUS Authentication and Accounting
Configuring the Switch for RADIUS Authentication
For example, suppose you have already configured local passwords on the
switch, but want to use RADIUS to protect primary Telnet and SSH access
without allowing a secondary Telnet or SSH access option (which would be
the switch’s local passwords):
Figure 5-2. Example Configuration for RADIUS Authentication
Note In the above example, if you configure the Login Primary method as local
instead of radius (and local passwords are configured on the switch), then you
can gain access to either the Operator or Manager level without encountering
the RADIUS authentication specified for Enable Primary. Refer to “Local
Authentication Process” on page 5-16.
Syntax: aaa authentication < console | telnet | ssh | web > < enable | login > < radius >
Configures RADIUS as the primary password authentication
method for console, Telnet, SSH and/or the Web browser interface.
(The default primary < enable | login > authentication is local.)
[< local | none >]
Provides options for secondary authentication (default:
none). Note that for console access, secondary authenti-
cation must be local if primary access is not local. This
prevents you from being completely locked out of the
switch in the event of a failure in other access methods.
ProCurve(config)# aaa authentication telnet login radius none
ProCurve(config)# aaa authentication telnet enable radius none
ProCurve(config)# aaa authentication ssh login radius none
ProCurve(config)# aaa authentication ssh enable radius none
ProCurve(config)# show authentication
Status and Counters - Authentication Information
Login Attempts : 3
Respect Privilege : Disabled
| Login Login Enable Enable
Access Task | Primary Secondary Primary Secondary
----------- + ---------- ---------- ---------- ----------
Console | Local None Local None
Telnet | Radius None Radius None
Port-Access | Local
Webui | Local None Local None
SSH | Radius None Radius None
The switch now
allows Telnet and
SSH authentication
only through
RADIUS.