Configure Authentication For The Access Methods You Want Radius To Protect; [ Local | None | Authorized] - HP 3500yl Series Access Security Manual
Switch software
Hide thumbs
Also See for 3500yl Series:
- Release notes (219 pages) ,
- Specifications (16 pages) ,
- Features (6 pages)
Table of Contents
Advertisement
RADIUS Authentication, Authorization, and Accounting
Configuring the Switch for RADIUS Authentication
6-10
1. Configure Authentication for the Access Methods
You Want RADIUS To Protect
This section describes how to configure the switch for RADIUS authentication
through the following access methods:
■
Console: Either direct serial-port connection or modem connection.
Telnet: Inbound Telnet must be enabled (the default).
■
SSH: To use RADIUS for SSH access, first configure the switch for
■
SSH operation. Refer to chapter 8, "Configuring Secure Shell (SSH)" .
■
WebAgent: You can enable RADIUS authentication for WebAgent
access to the switch.
You can configure RADIUS as the primary password authentication method
for the above access methods. You also need to select either local, none, or
authorized as a secondary, or backup, method. Note that for console access, if
you configure radius (or tacacs) for primary authentication, you must config-
ure local for the secondary method. This prevents the possibility of being
completely locked out of the switch in the event that all primary access
methods fail.
Syntax: aaa authentication < console | telnet | ssh | web | < enable | login <local
| radius>> web-based | mac-based <chap-radius | peap-radius>>
Configures RADIUS as the primary password authentication
method for console, Telnet, SSH, and/or the WebAgent. (The default
primary < enable | login > authentication is local.)
<console | telnet | ssh | web>
[< local | none | authorized >]
Provides options for secondary authentication
(default: none). Note that for console access, secondary
authentication must be local if primary access is not
local. This prevents you from being locked out of the
switch in the event of a failure in other access methods.
<<web-based | mac-based > login> <chap-radius | peap-mschap v2>:
Password authentication for web-based or mac-based port
access to the switch. Use peap-mschapv2 when you want pass-
word verification without requiring access to a plain text
password; it is more secure.
Default: chap-radius
Hide quick links:
Advertisement
Chapters
Table of Contents
