Configuring radius servers, Adding a radius server – HP M-series HA-Fabric Manager Software User Manual

Page 66

Managing switches

Configuring RADIUS servers

A RADIUS server authenticates users and devices using a challenge/response protocol over a secure SSL
connection. Basic implementations consist of a central RADIUS server containing a database of authorized
users as well as authentication information. A RADIUS client wishing to verify the authenticity of a user
issues a challenge to the user and collects the response to the challenge. This information is forwarded to
the RADIUS server for authentication and the server responds with the results, either an accept or reject.

The RADIUS client does not need to be configured with any user authentication information, this all resides
on the RADIUS server and can be managed centrally and separately from the clients. In addition, no
passwords are exchanged between the RADIUS server and its clients. Authentication of requests from a
RADIUS client to the server and responses from the server to a client can also be authenticated. This
requires sharing a secret between the server and client.

The accounting RADIUS supports the auditing of the users and switch services such as Telnet, FTP, and
switch management applications. The RADIUS Accounting Server enables (True) or disables (False) the
auditing of activity during a user session. The default is False. When enabled, user activity is audited
whether UserAuthServer is enabled or not. The accounting server UDP port number is the ServerUDPPort
value plus 1 (default 1813).

Configuring RADIUS servers involves the following tasks:

• Adding a RADIUS server

, page 66

• Removing a RADIUS server

, page 67

• Editing RADIUS server information

, page 68

• Modifying RADIUS server authentication order

, page 69

Adding a RADIUS server

A RADIUS server provides a method to centralize user and device authentication over a network.

Figure 29