5-12
RADIUS Authentication, Authorization, and Accounting
Configuring the Switch for RADIUS Authentication
Figure 5-2 shows an example of the show authentication command displaying
authorized as the secondary authentication method for port-access, Web-auth
access, and MAC-auth access. Since the configuration of authorized means no
authentication will be performed and the client has unconditional access to
the network, the “Enable Primary” and “Enable Secondary” fields are not
applicable (N/A).
Figure 5-2. Example of AAA Authentication Using Authorized for the Secondary Authentication Method
Suppose you already configured local passwords on the switch, but want
RADIUS to protect primary Telnet and SSH access without allowing a second-
ary Telnet or SSH access option (the switch’s local passwords):
ProCurve(config)# show authentication
Status and Counters - Authentication Information
Login Attempts : 3
Respect Privilege : Disabled
| Login Login Enable Enable
Access Task | Primary Secondary Primary Secondary
----------- + ---------- ---------- ---------- ----------
Console | Local None Local None
Telnet | Local None Local None
Port-Access | Local Authorized N/A N/A
Webui | Local None Local None
SSH | Local None Local None
Web-Auth | ChapRadius Authorized N/A N/A
MAC-Auth | ChapRadius Authorized N/A N/A
The access methods
with secondary
authentication
configured as authorized
allows the client access
to the network even if the
RADIUS server is
unreachable.
