Home > HP > Switch > HP A 5120 Manual

HP A 5120 Manual

Add to Favourites
    Download as PDF

    Here you can view all the pages of manual HP A 5120 Manual. The HP manuals for Switch are available online for free. You can easily download all the documents as PDF.

    Overview View all the pages Comments

    Page 21

    Page 21 11 from the clients within the management range. A shared key is used to ensure secure communication between a RADIUS client and the RADIUS server.  RADIUS authentication and authorization. RADIUS accounting is not supported. Upon receiving a RADIUS packet, a device working as the RADIUS server checks whether the sending client is under its management. If yes, it verifies the packet validity by using the shared key, checks whether there is an account with the... 
    11 
from the clients within the management range. A shared key is used to ensure secure communication 
between a RADIUS client and the RADIUS server.  
 RADIUS authentication and authorization. RADIUS accounting is not supported. 
Upon  receiving  a  RADIUS  packet, a device working  as the  RADIUS  server checks  whether  the  sending 
client  is  under  its  management.  If  yes,  it  verifies  the  packet  validity by using  the  shared  key,  checks 
whether  there  is  an  account  with the...

    Page 22

    Page 22 12 No. Attribute Description 12 Framed-MTU Maximum transmission unit (MTU) for the data link between the user and NAS. For example, with 802.1X EAP authentication, NAS uses this attribute to notify the server of the MTU for EAP packets, so as to avoid oversized EAP packets. 14 Login-IP-Host IP address of the NAS interface that the user accesses. 15 Login-Service Type of the service that the user uses for login. 18 Reply-Message Text to be displayed to the user, which can be used by the server to... 
    12 
No. Attribute Description 
12 Framed-MTU 
Maximum transmission unit (MTU) for the data link between the user and NAS. 
For example, with 802.1X EAP authentication, NAS uses this attribute to notify 
the server of the MTU for EAP packets, so as to avoid oversized EAP packets. 
14 Login-IP-Host IP address of the NAS interface that the user accesses. 
15 Login-Service Type of the service that the user uses for login. 
18 Reply-Message Text to be displayed to the user, which can be used by the server to...

    Page 23

    Page 23 13 No. Attribute Description 80 Message- Authenticator Used for authentication and checking of authentication packets to prevent spoofing Access-Requests. This attribute is used when RADIUS supports EAP authentication. 87 NAS-Port-Id String for describing the port of the NAS that is authenticating the user. HP proprietary RADIUS sub-attributes No. Sub-attribute Description 1 Input-Peak-Rate Peak rate in the direction from the user to the NAS, in bps. 2 Input-Average-Rate Average rate in the... 
    13 
No. Attribute Description 
80 Message-
Authenticator 
Used for authentication and checking of authentication packets to prevent 
spoofing Access-Requests. This attribute is used when RADIUS supports EAP 
authentication. 
87 NAS-Port-Id String for describing the port of the NAS that is authenticating the user. 
 
HP proprietary RADIUS sub-attributes 
No. Sub-attribute Description 
1 Input-Peak-Rate Peak rate in the direction from the user to the NAS, in bps. 
2 Input-Average-Rate Average rate in the...

    Page 24

    Page 24 14 No. Sub-attribute Description 62 User_HeartBeat Hash value assigned after an 802.1X user passes authentication, which is a 32-byte string. This attribute is stored in the user list on the device and is used for verifying the handshake messages from the 802.1X user. This attribute exists in only Access-Accept and Accounting-Request packets. 140 User_Group User groups assigned after the SSL VPN user passes authentication. A user may belong to more than one user group. In this case, the user... 
    14 
No. Sub-attribute Description 
62 User_HeartBeat 
Hash value assigned after an 802.1X user passes authentication, which is 
a 32-byte string. This attribute is stored in the user list on the device and is 
used for verifying the handshake messages from the 802.1X user. This 
attribute exists in only Access-Accept and Accounting-Request packets.  
140 User_Group 
User groups assigned after the SSL VPN user passes authentication. A user 
may belong to more than one user group. In this case, the user...

    Page 25

    Page 25 15 Figure 9 AAA configuration diagram Table 4 AAA configuration task list Task Remarks Configuring AAA schemes Configuring local users Required Complete at least one task. Configuring RADIUS schemes Configuring HWTACACS schemes Configuring AAA methods for ISP domains Creating an ISP domain Required Configuring ISP domain attributes Optional Configuring AAA authentication methods for an ISP domain Required Complete at least one task. Configuring AAA authorization methods for an ISP... 
    15 
Figure 9 AAA configuration diagram 
  
 
Table 4 AAA configuration task list 
Task Remarks 
Configuring AAA 
schemes 
Configuring local users 
Required 
Complete at least one task. Configuring RADIUS schemes 
Configuring HWTACACS schemes 
Configuring AAA 
methods for ISP domains 
Creating an ISP domain Required 
Configuring ISP domain attributes Optional 
Configuring AAA authentication methods for 
an ISP domain 
Required 
Complete at least one task. 
Configuring AAA authorization methods for 
an ISP...

    Page 26

    Page 26 16 Configuring AAA schemes Configuring local users For local authentication, you must create local users and configure user attributes on the device in advance. The local users and attributes are stored in the local user database on the device. A local user is uniquely identified by a username. Configurable local user attributes are as follows:  Service type Types of services that the user can use. Local authentication checks the service types of a local user.... 
    16 
Configuring AAA schemes 
Configuring local users 
For  local  authentication,  you must create  local  users and configure user attributes on  the  device in 
advance. The  local  users  and  attributes  are  stored  in the  local  user  database on the  device. A  local  user 
is uniquely identified by a username. Configurable local user attributes are as follows: 
 Service type 
Types  of  services  that  the  user  can  use. Local  authentication  checks  the  service  types  of  a  local  user....

    Page 27

    Page 27 17 You can configure an authorization attribute in user group view or local user view, making the attribute effective for all local users in the group or only for the local user. The setting of an authorization attribute in local user view takes precedence over that in user group view. Local user configuration task list Task Remarks Configuring local user attributes Required Configuring user group attributes Optional Displaying and maintaining local users and local user groups... 
    17 
You  can  configure  an  authorization  attribute  in  user  group  view  or  local  user  view,  making  the  attribute 
effective for all local users in the group or only for the local user. The setting of an  authorization attribute 
in local user view takes precedence over that in user group view. 
Local user configuration task list 
Task Remarks 
Configuring local user attributes Required 
Configuring user group attributes Optional 
Displaying and maintaining local users and local user groups...

    Page 28

    Page 28 18 To do… Use the command… Remarks Configure the password composition policy password-control composition type-number type-number [ type-length type-length ] Optional By default, the setting for the user group is used. If there is no such setting for the user group, the global setting is used. Specify the service types for the local user service-type { ftp | lan-access | { ssh | telnet | terminal } * | portal } Required By default, no service is authorized to a local user. Configure... 
    18 
To do… Use the command… Remarks 
Configure the 
password 
composition 
policy 
password-control composition 
type-number type-number [ 
type-length type-length ] 
Optional 
By default, the setting for the 
user group is used. If there is no 
such setting for the user group, 
the global setting is used. 
Specify the service types for the local 
user 
service-type { ftp | lan-access | 
{ ssh | telnet | terminal } * | 
portal } 
Required 
By default, no service is 
authorized to a local user. 
Configure...

    Page 29

    Page 29 19 NOTE:  For more information about password control attribute commands, see the chapter “Password control configuration.”  On a device supporting the password control feature, local user passwords are not displayed, and the local-user password-display-mode command is not effective.  With the local-user password-display-mode cipher-force command configured, a local user password is always displayed in cipher text, regardless of the configuration of the password command. In this case, if you... 
    19 
 NOTE: 
 For more information about password control attribute commands, see the chapter “Password control 
configuration.” 
 On a device supporting the password control feature, local user passwords are not displayed, and the local-user 
password-display-mode command is not effective. 
 With the local-user password-display-mode cipher-force command configured, a local user password is 
always displayed in cipher text, regardless of the configuration of the password command. In this case, if you...

    Page 30

    Page 30 20 To do… Use the command… Remarks Configure the authorization attributes for the user group authorization-attribute { acl acl- number | callback-number callback-number | idle-cut minute | level level | user-profile profile-name | vlan vlan-id | work-directory directory-name } * Optional By default, no authorization attribute is configured for a user group. Displaying and maintaining local users and local user groups To do… Use the command… Remarks Display local user information... 
    20 
To do… Use the command… Remarks 
Configure the authorization attributes 
for the user group 
authorization-attribute { acl acl-
number | callback-number  
callback-number | idle-cut minute | 
level level | user-profile profile-name 
| vlan vlan-id | work-directory 
directory-name } * 
Optional 
By default, no 
authorization attribute is 
configured for a user 
group. 
 
Displaying and maintaining local users and local user groups 
To do… Use the command… Remarks 
Display local user information...
    Start reading HP A 5120 Manual

    Related Manuals for HP A 5120 Manual

    All HP manuals