EasyManuals Logo
Home>HP>Switch>3600 v2 Series

HP 3600 v2 Series Configuration Guide

HP 3600 v2 Series
449 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #24 background imageLoading...
Page #24 background image
11
• RADIUS client information management:
You can create and delete RADIUS clients, which are identified by IP addresses and configured
with attributes such as a shared key. With a managed client range configured, the RADIUS server
processes only the RADIUS packets from the clients within the management range. A shared key
is used to ensure secure communication between a RADIUS client and the RADIUS server.
• RADIUS authentication and authorization
With the RADIUS server enabled, the switch checks whether or not the client of an incoming RADIUS
packet is under its management. If yes, it verifies the packet validity by using the shared key, checks
whether there is an account with the username, whether the password is correct, and whether the user
attributes meet the requirements defined on the RADIUS server (for example, whether the account has
expired). Then, the RADIUS server assigns the corresponding authority to the client if the authentication
succeeds, or denies the client if the authentication fails.
NOTE:
A
RADIUS server running the standard RADIUS protocol listens on UDP port 1812 for authentication
requests, but an HP switch listens on UDP port 1645 instead when actin
g
as the RADIUS server. Be sure to
specify 1645 as the authentication port number on the RADIUS client when you use an HP switch as the
RADIUS server.
AAA for MPLS L3VPNs
In an MPLS L3VPN scenario where clients in different VPNs are centrally authenticated, you can deploy
AAA across VPNs to enable forwarding RADIUS and HWTACACS packets across MPLS VPNs. With the
AAA across VPNs feature, the PE at the left side of the MPLS backbone serves as a NAS and
transparently delivers the AAA packets of private users in VPN 1 and VPN 2 to the AAA servers in VPN
3 for centralized authentication, as shown in Figure 9. A
uthentication packets of private users in different
VPNs do not affect each other.
Figure 9 Network diagram
NOTE:
This feature can also help an MCE to implement portal authentication for VPNs. For more information
about MCE, see
Layer 3 - IP Routing Configuration Guide
.
P
MPLS backbone
PE
PE
CE
CE
CE
VPN 1
VPN 2
VPN 3
RADIUS
server
HWTACACS
server
NAS
Host
Host

Table of Contents

Other manuals for HP 3600 v2 Series

Preview: Command Reference
Command Reference479 pages
Preview: Installation Guide
Installation Guide62 pages
Preview: Security Configuration Guide
Security Configuration Guide398 pages
Preview: Compliance And Safety Manual
Compliance And Safety Manual51 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the HP 3600 v2 Series and is the answer not in the manual?

HP 3600 v2 Series Specifications

General IconGeneral
BrandHP
Model3600 v2 Series
CategorySwitch
LanguageEnglish

Related product manuals