6-6
RADIUS Authentication, Authorization, and Accounting
Configuring the Switch for RADIUS Authentication
Configuring the Switch for RADIUS 
Authentication
• Determine an acceptable timeout period for the switch to wait for a server to respond to a request. HP recommends 
that you begin with the default (five seconds).
• Determine how many times you want the switch to try contacting a RADIUS server before trying another RADIUS 
server or quitting. (This depends on how many RADIUS servers you have configured the switch to access.)
• Determine whether you want to bypass a RADIUS server that fails to respond to requests for service. To shorten 
authentication time, you can set a bypass period in the range of 1 to 1440 minutes for non-responsive servers. This 
requires that you have multiple RADIUS servers accessible for service requests.
• Optional: Determine whether the switch access level (Manager or Operator) for authenticated clients can be set by 
a Service Type value the RADIUS server includes in its authentication message to the switch. (Refer to “2. Enable the 
(Optional) Access Privilege Option” on page 6-12.) 
• Configure RADIUS on the server(s) used to support authentication on the switch.
RADIUS Authentication Commands Page
aaa authentication 6-9
     console | telnet | ssh | web | < enable | login  <local | radius>>
     web-based | mac-based <chap-radius | peap-radius>
 
6-9
             [ local | none | authorized] 6-9
       [login privilege-mode]* 6-12
[no] radius-server host < IP-address >6-14
      [auth-port < port-number >] 6-14
      [acct-port < port-number >] 6-14, 6-54
      [dyn-authorization] 6-15
      [key < server-specific key-string >] 6-14
[no] radius-server key < global key-string >6-18
radius-server timeout < 1 - 15> 6-18
radius-server retransmit < 1 - 5 > 6-18
[no] radius-server dead-time < 1 - 1440 > 6-19
show radius  6-62
      [< host < ip-address>] 6-63
show authentication 6-65
show radius authentication 6-65