EasyManuals Logo
Home>HP>Switch>E3800 Series

HP E3800 Series User Manual

HP E3800 Series
732 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #322 background imageLoading...
Page #322 background image
7-32
Configuring RADIUS Server Support for Switch Services
Configuring and Using Dynamic (RADIUS-Assigned) Access Control Lists
Example Using HP VSA 61 To Assign IPv4 ACLs
The software supports the HP VSA 61 vendor-specific method for enabling
RADIUS-based IPv4 ACL assignments on the switch. The recommended use
of this option is to support ACL configurations that rely on VSA 61. However,
HP recommends using the standard attribute (92) for new, RADIUS-based IPv4
ACLs (pages 7-23 and 7-27).
This example uses the HP VSA attribute 61 for configuring RADIUS-assigned
IPv4 ACL support on FreeRADIUS for two different client identification
methods (username/password and MAC address).
1. Enter the HP vendor-specific ID and the ACL VSA in the
FreeRADIUS dictionary file:
Figure 7-9. Example of Configuring the VSA for RADIUS-Assigned IPv4 ACLs in a FreeRADIUS Server
2. Enter the switch IPv4 address, NAS (Network Attached Server) type, and
the key used in the FreeRADIUS clients.conf file. For example, if the switch
IP address is 10.10.10.125 and the key (“secret”) is “1234”, you would enter
the following in the server’s clients.conf file:
Figure 7-10. Example of Switch Identity Information for a FreeRADIUS Application
3. For a given client username/password pair, create an ACL by entering one
or more IPv4 ACEs in the FreeRADIUS “users” file. Remember that the
ACL you create to filter IPv4 traffic automatically includes an implicit deny
in ip from any to any ACE (for IPv4). For example, suppose that you wanted
to create ACL support for a client having a username of “User-10” and a
password of “auth7X”. The ACL in this example must achieve the follow-
ing:
VENDOR HP 11
BEGIN-VENDOR HP
ATTRIBUTE HP-Nas-filter-Rule 61 STRING
END-VENDOR HP
HP Vendor-Specific ID
HP Vendor-Specific Attribute for
RADIUS-Assigned ACLs
Note that if you were also using the RADIUS server to
administer 802.1p (CoS) priority and/or Rate-Limiting, you
would also insert the ATTRIBUTE entries for these
functions above the END-VENDOR entry.
client 10.10.18.12
nastype = other
secret = 1234
Note: The key configured in the switch and the
secret configured in the RADIUS server
supporting the switch must be identical. Refer
to the chapter titled “RADIUS Authentication
and Accounting” in the latest Access Security
Guide for your switch.

Table of Contents

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the HP E3800 Series and is the answer not in the manual?

HP E3800 Series Specifications

General IconGeneral
BrandHP
ModelE3800 Series
CategorySwitch
LanguageEnglish

Related product manuals