Home > HP > Printer > HP 5500 Ei 5500 Si Switch Series Configuration Guide

HP 5500 Ei 5500 Si Switch Series Configuration Guide

Add to Favourites
    Download as PDF

    Here you can view all the pages of manual HP 5500 Ei 5500 Si Switch Series Configuration Guide. The HP manuals for Printer are available online for free. You can easily download all the documents as PDF.

    Overview View all the pages Comments

    Page 1671

    Page 1671 6 No. Attribute No. Attribute 27 Session-Timeout 74 ARAP-Security-Data 28 Idle-Timeout 75 Password-Retry 29 Termination-Action 76 Prompt 30 Called-Station-Id 77 Connect-Info 31 Calling-Station-Id 78 Configuration-Token 32 NAS-Identifier 79 EAP-Message 33 Proxy-State 80 Message-Authenticator 34 Login-LAT-Service 81 Tunnel-Private-Group-id 35 Login-LAT-Node 82 Tunnel-Assignment-id 36 Login-LAT-Group 83 Tunnel-Preference 37 Framed-AppleTalk-Link 84 ARAP-Challenge-Response 38... 
    6 
No. Attribute No.  Attribute 
27 Session-Timeout  74 ARAP-Security-Data 
28 Idle-Timeout  75  Password-Retry 
29 Termination-Action 76  Prompt 
30 Called-Station-Id 77  Connect-Info 
31 Calling-Station-Id  78  Configuration-Token 
32 NAS-Identifier  79  EAP-Message 
33 Proxy-State 80  Message-Authenticator 
34 Login-LAT-Service  81  Tunnel-Private-Group-id 
35 Login-LAT-Node  82  Tunnel-Assignment-id 
36 Login-LAT-Group 83  Tunnel-Preference 
37 Framed-AppleTalk-Link  84  ARAP-Challenge-Response 
38...

    Page 1672

    Page 1672 7 Figure 5 Segment of a RADIUS packet cont aining an extended attribute HWTACACS HW Terminal Access Controller Access Control System (HWTACACS) is an enhanced security protocol based on TACACS (RFC 1492). Similar to RADIUS, it uses a client/server model for information exchange between the NAS and the HWTACACS server. HWTACACS typically provides AAA services for Point-to -Point Protocol (PPP) users, Virtual Private Dial-up Network (VPDN) users, and terminal users. In a typical HWTACACS... 
    7 
Figure 5 Segment of a RADIUS packet cont aining an extended attribute 
 
 
HWTACACS 
HW Terminal Access Controller Access Control System (HWTACACS) is an enhanced security protocol 
based on TACACS (RFC 1492). Similar to RADIUS, it uses a client/server model for information 
exchange between the NAS and the HWTACACS server.  
HWTACACS typically provides AAA services for Point-to -Point Protocol (PPP) users, Virtual Private Dial-up 
Network (VPDN) users, and terminal users. In a typical HWTACACS...

    Page 1673

    Page 1673 8 Figure 6 Basic HWTACACS message exchange process for a Telnet user HWTACACS operates in the following manner: 1. A Telnet user sends an access request to the HWTACACS client. 2. Upon receiving the request, th e HWTACACS client sends a star t-authentication packet to the HWTACACS server. 3. The HWTACACS server sends back an authentication response to re quest the username. 4. Upon receiving the response, the HWTACACS client asks the user for the username. 5. The user enters the username.... 
    8 
Figure 6 Basic HWTACACS message exchange  process for a Telnet user 
 
 
HWTACACS operates in the following manner: 
1. A Telnet user sends an access request to the HWTACACS client.  
2. Upon receiving the request, th e HWTACACS client sends a star t-authentication packet to the 
HWTACACS server. 
3.  The HWTACACS server sends back an authentication response to re quest the username.  
4. Upon receiving the response, the HWTACACS client asks the user for the username. 
5. The user enters the username....

    Page 1674

    Page 1674 9 9. The user enters the password. 10. After receiving the login password, the HWTACACS client sends the HWTACACS server a continue-authentication packet th at carries the login password. 11. The HWTACACS server sends back an authenticati on response to indicate that the user has passed authentication. 12. The HWTACACS client sends the user authoriz ation request packet to the HWTACACS server. 13. The HWTACACS server sends back the authorizatio n response, indicating that the user is now... 
    9 
9.
 
The user enters the password. 
10.  After receiving the login password, the HWTACACS client sends the HWTACACS server a 
continue-authentication packet th at carries the login password. 
11. The HWTACACS server sends back an authenticati on response to indicate that the user has 
passed authentication. 
12.  The HWTACACS client sends the user authoriz ation request packet to the HWTACACS server. 
13. The HWTACACS server sends back the authorizatio n response, indicating that the user is now...

    Page 1675

    Page 1675 10 • Po r t a l u s e r s —Users who must pass portal authentication to access the network. In addition, AAA provides the following services for login users to enhance switch security: • Command authorization —Enables the NAS to defer to the authorization server to determine whether a command entered by a login user is permitted for the user, making sure that login users execute only commands they are authorized to execute. For more information about command authorization, see Fundamentals... 
    10 
•  Po r t a l  u s e r s —Users who must pass portal authentication to access the network. 
In addition, AAA provides the following services for login users to enhance switch security: 
•   Command authorization —Enables the NAS to defer to the authorization server to determine 
whether a command entered by a login user is permitted for the user, making sure that login users 
execute only commands they are authorized to execute. For more information about command 
authorization, see  Fundamentals...

    Page 1676

    Page 1676 11 You can create and delete RADIUS clients, which are identified by IP addresses and configured with attributes such as a shared key. With a ma naged client range configured, the RADIUS server processes only the RADIUS packets from the clie nts within the management range. A shared key is used to ensure secure co mmunication between a RADIUS cl ient and the RADIUS server. • RADIUS authentication and authorization With the RADIUS server enabled, the switch checks whether or not the client of an... 
    11 
You can create and delete RADIUS clients, which are identified by IP addresses and configured 
with attributes such as a shared key. With a ma naged client range configured, the RADIUS server 
processes only the RADIUS packets from the clie nts within the management range. A shared key 
is used to ensure secure co mmunication between a RADIUS cl ient and the RADIUS server.  
•   RADIUS authentication and authorization 
With the RADIUS server enabled, the switch checks whether or not the client of an...

    Page 1677

    Page 1677 12 • RFC 2865, Remote Authentication Dial In User Service (RADIUS) • RFC 2866, RADIUS Accounting • RFC 2867, RADIUS Accounting Modifications for Tunnel Protocol Support • RFC 2868, RADIUS Attributes for Tunnel Protocol Support • RFC 2869, RADIUS Extensions • RFC 1492, An Access Control Protocol, Sometimes Called TACACS RADIUS attributes Commonly used standard RADIUS attributes No. Attribute Description 1 User-Name Name of the user to be authenticated. 2 User-Password... 
    12 
•  RFC 2865,  Remote Authentication Dial In User Service (RADIUS)  
•   RFC 2866,  RADIUS Accounting  
•   RFC 2867,  RADIUS Accounting Modifications for Tunnel Protocol Support 
•   RFC 2868,  RADIUS Attributes for Tunnel Protocol Support  
•   RFC 2869,  RADIUS Extensions 
•   RFC 1492,  An Access Control Protocol, Sometimes Called TACACS  
RADIUS attributes 
Commonly used standard RADIUS attributes 
 
No. Attribute  Description 
1  User-Name  Name of the user to be authenticated. 
2 User-Password...

    Page 1678

    Page 1678 13 No. Attribute Description 40 Acct-Status-Type Type of the Accounting-Request packe t. Possible values are as follows: • 1 —Start. • 2 —Stop. • 3 —Interim-Update. • 4 —Reset-Charge. • 7 —Accounting-On. (Defined in 3GPP, the 3rd Generation Partnership Project.) • 8 —Accounting-Off. (Defined in 3GPP.) • 9 to 14 —Reserved for tunnel accounting. • 15 —Reserved for failed. 45 Acct-Authentic Authentication method used by the use r. Possible values are as follows: • 1 —RADIUS. • 2 —Local. • 3... 
    13 
No. Attribute  Description 
40 Acct-Status-Type Type of the Accounting-Request packe
t. Possible values are as follows: 
• 1 —Start. 
• 2 —Stop. 
• 3 —Interim-Update. 
• 4 —Reset-Charge. 
• 7 —Accounting-On. (Defined in 3GPP, the 3rd Generation Partnership 
Project.) 
•  8 —Accounting-Off. (Defined in 3GPP.) 
• 9 to 14 —Reserved for tunnel accounting. 
• 15 —Reserved for failed. 
45 Acct-Authentic  Authentication method used by the use
r. Possible values are as follows: • 1 —RADIUS. 
• 2 —Local. 
• 3...

    Page 1679

    Page 1679 14 No. Sub-attribute Description 20 Command Operation for the session, used for session control. It can be: • 1 —Trigger-Request. • 2 —Terminate-Request. • 3 —SetPolicy. • 4 —Result. • 5 —PortalClear. 24 Control_Identifier Identification for retransmitted packet s. For retransmitted packets of the same session, this attribute must take the same value. For retransmitted packets of different sessions, this a ttribute may take the same value. The client response of a retransmitted pack et... 
    14 
No. Sub-attribute Description 
20 Command  Operation for the session, used for session control. It can be: 
•
 1 —Trigger-Request. 
• 2 —Terminate-Request. 
• 3 —SetPolicy. 
• 4 —Result. 
• 5 —PortalClear. 
24 Control_Identifier  Identification for retransmitted packet
s. For retransmitted packets of the 
same session, this attribute must take  the same value. For retransmitted 
packets of different sessions, this a ttribute may take the same value. The 
client response of a retransmitted pack et...

    Page 1680

    Page 1680 15 No. Sub-attribute Description 207 Backup-NAS-IP Backup source IP address for sending RADIUS packets. 255 Product_ID Product name. AAA configuration considerations and task list To configure AAA, you must complete these tasks on the NAS: 1. Configure the required AAA schemes. { Local authentication —Configure local users and the related attributes, including the usernames and passwords of the users to be authenticated. { Remote authentication—Configure the required R ADIUS and HW... 
    15 
No. Sub-attribute Description 
207 Backup-NAS-IP  Backup source IP address for sending RADIUS packets. 
255 Product_ID  Product name. 
 
AAA configuration considerations and task list 
To configure AAA, you must complete these tasks on the NAS:  
1. Configure the required AAA schemes. 
{  Local authentication —Configure local users and the related attributes, including the usernames 
and passwords of the users to be authenticated.  
{  Remote authentication—Configure the required R ADIUS and HW...
    Start reading HP 5500 Ei 5500 Si Switch Series Configuration Guide

    Related Manuals for HP 5500 Ei 5500 Si Switch Series Configuration Guide

    All HP manuals