HP A 5120 Manual

Here you can view all the pages of manual HP A 5120 Manual. The HP manuals for Switch are available online for free. You can easily download all the documents as PDF.

Overview View all the pages Comments

Page 61

51 
Figure 15 Configure AAA for 802.1X users by a RADIUS server 
 
 
Configuration procedure 
 
 NOTE: 
 Configure the interfaces and VLANs as shown in Figure 15. Make sure that the host can get a new IP address 
manually or automatically and can access resources in the authorized VLAN after passing authentication.  
1. Configure the RADIUS server (iMC PLAT 5.0)  
 NOTE: 
This example assumes that the RADIUS server runs iMC PLAT 5.0 (E0101), iMC UAM 5.0 (E0101), and 
iMC CAMS 5.0 (E0101).  
# Add an...

Page 62

52 
Figure 16 Add an access device 
 
 
# Add a charging policy.  
Select the Service tab, and select Accounting Manager > Charging Plans from the navigation tree to enter 
the charging  policy  configuration page. Then,  click Add to  enter  the Add Charging  Plan page  and 
perform the following configurations: 
 Add a plan named UserAcct  
 Select Flat rate as the charging template 
 In the Basic Plan Settings field, configure to charge the fixed fee of 120 dollars per month 
 In  the Service...

Page 63

53 
Select  the Service tab,  and  select User  Access  Manager > Service  Configuration from  the  navigation  tree 
to enter the Service Configuration page. Then, click Add to enter the Add Service Configuration page and 
perform the following configurations: 
 Add  a service named Dot1x  auth and  set  the Service  Suffix to bbb,  which  indicates the 
authentication  domain  for  the  802.1X  user.  With  the  service  suffix  configured,  you must  configure 
usernames to be sent to the RADIUS...

Page 64

54 
Figure 19 Add an access user account 
  
 
2. Configure the switch 
 Configure a RADIUS scheme 
# Create a RADIUS scheme named rad and enter its view. 
 system-view 
[Switch] radius scheme rad 
#  Set  the  server  type for  the  RADIUS  scheme.  When  using  the  iMC  server,  set the  server  type to 
extended. 
[Switch-radius-rad] server-type extended 
# Specify the  primary  authentication  server and primary  accounting  server,  and configure the keys  for 
communication with the servers....

Page 65

55 
# Configure bbb as the default ISP domain for all users. Then, if a user enters a username without any ISP 
domain at  login,  the authentication  and  accounting  methods  of  the  default  domain will  be  used for  the 
user. 
[Switch] domain default enable bbb 
 Configure 802.1X authentication 
# Enable 802.1X globally. 
[Switch] dot1x 
# Enable 802.1X for port GigabitEthernet 1/0/1.   
[Switch] interface gigabitethernet 1/0/1 
[Switch-GigabitEthernet1/0/1] dot1x 
[Switch-GigabitEthernet1/0/1]...

Page 66

56 
Priority=Disable 
Start=2011-04-26 19:41:12 ,Current=2011-04-26 19:41:25 ,Online=00h00m14s 
 Total 1 connection matched.   
As the Authorized VLAN field in the output shows, VLAN 4 has been assigned to the user.  
Level switching authentication for Telnet users by an 
HWTACACS server 
Network requirements 
As shown in Figure 20, configure the switch to use local authentication for the Telnet user and assign the 
privilege level of 0 to the user after the user passes authentication. 
Configure the...

Page 67

57 
 system-view 
[Switch] interface vlan-interface 2 
[Switch-Vlan-interface2] ip address 192.168.1.70 255.255.255.0 
[Switch-Vlan-interface2] quit 
# Configure the IP address of VLAN-interface 3, through which the switch communicates with the server.  
[Switch] interface vlan-interface 3 
[Switch-Vlan-interface3] ip address 10.1.1.2 255.255.255.0 
[Switch-Vlan-interface3] quit 
# Enable the switch to provide Telnet service. 
[Switch] telnet server enable 
# Configure the switch to use AAA for Telnet...

Page 68

58 
[Switch] quit 
2. Configure the HWTACACS server  
 NOTE: 
The HWTACACS server in this example runs ACSv4.0.   
Add  a user  named tester on  the  HWTACACS  server  and  configure  advanced  attributes  for  the  user  as 
follows and as shown in Figure 21:  
 Select Max  Privilege  for  any  AAA  Client and  set  the  privilege  level  to  level  3.  After these 
configurations,  the  user  needs  to  use  the  password enabpass when  switching  to  level  1,  level  2,  or 
level 3.  
 Select Use...

Page 69

59 
Connected to 192.168.1.70 ... 
****************************************************************************** 
* Copyright (c) 2010-2011 Hewlett-Packard Development Company, L.P.          * 
* Without the owners prior written consent,                                 * 
* no decompiling or reverse-engineering shall be allowed.                    * 
****************************************************************************** 
 
Login authentication 
 
Username:test@bbb 
Password: 
 ? 
User view...

Page 70

60 
Set  the shared  keys  for  authentication  and  authorization  packets  exchanged  between  the  NAS  and  the 
RADIUS  server to abc. Configure  the  switch  to remove  the  domain  names  in usernames before sending 
usernames to the RADIUS server.  
Figure 22 RADIUS authentication and authorization for Telnet users by a network device 
 
 
Configuration procedure 
# Configure an IP address for each interface as shown in Figure 22. The detailed configuration is omitted 
here.  
1. Configure the...

Start reading HP A 5120 Manual

Related Manuals for HP A 5120 Manual

HP 18108 Instruction Manual
71 pages | HP Switch
HP A 5120 Manual
1464 pages | HP Switch

All HP manuals