HP (Hewlett-Packard) SAN Switch ユーザーズマニュアル
54
Configuring RADIUS servers
IMPORTANT:
RADIUS server support is available only with the McDATA SANtegrity Enhanced PFE key
and can be managed only with the CLI and Element Manager. Element Manager also requires a PFE key.
See ”
See ”
” on page 82 for more information about installing a PFE
key. To obtain the McDATA 4Gb SAN Switch serial number and PFE key, follow the step-by-step instructions
on the firmware feature entitlement request certificate for the PFE key. You can obtain a PFE key from the
web at:
on the firmware feature entitlement request certificate for the PFE key. You can obtain a PFE key from the
web at:
A RADIUS server authenticates users and devices using a challenge/response protocol over a secure SSL
connection. Basic implementations consist of a central RADIUS server containing a database of authorized
users as well as authentication information. A RADIUS client wishing to verify the authenticity of a user
issues a challenge to the user and collects the response to the challenge. This information is forwarded to
the RADIUS server for authentication and the server responds with the results, either an accept or reject.
connection. Basic implementations consist of a central RADIUS server containing a database of authorized
users as well as authentication information. A RADIUS client wishing to verify the authenticity of a user
issues a challenge to the user and collects the response to the challenge. This information is forwarded to
the RADIUS server for authentication and the server responds with the results, either an accept or reject.
The RADIUS client does not need to be configured with any user authentication information, this all resides
on the RADIUS server and can be managed centrally and separately from the clients. In addition, no
passwords are exchanged between the RADIUS server and its clients. Authentication of requests from a
RADIUS client to the server and responses from the server to a client can also be authenticated. This
requires sharing a secret between the server and client.
on the RADIUS server and can be managed centrally and separately from the clients. In addition, no
passwords are exchanged between the RADIUS server and its clients. Authentication of requests from a
RADIUS client to the server and responses from the server to a client can also be authenticated. This
requires sharing a secret between the server and client.
The accounting RADIUS supports the auditing of the users and switch services such as Telnet, FTP, and
switch management applications. The RADIUS Accounting Server enables (True) or disables (False) the
auditing of activity during a user session. The default is False. When enabled, user activity is audited
whether UserAuthServer is enabled or not. The accounting server UDP port number is the ServerUDPPort
value plus 1 (default 1813).
switch management applications. The RADIUS Accounting Server enables (True) or disables (False) the
auditing of activity during a user session. The default is False. When enabled, user activity is audited
whether UserAuthServer is enabled or not. The accounting server UDP port number is the ServerUDPPort
value plus 1 (default 1813).
Configuring RADIUS servers involves the following tasks: