7-1
7
Configuring RADIUS Server Support for
Switch Services
Overview
This chapter provides information used for configuring CoS (802.1p priority),
rate-limiting, and ACL client services on a RADIUS server. For information on
configuring client authentication capability on the switch, refer to chapter 6,
“RADIUS Authentication, Authorization, and Accounting”.
Table 7-1.
RADIUS Services Supported on the Switch
RADIUS Client and Server Requirements
■
Clients can be dual-stack, IPv4-only or IPv6 only.
■
Client authentication can be through 802.1X, MAC Auth, or Web Auth.
(Clients using Web Auth must be IPv4-capable.)
■
Server must support IPv4 and have an IPv4 address.
Service
Application Standard RADIUS
Attribute
1
HP Vendor-
Specific RADIUS
Attribute (VSA)
Cos (Priority)
per-user
59
40
Ingress Rate-Limiting
per-user
—
46
Egress Rate-Limiting
per-port
2
—
48
ACLs
IPv6 and/or IPv4 ACEs
(NAS-Filter-Rule)
per-user
92
61
NAS-Rules-IPv6 (sets IP mode to
IPv4-only or IPv4 and IPv6)
per-user
—
63
1
HP recommends using the Standard RADIUS attribute if available.
2
If multiple clients are
authenticated on a port where
per-port
rules are assigned by a RADIUS server, then the most
recently assigned rule is applied to the traffic of all clients authenticated on the port.
Summary of Contents for E3800 Series
Page 2: ......
Page 3: ...HP Networking E3800 Switches Access Security Guide September 2011 KA 15 03 ...
Page 30: ...xxviii ...
Page 86: ...2 36 Configuring Username and Password Security Password Recovery ...
Page 186: ...4 72 Web and MAC Authentication Client Status ...
Page 364: ...8 32 Configuring Secure Shell SSH Messages Related to SSH Operation ...
Page 510: ...10 130 IPv4 Access Control Lists ACLs General ACL Operating Notes ...
Page 548: ...11 38 Configuring Advanced Threat Protection Using the Instrumentation Monitor ...
Page 572: ...12 24 Traffic Security Filters and Monitors Configuring Traffic Security Filters ...
Page 730: ...20 Index ...
Page 731: ......