Remote Authentication Dial-In User Service (RADIUS) is a networking protocol that provides centralized Authentication, Authorization, and Accounting (AAA) management for users that connect and use a network service. RADIUS is the transport for AAA services. The services can include the user profiles including storing user credentials, user access policies, and user activity statistics which can reside on the same server. Gateway devices that control network access, such as remote access servers, VPN servers, and network switches, can use the RADIUS protocol to communicate with a RADIUS server for:
-
Authentication — verifying user credentials regarding granted access to their networks.
-
Authorization — verifying user access policy on how much and what kind of resources are allowed for an authenticated user.
-
Accounting — keeping statistic information about the user activities for accounting purpose.
This chapter provides information used for configuring CoS (802.1p priority), rate-limiting, and ACL client services on a RADIUS server. For information on configuring client authentication capability on the switch, see RADIUS Authentication, Authorization, and Accounting.
RADIUS services supported on the switch
Service | Application | Standard RADIUS attribute[a] | HP vendor-specific RADIUS attribute (VSA) |
---|---|---|---|
CoS (Priority) | per-user | 59 | 40 |
Ingress Rate-Limiting | per-user | — | 46 |
Egress Rate-Limiting | per-port2[b] | — | 48 |
ACLs | |||
IPv6 and/or IPv4 ACEs(NAS-Filter-Rule) | per-user | 92 | 61 |
NAS-Rules-IPv6 (sets IP mode to IPv4-only or IPv4 and IPv6) | per-user | — | 63 |
[a] HP recommends using the Standard RADIUS attribute if available. Where both a standard attribute and a VSA are available, the VSA is maintained for backwards compatibility with configurations based on earlier software releases. [b] If multiple clients are authenticated on a port where per-port rules are assigned by a RADIUS server, then the most recently assigned rule is applied to the traffic of all clients authenticated on the port. |