RADIUS Authentication, Authorization, and Accounting


RADIUS (Remote Authentication Dial-In User Service) enables you to use up to fifteen servers and maintain separate authentication and accounting for each RADIUS server employed.

Authentication Services

Authentication with RADIUS allows for a unique password for each user, instead of the need to maintain and distribute switch-specific passwords to all users.

RADIUS verifies identity for the following types of primary password access to the HP switch:

  • Serial port (console)

  • Telnet

  • SSH


  • WebAgent

  • Port-Access (802.1X)

The switch also supports RADIUS accounting for Web Authentication and MAC authentication sessions.

[NOTE: ]

NOTE: The switch does not support RADIUS security for SNMP (network management) access. For information on blocking access through the WebAgent, see Controlling WebAgent access.

Accounting services

RADIUS accounting on the switch collects resource consumption data and forwards it to the RADIUS server. This data can be used for trend analysis, capacity planning, billing, auditing, and cost analysis.

RADIUS-administered CoS and rate-limiting

The switches covered in this guide take advantage of vendor-specific attributes (VSAs) applied in a RADIUS server to support these optional, RADIUS-assigned attributes:

  • 802.1p (CoS) priority assignment to inbound traffic on the specified port(s) (port-access authentication only)

  • Per-Port Rate-Limiting on a port with an active link to an authenticated client (port-access authentication only)

RADIUS-administered commands authorization

This feature enables RADIUS server control of an authenticated client’s access to CLI commands on the switch. See Commands authorization.

SNMP access to the switch's authentication configuration MIB

The switch’s default configuration allows SNMP access to the hpSwitchAuth MIB (Management Information Base). A management station running an SNMP networked device management application such as HP PCM+ or HP OpenView can access the switch’s MIB for read access to the switch’s status and read/write access to the switch’s configuration. For more information, including the CLI command to use for disabling this feature, see Using SNMP to view and configure switch authentication features.