HPE Community
BladeSystem - General
1819689 Members
3344 Online
109605 Solutions
New Discussion

RADIUS Attributes for Virtual Connect

 
chuckk281
Trusted Contributor

‎06-04-2012 09:17 AM

‎06-04-2012 09:17 AM

RADIUS Attributes for Virtual Connect

Glen had a RADIUS question for Virtual Connect:

 

*******************

 

Can someone please advise the details for implementing RADIUS authorization with VC?  Specifically, what is the Vendor Specific Attribute number for Virtual Connect? Is there any detailed documentation for implementing RADIUS with VC (other than the VC User Guide)?

 

*************

 

Info from Pallavi:

 

********************

 

Below are the steps to configure RADIUS on VC. You can refer the attachment for  some more details on the RADIUS implementation in VC.

Hope this is useful.  

 

Configuring RADIUS authentication on VC

To configure RADIUS on VC, do the following using the VCM GUI or CLI:

Configuring RADIUS using VCM GUI

  1. Login to the VCM GUI as Administrator.
  2. Turn RADIUS authentication on, and then configure the RADIUS server.
  3. Configure the RADIUS Server key.
  4. If desired, the default UDP port number used to listen to RADIUS can be changed. The well-known port for RADIUS is 1812. Two devices exchanging RADIUS packets must use the same port numbers.
  5. Configure the timeout period for contacting the RADIUS server.
  6. Optionally configure the secondary server, if needed.
  7. Apply and save the configuration.

Configuring RADIUS using VCM CLI

  1. Login to the VCM CLI as a non–RADIUS user with domain privilege.
  2. Run the following command to set the TACACS configuration parameters:

a) Configure primary server

-> set radius Enabled=true ServerAddress=<primary server address> Port=1812 ServerKey=<shared-secret server key-as-configured-on-primary-server> Timeout=<no. of seconds>

Example:

-> set radius Enabled=true ServerAddress=10.10.10.113 Port=1812 ServerKey=testing123 Timeout=4

b) Configure secondary server (optional)

-> set radius SecondaryServerAddress=<secondary server address> SecondaryPort=1812 SecondaryServerKey=<shared-secret server key-as-configured-on-secondary-server> SecondaryTimeout=<no. of seconds>

Example:

-> set radius SecondaryServerAddress=10.10.10.115 SecondaryPort=1812 SecondaryServerKey=testing456 Timeout=3

NOTE: Primary and secondary servers can be configured in one command.

  1. Verify the RADIUS configuration parameters set as shown below:

-> show radius

Enabled                : true

ServerAddress          : 10.10.10.113

Port                   : 1812

Timeout                : 4

SecondaryServerAddress : 10.10.10.115

SecondaryPort          : 1812

SecondaryTimeout       : 4

NOTE: Server keys will not be displayed in the CLI output given above.

 

  1. If you have logged in using VCM CLI, run the following command to add a RADIUS group. The group-name must match a group configured on the RADIUS server for the relevant user:

-> add radius-group <group-name> privileges=...

Eg: -> add radius-group test privileges=network,storage

  1. Verify the RADIUS group configuration as shown below:

->show radius-group

==================================

Name    Privileges   Description

==================================

test    network      -- --

        storage

----------------------------------

 

 webpic94.png

 

Let me know if you need any more information.

 

***************

 

Comments or questions?

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.