Procurve Radius Server Anbindung
Zur Navigation springen
Zur Suche springen
Freeradius
- head -3 /etc/freeradius/users
60eb69962da5 Cleartext-Password := "60eb69962da5" xinux Cleartext-Password := "suxer" rudi Cleartext-Password := "wiggel"
- tail -8 /etc/freeradius/clients.conf
client lan-clients { ipaddr = 192.168.240.0 netmask = 21 secret = sysadm require_message_authenticator = no nastype = other }
Radius Server Einrichten
- configure terminal
- radius-server host 192.168.244.49 auth-port 1812 acct-port 1813
- radius-server key sysadm
- end
Radius Server Status anzeigen
- show radius
Status and Counters - General RADIUS Information Deadtime(min) : 0 Timeout(secs) : 5 Retransmit Attempts : 3 Global Encryption Key : sysadm Auth Acct Server IP Addr Port Port Encryption Key --------------- ----- ----- -------------------------------- 192.168.244.49 1812 1813
Set general port-access Parameters
- configure terminal
- aaa authentication ssh login radius local
- aaa authentication ssh enable radius local
- aaa authentication console login radius local
- aaa authentication console enable radius local
Automatisch im Privmode
- aaa authentication login privilege-mode
wenn Service-Type 6 am radiusserver gesetzt ist
DEFAULT Ldap-Group == "cn=switch,ou=groups,dc=xinux,dc=net" Service-Type = 6, DEFAULT Auth-Type := Reject
Authentifizierungseinstellungen anzeigen
- show authentication
Status and Counters - Authentication Information Login Attempts : 3 Respect Privilege : Disabled | Login Login Enable Enable Access Task | Primary Secondary Primary Secondary ----------- + ---------- ---------- ---------- ---------- Console | Radius Local Radius Local Telnet | Local None Local None Port-Access | EapRadius Webui | Local None Local None SSH | Radius Local Radius Local Web-Auth | ChapRadius MAC-Auth | ChapRadius
Generelle Parameter
- configure terminal
- aaa authentication port-access eap-radius
- end
Macbased Access
- configure terminal
- aaa port-access mac-based 22
Config anzeigen
- show port-access ethernet 22 mac-based config
Port Access MAC-Based Configuration MAC Address Format : no-delimiter Client Client Logoff Re-Auth Unauth Auth Port Enabled Limit Moves Period Period VLAN ID VLAN ID ----- -------- ------ ------ --------- --------- -------- -------- 22 Yes 2 No 300 0 0 0
Clients anzeigen
Nicht erfolgreich
- show port-access ethernet 22 mac-based
Port Access MAC-Based Status Authenticated Unauthenticated Current Port Clients Clients VLAN ID ----- ------------- --------------- -------- 22 0 1 10
- show port-access ethernet 22 mac-based clients
Port Access MAC-Based Client Status Port MAC Address Session Status Time ----- ------------- --------------------- -------- 22 00040e-0b182d rejected-no vlan 3 secs
Erfolgreich
- show port-access ethernet 22 mac-based
Port Access MAC-Based Status Authenticated Unauthenticated Current Port Clients Clients VLAN ID ----- ------------- --------------- -------- 22 1 0 10
- show port-access ethernet 22 mac-based clients
Port Access MAC-Based Client Status Port MAC Address Session Status Time ----- ------------- --------------------- -------- 22 60eb69-962da5 authenticated 2 mins
Mehrere Ports Mackontrolle über Radius
- aaa port-access mac-based ethernet 21-24
Links
- http://wiki.freeradius.org/vendor/HP#port-authentication-mechanisms
- http://wiki.freeradius.org/guide/mac-auth
- http://whp-aus2.cold.extweb.hp.com/pub/networking/software/Security-Oct2005-59906024-Chap05-RADIUS.pdf?utm_source=affiliate&utm_medium=cpa&utm_campaign=adgoal+DE+%2528ehem.+oxono%2529&utm_content=0&jumpid=af_zky3rxgb21/site:adgoal+DE+%2528ehem.+oxono%2529