How to enable RADIUS switch login authentication on an HP switch - This article provides a general overview of how to windows domain usernames and passwords to log onto your HP switch.
It assumes you have a basic knowledge of Microsofts implementation of RADIUS, Network Policy Server (NPS)
Switch configuration
Configure the radius server configuration on the switch (Configure the Microsoft NPS RADIUS server, with a matching key)
radius-server host 192.168.50.80 key reallysecretkey
Put the following configuration on the switch
aaa authentication login privilege-mode
aaa authentication console login radius local
aaa authentication console enable radius local
aaa authentication telnet login radius local
aaa authentication telnet enable radius local
aaa authentication web login radius local
aaa authentication web enable radius local
aaa authentication ssh login radius local
aaa authentication ssh enable radius local
Windows NPS / RADIUS Configuration
Set up your RADIUS server to allow the auth requests
I normally create a group in Active Directory, called NetworkAdmins, and then add the users who will be maintaining the switches to that group..
Add the switch as a client to NPS - I like to prefix all my switches with SW- so that I can reference all switches when I create policies
Match the shared secret with the key you created on the switch earlier
Set up the connection request policy as follows.
Then set up the Network Policy
And then the trickery to make it work, you are returning an attribute here.
Note, you may have to change the the source IP address, so that the switch sources the RADIUS requests from the correct IP address.
How to change the source IP address on an HP Provision switch
ip source-interface radius 1.2.3.4
Enjoy :)