Configuration Examples‎ > ‎HP / HPE‎ > ‎Aruba HPE‎ > ‎

HPE Procurve / Provision & Radius

How to enable RADIUS switch login authentication on an HP switch - This article provides a general overview of how to windows domain usernames and passwords to log onto your HP switch.

It assumes you have a basic knowledge of Microsofts implementation of RADIUS, Network Policy Server (NPS)

Switch configuration

Configure the radius server configuration on the switch (Configure the Microsoft NPS RADIUS server, with a matching key)

radius-server host 192.168.50.80 key reallysecretkey

Put the following configuration on the switch

aaa authentication login privilege-mode
aaa authentication console login radius local
aaa authentication console enable radius local
aaa authentication telnet login radius local
aaa authentication telnet enable radius local
aaa authentication web login radius local
aaa authentication web enable radius local
aaa authentication ssh login radius local
aaa authentication ssh enable radius local

Windows NPS / RADIUS Configuration

Set up your RADIUS server to allow the auth requests

I normally create a group in Active Directory, called NetworkAdmins, and then add the users who will be maintaining the switches to that group..

Add the switch as a client to NPS - I like to prefix all my switches with SW- so that I can reference all switches when I create policies

Match the shared secret with the key you created on the switch earlier

client


Set up the connection request policy as follows.







Then set up the Network Policy








And then the trickery to make it work, you are returning an attribute here.




Note, you may have to change the the source IP address, so that the switch sources the RADIUS requests from the correct IP address.

How to change the source IP address on an HP Provision switch

ip source-interface radius 1.2.3.4

Enjoy :)