MSM7xx Controllers Configuration Guide v6.4.0

ManualsBrandsHP ManualsNetwork HardwareHP 425 Wireless Dual Radio 802.11n (JP) Access Point

171

172

173

174

175

176

177

178

179

180

802.1X

Enable this option when the AP is connected to a secured switch port that requires 802.1X

authentication. Once the AP is authenticated, controller discovery proceeds as usual.

NOTE:

• If this option is enabled and the AP is connected to a unsecured switch port, 802.1X is

ignored and discovery proceeds as usual.

• The switch port is expected to be multi-homed, so that once authentication is successful,

tagged and untagged traffic for any MAC addresses (including wireless clients) will be

accepted by the switch.

In this type of environment. deployment can be a challenge, since the AP must already be

configured with the correct 802.1X username and password before it is connected to the

secured switch port. There are three solutions to this problem:

• During AP deployment, 802.1X is deactivated on the switch ports. The APs are connected

and provisioned with the correct 802.1X settings by the controller. Once all APs are

synchronized, 802.1X authentication can be enabled on the switch ports.

• Before being deployed, the APs are first connected to a controller via a non-secure switch.

The APs are provisioned and synchronized with the correct 802.1X settings by the

controller. Next, the APs are deployed to their final location.

• For small deployments, the administrator could connect each AP in turn to a computer and

configure the appropriate 802.1X settings using the AP provisioning interface. This solution

is time consuming and is not a realistic option for a large deployments.

EAP method

Select the extensible authentication protocol method to use:

• PEAP version 0: Authentication occurs using MS-CHAP V2.

• PEAP version 1: Authentication occurs using EAP-GTC.

◦ TTLS: The Tunneled Transport Layer Security protocol requires that the switch first

authenticate itself to the AP by sending a PKI certificate. The AP authenticates itself

to the switch by supplying a username and password over the secure tunnel.

Username

Username that the AP will use inside the TLS tunnel.

Password / Confirm password

Password assigned to the AP.

Anonymous

Name used outside the TLS tunnel by all three EAP methods. If this field is blank, then the

value specified for Username is used instead.

Provisioning discovery

Use the Provisioning > Discovery page to provision the method a controlled AP uses to discover a

controller. Two options can be provisioned: DNS discovery or discovery via IP address. The

following page shows Discovery using DNS provisioned.

Enable provisioning here:

Provisioning APs 175