MSM7xx Controllers Configuration Guide v6.4.0
Switch port not bound to a VSC
When a switch port is not bound to a VSC, the following authentication options are supported:
• 802.1X (Switch port)
• MAC-based (Switch port)
If both options are enabled at the same time, then:
• 802.1X takes priority for client stations that are 802.1X enabled. If 802.1X authentication
fails, MAC authentication is not checked and the client station fails to authenticate.
• MAC authentication takes priority for client stations that are not 802.1X enabled. If MAC
authentication fails, then the client station fails to authenticate.
User authentication limits
The following limits apply:
Maximum number of active
user sessions
Maximum number of locally
defined user accounts
Maximum number of
controlled APs
Controller
250100040MSM720
20002000200MSM760
20002000200MSM765 zl, MSM775 zl
250100040Controller Team (MSM720)
20002000800Controller Team (MSM760,
MSM765 zl, MSM775 zl)
802.1X authentication
802.1X is a popular protocol for user authentication that is natively supported on most client
stations. 802.1X authentication can be configured at different levels as described in the following
table.
Switch portVSC
Authentication tasks are managed by the HP 517 or
MSM317.
Authentication tasks are managed by either the controller
or the AP. (Depends on how the VSC is configured.)
Applies to wired users only.Applies to wireless and wired users.
Settings are defined on a per-port basis.Settings are defined on a per-VSC basis.
Can only be used when a switch port is not bound to a
VSC.
Can be used on access-controlled and non-access-controlled
VSCs.
Configured by selecting Controlled APs > [HP 517 or
MSM317 AP ] >> Configuration > Switch ports >
[switch-port ] in the management tool.
Configured using the Add/Edit Virtual Service Community
configuration page in the management tool.
334 User authentication, accounts, and addressing