MSM7xx Controllers Configuration Guide v6.4.0

ManualsBrandsHP ManualsNetwork HardwareHP 425 Wireless Dual Radio 802.11n (JP) Access Point

341

342

343

344

345

346

347

348

349

350

Remote

• Active Directory: User logins are authenticated via Active Directory. To setup Active

Directory support go to the Controller >> Security > Active Directory page.

• RADIUS: User logins are authenticated via an external RADIUS server. To setup the

connection to an external RADIUS server, go to the Controller >> Authentication > RADIUS

profiles page.

◦ Request RADIUS CUI: Enable this option to support the Chargeable User Identity (CUI)

attribute as defined in RFC-4372. The CUI is used to associate a unique identifier

with a user so that the user can be identified (for billing, authentication or other

purposes) when roaming outside of their home network.

• Authentication timeout: Specify length of time (in seconds) that the controller will wait for

the RADIUS server to respond to authentication requests. If the RADIUS server does not

respond within this time period logins are refused.

General

• RADIUS accounting: Enable this option to have the controller generate a RADIUS START/STOP

and interim request for each user. The controller respects the RADIUS interim-update-interval

attribute if present inside the RADIUS access accept of the authentication.

VPN-based authentication

VPN-based authentication can be used to provide secure access for client stations on VSCs that

do not have encryption enabled.

VPN-based authentication has the following properties:

• Authentication is managed by the controller.

• Applies to wireless and wired users.

• Settings are defined on a per-VSC basis.

• Can only be used on access-controlled VSCs.

• Configured using the Add/Edit Virtual Service Community configuration page in the

management tool.

• User credentials can be validated using:

Local user accounts on the controller◦

◦ External RADIUS server

◦ Active Directory

• If you enable this option for a VSC, all wireless users on the VSC must establish a VPN

connection. No other authentication methods (HTML, MAC, 802.1X) can be used on the VSC.

• When users configure their VPN software, they must specify the controller LAN port address

as the address of the VPN server.

• To use this option, one or more of the following VPN features must be enabled and configured

on the Controller >> VPN menu: L2TP server, PPTP server, or IPSec. Once this is done, VPN

support can be enabled on a per-VSC basis and users can connect to any active VPN server.

• On the MSM760, MSM765 zl, and MSM775 zl, a maximum of 50 user sessions are supported

across all VSCs.

VPN-based authentication 349