Manualshelf

MSM7xx Controllers Configuration Guide v6.4.0

ManualsBrandsHP ManualsNetwork HardwareHP 425 Wireless Dual Radio 802.11n (JP) Access Point
361362363364365366367368369370
Using a third-party RADIUS server
A third-party RADIUS server can be used to perform a number of authentication and configuration
tasks, as shown in the following table.
For more information, see ...Task
“Setting up manager and operator accounts (page 18).Validating administrative user credentials.
“Wireless protection (page 127).Validating user credentials for 802.1X, MAC, MAC-based,
and HTML—based authentication types.
“HTML-based user logins (page 132).
“MAC-based authentication” (page 132).
“Working with RADIUS attributes” (page 435)Storing custom configuration settings for the public access
interface.
Storing custom configuration settings for each user.
Storing accounting information for each user.
The following authentication types can make use of an external third-party RADIUS server:
For details, see ...Service
“802.1X authentication (page 334)802.1X (VSC)
“MAC-based authentication” (page 132)MAC-based (Global)
“MAC-based authentication” (page 132)MAC-based (VSC)
“HTML-based authentication (page 347)HTML-based
“VPN-based authentication (page 349)VPN-based
Configuring a RADIUS server profile
The controller enables you to define up to 64 RADIUS profiles (depending on the license that is
installed). Each profile defines the settings for a RADIUS client connection. To support a client
connection, you must create a client account on the RADIUS server. The settings for this account
must match the profile settings you define on the controller.
For backup redundancy, each profile supports a primary and secondary server.
The controller can function with any RADIUS server that supports RFC 2865 and RFC 2866.
Authentication occurs via authentication types such as: EAP-MD5, CHAP, MSCHAP v1/v2, PAP,
EAP-TLS, EAP-TTLS, EAP-PEAP, EAP-SIM, EAP-AKA, EAP-FAST, and EAP-GTC. (EAP-MD5 is not
supported on VSCs that have WEP with dynamic keys enabled.)
CAUTION: To safeguard the integrity of RADIUS traffic it is important that you protect
communications between the controller and the RADIUS server. The controller lets you use PPTP or
IPSec to create a secure tunnel to the RADIUS server. For complete instructions on how to accomplish
this, see “Securing wireless client sessions with VPNs (page 507).
NOTE: If you change a RADIUS profile to connect to a different server while users are active, all
RADIUS traffic for active user sessions is immediately sent to the new server.
364 Authentication services