MSM7xx Controllers Configuration Guide v6.4.0

ManualsBrandsHP ManualsNetwork HardwareHP 425 Wireless Dual Radio 802.11n (JP) Access Point

361

362

363

364

365

366

367

368

369

370

Retry interval

Specify the number of seconds that the controller waits before access and accounting

requests time out. If the controller does not receive a reply within this interval, the controller

switches between the primary and secondary RADIUS servers, if a secondary server is

defined. A reply that is received after the retry interval expires is ignored.

Retry interval applies to access and accounting requests that are generated by the following:

• Manager or operator access to the management tool

• User authentication by way of HTML

• MAC-based authentication of devices

• Authentication of the controller

• Authentication of the controlled AP

You can determine the maximum number of retries as follows:

• HTML-based logins: Calculate the number of retries by taking the setting for the

HTML-based logins Authentication Timeout parameter and dividing it by the value of

this parameter. Default settings result in 4 retries (40 / 10).

• MAC-based and controller authentication: Number of retries is infinite.

• 802.1X authentication: Retries are controlled by the 802.1X client software.

Authentication method

Select the default authentication method that the controller uses when exchanging

authentication packets with the RADIUS server defined for this profile. For 802.1X users,

the authentication method is always determined by the 802.1X client software and is not

controlled by this setting. If traffic between the controller and the RADIUS server is not

protected by a VPN, HP recommends that you use either EAP-MD5 or MSCHAP V2 (if

supported by your RADIUS server). PAP and MSCHAP V1 are less secure protocols.

(EAP-MD5 is not supported on VSCs that have WEP with dynamic keys enabled.)

NAS ID

Specify the identifier for the network access server that you want to use for the controller.

By default the serial number of the controller is used. The controller includes the NAS-ID

attribute in all packets that it sends to the RADIUS server.

Always try primary server first

Enable this option if you want to force the controller to contact the primary server first.

Otherwise, the controller sends the first RADIUS access request to the last known RADIUS

server that replied to any previous RADIUS access request. If the request times out, the next

request is sent to the other RADIUS server if defined.

For example, assume that the primary RADIUS server was not reachable and that the

secondary server responded to the last RADIUS access request. When a new authentication

request is received, the controller sends the first RADIUS access request to the secondary

RADIUS server.

If the secondary RADIUS server does not reply, the controller retransmits the RADIUS access

request to the primary RADIUS server. When two servers are configured, the controller

always alternates between the two.

Use message authenticator

When enabled, causes the RADIUS Message-Authenticator attribute to be included in all

RADIUS access requests sent by the AP.

NOTE: This option has no effect on IEEE802dot1x authentication requests. These requests

always include the RADIUS Message-Authenticator attribute.

366 Authentication services