MSM7xx Controllers Configuration Guide v6.4.0

ManualsBrandsHP ManualsNetwork HardwareHP 425 Wireless Dual Radio 802.11n (JP) Access Point

361

362

363

364

365

366

367

368

369

370

Force NAS-Port to ingress VLAN ID:

When enabled, sets the RADIUS NAS-Port attribute content to the ingress VLAN ID for the

VSC profile the user is connected to. If no ingress VLAN is defined, NAS-Port is set to 0.

The value of the NAS-Port in other locations, such as in placeholders or the system log, is

not changed by enabling this option.

Override NAS ID when acting as a RADIUS proxy

This option applies only when this profile is used with VSCs that do not provide access

control.

When this option is enabled, the controller replaces the value of the NAS ID inside RADIUS

Requests it receives from APs with the value configured for NAS ID.

When this option is disabled, the controller replaces does not change the NAS ID inside

RADIUS Requests it receives from APs. The requests are forwarded to their final destination

unmodified.

Primary/Secondary RADIUS server

Server address

Specify the IP address or fully-qualified domain name of the RADIUS server.

Secret/Confirm secret

Specify the password for the controller to use to communicate with the RADIUS server. The

shared secret is used to authenticate all packets exchanged with the server, proving that

the packets originate from a valid/trusted source.

Authentication realms

When authentication realms are enabled for a profile, selection of the RADIUS server to use

for authentication is based on the realm name, rather than the RADIUS profile name configured.

This applies to any VSC authentication setting that uses the profile.

• Realm names are extracted from user names as follows: if the username is

person1@mydomain.com then mydomain.com is the realm. The authentication request

is sent to the RADIUS profile with the realm name mydomain.com. The username sent for

authentication is still the complete person1@mydomain.com.

• For added flexibility, regular expressions can be used in realm names, enabling a single

realm name to match many users. For example, if a realm name is defined with the regular

expression ^per.* then all usernames beginning with per followed by any number of

characters will match. The following usernames would all match:

per123.biz

per321.lan

per1

Important

• Realms names are not case-sensitive and can be a maximum of 64 characters long.

• You can define a maximum of 200 realms across all RADIUS profiles. There is no limit to

the number of realms that you can define for each RADIUS profile.

• Each RADIUS profile can be associated with one or more realms. However, a realm cannot

be associated with more than one profile.

• A realm overrides the authentication RADIUS server only. The server used for accounting

is not affected.

• When realm configuration is changed in any way, all active user sessions are terminated.

Using a third-party RADIUS server 367