MSM7xx Controllers Configuration Guide v6.4.0

ManualsBrandsHP ManualsNetwork HardwareHP 425 Wireless Dual Radio 802.11n (JP) Access Point

401

402

403

404

405

406

407

408

409

410

Add idle-timeout to RADIUS accounting session-time

When enabled, the controller includes the idle time-out in the total session time for a user when

the session is terminated due to idle time-out.

To remove the idle time-out from the total session time, disable this option.

Automatically reauthenticate HTML-based users for nn min

When this option is enabled, you can specify the amount of time that the controller will remember

the login credentials for an HTML-based user after they log out. If the user reconnects to the

network before this timeout expires, they are automatically logged in, and instead of being

redirected to the Login page, they are redirected to the Welcome-back page.

For this feature to work, users must have successfully been logged in at least once via HTML

and must have the same IP address and MAC address as their initial login when they return.

Also, the session must have been terminated involuntarily. For example, by the user moving

out of range, or their computer being restarted. If the user terminates their session, they will

not be automatically re-authenticated.

To support this functionality, the DHCP server on the controller needs to be enabled. It will

attempt to reserve a users assigned DCHP addresses even after their lease time has expired.

As long as free addresses remain in the DHCP address pool, the expired address will not be

reassigned to a new user.

NOTE:

• The controller remembers login credentials even if the controller is restarted for

administrative reasons.

• This feature may not work for users whose actual IP or MAC address is hidden by an

intervening router or other network device.

Reauthenticate users on location change

When this option is enabled, the controller will automatically reauthenticate users when they

switch to:

• a wireless cell with a different SSID

• a different VLAN ID on the same VSC

• an AP with a different MAC address

• an AP with a different group name

• a different wireless mode

NOTE: This feature is only supported when using an external RADIUS server for authentication

tasks.

Maximum concurrently authenticated public access users

Specify the maximum number of users that can be authenticated and logged into the public

access interface at the same time.

Client polling

The controller polls authenticated client stations to ensure that they are active. If no response is

received and the number of specified retries is reached, the client station is disconnected. To use

this feature, client stations must have L2 connectivity to the controller.

This feature enables the controller to detect if two client stations are using the same IP address but

have different MAC addresses. If this occurs, access is terminated for this IP address removing

both stations from the network.

Changing these values may have security implications. A large interval provides a greater

opportunity for a session to be hijacked.

Configuring global access control options 401