MSM7xx Controllers Configuration Guide v6.4.0

ManualsBrandsHP ManualsNetwork HardwareHP 425 Wireless Dual Radio 802.11n (WW) Access Point

131

132

133

134

135

136

137

138

139

140

Features

• Authentication: The AP supports 802.1X or MAC authentication. To validate user login

credentials the AP makes use of a third-party authentication server (controller or third-party

RADIUS server). See “User authentication, accounts, and addressing” (page 331).

• Wireless security filters: Enables the AP to block traffic unless it is addressed to a specific

destination (like the controller). See “Wireless security filters” (page 126).

• Wireless MAC filter: Enables the AP to allow or deny access to the wireless network based on

specific wireless user MAC addresses.

• Wireless IP filter: Enables the AP to only allow wireless-to-wired LAN traffic for specific

destination IP addresses.

Egress

• Bridged onto port 1+2: Unless a centralized mode tunnel has been established, user and

authentication traffic is bridged onto ports 1 and 2.

• VLAN: VLAN tags can be assigned for all traffic on a VSC. See “Assigning egress VLANs to

a group” (page 170).

VSC on controller

Ingress

• SSID (from RADIUS auth request): The controller determines the SSID from the RADIUS

authentication request sent by the AP, and uses this SSID to determine the VSC to use for

authentication.

Features

• Authentication: The controller supports 802.1X or MAC authentication. To validate user login

credentials the controller can use the local user accounts or make use of third-party

authentication servers (Active Directory and/or RADIUS). See “User authentication, accounts,

and addressing” (page 331).

Using multiple VSCs

When multiple VSCs are defined, it is important to know how user traffic is matched to a VSC

definition. When VSCs have access control enabled, incoming traffic is handled on the controller

as follows:

Then ...If ...PortIncoming traffic properties

Traffic is sent on the egress

mapping defined on the matching

VSC.

VSC with matching SSID exists.LANSSID and untagged

Traffic is sent on the egress

mapping defined on the default

VSC.

No VSC with matching SSID exists.

Traffic is sent on the egress

mapping defined on the matching

VSC.

VSC with matching Ingress VLAN

exists.

LAN or InternetSSID and VLAN

VLAN only

Traffic is routed according to the

global routing table.

VLAN exists in VLAN table (but is

not assigned to a VSC ingress.

138 Working with VSCs