MSM7xx Controllers Configuration Guide v6.4.0
The controller authenticates APs using their MAC addresses. When an AP sends a discovery request
to the controller, it includes its Ethernet Base MAC address. The controller validates this address
against its AP address authentication list. If the address appears in the list, the AP is authenticated
and gains access to the service control features on the controller.
If authentication fails (for example, this is a new AP), and the Use the local authentication list option
is enabled, then the AP is added to the Default Group and flagged as requiring authentication.
The AP must then be manually authenticated by a manager using the Controlled APs >> Overview
> Discovered APs page. Once authenticated, the AP can be managed.
NOTE: APs remain visible in this list as long as they have been detected and authorized at least
once. If an AP is no longer part of the network then a manager must manually remove it.
Building the AP authentication list
The controller can retrieve authentication list entries from several sources: a RADIUS account, a
file, or using the set of locally configured APs. All entries are merged to create a combined list.
The controller retrieves authentication list entries when:
• The Authentication interval expires
• Authenticate Now is selected
• Save is selected
• Each time the controller starts up.
Each time the authentication list entries are retrieved, all connected APs are checked against it. If
an AP MAC address is no longer listed, its connection is terminated.
NOTE: Although the same RADIUS account can be shared between this option and the Public
access > Attributes page, HP recommends that a separate RADIUS account be created for each
option.
General settings
Authentication interval
Specifies the interval at which the controller retrieves authentication list entries from
the selected authentication sources. After the entries are retrieved all controlled APs
are evaluated against the new list.
160 Working with controlled APs