Manualshelf

MSM7xx Controllers Configuration Guide v6.4.0

ManualsBrandsHP ManualsNetwork HardwareHP 425 Wireless Dual Radio 802.11n (WW) Access Point
331332333334335336337338339340
Switch portVSC
User credentials can be validated using:
External RADIUS server
User credentials can be validated using:
Local user accounts on the controller
External RADIUS server
Active Directory
(Depends on how the VSC is configured.)
See “Configuring 802.1X support on an HP 517 or
MSM317 switch port” (page 339).
See:
“Configuring 802.1X support on a VSC” (page 336).
“Configuring global 802.1X settings for wired users
(page 338).
“Configuring global 802.1X settings for wired users
(page 338).
Supported 802.1X protocols
The following table lists the 802.1X protocols supported by the internal RADIUS server on the
controller, and when using a third-party RADIUS server.
Certificates requiredThird-party RADIUS server
Local user accounts (via
Internal RADIUS server)
Protocol
NoEAP-MD5
Client and ServerEAP-TLS
ServerEAP-TTLS
NoLEAP
ServerPEAPv0
ServerPEAPv1
OptionalEAP-FAST
ServerEAP-SIM
ServerEAP-AKA
The EAP protocols in this table are known to work with the controller. Other EAP protocols may
also work but have not been tested. EAP-MD5 is supported with third-party RADIUS servers for
802.1X authentication for VSCs without wireless encryption.
Protocol definitions
The following are brief definitions for the supported protocols. For more detailed information, see
the appropriate RFC for each protocol.
EAP-MD5: Extensible Authentication Protocol Message Digest 5. Offers minimum security.
EAP-MD5 does not support key generation, which makes it unsuitable for dynamic WEP, WPA
or WPA2. Not recommended.
EAP-TLS: Extensible Authentication Protocol Transport Layer Security. Provides strong security
based on mutual authentication. Requires both client and server-side certificates.
EAP-TTLS: Extensible Authentication Protocol Tunneled Transport Layer Security. Provides
excellent security with less overhead than TLS as client-side certificates can be used, but are
not required.
LEAP: Lightweight Extensible Authentication Protocol. Provides mutual authentication between
a wireless client and the RADIUS server. Supports WEP, TKIP, and WPA2 keys.
802.1X authentication 335