Manualshelf

MSM7xx Controllers Configuration Guide v6.4.0

ManualsBrandsHP ManualsNetwork HardwareHP 425 Wireless Dual Radio 802.11n (WW) Access Point
341342343344345346347348349350
Configuring VPN-based authentication on a VSC
Each VSC can have unique settings for VPN-based user logins. These settings are defined on the
VSC profile page. (To open this page, see “Viewing and editing VSC profiles (page 112)).
When the Use controller for Authentication and Access control options are enabled under General,
VPN-based user login options can be defined.
Authentication
Local
User logins are authenticated with the list defined on the Controller >> Users > User accounts
page.
Remote
Active Directory: User logins are authenticated via Active Directory. To setup Active
Directory support go to the Controller >> Security > Active Directory page.
RADIUS: User logins are authenticated via an external RADIUS server. To setup the
connection to an external RADIUS server, go to the Controller >> Authentication > RADIUS
profiles page.
Request RADIUS CUI: Enable this option to support the Chargeable User Identity (CUI)
attribute as defined in RFC-4372. The CUI is used to associate a unique identifier
with a user so that the user can be identified (for billing, authentication or other
purposes) when roaming outside of their home network.
General
RADIUS accounting: Enable this option to have the controller generate a RADIUS START/STOP
and interim request for each user. The controller respects the RADIUS interim-update-interval
attribute if present inside the RADIUS access accept of the authentication.
No authentication
For applications where a remote device performs all authentication functions, it can be useful to
disable authentication on the controller and instead, forward all traffic on a VSC into an egress
GRE tunnel or egress VLAN for authentication by the remote device.
NOTE: Because the controller routes traffic to the VSC egress, L2 information from the user is lost
and only L3 information is available to the remote authentication device.
Locally-defined user accounts
The controller provides support for locally-defined user accounts with a wide range of customizable
options. Locally-defined user accounts use the integrated RADIUS server. Configuration of these
350 User authentication, accounts, and addressing