MSM7xx Controllers Configuration Guide v6.4.0

ManualsBrandsHP ManualsNetwork HardwareHP 425 Wireless Dual Radio 802.11n (WW) Access Point

361

362

363

364

365

366

367

368

369

370

17 Authentication services

Introduction

This chapter explains how to configure the different authentication services that the controller can

use to authenticate user logins and administrator logins. The following table summarizes the services

that are available and what they can be used for.

For details, see ...DescriptionService

“Using the integrated RADIUS server” (page 361)User authentication via the local user lists.Integrated RADIUS

server

“Using a third-party RADIUS server” (page 364)User authentication via accounts on a

third-party RADIUS server.

Third-party RADIUS

server

Administrator authentication via accounts on

a third-party RADIUS server.

“Using an Active Directory server” (page 369)User authentication via an Active Directory

server.

Active Directory

All authentication services support the following authentication types:

For details, see ...Service

“802.1X authentication” (page 334)802.1X (VSC)

“MAC-based authentication” (page 339)MAC-based (Global)

“MAC-based authentication” (page 339)MAC-based (VSC)

“HTML-based authentication” (page 347)HTML-based

“VPN-based authentication” (page 349)VPN-based

When configuring 802.1X or MAC-based authentication on an HP 517 or MSM317 switch port,

authentication services must be provided by a third-party RADIUS server. (For more information

on each authentication type, see “Configuring 802.1X support on an HP 517 or MSM317 switch

port” (page 339) and “Configuring MAC-based authentication on an HP 517 or MSM317 switch

port” (page 343).)

Using the integrated RADIUS server

The internal RADIUS server is not intended as a replacement for the high-end/high-performance

RADIUS server required for large scale deployments. Rather, it is offered as a cost-effective solution

for managing user authentication for small hotspots or enterprise networks.

Primary features

• Provides termination of 802.1X sessions at the controller for clients using WPA/WPA2 with

EAP-PEAP, EAP-TLS and EAP-TTLS. Support for other EAP protocols is available using proxy

mode.

• Provides MAC-based authentication of wireless users connected to both controlled and

autonomous APs.

• Can be used to validate login credentials for HTML-based users.

• All locally defined user account options (user accounts, account profiles, and subscription

plans) presented on the Controller >> Users menu are handled by the internal RADIUS server.

Introduction 361