MSM7xx Controllers Configuration Guide v6.4.0

ManualsBrandsHP ManualsNetwork HardwareHP 425 Wireless Dual Radio 802.11n (WW) Access Point

431

432

433

434

435

436

437

438

439

440

21 Working with RADIUS attributes

Introduction

RADIUS attributes can be used to customize a wide range of configuration settings on the controller.

This includes defining configuration settings for the public access interface, customizing the settings

of access-controlled user accounts, or configuring credentials for the administrative accounts that

are used to manage/operate the controller.

Attributes can be defined both locally on the controller or retrieved from a third-party RADIUS

server. In certain cases, values can be defined locally and then overwritten by values retrieved

from a RADIUS server. This allows, for example, default values on the controller to be dynamically

updated on a per-user basis.

This chapter splits the supported RADIUS attributes into three categories:

For information, see...DescriptionCategory

Used to customize the operation of

the public access interface (creating

Controller attributes

• “Controller attributes overview” (page 435)

• “Colubris AV-Pair - Site attribute values”

(page 458)

access lists for walled gardens, for

example), and also to define default

values that are applied to all user

accounts.

Used to customize the settings of

individual access-controlled user

accounts.

User attributes

• “User attributes” (page 443)

• “Colubris AV-Pair - User attribute values”

(page 484)

Used to define login credentials for

administrative users (managers and

operators).

Administrator attributes

• “Administrator attributes” (page 457)

• “Colubris AV-Pair - Administrator attribute

values” (page 489)

Controller attributes overview

The controller provides support for a number of standard RADIUS attributes, including those for

authentication and accounting. See “Controller attribute definitions” (page 438) for a list of these

attributes and a brief definition. For detailed information on these attributes, refer to RFC2865, or

the documentation that came with your RADIUS server.

The controller also supports several vendor-specific attributes, including the special HP attribute

(known as the site attribute) that is used to customize the behavior of the public access interface

and define global default values for user accounts. To find out more about the site attribute, see

the following section.

Customizing the public access interface using the site attribute

HP ProCurve has defined a vendor-specific RADIUS attribute to support configuration of the public

access interface and user accounts. This attribute conforms to RADIUS RFC 2865 and is called the

Colubris AV-Pair.

Multiple instances of the Colubris AV-Pair attribute can be defined on the controller, each with a

different AV-Pair value. For a complete list of all supported AV-Pair values, see “Colubris AV-Pair

- Site attribute values” (page 458).

In order for a third-party RADIUS server to support the Colubris AV-Pair attribute you need to define

it as described under Colubris AV-Pair.

NOTE: The Colubris AV-Pair attribute can be used to define settings on the controller and for

users and administrators. This section discuses controller settings only.

Introduction 435