MSM7xx Controllers Configuration Guide v6.4.0

ManualsBrandsHP ManualsNetwork HardwareHP 425 Wireless Dual Radio 802.11n (WW) Access Point

431

432

433

434

435

436

437

438

439

440

NOTE: A maximum of 256 attributes can be active at any one time (including both the RADIUS

and the Configured attributes list).

The maximum attribute size that the controller can receive in a single RADIUS request is 4096

bytes. However, some networks may limit RADIUS request size to around 1500 bytes because

they discard UDP fragments.

Configure the Retrieve attributes using RADIUS options as follows:

• RADIUS profile: Select a RADIUS profile. The profile is used to establish the connection to a

RADIUS server. RADIUS profiles are defined by selecting Controller >> Authentication > RADIUS

profiles. For details, see “Using a third-party RADIUS server” (page 364).

• RADIUS username: Specify the username of the RADIUS account assigned to the controller.

• RADIUS password / Confirm password: Specify the password of the RADIUS account assigned

to the controller.

• Accounting: Enable this option to have the controller generate a RADIUS accounting request

ON/OFF each time its authentication state changes.

• Retrieved attributes override configured attributes: Enable this option to have attributes retrieved

from the RADIUS server overwrite settings defined in the Configured attributes table.

• Retrieval interval: Specify the number of minutes between attribute retrievals. The controller

retrieves attributes from its RADIUS account each time this interval expires.

To avoid potential service interruptions that may occur when new attributes are activated by

the controller, it is strongly recommended that you use a large interval (12 hours or more).

You can override the value configured on this page by using the RADIUS attribute

Session-timeout, which enables the following strategy: Configure Retrieval interval to a small

value (10 to 20 minutes) and set the RADIUS attribute Session-timeout to override it with a

large value (12 hours) when authentication is successful. Since the Retrieval interval is also

respected for Access Reject packets, this configuration results in a short reauthentication interval

in the case of failure, and a long one in the case of success.

• Last retrieved: Shows the amount of time that has passed since the controller last retrieved

attributes.

• Retrieve Now: Select to force the controller to contact the RADIUS server and retrieve attributes.

Defining site attributes directly on the controller

Site attributes can be defined directly on the controller eliminating the need to use a RADIUS server.

If needed, both methods can be used at the same time. In this case, the retrieved attributes are

combined with those attributes defined in the Configured attributes list to build the complete list of

attributes that are active on the controller. If the same attribute is defined on both the RADIUS server

and in the Configured attributes list, the setting of Retrieved attributes override configured attributes

determines which definition is used.

To add a new attribute:

1. Select Add New Attribute. The Public access attribute page opens.

2. Under Name, select an AV-Pair value, as shown in the following figure.

Controller attributes overview 437