Manualshelf

Management and Configuration Guide Supplement 4.4.0.50

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
891011121314151617
8
802.1X/WPA Authentication Service
As a proxy server, the built-in RADIUS server can manage multiple authenti-
cation realms, with multiple remote RADIUS servers (acting a failover serv-
ers) within each Realm.
In all cases, clients, Access Points, and RADIUS servers must all support a
common EAP method for the 802.1X/WPA authentication service to function.
The configuration of 802.1X/WPA Authentication functionality involves a
number of steps.
To configure the built-in RADIUS server to function as the authentication
server:
Configure the internal RADIUS server’s WPA Role to Use User DB,
so it uses the built-in user database for user validation.
Configure the Access Points that should participate in the 802.1X/
WPA authentication as RADIUS clients within the 802.1X/WPA
Authentication service.
To configure the RADIUS server as a proxy server for one or more remote
RADIUS servers, the following steps are required:
Configure the internal RADIUS server to function as a proxy server,
by setting the WPA Role to Use as Proxy.
Configure one or more remote RADIUS servers, known as “Home
Servers.” This requires the IP address, shared secret, authentication
and accounting port numbers, and Group Identity field information
for the remote RADIUS server.
Create and configure at least one Authentication Realm, and select
the remote RADIUS servers (Home Servers) that can provide authen-
tication for the realm.
The order of the Home Servers is significant, as it determines the order of
failover from one RADIUS server to another. The built-in proxy server will
forward authentication requests to the first server in the list. If that server
fails to respond, the proxy server will forward the request to the next
server in the list, and so on.
The Realm may be a named realm (which requires a Realm String), or can
be configured to match access requests without regard to realm. The
Realm String is usually the realm portion of the network identifier (user-
name@domain.com). However, a mechanism for specifying alternate
realm syntax is provided.