Manualshelf

TMS zl Management and Configuration Guide ST.1.0.090213

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
291292293294295296297298299300
4-48
Firewall
User Authentication
combining authentication and authorization does have a disadvantage: you
must use RADIUS for both functions. Therefore, if your network includes a
legacy authentication server, you cannot add a RADIUS server just for autho-
rization. Rather, you must either integrate the RADIUS server with the existing
system or transfer all authentication information to the RADIUS server,
essentially replacing the legacy authentication server.
Note The TMS zl Module does not currently support RADIUS accounting for
authenticated users.
Authentication
The TMS zl Module acts as a network access server (NAS) for your network’s
RADIUS server(s). The module translates users’ network access requests into
RADIUS format, according to the authentication protocol that you choose,
and forwards the NAS Access-Request packet to the RADIUS server. At this
point, the RADIUS server validates the NAS then determines whether the
user’s credentials are valid and tells the module whether to accept or reject
the request.
The TMS zl Module supports three RADIUS authentication protocols:
Challenge Handshake Authentication Protocol (CHAP)
Microsoft Challenge Handshake Authentication Protocol (MS-CHAP)
Password Authentication Protocol (PAP)
CHAP. CHAP uses a three-way handshake to authenticate users. It also
randomly reauthenticates users throughout the session. The CHAP authenti-
cation process is shown in detail below.