WESM zl Management and Configuration Guide WT.01.28 and greater
2-45
Configuring the ProCurve Wireless Edge Services zl Module
Management Interfaces
■ The user’s password is at least 8 characters.
SNMP v3 requires a password of at least this length. Your RADIUS server,
however, may or may not enforce such a requirement. (For example, the Wireless
Edge Services zl Module’s internal server does not.) Check the accounts for users
that need management access to the module and, if necessary, set a new password
of the correct length.
■ The RADIUS server supports vendor specific attributes (VSAs).
For the RADIUS server to properly authorize the management user, you must
set two VSAs in the policy that the RADIUS server uses to authenticate the user.
Table 2-2 shows the proper values for the “HP-Management-Protocol” and the
“HP-Management-Role” attributes.
Table 2-2. VSAs for Authorizing Management Users
If the server does not send the proper VSAs, the user receives the monitor role
(read-only) to the Web browser interface.
The module’s internal server does not support VSAs, so you should use the local
server only to authenticate users that require read-only access.
Note If you do not correctly configure the RADIUS server, you can lock yourself out of
the Wireless Edge Services zl Module Web browser interface.
To fix the problem, access the module CLI through the wireless services-enabled
switch. Enter this global configuration mode command to have the module authen-
ticate Web-Users against its local list:
Attribute Type Length Vendor ID Vendor Type Vendor
Length
Format Vendor Value
Decimal Format
HP-Management-
Protocol
26 12 11
(HP)
4
(HP-Management-
Protocol)
6 Decimal • 6 = HTTP
• 7 = HTTPS
HP-Management-
Role
26 12 11 1
(HP-Management-
Role)
6 Decimal • 1 = SuperUser
• 2 = Monitor
• 16 = HelpDesk
Manager
•17 = Network
Administrator
• 18 = System
Administrator
• 19 = WebUser
Administrator