Wireless Edge Services zl Module Release Notes WT.01.33
12
Support Notes and Clarifications
Release WT.01.03
Configuring Authentication for Web-Users
Note Use this section to supplement the information in the chapter “Configuring the ProCurve Wireless Edge
Services zl Module” in the Management and Configuration Guide (5991-8626).
Instead of (or in addition to) using the local list to authenticate users, you can use a RADIUS server. If the RADIUS server
authenticates a user, that user has the rights configured on the RADIUS database.
Make sure that the configuration on the RADIUS server meets these requirements:
The user’s password is at least 8 characters.
SNMP v3 requires a password of at least this length. Your RADIUS server, however, may or may not enforce such a
requirement. (For example, the Wireless Edge Services zl Module’s internal server does not.) Check the accounts for users
that need management access to the module and, if necessary, set a new password of the correct length.
The RADIUS server supports vendor specific attributes (VSAs).
For the RADIUS server to properly authorize the management user, you must set two VSAs in the policy that the RADIUS
server uses to authenticate the user. Table 13
shows the proper values for the “HP-Management-Protocol” and the “HP-
Management-Role” attributes.
Table 13. VSAs for Authorizing Management Users
If the server does not send the proper VSAs, the user receives the monitor role (read-only) to the Web browser interface.
The module’s internal server does not support VSAs, so you should use the local server only to authenticate users that
require read-only access.
Attribute Type Length Vendor ID Vendor Type Vendor
Length
Format Vendor Value
Decimal Format
HP-Management-
Protocol
26 12 11
(HP)
4
(HP-Management-
Protocol)
6 Decimal 5 = HTTP
6 = HTTPS
HP-Management-
Role
26 12 11 1
(HP-Management-
Role)
6 Decimal 1 = SuperUser
2 = Monitor
16 = HelpDesk Manager
17 = Network Administrator
18 = System Administrator
19 = WebUser Administrator