Security
Using an external RADIUS server
6-2
Using an external RADIUS server
The AP can use one or more external RADIUS servers to perform a number of authentication
and configuration tasks, including the tasks shown in the table below.
Note On VSCs that have the Use HP MSM controller option enabled (creating an access-
controlled VSC), see the MSM7xx Controllers Management and Configuration Guide
for details on how user authentication is configured.
When a VSC has the Use HP MSM controller option disabled (creating a non-access-
controlled VSC), an external RADIUS server can be used to validate user credentials for
WPA, 802.1X, or MAC-based authentication as described in this section.
Configuring a RADIUS client profile on the AP
The AP enables you to define up to 16 RADIUS profiles. Each profile defines the settings for a
RADIUS client connection. To support a client connection, you must create a client account
on the RADIUS server. The settings for this account must match the profile settings you
define on the AP.
For backup redundancy, each profile supports a primary and secondary server.
The AP can function with any RADIUS server that supports RFC 2865 and RFC 2866.
Authentication occurs via authentication types such as: EAP-MD5, CHAP, MSCHAP v1/v2,
LEAP, PAP, EAP-TLS, EAP-TTLS, EAP-PEAP. EAP-SIM, EAP-AKA, EAP-FAST, and EAP-GTC.
Note If you change a RADIUS profile to connect to a different server while users are active, all
RADIUS traffic for active user sessions is immediately sent to the new server.
Task For more information see
Validating administrator login
credentials.
Authenticating administrative credentials using
an external RADIUS server on page 2-4.
Validating user login credentials for
WPA, 802.1X, or MAC-based
authentication types on non-access-
controlled VSCs.
Wireless protection on page 4-16.
MAC-based authentication on page 4-19.
Retrieving RADIUS attributes on a
per-user basis on non-access-
controlled VSCs.
Configuring user accounts on a RADIUS server on
page 6-5.
Storing accounting information for
each user on non-access-controlled
VSCs.
Accounting support is enabled under Wireless
protection on page 4-16 or MAC-based
authentication on page 4-19.
To Next Page
Loading...
Need help?
General
