Manualshelf

User's Manual

ManualsBrandsHP ManualsSoftwareHP Cloud Network Manager Software Series
41424344454647484950
Containment methods
You can enable wired and wireless containments to prevent unauthorized stations from connecting to your Cloud
Network Manager network.
Cloud Network Manager supports the following types of containment mechanisms:
l Wired containment When enabled, APs generate ARP packets on the wired network to contain wireless
attacks.
l Wireless containment When enabled, the system attempts to disconnect all clients that are connected or
attempting to connect to the identified AP.
n None Disables all the containment mechanisms.
n Deauthenticate only With deauthentication containment, the AP or client is contained by disrupting the
client association on the wireless interface.
n Tarpit containment With tarpit containment, the AP is contained by luring clients that are attempting to
associate with it to a tarpit. The tarpit can be on the same channel or a different channel as the AP being
contained.
Authentication
This section provides the following information:
l Understanding authentication methods on page 46
l Supported authentication servers on page 48
l Configuring authentication servers on page 49
l Configuring 802.1X authentication for a network profile on page 52
l Configuring MAC authentication for a network profile on page 53
l Configuring MAC authentication with 802.1X authentication on page 53
l Configuring MAC authentication with captive portal authentication on page 54
l Configuring WISPr authentication on page 54
l Blacklisting clients on page 55
Understanding authentication methods
Authentication is a process of identifying a user through a valid username and password. Clients can also be
authenticated based on their MAC addresses.
The following authentication methods are supported inCloud Network Manager:
l 802.1X authentication 802.1X is a method for authenticating the identity of a user before providing network
access to the user. Remote Authentication Dial In User Service (RADIUS) is a protocol that provides
centralized authentication, authorization, and accounting management. For authentication purpose, the
wireless client can associate to a network access server (NAS) or RADIUS client such as a wireless AP. The
wireless client can pass data traffic only after successful 802.1X authentication. For more information on
configuring an AP to use 802.1X authentication, see Configuring 802.1X authentication for a network profile on
page 52.
l MAC authentication Media Access Control (MAC) authentication is used for authenticating devices based
on their physical MAC addresses. MAC authentication requires that the MAC address of a machine matches a
manually defined list of addresses. This authentication method is not recommended for scalable networks and
the networks that require stringent security settings. For more information on configuring an AP to use MAC
authentication, see Configuring MAC authentication for a network profile on page 53.
l MAC authentication with 802.1X authentication —This authentication method has the following features:
HP Cloud Network Manager | User Guide Wireless configuration | 46