Manualshelf

User's Manual

ManualsBrandsHP ManualsSoftwareHP Cloud Network Manager Software Series
41424344454647484950
49 | Wireless configuration HP Cloud Network Manager | User Guide
l LEAP— Lightweight Extensible Authentication Protocol (LEAP) uses dynamic Wired Equivalent Privacy (WEP)
keys for authentication between the client and authentication server.
To use the internal database of an AP for user authentication, add the names and passwords of the users to be
authenticated.
HP does not recommend the use of LEAP authentication because it does not provide any resistance to network attacks.
Authentication termination on AP
Cloud Network Manager allows EAP termination for PEAP-Generic Token Card (PEAP-GTC) and Protected
Extensible Authentication Protocol-Microsoft Challenge Authentication Protocol version 2 (PEAP-MSCHAPv2).
PEAP-GTC termination allows authorization against an LDAP server and external RADIUS server while PEAP-
MSCHAPv2 allows authorization against an external RADIUS server.
This allows the users to run PEAP-GTC termination with their username and password to a local Microsoft Active
Directory server with LDAP authentication.
l EAP-GTC— This EAP method permits the transfer of unencrypted usernames and passwords from client to
server. The EAP-GTC is mainly used for one-time token cards such as SecureID and the use of LDAP or
RADIUS as the user authentication server. You can also enable caching of user credentials on the AP to an
external authentication server for user data backup.
l EAP-MSCHAPv2— This EAP method is widely supported by Microsoft clients. A RADIUS server must be used
as the back-end authentication server.
Configuring authentication servers
This section describes the following procedures:
l Configuring an external server for authentication on page 49
l Configuring dynamic RADIUSproxy parameters on page 51
Configuring an external server for authentication
To add an external RADIUS server or LDAP server.
1. Select Wireless Configuration > Security > AUTHENTICATION SERVERS.
2. To create a new server, click New. A pane for specifying details for the new server is displayed.
3. Configure any of the following types of server:
n RADIUS Server To configure a RADIUSserver, specify the attributes described in the following table:
Data pane item Description
NAME Enter the name of the new external RADIUS server.
IP ADDRESS Enter the IP address of the external RADIUS server.
AUTH PORT Enter the authorization port number of the external RADIUS server. The default port
number is 1812.
ACCOUNTING
PORT
Enter the accounting port number. This port is used for sending accounting records
to the RADIUS server. The default port number is 1813.
Table 21: RADIUSserver configuration parameters