Manualshelf

User's Manual

ManualsBrandsHP ManualsSoftwareHP Cloud Network Manager Software Series
51525354555657585960
53 | Wireless configuration HP Cloud Network Manager | User Guide
4. The RADIUS server checks the user identity and authenticates the client if the user details are available in its
database. The RADIUS server sends an
Access-Accept
message to the NAS. If the RADIUS server cannot
identify the user, it stops the authentication process and sends an
Access-Reject
message to the NAS. The
NAS forwards this message to the client and the client must re-authenticate with appropriate credentials.
5. After the client is authenticated, the RADIUS server forwards the encryption key to the NAS. The encryption
key is used for encrypting or decrypting traffic sent to and from the client.
The NAS acts as a gateway to guard access to a protected resource. A client connecting to the wireless network first
connects to the NAS.
Configuring 802.1X authentication for a wireless network profile
To configure 802.1X authentication for a wireless network profile:
1. Select Wireless Configuration > Networks, select an existing profile for which you want to enable 802.1X
authentication, and click Edit.
2. In Edit <profile-name>, ensure that all required WLAN and VLAN attributes are defined, and then click the
SECURITY tab.
3. In SECURITY, for the Enterprise security level, select the preferred option from KEY MANAGEMENT.
4. To terminate the EAP portion of 802.1X authentication on the AP instead of the RADIUS server, set
TERMINATION to Enabled.
For 802.1X authorization, by default, the client conducts an EAP exchange with the RADIUS server, and the
AP acts as a relay for this exchange. When Termination is enabled, the AP itself acts as an authentication
server, terminates the outer layers of the EAP protocol, and only relays the innermost layer to the external
RADIUS server.
5. Specify the type of authentication server to use and configure other required parameters. For more information
on configuration parameters, see Configuring security settings for a WLAN SSID profile on page 27.
6. Click the ACCESS tab to define access rules.
7. Click Save Settings.
Configuring MAC authentication for a network profile
MAC authentication can be used alone or it can be combined with other forms of authentication such as WEP
authentication. However, it is recommended that you do not use the MAC-based authentication.
Configuring MAC authentication for wireless network profiles
To configure MAC authentication for a wireless profile:
1. Select Wireless Configuration > Network, select an existing profile for which you want to enable MAC
authentication and click Edit.
2. In the Edit <profile-name>, ensure that all required WLAN and VLAN attributes are defined, and then click the
SECURITY tab.
3. In SECURITY, for MAC AUTHENTICATION, select Enabled for Personal or Open security level.
4. Specify the type of authentication server to use and configure other required parameters. For more information
on configuration parameters, see Configuring security settings for a WLAN SSID profile on page 27.
5. Click ACCESS tab to define access rules.
6. Click Save Settings.
Configuring MAC authentication with 802.1X authentication
To configure MAC authentication with 802.1X authentication for wireless network profile.