Designing a Secure Wireless LAN with the HP-UX AAA RADIUS Server

Remember from the supplicant Profile “TTLS Settings” that an “Anonymous name” was added for

the TTLS tunnel login. This user belongs to the atcttls.com realm, but an explicit user

configuration is not required for Anonymous. A user definition for atcuser@hpatc.com is

required. The user name is entered, along with the user password. No authentication type is

selected (for PAP), and the Password Hashing Mechanism is “Plain Text” (also for PAP).

The HP-UX AAA RADIUS Server configuration for TTLS with PAP is now complete. The entire

configuration summary is:

• Supplicant Profile: SNSLATC

o User Info

 Login Name: atcuser@hpatc.com

 Password: Permit login using password

 Use the following password: atcpass

o Authentication

 EAP/TTLS

 (our next topic will be to add a server certificate)

o TTLS Settings

 Inner Authentication Protocol: PAP

 Anonymous Name: Anonymous@atcttls.com

• Supplicant Network Properties

o Network Name (SSID): SNSLATC (matches access point SSID)

o Network Type: Access Point

o Authenticate using profile: SNSLATC

o Keys will be automatically generated for privacy

• Access Point: HPATCWAP1.ROSE.HP.COM

o Enable Primary Radius Server

o 802.1X Security Mode: Mixed(WEP and 802.1X)

o IP Address and Destination port

o Shared Secret (matches AAA Access Device shared secret)

• HP-UX AAA RADIUS Server

o Access Device: HPATCWAP1.ROSE.HP.COM

 Shared Secret (matches Access Point RADIUS shared secret)

 Vendor: Microsoft (required for TTLS)

o Realms

 atcttls.com: TTLS tunnel