HP-UX AAA Server A.08.00.01 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX AAA Server (RADIUS) Software

151

152

153

154

155

156

157

158

159

160

Table 13-1 LAN Configuration Items

NotesNodesItem

The shared secret configured on the access device and

AAA server must match for the two to communicate.

Shared Secret • Access Device

• AAA Server

Use the Access Devices link to configure this item on

AAA servers.

Most access devices require you to enable EAP. You do

not need to specify an EAP method, but you must enable

support for EAP.

• Access DeviceEAP Support

Verify the supplicants support the EAP methods the

AAA server supports. Enable EAP on the supplicants.

EAP Method • Client Supplicant

• AAA Server

Configure the same EAP method on the supplicant and

the AAA server. Use the Local Realms link to configure

this item on AAA servers.

Required for TTLS. Verify the supplicant has an

anonymous user configured on it, and configure a tunnel

EAP Tunnel Realm • Client Supplicant

• AAA Server

realm for that anonymous user on the AAA server. For

example, if supplicant's anonymous user is:

anonymous@tunnel.com, you should configure a realm

for: tunnel.com. You must configure tunnel realms for

TTLS. Configuring tunnel realms for PEAP is optional.

Use the Local Realms link to configure this item on AAA

servers.

The AAA server must have access to a repository with

information for each user. Use the Local Realms link

• AAA ServerUsers

and select the users icon to administer a specific set of

Users associated with a realm.

For TLS only. The digital certificate identifying the client• Client SupplicantClient Certificate

For TLS only. Used by AAA server to authenticate client

certificates. Use the Server Properties link and select

• AAA ServerClient CA

Certificate

Certificate Path Properties. In the Certificate Authority

Path field, configure the location of the client CA

certificate on the AAA server.

For TLS, TTLS, and PEAP only. The digital certificate

identifying the AAA server. Use the Server Properties

• AAA ServerServer Certificate

link and select Certificate Path Properties. In the

Certificate Path field, configure the location of the client

CA certificate on the AAA server.

For TLS, TTLS, and PEAP only. Used by clients to

authenticate the AAA server certificate.

• Client SupplicantServer CA

Certificate

Determining the EAP Authentication Method to Use

Choose EAP methods based on your security requirements and the clients you support.

First, create an inventory of the clients you support. Clients need specific supplicant

156 Securing LAN Access With EAP