HP-UX AAA Server A.08.00.01 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX AAA Server (RADIUS) Software

151

152

153

154

155

156

157

158

159

160

NOTE: If you are using TLS, TTLS, or PEAP, be sure you configure the required

digital certificates after you configure all you r realms.

Securing WLANs with the HP-UX AAA Server

The following is the list of the steps for securing WLANs with the HP-UX AAA Server.

Use the Secure LAN Advisor and refer to each specific section in this guide for more

information on each step.

1. Access Server Manager. See “Accessing the Server Manager” (page 69) for more

information.

2. Open the Secure LAN Advisor for online reference by selecting Secure LAN Advisor

in the navigation tree. See “The Secure LAN Advisor” (page 154) for more

information.

3. Load a AAA server configuration to Server Manger by selecting Load in the

navigation tree. See “Loading and Saving Your Configuration” (page 91) for more

information.

4. Identify the RADIUS clients that will send access requests to the AAA server by

selecting Access Devices in the navigation tree. See “Navigating the Access Devices

Screen” (page 96) for more information.

5. Configure realms for the encrypted tunnels if you are using TTLS, or optionally

for PEAP. See “Adding a Realm” (page 101) for more information).

6. Configure your realms to set the authentication methods the AAA will server use

to authenticate your users, and to indicate where it the AAA server should look

for user information. See “Adding a Realm” (page 101) for more information.

7. Configure digital certificates if you are using TLS, TTLS, or PEAP. See “Digital

Certificate Administration” (page 159) for more information.

8. Configure user profiles to identify each user accessing services through the AAA

server.

9. Deploy the AAA configuration to secure your LAN by:

a. saving the configuration to one or more AAA servers

b. stopping and starting the AAA servers in the configuration

Digital Certificate Administration

Some security methods (like TLS, TTLS, or PEAP) use digital certificates assigned to

each user for authentication. If your organization has a Public Key Infrastructure (PKI),

you can deploy digital certificates for user authentication. The following is a list of the

certificates involved:

• Server certificate—digital certificate identifying the server.

• Server CA certificate—a copy of the certificate for the authority that issued the

server certificate.

Securing WLANs with the HP-UX AAA Server 159