HP-UX AAA Server A.08.02 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX AAA Server (RADIUS) Software

111

112

113

114

115

116

117

118

119

120

Table 33 Supported EAP Methods and Their Features (continued)

DescriptionFeatureEAP Method

Microsoft Challenge Handshake Accept Protocol: Passwords are hashed

using a Microsoft algorithm. Can be deployed for protecting access to

2, 3MS-CHAP

LAN switches where the authentication traffic will not be transmitted

over airwaves. Can also be safely deployed for wireless authentication

inside EAP tunnel methods (see feature 5 above).

Generic Token Card: Carries user specific token cards for authentication.4, 6GTC

NOTE: If you are using TLS, TTLS, or PEAP, be sure you configure the required digital certificates

after you configure all you r realms.

Securing WLANs with the HP-UX AAA Server

The following is the list of the steps for securing WLANs with the HP-UX AAA Server. Use the Secure

LAN Advisor and refer to each specific section in this guide for more information on each step.

1. Access Server Manager. See “Accessing the Server Manager” (page 48) for more information.

2. Open the Secure LAN Advisor for online reference by selecting Secure LAN Advisor in the

navigation tree. See “The Secure LAN Advisor” (page 112) for more information.

3. Load a AAA server configuration to Server Manger by selecting Load in the navigation tree.

See “Loading and Saving Your Configuration” (page 65) for more information.

4. Identify the RADIUS clients that will send access requests to the AAA server by selecting Access

Devices in the navigation tree. See “Navigating the Access Devices Screen” (page 69) for

more information.

5. Configure realms for the encrypted tunnels if you are using TTLS, or optionally for PEAP. See

“Adding a Realm” (page 72) for more information).

6. Configure your realms to set the authentication methods the AAA will server use to authenticate

your users, and to indicate where it the AAA server should look for user information. See

“Adding a Realm” (page 72) for more information.

7. Configure digital certificates if you are using TLS, TTLS, or PEAP. See “Digital Certificate

Administration” (page 115) for more information.

8. Configure user profiles to identify each user accessing services through the AAA server.

9. Deploy the AAA configuration to secure your LAN by:

a. saving the configuration to one or more AAA servers

b. stopping and starting the AAA servers in the configuration

Digital Certificate Administration

Some security methods (like TLS, TTLS, or PEAP) use digital certificates assigned to each user for

authentication. If your organization has a Public Key Infrastructure (PKI), you can deploy digital

certificates for user authentication. The following is a list of the certificates involved:

• Server certificate—digital certificate identifying the server.

• Server CA certificate—a copy of the certificate for the authority that issued the server certificate.

• Client certificate—if clients will be authenticated by digital certificates (EAP-TLS), install a

certificate on each client and add the client CA to the AAA server’s CA list.

• Client CA certificate—a copy of the certificate for the authority that issued the client certificate.

NOTE: If you are supporting multiple realms, configure digital certificates after you add all of

your realms.

Securing WLANs with the HP-UX AAA Server 115