Manualshelf

CLI Reference Guide

ManualsBrandsHP ManualsSoftwareHP Wireless Switch Manager Software
281282283284285286287288289290
286 CHAPTER 7: CONFIGURING AUTHENTICATION, AUTHORIZATION, AND ACCOUNTING PARAMETERS
Configuring and
Managing Access
Rules for Network
Users
Network users include the following types of users:
Wireless users — Users who access the network by associating with
an SSID on a 3Com radio.
Wired authentication usersUsers who access the network over
an Ethernet connection to a WX switch port that is configured as a
wired authentication (wired-auth) port.
You can configure authentication rules for each type of user, on an
individual SSID or wired authentication port basis. MSS authenticates
users based on user information on RADIUS servers or in the WX switch’s
local database. The RADIUS servers or local database authorize
successfully authenticated users for specific network access, including
VLAN membership. Optionally, you also can configure accounting rules to
track network access information.
The following sections describe the MSS authentication, authorization,
and accounting (AAA) features in more detail.
Authentication When a user attempts to access the network, MSS checks for an
authentication rule that matches the following parameters:
For wireless access, the authentication rule must match the SSID the
user is requesting, and the user’s username or MAC address.
For access on a wired authentication port, the authentication rule
must match the user’s username or MAC address.
If a matching rule is found, MSS then checks RADIUS servers or the WX
switch’s local user database for credentials that match those presented by
the user. Depending on the type of authentication rule that matches the
SSID or wired authentication port, the required credentials are the
username or MAC address, and in some cases, a password.
Each authentication rule specifies where the user credentials are stored.
The location can be a group of RADIUS servers or the WX switch’s local
database. In either case, if MSS has an authentication rule that matches
on the required parameters, MSS checks the username or MAC address
of the user and, if required, the password to make sure they match the
information configured on the RADIUS servers or in the local database.