HP MSM3xx Management And Configuration Manual page 138

Msm3 series/msm4 series

Hide thumbs Also See for MSM3xx:

Reference manual (114 pages)

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

page of 210

/ 210
Contents
Table of Contents
Bookmarks

Table of Contents

Security

Using an external RADIUS server



Retry interval: Specify the number of seconds that the RADIUS server waits before

access and accounting requests time out. If the server does not receive a reply within this

interval, the AP switches between the primary and secondary RADIUS servers, if a

secondary server is defined. A reply that is received after the retry interval expires is

ignored.

Retry interval applies to access and accounting requests that are generated by the

following:



You can determine the maximum number of retries as follows:



Authentication method: Select the default authentication method that the AP uses

when exchanging authentication packets with the RADIUS server defined for this profile.

For 802.1X users, the authentication method is always determined by the 802.1X client

software and is not controlled by this setting.

If traffic between the AP and the RADIUS server is not protected by a VPN, it is

recommended that you use either EAP-MD5 or MSCHAP V2 (if supported by your

RADIUS Server). PAP, MSCHAP V1, and CHAP are less secure protocols.



NAS ID: Specify the identifier for the network access server that you want to use for the

AP. By default the serial number of the AP is used. The AP includes the NAS-ID attribute

in all packets that it sends to the RADIUS server.



Always try primary server first: Enable this option if you want to force the AP to

contact the primary server first.

Otherwise, the AP sends the first RADIUS access request to the last known RADIUS

server that replied to any previous RADIUS access request. If the request times out, the

next request is sent to the other RADIUS server if defined.

For example, assume that the primary RADIUS server was not reachable and that the

secondary server responded to the last RADIUS access request. When a new

authentication request is received, the AP sends the first RADIUS access request to the

secondary RADIUS server.

If the secondary RADIUS server does not reply, the AP retransmits the RADIUS access

request to the primary RADIUS server. When two servers are configures, the AP always

alternates between the two.



Use message authenticator: When enabled, causes the RADIUS Message-

Authenticator attribute to be included in all RADIUS access requests sent by the AP.

Note: This option has no effect on IEEE802dot1x authentication requests. These

6-4

Manager access to the management tool

MAC-based authentication of devices.

MAC-based authentication: Number of retries is infinite.

802.1X authentication: Retries are controlled by the 802.1X client software.

requests always include the RADIUS Message-Authenticator attribute.

Table of Contents

Show Quick Links

Hide quick links:

Chapters

Table of Contents

This manual is also suitable for:

Msm4xx Msm310 Msm310-r Msm320 Msm320-r Msm325 ... Show all

HP MSM3xx Management And Configuration Manual page 138

Hide quick links:

Chapters

Related Manuals for HP MSM3xx

Related Products for HP MSM3xx

This manual is also suitable for:

Table of Contents