Configuring 802.1X Ap Authentication; Guidelines For Ap Authentication - HP 530 Management Manual

N o t e
I m p o r t a n t

Configuring 802.1X AP Authentication

The AP Authentication feature enables the AP 530 to authenticate itself to a
standard RADIUS server using its own username and password, just as a client
or station would. The Access Point 530 AP Authentication feature supports
802.1X port-access authentication when connecting to switches that support
this feature.
Before AP Authentication can function on the AP 530, two other devices must
be operational:
A switch capable of port-access mode (or "multiple-host" mode) authen-
■
tication, to which the AP530 is connected, and
■ A RADIUS server.
The Access Point 530 only supports connections to switches in port-access
(or "multiple-host") mode. Connections in client-limit mode (or "single-host"
mode) are not supported.

Guidelines for AP Authentication

As with normal users, the user account for the AP must be created on the
■
RADIUS server before authentication can occur.
■ Authentication is performed using the PEAP-MSCHAPv2 or EAP-MD5
protocol.
■ The username and password are encrypted in the access point's configu-
ration file. (If AP Authentication is disabled on the access point, the
username and password are removed from the configuration file.)
For security, the access point will immediately disable both its radios
■
when either:
• Errors occur in configuring AP Authentication settings, or
• Disruptions occur in the connection to the RADIUS server,
Since errors in configuration may cause wireless connections to the access
point to be disabled, it is recommended to configure AP Authentication using
either a wired ethernet connection or the console port, not over a wireless link.
Wireless Security Configuration

Configuring 802.1X AP Authentication

7-53