Radius, Mac access control by way of radius authentication, Radius -43 – HP ProCurve 520wl Wireless Access Point User Manual

Advanced Configuration

RADIUS

The AP communicates with a network’s RADIUS server to provide the following features:

–

MAC Access Control by way of RADIUS Authentication

–

RADIUS Authentication with 802.1x

–

RADIUS Accounting

The network administrator can configure multiple RADIUS Authentication Servers for different Authentication types.
The current available authentication types are EAP/802.1x authentication and MAC-based authentication.You can
configure two separate sets of Primary and Secondary RADIUS Servers for each of the two supported Authentication
types, 802.1x EAP Based authentication and MAC based authentication.
You can configure the AP to communicate with up to six different RADIUS servers:
• Primary Authentication Server (MAC-based authentication)
• Back-up Authentication Server (MAC-based authentication)
• Primary Authentication Server (EAP/802.1x authentication)
• Back-up Authentication Server (EAP/802.1x authentication)
• Primary Accounting Server
• Back-up Accounting Server

NOTE

You must have configured the settings for at least one Authentication server before configuring the settings for
an Accounting server.

The back-up servers are optional, but when configured, the AP will communicate with the back-up server if the primary
server is off-line. After the AP has switched to the backup server, it will periodically check the status of the primary
RADIUS server every five (5) minutes. Once the primary RADIUS server is again online, the AP automatically reverts
from the backup RADIUS server back to the primary RADIUS server. All subsequent requests are then sent to the
primary RADIUS server.
You can view monitoring statistics for each of the configured RADIUS servers.

MAC Access Control by way of RADIUS Authentication

If you want to control wireless access to the network and if your network includes a RADIUS Server, you can store the
list of MAC addresses on the RADIUS server rather than configure each AP individually. From the RADIUS
Authentication tab, you can define the IP Address of the server that contains a central list of MAC Address values that
identify the authorized stations that may access the wireless network. You must specify information for at least the
primary RADIUS server. The back-up RADIUS server is optional.

NOTE

Contact your RADIUS server manufacturer if you have problems configuring the server or have problems
using RADIUS authentication.

Follow these steps to enable RADIUS MAC Access Control:
1. Within the RADIUS Auth screen, place a check mark in the box labeled Enable RADIUS MAC Access Control.
2. Place a check mark in the box labeled Enable Primary RADIUS Authentication Server.
3. If you want to configure a back-up RADIUS server, place a check mark in the box labeled Enable Back-up

RADIUS Authentication Server.

4. Enter the time, in seconds, each client session may be active before being automatically re-authenticated in the

Authorization Lifetime field. This parameter supports a value between 900 and 43200 sec; the default is 900 sec.

5. Select a MAC Address Format Type. This should correspond to the format in which the clients’ 12-digit MAC

addresses are listed within the RADIUS server. Available options include:
•

Dash delimited: dash between each pair of digits: xx-yy-zz-aa-bb-cc

•

Colon delimited: colon between each pair of digits: xx:yy:zz:aa:bb:cc)

•

Single dash delimited: dash between the sixth and seventh digits: xxyyzz-aabbcc

•

No delimiters: No characters or spaces between pairs of hexadecimal digits: xxyyzzaabbcc

4-43