HP Cloud Network Manager Software manual Supported authentication servers, External Radius server

Page 48

authentication message to the AP. For more information on WISPr authentication, see Configuring WISPr authentication on page 54.

Supported authentication servers

Based on the security requirements, you can configure internal or external RADIUS servers. This section describes the following types of authentication servers and authentication termination, which can be configured for a network profile:

External RADIUS server

In the external RADIUS server, the IP address of the VC is configured as the NAS IP address. Cloud Network Manager RADIUS is implemented on the VC, and this eliminates the need to configure multiple NAS clients for every AP on the RADIUS server for client authentication. Cloud Network Manager RADIUS dynamically forwards all the authentication requests from a NAS to a remote RADIUS server. The RADIUS server responds to the authentication request with an Access-Acceptor Access-Rejectmessage, and users are allowed or denied access to the network depending on the response from the RADIUS server.

When you enable an external RADIUS server for the network, the client on the AP sends a RADIUS packet to the local IP address. The external RADIUS server then responds to the RADIUS packet.

Cloud Network Manager supports the following external authentication servers:

RADIUS

LDAP

To use an LDAP server for user authentication, configure the LDAP server on the VC, and configure user IDs and passwords.

To use a RADIUS server for user authentication, configure the RADIUS server on the VC.

RADIUS server authentication with VSA

An external RADIUS server authenticates network users and returns to the AP the Vendor-Specific Attribute (VSA) that contains the name of the network role for the user. The authenticated user is placed into the management role specified by the VSA.

Internal RADIUS server

Each AP has an instance of free RADIUS server operating locally. When you enable the internal RADIUS server option for the network, the client on the AP sends a RADIUS packet to the local IP address. The internal RADIUS server listens and replies to the RADIUS packet.

The following authentication methods are supported in the Cloud Network Manager network:

EAP-TLS — The Extensible Authentication Protocol-Transport Layer Security (EAP-TLS) method supports the termination of EAP-TLS security using the internal RADIUS server. The EAP-TLS requires both server and Certification Authority (CA) certificates installed on the AP. The client certificate is verified on the VC (the client certificate must be signed by a known CA), before the username is verified on the authentication server.

EAP-TTLS (MSCHAPv2) — The Extensible Authentication Protocol-Tunneled Transport Layer Security (EAP- TTLS) method uses server-side certificates to set up authentication between clients and servers. However, the actual authentication is performed using passwords.

EAP-PEAP (MSCHAPv2) — The Extensible Authentication Protocol-Protected Extensible Authentication Protocol (EAP-PEAP) is an 802.1X authentication method that uses server-side public key certificates to authenticate clients with server. The PEAP authentication creates an encrypted SSL / TLS tunnel between the client and the authentication server. Exchange of information is encrypted and stored in the tunnel ensuring the user credentials are kept secure.

HP Cloud Network Manager User Guide

Wireless configuration 48

Page 47 Page 49
Image 48
Page 47 Page 49
Contents HP Cloud Network Manager User Guide Document 5998-5742, edition 1 July AcknowledgmentsContents Wireless configuration Advanced configuration tasks Captive portal for guest access Reports Maintenance About this guide Intended audienceRelated documents ConventionsAbout Cloud Network Manager Cloud Network Manager overviewSupported APs Cloud Network Manager UI Cloud Network Manager user interface Activating your Cloud Network Manager subscriptionsActivating your HP Cloud Network Manager account User interface Search Tabs Notifications Help Data paneSearch TabsNotifications HelpData pane Support FeedbackMonitoring OverviewData pane item Description Access points AP detailsClients Remote Console System paneSection Description Data pane itemEvent log Setting notification alerts Wireless configuration Initial AP configurationWireless network profiles Importing existing configuration from APUnderstanding wireless network profiles Configuring Wlan settingsNetwork types Voice Guest Content Filte Disable SsidDMO Channel UtilizationConfiguring Vlan settings for a Wlan Ssid profile Can be UsedWithout Uplink MAX Clients Local ProbeConfiguring security settings for a Wlan Ssid profile KEYManagement KEY Management Authenticatio RoamingTermination ServerConfiguring access rules for a Wlan Ssid profile General configuration tasks Editing a Wlan Ssid profileDeleting a Wlan Ssid profile Basic configuration tasks Modifying the AP nameConfiguring VC IP address Configuring time zoneConfiguring a preferred band Configuring an NTP serverAdditional configuration tasks Configuring VC VlanConfiguring auto join mode Configuring LED displayAdvanced configuration tasks Disabling inter-user bridgingPreventing local routing between clients Enabling dynamic CPU managementConfiguring radio profiles for an AP Configuring Arrm assigned radio profiles for an APConfiguring radio profiles manually for AP Customizing AP parametersConfiguring uplink Vlan for an AP Select Administrator assigned in 2.4 GHz and 5 GHz BandMode Description Obtaining IP addressAdvanced radio resource management Arrm overviewAirtime fairness mode HP MotionAwareAP control Configuring Arrm on an AP Monitoring the network with ArrmArrm metrics SLB Mode Motion AwareCalculating MA NeighborPower CustomizeValid ChannelsConfiguring radio settings for an AP Intrusion detection systemDetecting and classifying rogue APs OS fingerprintingOff Low Medium High Detection level Detection policySettings field Off Low HighProtection level Protection policy Authentication Understanding authentication methodsContainment methods Wireless configuration Supported authentication servers Radius server authentication with VSAExternal Radius server Internal Radius serverConfiguring authentication servers Authentication termination on APConfiguring an external server for authentication Shared KEY Timeout Shared KEYRetype Retry CountConfiguring dynamic Radius proxy parameters Click Save ServerConfiguring 802.1X authentication for a network profile Enabling dynamic Radius proxyConfiguring MAC authentication for a network profile Configuring MAC authentication with 802.1X authenticationConfiguring WISPr authentication Blacklisting clients Blacklisting clients manuallyBlacklisting users dynamically Captive portal for guest access Configuring blacklist durationUnderstanding captive portal Session firewall based blacklistingConfiguring a Wlan Ssid for guest access Types of captive portalWalled garden Select the Primary Usage as GuestContent Filtering Inactivity TimeoutMulticast Transmission Dynamic MulticastCan be Used Without Uplink MAX Clients ThresholdLocal Probe Request Configuring internal captive portal for guest network Configuring external captive portal for a guest network Select any one of the following types of authenticationExternal captive portal profiles Creating a captive portal profileURL USE HttpsCaptive Portal FailureConfiguring captive portal roles for an Ssid Rule TypeSplash TypeConfiguring walled garden access InternalExternal Dhcp configuration Disabling captive portal authenticationConfiguring Dhcp scopes Configuring local and local, L3 Dhcp scopesVlan NetworkNET Mask Excluded AddressServices Configuring an AP for Rtls supportConfiguring Dhcp server for client IP assignment Select Wireless Configuration Services RtlsConfiguring OpenDNS credentials Bonjour support configurationBonjour support overview Bonjour support solution Bonjour support with Cloud Network ManagerBonjour support features Bonjour support servicesSelect Wireless Configuration Services Bonjour Support Configuring an AP for PAN integration Integrating an AP with Palo Alto Networks firewallIntegration with Cloud Network Manager Uplink configuration Wi-Fi uplinkConfiguring a Wi-Fi uplink profile Uplink interfacesConfiguring PPPoE uplink profile Ethernet uplinkUplink preferences and switching Setting an uplink priorityEnforcing uplinks Switching uplinks based on internet availability From PRE-EMPTION, select EnabledMobility and client management Layer-3 mobility overviewConfiguring L3-mobility Configuring L3 mobility domain Configuring enterprise domainsEnterprise domain Snmp and loggingConfiguring Snmp Configuring community string for SnmpSnmp parameters for AP Creating community strings for SNMPv1 and SNMPv2Configuring a syslog server Configuring Snmp trapsCreating community strings for SNMPv3 Configuring Tftp dump server Select Wireless Configuration System LoggingLogging level Description Reports Creating a reportDeleting a report Maintenance FirmwareSubscription keys Device management User managementTerminology Acronyms and abbreviationsAbbreviation Expansion Glossary TermDefinition Term Definition DSTEAP POE Through a wireless connection

Cloud Network Manager Software specifications

HP Cloud Network Manager is a robust software solution designed to simplify and enhance the management of network infrastructure in cloud environments. As organizations increasingly shift toward cloud computing, they require comprehensive tools to oversee complex network deployments. HP Cloud Network Manager rises to this challenge, offering a powerful suite of features aimed at optimizing performance, automating tasks, and ensuring reliable connectivity.

One of the main features of HP Cloud Network Manager is its intuitive dashboard, which provides users with real-time insights into network operations. This centralized interface allows administrators to monitor the status of various components, identify potential issues, and respond swiftly to anomalies. With advanced analytics capabilities, the software empowers users to make data-driven decisions that enhance network efficiency.

Another critical feature of this software is its automation capabilities. HP Cloud Network Manager simplifies routine network management tasks, such as configuration, provisioning, and software updates, allowing IT teams to focus on strategic initiatives rather than mundane maintenance. Automation reduces the risk of human error and accelerates deployment times, significantly increasing operational agility.

The software also supports multi-cloud environments, enabling organizations to manage their network resources across different cloud platforms seamlessly. This flexibility is essential for businesses that utilize various cloud providers and wish to maintain a unified network strategy. Coupled with its compatibility with open standards, HP Cloud Network Manager facilitates integration with existing IT ecosystems, ensuring a smooth transition to advanced cloud solutions.

Security is a top priority in today's digital landscape, and HP Cloud Network Manager includes integrated security features to protect network assets. It provides visibility into traffic patterns, helping to detect and mitigate potential threats before they become significant issues. Enhanced security protocols ensure that sensitive data remains protected during transit and at rest, aligning with compliance requirements.

Finally, HP Cloud Network Manager is built on cutting-edge technologies, including artificial intelligence and machine learning, which enable proactive network management. These technologies predict network behavior, assisting administrators in optimizing resources and anticipating potential challenges. As a result, organizations can achieve enhanced reliability and performance from their network infrastructure.

In summary, HP Cloud Network Manager is an essential tool for businesses looking to improve their cloud network management capabilities. With its powerful features, supportive technologies, and commitment to security, it stands out as a reliable solution for navigating the complexities of modern network environments.
Top Page Image Contents