HP Cloud Network Manager Software Authentication, Containment methods, Understanding authentication methods, MAC authentication, 802.1X authentication

You can enable wired and wireless containments to prevent unauthorized stations from connecting to your Cloud Network Manager network.

Cloud Network Manager supports the following types of containment mechanisms:

•Wired containment — When enabled, APs generate ARP packets on the wired network to contain wireless attacks.

•Wireless containment — When enabled, the system attempts to disconnect all clients that are connected or attempting to connect to the identified AP.

n None — Disables all the containment mechanisms.

n Deauthenticate only — With deauthentication containment, the AP or client is contained by disrupting the client association on the wireless interface.

n Tarpit containment — With tarpit containment, the AP is contained by luring clients that are attempting to associate with it to a tarpit. The tarpit can be on the same channel or a different channel as the AP being contained.

Authentication

This section provides the following information:

•Understanding authentication methods on page 46

•Supported authentication servers on page 48

•Configuring authentication servers on page 49

•Configuring 802.1X authentication for a network profile on page 52

•Configuring MAC authentication for a network profile on page 53

•Configuring MAC authentication with 802.1X authentication on page 53

•Configuring MAC authentication with captive portal authentication on page 54

•Configuring WISPr authentication on page 54

•Blacklisting clients on page 55

Authentication is a process of identifying a user through a valid username and password. Clients can also be authenticated based on their MAC addresses.

The following authentication methods are supported in Cloud Network Manager:

•802.1X authentication — 802.1X is a method for authenticating the identity of a user before providing network access to the user. Remote Authentication Dial In User Service (RADIUS) is a protocol that provides centralized authentication, authorization, and accounting management. For authentication purpose, the wireless client can associate to a network access server (NAS) or RADIUS client such as a wireless AP. The wireless client can pass data traffic only after successful 802.1X authentication. For more information on configuring an AP to use 802.1X authentication, see Configuring 802.1X authentication for a network profile on page 52.

•MAC authentication — Media Access Control (MAC) authentication is used for authenticating devices based on their physical MAC addresses. MAC authentication requires that the MAC address of a machine matches a manually defined list of addresses. This authentication method is not recommended for scalable networks and the networks that require stringent security settings. For more information on configuring an AP to use MAC authentication, see Configuring MAC authentication for a network profile on page 53.

•MAC authentication with 802.1X authentication —This authentication method has the following features: