Manuals / Brands / Computer Equipment / Software / HP / Computer Equipment / Software

HP Cloud Network Manager Software Configuring dynamic RADIUS proxy parameters, CoA, CoA only, 4.Click Save Server

1 89

Download 89 pages, 1.03 Mb

Data pane item	Description

ADMIN-DN	Enter a distinguished name for the admin user with read/search privileges across
	all the entries in the LDAP database (the admin user need not have write
	privileges, but the admin user must be able to search the database, and read
	attributes of other users in the database).

ADMIN	Enter a password for the admin.
PASSWORD

RETYPE ADMIN	Retype the password for the admin.
PASSWORD

BASE-DN	Enter a distinguished name for the node that contains the entire user database.

FILTER	Specify the filter to apply when searching for a user in the LDAP database. The
	default filter string is (objectclass=*).

KEY ATTRIBUTE	Specify the attribute to use as a key while searching for the LDAP server. For Active
	Directory, the value is sAMAccountName.

TIMEOUT	Enter a value between 1 and 30 seconds. The default value is 5.

RETRY COUNT	Enter a value between 1 and 5. The default value is 3.

nCoA — To configure a CoA, select CoA only. The RADIUS server is automatically selected.

Table 23: Parameters for CoA

Data pane item	Description

NAME	Enter the name of the server.

IP ADDRESS	Enter the IP address of the server.

BONJOUR	Enter a port number for sending Bonjour support CoA on a different port than on
SUPPORT CoA	the standard CoA port. The default value is 5999.
PORT

SHARED KEY	Enter a shared key for communicating with the external RADIUS server.

RETYPE KEY	Re-enter the shared key.

4.Click Save Server.

To assign the RADIUS authentication server to a network profile, select the newly added server when configuring security settings for a wireless or wired network profile.

You can also add an external RADIUS server by selecting New for Authentication Server when configuring a WLAN or wired profile. For more information, see Configuring security settings for a WLAN SSID profile on page 27 .

Configuring dynamic RADIUS proxy parameters

The RADIUS server can be deployed at different locations and VLANs. In most cases, a centralized RADIUS or local server is used to authenticate users. However, some user networks can use a local RADIUS server for employee authentication and a centralized RADIUS based captive portal server for guest authentication. To

51 Wireless configuration

HP Cloud Network Manager User Guide

Contents

Page Document 5998-5742,edition 1 (July 2014) Acknowledgments Contents Intended audience Related documents Conventions HP websites Initial AP configuration Wireless network profiles General configuration tasks Advanced configuration tasks Advanced radio resource management Intrusion detection system Authentication Captive portal for guest access DHCP configuration Services Uplink configuration Mobility and client management Enterprise domain SNMP and logging Acronyms and abbreviations Glossary About this guide Intended audience Related documents Conventions HP websites About Cloud Network Manager Cloud Network Manager overview Cloud Network Manager user interface Activating your Cloud Network Manager subscriptions 8.Read and accept the End User License agreement, and then click Finish a.Your subscription(s) is activated in the HP Cloud Network Manager Activating your HP Cloud Network Manager account Wireless configuration on page To activate your HP Cloud Network Manager account: User interface Monitoring Wireless configuration Reports Maintenance Virtual Controller Help Help Data pane Wireless Configuration > Access Points Support Support Feedback Feedback Monitoring AP details Remote Console System pane Access Point Console Access Clients WIDS Event log The Event Log pane displays the event details that occur in the network Setting notification alerts Wireless configuration Initial AP configuration Wireless network profiles Network types 2.For TYPE, select Wireless 3.Enter a name that is used to identify the network in the Name (SSID) box Based on the type of network profile, select any of the following options under PRIMARY USAGE Employee Page Configuring VLAN settings for a WLAN SSID profile To configure VLAN settings for an SSID: 1.In VLAN, select any of the following options for CLIENT IP ASSIGNMENT: Virtual Controller Assigned DHCP configuration on page Configuring security settings for an employee or voice network Page Configuring access rules for a WLAN SSID profile on page Configuring access rules for a WLAN SSID profile Configuring a WLAN SSID for guest access on page To configure access rules for an employee or voice network: 1.In Access Rules, select any of the following types of access control: General configuration tasks Modifying the AP name Configuring VC IP address Configuring a preferred band Configuring VC VLAN Configuring auto join mode Advanced configuration tasks Configuring ARRM assigned radio profiles for an AP Configuring radio profiles manually for AP The following table describes various configuration modes for an AP 4.If the ACCESS mode is selected, perform the following actions: a.Select Administrator assigned in 2.4 GHz and 5 GHz BAND BAND From Advanced radio resource management Channel or power assignment Voice aware scanning Load aware scanning Band steering mode Page Monitoring the network with ARRM ARRM metrics 3. For AIRTIME FAIRNESS MODE specify any of the following values: 4. For additional options, specify the following parameters: 5. For ACCESS POINT CONTROL, specify the following parameters: Description 6.Click Save and reboot the AP 7.Click Save Settings Intrusion detection system logged information This chapter describes the following procedures: •Detecting and classifying rogue APs on page •OS fingerprinting on page •Configuring wireless intrusion protection and detection levels on page You can configure the following options: Infrastructure Detection Policies Client Detection Policies Infrastructure Protection Policies Client Protection Policies The following levels of detection can be configured in the WIP Protection page: Custom settings field field Authentication Page External RADIUS server Internal RADIUS server Authentication termination on AP Configuring an external server for authentication LDAP Server Configuring dynamic RADIUS proxy parameters 1.Enable dynamic RADIUS proxy Enabling dynamic RADIUS proxy To enable RADIUS RADIUS proxy: 1.Select Wireless Configuration > System. The System data pane is displayed data pane is displayed Configuring 802.1X authentication for a wireless network profile Configuring MAC authentication for wireless network profiles 6.Click ACCESS tab to define access rules Configuring MAC authentication with captive portal authentication This authentication method has the following features: For wireless network profile, select ENFORCE MAC AUTH ONLY ROLE Blacklisting clients manually Captive portal for guest access Types of captive portal Walled garden Page 6.Click Next to configure VLAN settings. The VLAN details are displayed 7.Select any of the following options for CLIENT IP ASSIGNMENT: Assigned • Network Assigned—Selectthis option to obtain the IP address from the network • STRING— Enter the string to match Configuring internal captive portal for guest network 1. In the SECURITY tab, assign values for the configuration parameters: External captive portal profiles Creating a captive portal profile 4. Click Save Configuring guest logon role and access rules for guest users You can configure up to 64 access rules for a guest network To configure access rules for a guest network: 4.Select Guest under PRIMARY USAGE and click Next 1. Create a user role: a.Click New in ROLE pane b.Enter a name for the new role and click Ok 2.Create access rules for a specific user role: 3.Create a role assignment rule •Select a profile from Captive Portal Profile If you want to edit the profile, click Configuring walled garden access DHCP configuration Configuring local and local, L3 DHCP scopes Local, L3 To configure a new DHCP scope: 1.Select Wireless Configuration > DHCP. The DHCP Server data pane is displayed To configure a Local Local DHCP Scopes Services Bonjour support overview Bonjour support with Cloud Network Manager Configuring Bonjour support and Bonjour support services on an AP Integration with Cloud Network Manager Configuring an AP for PAN integration Uplink configuration Wi-Fiuplink Ethernet uplink Enforcing uplinks Setting an uplink priority Enabling uplink pre-emption Switching uplinks based on internet availability Mobility and client management Configuring L3-mobility Home agent load balancing Enterprise domain SNMP and logging SNMP parameters for AP Configuring community string for SNMP Configuring SNMP traps Configuring TFTP dump server 1.Select Wireless Configuration > System > LOGGING TFTP DUMP SERVER Reports Deleting a report Reports > Network PCI Compliance Maintenance Device management User management User Management The user can perform following actions: •Add User: Add additional users to the Network Management System (NMS) Terminology Acronyms and abbreviations Glossary