4.The RADIUS server checks the user identity and authenticates the client if the user details are available in its database. The RADIUS server sends an Access-Acceptmessage to the NAS. If the RADIUS server cannot identify the user, it stops the authentication process and sends an Access-Rejectmessage to the NAS. The NAS forwards this message to the client and the client must re-authenticate with appropriate credentials.

5.After the client is authenticated, the RADIUS server forwards the encryption key to the NAS. The encryption key is used for encrypting or decrypting traffic sent to and from the client.

The NAS acts as a gateway to guard access to a protected resource. A client connecting to the wireless network first

connects to the NAS.

Configuring 802.1X authentication for a wireless network profile

To configure 802.1X authentication for a wireless network profile:

1.Select Wireless Configuration > Networks, select an existing profile for which you want to enable 802.1X authentication, and click Edit.

2.In Edit <profile-name>, ensure that all required WLAN and VLAN attributes are defined, and then click the SECURITY tab.

3.In SECURITY, for the Enterprise security level, select the preferred option from KEY MANAGEMENT.

4.To terminate the EAP portion of 802.1X authentication on the AP instead of the RADIUS server, set TERMINATION to Enabled.

For 802.1X authorization, by default, the client conducts an EAP exchange with the RADIUS server, and the AP acts as a relay for this exchange. When Termination is enabled, the AP itself acts as an authentication server, terminates the outer layers of the EAP protocol, and only relays the innermost layer to the external RADIUS server.

5.Specify the type of authentication server to use and configure other required parameters. For more information on configuration parameters, see Configuring security settings for a WLAN SSID profile on page 27.

6.Click the ACCESS tab to define access rules.

7.Click Save Settings.

Configuring MAC authentication for a network profile

MAC authentication can be used alone or it can be combined with other forms of authentication such as WEP authentication. However, it is recommended that you do not use the MAC-based authentication.

Configuring MAC authentication for wireless network profiles

To configure MAC authentication for a wireless profile:

1.Select Wireless Configuration > Network, select an existing profile for which you want to enable MAC authentication and click Edit.

2.In the Edit <profile-name>,ensure that all required WLAN and VLAN attributes are defined, and then click the SECURITY tab.

3.In SECURITY, for MAC AUTHENTICATION, select Enabled for Personal or Open security level.

4.Specify the type of authentication server to use and configure other required parameters. For more information on configuration parameters, see Configuring security settings for a WLAN SSID profile on page 27.

5.Click ACCESS tab to define access rules.

6.Click Save Settings.

Configuring MAC authentication with 802.1X authentication

To configure MAC authentication with 802.1X authentication for wireless network profile.

53 Wireless configuration

HP Cloud Network Manager User Guide