288CHAPTER 7: CONFIGURING AUTHENTICATION, AUTHORIZATION, AND ACCOUNTING PARAMETERS

Authentication Algorithm

MSS can try more than one of the authentication types described in “Authentication Types” to authenticate a user. MSS tries 802.1X first. If the user’s NIC supports 802.1X but fails authentication, MSS denies access. Otherwise, MSS tries MAC authentication next. If MAC authentication is successful, MSS grants access to the user. Otherwise, MSS tries the fallthru authentication type specified for the SSID or wired authentication port. The fallthru authentication type can be one of the following:

„Web

„Last-resort

„None

Web and last-resort are described in “Authentication Types”. None means the user is automatically denied access. The fallthru authentication type for wireless access is associated with the SSID (through a service profile). The fallthru authentication type for wired authentication access is specified with the wired authentication port. (For information about service profiles, see “Configuring a Service Profile” on page 238. For information about wired authentication port configuration, see “Configuring Wired Authentication Ports” on page 222.)

The following figure shows how MSS tries the authentication types.

Page 288
Image 288
HP Manager Software manual Authentication Algorithm