Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
More options
HP.com home
 HP-UX AAA Server A.06.00 Administration and Authentication Guide: HP-UX 11.0, 11i v1 > Chapter 2 Configuration Screens

Access Device
» 

Technical documentation

Complete book in PDF
» Feedback
Content starts here

 » Table of Contents

 » Glossary

 » Index

spacerspacerspacer
spacer
spacer
  		 
 

The server configuration must include all the clients (NASs, access points and other network devices) that can communicate with the AAA server. If a access device is not included in the configuration, the server will not handle requests from or send requests to the access device. The Access Devices screen allows you to add a new client to or modify or delete an existing client in the server configuration.

Navigating the Define Access Device Screen

Figure 2-3 Server Manager's Access Device Screen

Server Manager's Access Device Screen

  • Selecting the New Access Device link or the following icon will display a form of access device attributes to define a new entry:

  • Selecting an existing access device or the following icon will display a form of the corresponding clients attributes for modification:

  • Selecting the following icon will display a confirmation screen before deleting the corresponding entry:

  • Selecting the following icon will display a context sensitive HTML help screen:

Creating or Modifying an Access Device

When adding a new access device entry to the server configuration or modifying an existing entry, you supply values for the access device attributes through a forms fields.

Figure 2-4 Server Manager's Access Device Attributes Screen

Server Manager's Access Device Attributes Screen
Name:

Network location of the network device as follows:

  • It may be an IP address (in dotted-quad notation) or a valid domain name system (DNS) host name. When specifying Name as a DNS host name, you should use the name returned by the hostname command.

Shared Secret:

Encryption key, or shared secret, between the client in this entry and this server. The field must be less than 255 characters. A request from a client for which the server does not have a shared secret will be silently discarded.

Vendor:

Indicates what vendor-specific attributes should be returned to the access device in a reply. In most applications, you will select the hardware vendor of the device or Generic if the device is not listed. You can make multiple selections by holding down the control key as you select vendor names.

IMPORTANT: If you are defining a wireless access point that will be using the MS-CHAP protocol for authentication, Microsoft must be one of the vendor selections.

The server will prune vendor-specific attributes for a given vendor if that vendor's name is not properly defined in the vendors file, and its attributes are not properly defined in the dictionary file.

NOTE: The Generic vendor prunes all vendor-specific attributes before a message is returned to a NAS. This may be used to help prevent problems that might occur if unencapsulated vendor attribute is not correctly mapped in the vendors file.
Options:

Select any of the check boxes to specify additional message-handling options.

The following options are valid:

Table 2-1 Access Device Message Handling Options

OptionDefinition
ACCT_RFCVerifies that the Accounting-Request conforms with the Acounting RFC. Nonconforming messages are dropped.
DEBUGDump packets into the server's debug output file when log level is greater than 2.
NO_CHECKDoes not check all attributes to determine if the request is a duplicate. This can be set to increase server performance if you know that the client sends standard messages that can easily be detected as duplicates.
NOENCAPSDon't encapsulate vendor response (if the client requires nonencapsulated A-V pairs).
OLDCHAP For clients that perform pre-RFC CHAP.
RAD_RFCVerifies that the Access-Request conforms with the RADIUS RFC. Nonconforming messages are dropped.

 

When adding a new access device entry, you select the Create button to submit the new access device to the Server Manager. When modifying an existing entry, you select the Modify button to submit changes to the access device entry. In either case if each field contains a valid value, the client will be created or modified; otherwise, an error message is displayed. You can always select the Cancel button and return to the Access Device screen without making any changes to your server configuration.

Deleting an Access Device

The Delete Access Device screen allows you to preview the access device entry before you confirm deletion.

Figure 2-5 Server Manager's Access Device Deletion Screen

Server Manager's Access Device Deletion Screen

Select the Delete button to delete the displayed access device entry. You can select the Cancel button and return to the Access Device screen without deleting the entry.

DNS Names

Make sure that your DNS is configured correctly (with both forward and reverse entries) for your AAA server(s). The AAA server determines the name of the machine that its running on. If this name does not match your local DNS servers database, you will not be able to correctly configure the access device and will experience problems with some server operations.



Overview
  		 


Proxies  
Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© 2003 Hewlett-Packard Development Company, L.P.