Adding a RADIUS Client

To add a RADIUS client through the Access Devices screen, complete the following steps:

In the Access Devices screen, click corresponding to the New Access Device list.
The Add Access Device Screen appears as shown in Figure 7-2.
Figure 7-2 Server Manager’s Access Device Attributes Screen

In the Access Device Attributes form, enter information according to the information in Table 7-1.

Table 7-1 Add Access Device Configuration Form Options

Option Function

Name

Enter the network location of the network device. This may be an IPv4 address (in dotted-quad notation), an IPv6 address (in colon-separated notation), or a valid DNS host name. When specifying Name as a DNS host name, you must use the name returned by thehostname command.

Notes:

Ensure that your DNS is configured correctly (with both forward and reverse entries) for your AAA server. The AAA server determines the name of the machine that it is running on. If this name does not match with your local DNS servers database, you cannot configure the access device correctly.
You can use wildcards to provide access for all traditional IP (IPv4) clients in a particular subnet. Examples of valid IPv4 wildcard patterns are:
* 192.* 192.0.* 192.0.2.*
You can use wildcards to provide access for all IPv6 clients in a particular subnet. The allowed IPv6 wildcard patterns are constructed by appending an ‘*’ to a partial IPv6 address or by specifying a single ‘*’. Examples of valid IPv6 wildcard patterns are:
* fedc:ba98:7654:3210:fe* fedc:ba98:7654:3210:fedc:ba98:*
The special IPv6 syntax of compressing zeroes using "::" is not allowed in IPv6 Wildcard patterns. For example: ‘fedc::ba98:fe*’ is not allowed.

Shared Secret

Enter the shared secret, or the encryption key between the client and the server. The shared secret must be less than 255 characters. A request from a client for which the server does not have a shared secret is silently discarded.

Confirm Shared Secret

Confirm the secret by typing it again.

Vendor

Enter the vendor-specific attributes that must be returned to the access device in a reply. In most applications, you can select the hardware vendor of the device or Generic if the device is not listed. You can make multiple selections by holding down the control key as you select vendor names.

The server prunes vendor-specific attributes for a given vendor if that vendor’s name is not properly defined in the vendors file, and its attributes are not properly defined in the dictionary file.




	IMPORTANT: To define a wireless access point using the MS-CHAP protocol, you must select Microsoft as one of the vendor selections.




	NOTE: The Generic vendor prunes all vendor-specific attributes before a message is returned to a NAS. This attribute can be used to help prevent problems that occur if an unencapsulated vendor attribute is not correctly mapped in the `vendors` file.

Options

Select any of the check boxes to specify additional message-handling options. Following are the options:

RAD_RFC: Verifies that the Access-Request conforms with the RADIUS RFC. Nonconforming messages are dropped.
ACCT_RFC: Verifies that the Accounting-Request conforms with the Accounting RFC. Nonconforming messages are dropped.
Debug: Dumps packets into the server’s debug output file.
No Check: Helps enhance server performance. When this option is checked the HP-UX AAA Server does not check all attributes to determine if the request is a duplicate. Check this option if you know that the client sends standard messages that can easily be detected as duplicates.
No Encaps: Does not encapsulate vendor response (if the client requires unencapsulated A-V pairs)
Old Chap: For clients that perform pre-RFC CHAP.

Click Create to submit the new RADIUS client to the Server Manager. Click Cancel to return to the Access Device screen without making any changes to your server configuration.

Adding a RADIUS Client

Technical documentation

» Table of Contents

» Glossary

» Index