Manualshelf

Management and Configuration Guide (Includes ACM xl) 2005-12

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
251252253254255256257258259260
7-1
7
SETTING UP WIRELESS DATA
PRIVACY
This chapter explains how to configure the global settings for the security protocols. The topics covered
in this chapter are:
Overview of Wireless Data Privacy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-1
Wireless Data Privacy Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-2
IPSec Certificate Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-5
IP Address Assignment for Tunneling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-11
Overview of Wireless Data Privacy
Wireless Data Privacy is an optional security feature of the 700wl Series system that allows you to
provide strong encryption of data between a client and the Access Controller. Wireless Data Privacy
provides additional security for data sent over the airwaves, supplanting the relatively insecure Wired
Equivalent Privacy (WEP) of a wireless network.
The HP system offers four choices for encrypting data between a client and the Access Controller: PPTP,
L2TP plus IPSec, tunnel mode IPSec, and SSH.
To use one of these protocols for Wireless Data Privacy, there are three basic conditions that must be
met:
The protocol must be enabled and configured appropriately for the 700wl Series system as a whole.
The use of individual security protocols (the encryption policy that pertains to specific clients) must
be specified (required or allowed) in the relevant Access Policies.
The appropriate Wireless Data Privacy client software must be installed and configured on the
client systems that expect to make use of those protocols.
All the security protocols can be enabled or disabled globally without having to change the settings in
the individual Access Policies.
For IPSec and the other tunneling protocols there are some settings that must be configured centrally,
either across the 700wl Series system as a whole, or per Access Controller:
For IPSec, the configuration of the IKE Authentication method and IKE and ESP encryption and
integrity algorithms is done centrally on the Access Control Server for the 700wl Series system as a
whole
For the tunneling protocols (IPSec, PPTP and L2TP) the configuration of IP addressing used in
setting up inner tunnel addresses is done on a per-Access Controller basis.