Manualshelf

Management and Configuration Guide Supplement 4.4.0.50

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
891011121314151617
7
802.1X/WPA Authentication Service
For each ingress packet that matches the QoS Marking filter, you can
specify a DiffServ codepoint value, or an IP precedence and ToS value to
use in marking the packet. You can also specify an 802.1Q/p priority and
VLAN tag.
Within an Access Policy, select the QoS Markings that should apply
to traffic from clients for whom the Access Policy is in force. You can
select multiple QoS Marking criteria/settings, and order them as you
want. The system will search for a match from the top down, and will
stop and apply the settings at the first match, so the order in the list
is important.
See “The QoS Tab” under “Creating or Editing an Access Policy” in Chapter 4,
and also “QoS Markings” in that same chapter of the ProCurve Secure Access
700wl Series Management and Configuration Guide for a more detailed
discussion of the QoS Marking feature.
802.1X/WPA Authentication Service
Prior to software version 4.4, the 700wl Series offered only a passive 802.1X
authentication service. With passive 802.1X authentication, all packets from
the client are sent on to the network, and all returned packets destined for
that client are “sniffed” to detect an authentication result.
With the new 802.1X/WPA Authentication Service, the 700wl Series system
participates actively in Wi-Fi Protected Access (WPA) and IEEE’s 802.1X
standards to offer a fully encrypted connection among WPA and 802.1X
compliant products. The WPA standard uses Temporal Key Integrity Protocol
(TKIP) encryption, which uses dynamic keys to encrypt data between clients
and access points.
802.1X/WPA authentication through the 700wl Series uses an internal RADIUS
server, which may be configured either to act as the authentication service,
or to act as a proxy server for a remote RADIUS authentication service.
The built-in RADIUS server supports the Lightweight Extensible Authentica-
tion Protocol (LEAP) and Protected Extensible Authentication Protocol
(PEAP). Both LEAP and PEAP use client passwords for authentication. This
implementation of PEAP supports MS-CHAPv2. The built-in RADIUS server
uses the built-in user database for user validation.