Manualshelf

Management and Configuration Guide Supplement 4.4.0.50

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
12345678910
1
Introduction
Introduction
This documentation supplement describes the functionality and use of a set
of new features introduced in the special software release version 4.4.0.50 for
the ProCurve Secure Access 700wl Series. This software version provides a
number of important new or enhanced features:
Significantly enhanced support for multiple 802.1Q VLANS. The
enhanced VLAN support enables gateway, DHCP, DNS and WINS
server configurations to be specified per tagged VLAN/subnet, rather
than per physical Access Controller. Authenticated client traffic can
be assigned to an uplink VLAN and subnet based on the client identity
(Identity Profile) or point of entry to the network (Connection
Profile), through the Access Policy mechanism. VLAN tagging asso-
ciated with incoming packets can be left as is, removed, or replaced.
Further, the new Quality of Service (QoS) classification feature can
also manipulate VLAN tagging as part of its QoS marking capability.
Ability to act as a layer 2 entity and expose the actual MAC address
for real IP clients on the uplink port.
Support for traffic classification based on 802.1p, Differentiated
Services (DiffServ), IP Precedence, and Type of Service (ToS)
settings. Ingress packets can be filtered for marking based on a
number of criteria, including VLAN ID, IP protocol, source and desti-
nation IP addresses and ports, MAC address, user identity, slot/port
combination, and Ethertype. Ingress packet priority settings can be
retained, mapped to different priority settings, or in the case of
802.1Q/p, removed. After a packet has been marked with a priority
setting it becomes accessible for QoS handling on the network.
In addition, you can apply VLAN tags based on packet information, which
is useful for separating application data on the same device. For example,
a mixed-mode device, like a PDA with a soft-phone application, can have
data traffic sent down one VLAN and priority VoIP traffic sent down a
different VLAN.
A new Authentication Service for active 802.1X/WPA authentication
using a built-in RADIUS server. This provides a fully-encrypted
connection among WPA and 802.1X compliant products. The built-in
RADIUS server can be used as the authentication server, or as a proxy
server to an external RADIUS server. When used as an authentication
server, the built-in RADIUS server supports the Lightweight Exten-