Manualshelf

Management and Configuration Guide Wireless Edge Services xl Module Supplement 2007-06

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
21222324252627282930
17
5300xl Switch Support for the Wireless Edge Services xl Module
Automatic RP VLAN Operation Using RADIUS-Assigned
VLANs
Using 802.1X RADIUS-assigned VLANs, an authenticated radio port may be
automatically assigned to a designated radio port VLAN. Any PoE-enabled
switch port configured as an 802.1X authenticator may be used to connect an
authenticated radio port. Using authentication, only authorized radio ports
can provide wireless services to the network.
Radio ports use a supplicant-initiated, MD5-based 802.1X authentication
scheme. A global username and password (default values are admin procurve)
may be configured for all adopted radio ports. With a RADIUS server config-
ured to assign authenticated radio ports to a radio port VLAN, radio ports may
be connected to switch ports configured as 802.1X authenticators and begin
communicating with the wireless services-enabled switch.
802.1X must be configure in port-based mode (the default mode) rather than
client-based mode, if that option is available. Client-based mode allows mul-
tiple clients (1-32) on the same port, but only when they individually authen-
ticate themselves. Radio ports will NOT be adopted if 802.1X is configured on
a port in the client-based mode.
ProCurve Identity Driven Management can be used to configure and manage
policies that allow a RADIUS server to assign VLANs, as well as ACLs and rate
limits to authenticated clients. Alternately, VLAN assignment can be config-
ured directly on the RADIUS server.
Manually Configuring RP VLAN Operation
You can manually configure static VLANs to provide communication between
the wireless services-enabled switch and a radio port, as well as communica-
tion to the wired network (uplink network ports). You may configure as many
uplink VLANs and radio port VLANs as your network requires, provided that
these VLANs only include the Module’s uplink or downlink port as tagged
members.
If auto-provisioning is disabled when a Wireless Edge Services xl Module is
installed, the Module’s uplink port is added to the DEFAULT_VLAN as a tagged
member and the downlink port, if not a member of any existing VLAN, is added
to the DEFAULT_VLAN as a tagged member. When the Module’s uplink and
downlink ports are both members of the DEFAULT_VLAN, communication
with radio ports happens without any manual VLAN configuration, since by
default all switch ports are untagged members of the DEFAULT_VLAN. This