WESM zl Management and Configuration Guide WT.01.03 and greater

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

401

402

403

404

405

406

407

408

409

410

4-58

Wireless Local Area Networks (WLANs)

Configuring a WLAN

Fast roaming speeds authentication to a new RP, which can be the

most time-consuming phase of the roam, so it only applies to WLANs

that use 802.1X authentication.

Check these boxes to enable the Wireless Edge Services zl Module’s

fast roaming capabilities:

– PMK Caching—The RP and the wireless station agree on a PMK

identifier for their session, which each stores even after the

station disassociates. If the wireless station roams back to the RP,

the two can quickly exchange the PMK identifier and renegotiate

necessary keys, instead of completing the entire authentication

process.

Note When PMK caching is enabled, a WPA2 station that roams is no

longer controlled by any dynamic ACLs configured with IDM. If

you use IDM to assign ACLs to users with WPA2 connections, you

should disable PMK caching.

– Opportunistic Key Caching—This capability further speeds roam-

ing between RPs that are connected to the same module. The

wireless station can use the same PMK to associate to any RP that

connects to the module.

– Pre-Authentication—Pre-authentication speeds roaming for sta-

tions that move from an RP on a different Wireless Edge Services

to an RP on this module.

The station must also support pre-authentication. It listens for

beacons from other RPs that support its SSID and authenticates

to them before it roams. The station sends its EAP messages

through its current RP, and that RP’s module broadcasts the EAP

messages throughout the wired network. Pre-authentication

allows your module to listen for and respond to EAP messages

destined to its RPs.

d. After you have configured all the advanced options that you desire,

click the OK button.

5. Click the OK button.

Configuring WPA/WPA2-PSK. As noted above, WPA/WPA2 typically

requires 802.1X authentication. However, for networks that do not have a

RADIUS server, you can set a password, or preshared key, instead of enforcing

802.1X. All users must enter this same preshared key to connect to the WLAN.

Although a preshared key is less secure than 802.1X authentication, the WPA/

WPA2 encryption is still quite strong. WPA/WPA2-PSK is a far better option

than static WEP for small to medium networks.