Manualshelf

WESM zl Management and Configuration Guide WT.01.03 and greater

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
41424344454647484950
1-29
Introduction
ProCurve Wireless Edge Services zl Module
The module processes ACLs in order of index number, stopping when it first
finds a match. It filters out any stations selected by a deny list before these
stations associate with a particular WLAN. The module allows all stations
either selected by an allow list or not selected by any list to associate. Whether
the station can forward traffic in the WLAN depends on whether it completes
any further authentication required by the WLAN.
For example, suppose you configure MAC authentication filters and apply
them to a WLAN; you also enable 802.1X authentication on that WLAN. When
a station attempts to connect to the WLAN, the module first checks the
station’s MAC address. If the ACLs allow the station to associate to the WLAN,
the module lets it proceed to authenticate using 802.1X.
The Wireless Edge Services zl Module can store and apply up to 1,000 ACLs.
Any kind of encryption supported on the module is supported on a WLAN that
uses local MAC authentication because these standards are configured
entirely separately.
For information about configuring MAC ACLs, see Chapter 12: “Wireless
Network Management.”
Authenticating to a RADIUS Server. Each of the authentication methods
described in the sections above involve an authentication server. This server
decides whether a station can connect to the network based on whether:
the user provides the right login credentials
the policies configured on the server allow wireless access at this time
and location
The Wireless Edge Services zl Module supports authentication to an external
RADIUS server or to its internal server.
External RADIUS Server. The Wireless Edge Services zl Module can con-
tact an external RADIUS for these types of authentication:
MAC authentication—The module can send either a PAP or a CHAP
request to the external server, placing the station’s MAC address in both
the username and password fields. You can configure the format in which
the module sends the MAC address (that is, the type and placement of
delimiters).
Web-AuthThe module authenticates Web-Auth users to an external
server using either PAP or CHAP requests. The module fills in the user-
name and password fields from the information that a user enters into the
Web-Auth login screen.