WESM zl Management and Configuration Guide WT.01.03 and greater
1-31
Introduction
ProCurve Wireless Edge Services zl Module
■ LDAP-compliant server—The Wireless Edge Services zl Module can
bind to an Lightweight Directory Access Protocol (LDAP)-compliant
server. The LDAP-compliant server stores the login credentials, and you
configure the module to bind to the server and perform searches for a
user’s password and group. The group configuration in the module’s local
database determines when wireless users can connect and the VLAN to
which they are assigned.
EAP Methods. This section gives a brief overview of common EAP methods
so that you can choose the method best for your environment.
EAP-TLS uses digital certificates and an automatic TLS handshake to authen-
ticate both stations and servers. This method requires a full public key
infrastructure (PKI).
EAP-TTLS and PEAP support wireless stations that do not use digital certifi-
cates. These EAP methods use the TLS handshake to create a secure tunnel
over which the station can authenticate itself with another, less secure method.
This inner method typically involves sending a username and password.
Wireless phones can use EAP-SIM to authenticate, automatically sending
information stored on a smartcard rather than relying on a user to enter
login credentials.
EAP-GTC is an early EAP method that requires users to enter information,
usually read from a token card. Sometimes, however, the user simply enters
a password.