Manualshelf

WESM zl Management and Configuration Guide WT.01.28 and greater

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
171172173174175176177178179180
2-78
Configuring the ProCurve Wireless Edge Services zl Module
Radio Port Adoption
For a more efficient alternative, have one module pre-adopt all RPs and edit the radio
configurations on that module. Then copy those configuration to other modules in
the Wireless LAN System.
For more information on configuring adoption preference IDs, see “Setting up
Adoption Preference IDs to Control RP Adoption” on page 10-23 of Chapter 10:
“Redundancy Groups.” These instructions focus on the special case of multiple
Wireless Edge Services zl Modules and Redundant Wireless Services zl Modules that
form a redundancy group; however, they also apply to modules that are not in a
redundancy group, but are part of the same Wireless LAN System.
802.1X Authentication for RPs
To prevent rogue RPs from being adopted, you can also enforce 802.1X authentica-
tion on your network switch ports. The ProCurve RPs 210, 220, and 230 include an
802.1X client so that they can connect to ports that enforce such authentication. Using
MD5 authentication, the client automatically sends the RP’s credentials when the RP
connects to a network device. The switch to which the RP connects forwards the
credentials to an authentication server and, if the credentials are correct, allows the
RP to join the network.
The authentication server may store a VLAN setting for the RP, which it sends to the
switch after the RP authenticates. Such dynamic configuration of the Radio Port
VLAN can replace auto-provisioning on the wireless services-enabled switch or
manual configuration on an infrastructure switch. (See “Communicating with RPs:
Radio Port VLANs” on page 1-7 of Chapter 1: “Introduction” for more information
about configuring Radio Port VLANs.)
Note When you implement 802.1X on a port, auto-provisioning is disabled on that port.
You must either manually set the port to the correct VLAN for the RP or configure
the VLAN assignment on the RADIUS server.
However, the wireless services-enabled switch can continue to implement auto
provisioning on ports that do not enforce 802.1X.