Manualshelf

WESM zl Management and Configuration Guide WT.01.28 and greater

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
31323334353637383940
1-15
Introduction
ProCurve Wireless Edge Services zl Module
4. The module determines whether it is acting as the router for this traffic and takes
action accordingly:
a. If the module is acting as router (that is, the frame’s destination MAC
address belongs to the module), the module looks up the route for the
packet’s destination.
However, before forwarding the traffic, the module applies any controls,
such as manual IP ACLs, configured on the VLAN on which the traffic
arrived. (See “ACLs” on page 1-38.)
The Wireless Edge Services zl Module’s firewall also filters the traffic as it
is routed from its original VLAN. (See “Wireless Edge Services zl Module
Firewall” on page 1-36.)
If the packet passes all checks, the module forwards the traffic to the gateway
device listed in the route. The gateway device’s VLAN must be tagged on
the module’s internal uplink port.
b. If the source station is sending the traffic to a destination in its own VLAN,
the module forwards the traffic at Layer 2.
Typically, the module forwards the traffic on the uplink port toward a device
in the Ethernet network. If you have not enabled the uplink port to carry
tagged traffic for the uplink VLAN, then the module drops the traffic.
Sometimes a wireless station attempts to communicate with another wire-
less station. In this case—given that you allow such inter-station traffic—
the module forwards the traffic on the downlink port toward the RP listed
in the 802.11 association with the destination device.
When the module forwards traffic at Layer 2, IP ACLs applied to the
incoming VLAN interface do not filter the traffic, nor does the firewall.
5. The wireless services-enabled switch forwards the traffic toward its destination.
The Wireless Edge Services zl Module follows a similar process to forward traffic
from the Ethernet network to wireless stations:
1. The module receives the traffic on its uplink port in an uplink VLAN.
2. The module applies controls to the traffic, if any are configured. The controls
can include:
a user-based ACL or rate-limit assigned by ProCurve IDM
a manual IP or MAC extended ACL applied to the uplink port
a manual IP ACL applied to the VLAN interface
3. The module creates the correct 802.11 frame, drawing on information specified
in the association with the destination station. The module also encrypts the
frame, if necessary.