WESM zl Management and Configuration Guide WT.01.28 and greater

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

391

392

393

394

395

396

397

398

399

400

4-57

Wireless Local Area Networks (WLANs)

Configuring a WLAN

Check these boxes to enable the Wireless Edge Services zl Module’s fast

roaming capabilities:

– PMK Caching—The RP and the wireless station agree on a PMK

identifier for their session, which each stores even after the station

disassociates. If the wireless station roams back to the RP, the two can

quickly exchange the PMK identifier and renegotiate necessary keys,

instead of completing the entire authentication process.

Note When PMK caching is enabled, a WPA2 station that roams is no longer

controlled by any dynamic ACLs configured with IDM. If you use IDM

to assign ACLs to users with WPA2 connections, you should disable

PMK caching.

– Opportunistic Key Caching—This capability further speeds roaming

between RPs that are connected to the same module. The wireless

station can use the same PMK to associate to any RP that connects to

the module.

– Pre-Authentication—Pre-authentication speeds roaming for stations

that move from an RP on a different Wireless Edge Services to an RP

on this module.

The station must also support pre-authentication. It listens for beacons

from other RPs that support its SSID and authenticates to them before

it roams. The station sends its EAP messages through its current RP,

and that RP’s module broadcasts the EAP messages throughout the

wired network. Pre-authentication allows your module to listen for and

respond to EAP messages destined to its RPs.

d. After you have configured all the advanced options that you desire, click

the OK button.

5. Click the OK button.

Configuring WPA/WPA2-PSK. As noted above, WPA/WPA2 typically requires

802.1X authentication. However, for networks that do not have a RADIUS server,

you can set a password, or preshared key, instead of enforcing 802.1X. All users must

enter this same preshared key to connect to the WLAN.

Although a preshared key is less secure than 802.1X authentication, the WPA/WPA2

encryption is still quite strong. WPA/WPA2-PSK is a far better option than static

WEP for small to medium networks.

For more information on WPA/WPA2 encryption, see the introduction to “Config-

uring WPA/WPA2 with 802.1X” on page 4-53. To configure WPA/WPA-PSK on a

WLAN complete these steps:

1. Access the Edit screen for the WLAN that is to use WPA/WPA2-PSK: