WESM zl Management and Configuration Guide WT.01.28 and greater
4-87
Wireless Local Area Networks (WLANs)
VLAN Assignment
5. On the RADIUS server, configure users’ VLAN assignments.
a. See “Creating a Group” on page 11-12 in Chapter 11: “RADIUS Server” to
learn how to configure VLAN assignments on the Wireless Edge Services
zl Module’s internal RADIUS server.
b. One of the easiest ways to configure the assignment on an external server
itself is via an Identity Driven Management (IDM) agent installed on the
server. In this case, you would configure the assignment through ProCurve
IDM and its Policy Manager. You would:
– Configure communities that include the wireless users.
– Create policies that match these communities to the appropriate
VLANs.
– Deploy the policies to the RADIUS server that the Wireless Edge
Services zl Module uses to authenticate wireless users.
In either case, when a user connects to a WLAN and authenticates to the
RADIUS server, the RADIUS server sends the VLAN assignment configured
for that user’s community to the Wireless Edge Services zl Module. The module
then tags all traffic from that user for that VLAN.
6. On the wireless services-enabled switch, you might need to tag the module’s
uplink port for the user-based VLANs just as you might if you had configured
the VLAN assignment manually. (See the Wireless Edge Services zl Module
Supplement to the ProCurve 6200yl/5400zl/3500yl Management and Configu-
ration Guide.)
Note Remember that the Wireless Edge Services zl Module can receive other identity-
based settings from an external RADIUS server, including:
■ access control lists (ACLs)
■ a rate limit on traffic from the wireless station
If you are using IDM, simply configure these settings in the IDM Policy Manager at
the same time that you configure the VLAN assignment. Refer to the ProCurve
Identity Driven Manager User’s Guide for more detailed instructions on how to
configure identity-based settings. (You can download this guide from www.hp.com/
go/procurve/manuals.)