Manualshelf

WESM zl Management and Configuration Guide WT.01.28 and greater

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
41424344454647484950
1-25
Introduction
ProCurve Wireless Edge Services zl Module
4. If the user sends the correct credentials (which may take various forms, including
a digital certificate or a username and password), the RADIUS server sends an
authentication acknowledgement.
5. If you have configured the WLAN to use encryption, the authentication process
includes generating a per-session encryption key for WEP or a pairwise (per-
user) master key (PMK) for WPA. The authentication server passes the key to
the Wireless Edge Services zl Module.
Automatically generating secure encryption keys is one of the most vital com-
ponents of 802.1X for wireless networks. For more information about encryp-
tion, see “Encryption Options for WLANs” on page 1-31.
6. If your network implements user-based controls—configured, for example,
through ProCurve IDM—the RADIUS server sends dynamic settings—such as
a VLAN assignment, ACLs, and rate limits—for the station.
Note Remember: if you are using the Wireless Edge Services zl Module’s internal
RADIUS server, the module acts as both the authenticator and the authentication
server.
In short, 802.1X provides robust authentication as well as dynamic key management,
and, if you want, support for dynamic, user-based settings.
Web-Auth. The Wireless Edge Services zl Module can also provide Web-Auth for
stations that do not support 802.1X authentication. In this case, the module confines
unauthenticated wireless users’ access to a list of allowed IP addresses. The module
forces a user to authenticate itself by redirecting all nonapproved traffic to a login
page on a Web server.
Because the Wireless Edge Services zl Module handles all background processes
(such as forwarding requests to DHCP, RADIUS, and DNS servers), the allow list
only needs to include the IP address of the Web server that stores the pages that guide
the user through the authentication process.
You can even opt to maintain the Web pages on the Wireless Edge Services zl Module
itself to secure your organization’s Web server. In this case, the allow list can be
completely empty.