WESM zl Management and Configuration Guide WT.01.28 and greater

1-27

Introduction

ProCurve Wireless Edge Services zl Module

You can add either WEP or WPA/WPA2 encryption to a WLAN that uses Web-Auth.

Users must then know the encryption key in order to connect to the network and even

reach the login page.

MAC Authentication. The Wireless Edge Services zl Module can also control

which wireless stations connect to a WLAN according to their MAC, or hardware-

based, addresses. This option is best suited for small networks and for devices without

user interfaces.

The module supports two types of MAC authentication: RADIUS and local.

RADIUS MAC Authentication. If you enable MAC authentication on a WLAN,

the Wireless Edge Services zl Module sends a request, which includes a station’s

MAC address as both the username and password, to a RADIUS server. (See

Figure 1-11.) The RADIUS request can be in the following formats:

■ Password Authentication Protocol (PAP)

■ Challenge Handshake Authentication Protocol (CHAP)

For information about configuring RADIUS MAC authentication, see Chapter 4:

“Wireless Local Area Networks (WLANs).”

Figure 1-11. RADIUS MAC Authentication

Local MAC Authentication. RADIUS MAC authentication allows you to control

stations centrally. Alternatively, you can control traffic locally with MAC standard

ACLs. On the Wireless Edge Services zl Module, these ACLs are called filters and

are configured separately from other ACLs.

You configure the following ACLs and associate them with WLANs:

■ Deny ACLs—Stations are prevented from connecting to your network.

■ Allow ACLs—Stations are permitted to connect to your network.