WESM zl Management and Configuration Guide WT.01.28 and greater

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

451

452

453

454

455

456

457

458

459

460

5-4

Web Authentication for Mobile Users

Overview

After a station successfully receives an IP address and associates with the WLAN,

the station enters the Web-Auth state. (See Figure 5-2.) In this state, the station can

access only the network devices that you have added to the Web-Auth Allow list.

This list includes the IP address of any device that you want unauthenticated users

to be able to access. (When you add the IP address of a device to the Allow list, that

device is publicly available: it can be accessed by any user. For more information,

see “Allow List” on page 5-8.)

Associating with the WLAN is the first step. A mobile user must then open a Web

browser and attempt to access a valid URL that can be reached through your

company’s network. The Wireless Edge Services zl Module intercepts this request

and redirects the user’s Web browser to the Web-Auth login page, which prompts the

user to enter a username and password.

When the user enters a username and password, the Wireless Edge Services zl

Module submits these login credentials to the RADIUS server. If the RADIUS

server verifies the user’s login credentials, the login attempt is successful, and the

module displays the Web-Auth welcome page. At this point, the user’s station

enters the authentication state, and the mobile user can access the network

resources to which he or she has rights. (You can control access to network

resources through the RADIUS server or through ProCurve Identity Driven

Management [IDM]. For information about ProCurve IDM, visit the ProCurve

Networking Web site at

www.hp.com/go/procurve

In addition to reporting that the login was successful, the Web-Auth welcome page

includes a

Disconnect

link. When the user no longer needs to access your company’s

network services, he or she can click this link to end the session. (The

Disconnect

link is provided for the user’s convenience. The user does not need to keep the

Web-Auth welcome page open or use this link to disconnect from your network

services.)

If the user enters an invalid username and password, the RADIUS server denies

access, and the Wireless Edge Services zl Module displays the Web-Auth failed

page. In this case, the user’s station remains in the unauthenticated state, and the

user can access only the devices that you have added to the Allow list.