Manualshelf

WESM zl Management and Configuration Guide WT.01.28 and greater

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
41424344454647484950
1-28
Introduction
ProCurve Wireless Edge Services zl Module
The module processes ACLs in order of index number, stopping when it first finds
a match. It filters out any stations selected by a deny list before these stations associate
with a particular WLAN. The module allows all stations either selected by an allow
list or not selected by any list to associate. Whether the station can forward traffic in
the WLAN depends on whether it completes any further authentication required by
the WLAN.
For example, suppose you configure MAC authentication filters and apply them to
a WLAN; you also enable 802.1X authentication on that WLAN. When a station
attempts to connect to the WLAN, the module first checks the station’s MAC address.
If the ACLs allow the station to associate to the WLAN, the module lets it proceed
to authenticate using 802.1X.
The Wireless Edge Services zl Module can store and apply up to 1,000 ACLs.
Any kind of encryption supported on the module is supported on a WLAN that uses
local MAC authentication because these standards are configured entirely separately.
For information about configuring MAC ACLs, see Chapter 12: “Wireless Network
Management.”
Authenticating to a RADIUS Server. Each of the authentication methods
described in the sections above involve an authentication server. This server decides
whether a station can connect to the network based on whether:
the user provides the right login credentials
the policies configured on the server allow wireless access at this time and
location
The Wireless Edge Services zl Module supports authentication to an external
RADIUS server or to its internal server.
External RADIUS Server. The Wireless Edge Services zl Module can contact an
external RADIUS for these types of authentication:
MAC authentication—The module can send either a PAP or a CHAP request
to the external server, placing the station’s MAC address in both the username
and password fields. You can configure the format in which the module sends
the MAC address (that is, the type and placement of delimiters).
Web-Auth—The module authenticates Web-Auth users to an external server
using either PAP or CHAP requests. The module fills in the username and
password fields from the information that a user enters into the Web-Auth login
screen.
802.1X with EAP—The module acts as the 802.1X authenticator, and the
external RADIUS server is the authentication server. The Wireless Edge Services
module has been certified for these EAP methods: