WESM zl Management and Configuration Guide WT.01.28 and greater
1-29
Introduction
ProCurve Wireless Edge Services zl Module
• EAP-Transport Layer Security (TLS)
• EAP-Tunneled TLS (TTLS)
• PEAP with Microsoft CHAP version 2 (MS-CHAP v2)
• EAP-Subscriber Identity Module (SIM)
• EAP-Generic Token Card (GTC)
Note In 802.1X, the supplicant and the authentication server, not the authenticator, agree
on the EAP method. Because the module simply passes EAP messages between the
wireless station and the external server, rather than generating the messages itself, it
should support any standard EAP method. The module has been certified those EAP
method listed above.
For more information about EAP methods, see “EAP Methods” on page 1-30.
Internal RADIUS Server. The Wireless Edge Services zl Module’s internal
RADIUS server can authenticate stations that connect to the module’s WLANs. The
server can also respond to authentication requests from clients such as switches that
enforce port authentication in the Ethernet network.
The internal RADIUS server supports these types of authentication:
■ MAC authentication
■ Web-Auth
■ 802.1X with EAP:
• EAP-TLS
• EAP-TTLS with PAP
• EAP-TTLS with MD5
• PEAP with MS-CHAP v2
The internal RADIUS server can draw on one of two repositories for checking user
credentials:
■ Local database—The local database consists of user accounts and groups. A
user account includes a username and password and, for guest accounts only, an
expiration date and time. You assign a user to a group, which defines policies,
including valid access times and VLAN assignment.
■ LDAP-compliant server—The Wireless Edge Services zl Module can bind to
an Lightweight Directory Access Protocol (LDAP)-compliant server. The
LDAP-compliant server stores the login credentials, and you configure the
module to bind to the server and perform searches for a user’s password and
group. The group configuration in the module’s local database determines when
wireless users can connect and the VLAN to which they are assigned.