Manualshelf

WESM zl Management and Configuration Guide WT.01.28 and greater

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
51525354555657585960
1-33
Introduction
ProCurve Wireless Edge Services zl Module
Controlling Traffic with Policies
To this point, the overview of the Wireless Edge Services zl Module’s security
capabilities has focused on the security that module provides in the wireless network.
However, in addition to managing which users connect to a WLAN (wireless
authentication), the Wireless Edge Services zl Module also manages how users
connect to the Ethernet network, controlling traffic so that each wireless user receives
access to the appropriate services and resources. The module acts as the door between
the wireless and wired networks; it can open the door to many different resources,
depending on the policies it applies to wireless users’ traffic.
The module can apply policies that:
it receives dynamically from a RADIUS server
you configure manually
The following sections describe these options in more detail.
Controlling Traffic with User-Based Policies. As you know, a RADIUS server
authenticates users who try to connect to your network. Using ProCurve IDM, you
can configure the RADIUS server to associate additional settings with a particular
user. When the user authenticates, the server sends these settings to the Wireless Edge
Services zl Module, and the module applies them to traffic from that user.
Such settings are sometimes called user-based or identity-based because a users
identity (rather than simply a MAC address or a switch port) links settings with traffic
from a particular user. The settings are also called dynamic because you do not
configure them permanently on the module; rather, the module receives them only
when a particular user connects. In addition, the module can receive and apply
different settings for different users or for the same user at different times.
The RADIUS server sends the user-based settings as HP ProCurve vendor-specific
attributes in the message with which it accepts a users authentication. The Wireless
Edge Services zl Module interprets these attributes and sets rules based on them. For
the duration of the user’s association, the module controls the users traffic according
to these rules.