Manualshelf

WESM zl Management and Configuration Guide WT.01.28 and greater

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
51525354555657585960
1-42
Introduction
ProCurve Wireless Edge Services zl Module
all private source addresses to a single public IP address that is known on the Internet.
If hosts on the Internet need to access a device in your private network, such as a
Web server, the NAT device performs destination NAT in the other direction,
translating traffic destined for the publicly known IP address to the correct private
IP address.
The Wireless Edge Services zl Module performs NAT in much the same way, and
you can use the module to ready traffic for transmission on the Internet. Other typical
uses include:
isolating wireless and wired traffic and preserving IP addresses
You should guard the threshold between the wireless and wired network rigor-
ously. As mentioned before, one of the best ways to protect the wired network
is to create VLANs specifically for wireless traffic. The module can handle all
necessary functions for those VLANs, including DHCP services and routing.
The module should also perform dynamic source NAT on addresses in the
VLAN for wireless users, translating all wireless stations’ IP addresses to its
own IP address on the wired network. This step ensures that, even though the
VLAN for wireless users does not exist in the wired network, return traffic
finds its way to the module and back onto the wireless network.
Another benefit of using dynamic source NAT on wireless traffic is that the
wireless stations do not consume IP addresses in the wired network. They all
share a single IP address on the wired network—the IP address of the Wireless
Edge Services zl Module.
concealing IP addresses in the private, wired network from wireless users
You can configure the Wireless Edge Services zl Module to translate the source
IP addresses of traffic that originates on your private, wired network. To allow
access to specific private servers, you must also configure destination NAT,
which translates the IP address advertised in the wireless network back to the
private address on the wired network.
relaying traffic destined for a particular server to a different server
For example, wireless stations might send requests to one server on the Internet,
but you want to force the stations to communicate with a different server. In this
case, you configure static destination NAT to translate packets destined to the
first server to the server of your choice.
PKI and Digital Certificates
The Wireless Edge Services zl Module’s security capabilities often require it to
authenticate itself with a digital certificate and the data it sends with a digital
signature.