Manualshelf

WESM zl Management and Configuration Guide WT.01.28 and greater

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
661662663664665666667668669670
11-3
RADIUS Server
RADIUS Authentication
RADIUS Authentication
The Wireless Edge Services zl Module’s RADIUS authentication server fulfils these
roles:
decides whether a user can connect to a WLAN that enforces one of these types
of security:
802.1X
Web authentication (Web-Auth)
MAC authentication
makes the decision based on credentials stored in one of these locations:
user accounts configured on the module itself
user accounts on a Lightweight Directory Access Protocol (LDAP) server,
such as Novell eDirectory
specifies policies (such as a dynamic virtual LAN (VLAN) assignment) for
authenticated users
For 802.1X authentication, the module’s internal RADIUS server supports these
Extensible Authentication Protocol (EAP) methods:
EAP-Transport Layer Security (TLS)
EAP-Tunneled TLS (TTLS) with Message Digest 5 (MD5)
EAP-TTLS with Password Authentication Protocol (PAP)
Protected EAP (PEAP) with Generic Token Card (GTC)
PEAP with Microsoft Challenge Handshake Authentication Protocol version 2
(MSCHAPv2)
All of these methods are suitable for a wireless network. That is, they not only enable
a wireless user to authenticate securely, they also help the Wireless Edge Services zl
Module and the station to generate a unique encryption key for the association. This
key can be either for Wired Equivalent Privacy (WEP) or the more secure Wi-Fi
Protected Access (WPA).
Table 11-1 summarizes the characteristics of these different EAP types.