Manualshelf

WESM zl Management and Configuration Guide WT.01.28 and greater

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
71727374757677787980
1-60
Introduction
Radio Ports
Masters communicate with managed stations; they do not communicate with each
other. In other words, one RP does not send traffic to another RP, but simply transits
traffic from wireless stations toward the Wireless Edge Services zl Module and from
the module back to wireless stations.
The Wireless Edge Services zl Module collects traffic from one or more RPs. It is this
module’s role to process this traffic, respond to it, apply appropriate controls to it, and
forward it in the correct uplink VLAN in the Ethernet network.
The module also acts as the authenticator, managing responses to stations’ authenti-
cation requests and forwarding users’ credentials to a RADIUS server.
Detector Mode
Typically, ProCurve RPs function as masters within one or more WLANs. However,
you can also assign an RP the role of detector: such an RP scans for other APs in the
vicinity.
Note More precisely, you assign an RP radio the role of detector. For example, a dual-radio
RP could use one radio to support wireless stations and one to detect APs.
The detector is dedicated to scanning for unauthorized APs, which can threaten the
security of your network. Unauthorized APs fall into two types:
APs placed by unauthorized personnel without malicious intent.
For example, employees might introduce APs so that they can connect to the
network more conveniently. Although the employees may not mean any harm,
if these APs are not secured, those who do mean harm can exploit the vulnera-
bility.
APs placed by hackers with malicious intent.
Hackers can use rogue APs to lure users into sending them their passwords and
other sensitive information. They can also hijack your network devices for illegal
activities, opening your organization up to legal sanctions.
You can configure two types of detectors to search for these unauthorized APs:
single-channel detector
dedicated detector
The single-channel detector listens passively for beacons from APs. It listens only
on its own radio channel and can simultaneously respond to association requests from
wireless stations.
The dedicated detector, on the other hand, does not respond to association requests
from wireless stations. Instead, the dedicated detector sends probes on each channel: