Manualshelf

WESM zl Management and Configuration Guide WT.01.28 and greater

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
919293949596979899100
1-79
Introduction
Layer 2 and Layer 3 Roaming Between RPs and Modules
PMK caching speeds roaming only if the Wireless Edge Services zl Module
already has a PMK for the station. To create this PMK, the station must complete
802.1X authentication. Traditionally, 802.1X authentication occurs only when
the station actually associates to one of the module’s RPs. To speed roaming, the
station can complete 802.1X authentication to a module in advance before
roaming. The module caches the PMK until the station actually roams to it.
Redundancy groups—enables fast and seamless roaming between modules in
a WLAN that requires Web-Auth.
The Wireless Edge Services zl Modules that compose a redundancy group
exchange various messages. Some of these messages can include Web-Auth
usernames and passwords. When a user enters his or her username and password
into a Web-Auth login screen, the module enforcing Web-Auth retrieves these
login credentials and submits them to a RADIUS server. The module also sends
the credentials to all other members of the redundancy group. The other members
submit the credentials to the RADIUS server and log in the user. When the users
station roams to an RP on a new module, the module has already authorized it
to forward traffic, so the roam is fast and seamless.
Note Pre-authentication functions only between two Wireless Edge Services zl Modules
that are on the same VLAN. In fact, roaming between modules on different VLANs
requires special configurations discussed in the next section.
For more information about these mechanisms, see Chapter 9: “Fast Layer 2 Roam-
ing and Layer 3 Mobility” and Chapter 4: “Wireless Local Area Networks
(WLANs).”
Roaming Between RPs on Different Wireless Edge Services
zl Modules at Layer 3
Roaming always occurs within a WLAN—that is, a station can roam only to another
RP if that RP supports the same SSID. Otherwise, the station does not roam; it
connects to a new network.
For the roaming described in the previous sections, the roaming station’s traffic
arrives in the same VLAN when it is bridged into the Ethernet network. This allows
the station to keep the same IP address and maintain active sessions. Roaming
between two wireless cells but within the same VLAN on the wired side is called
radio frequency (RF), or Layer 2, roaming.
Whenever possible, you would configure all of your modules to support the same
VLAN for the same WLAN, and all roams would be at Layer 2. However, two
Wireless Edge Services zl Modules separated by a router must forward wireless traffic