WESM zl Management and Configuration Guide WT.01.XX and greater
4-88
Wireless Local Area Networks (WLANs)
VLAN Assignment
5. On the RADIUS server, configure users’ VLAN assignments.
a. See “Creating a Group” on page 11-12 in Chapter 11: “RADIUS Server”
to learn how to configure VLAN assignments on the Wireless Edge
Services zl Module’s internal RADIUS server.
b. One of the easiest ways to configure the assignment on an external
server itself is via an Identity Driven Management (IDM) agent
installed on the server. In this case, you would configure the assign-
ment through ProCurve IDM and its Policy Manager. You would:
– Configure communities that include the wireless users.
– Create policies that match these communities to the appropriate
VLANs.
– Deploy the policies to the RADIUS server that the Wireless Edge
Services zl Module uses to authenticate wireless users.
In either case, when a user connects to a WLAN and authenticates to the
RADIUS server, the RADIUS server sends the VLAN assignment config-
ured for that user’s community to the Wireless Edge Services zl Module.
The module then tags all traffic from that user for that VLAN.
6. On the wireless services-enabled switch, you might need to tag the mod-
ule’s uplink port for the user-based VLANs just as you might if you had
configured the VLAN assignment manually. (See the Wireless Edge Ser-
vices zl Module Supplement to the ProCurve 6200yl/5400zl/3500yl Man-
agement and Configuration Guide.)
Note Remember that the Wireless Edge Services zl Module can receive other
identity-based settings from an external RADIUS server, including:
■ access control lists (ACLs)
■ a rate limit on traffic from the wireless station
If you are using IDM, simply configure these settings in the IDM Policy
Manager at the same time that you configure the VLAN assignment. Refer to
the ProCurve Identity Driven Manager User’s Guide for more detailed
instructions on how to configure identity-based settings. (You can download
this guide from http://www.procurve.com.)