Manualshelf

WESM zl Management and Configuration Guide WT.01.XX and greater

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
41424344454647484950
1-25
Introduction
ProCurve Wireless Edge Services zl Module
A Wireless Edge Services zl Module supports three types of authentication:
802.1X authentication
Web-Auth
RADIUS MAC authentication
Alternatively, the Wireless Edge Services zl Module can allow stations to
connect to a WLAN without authenticating formally. In this case, an encryp-
tion key usually acts as a password.
The authentication types are implemented as part of a WLAN’s settings. You
can enable different types of authentication on different WLANs, but each
WLAN can use only one of the three types of authentication.
However, you can also create MAC filters (MAC standard ACLs), which
function as local MAC authentication. You configure these filters globally and
then apply them to a WLAN. The filter is applied in addition to any other
authentication you configure on that WLAN.
802.1X Authentication. 802.1X, an IEEE standard specifically developed
to provide identity-based authentication for users, requires an authenticator
to manage the exchange between a wireless station and an authentication
server. The Wireless Edge Services zl Module acts as this authenticator. When
a wireless user attempts to associate with a WLAN, the module blocks all
traffic from the user’s wireless station until the user authenticates itself to an
authentication server (a RADIUS server).
With its internal RADIUS server, the Wireless Edge Services zl Module can also
act as the authentication server.
802.1X relies on Extensible Authentication Protocol (EAP), which comes in
several varieties designed by various product developers. Although the
actual process varies according to the specific method, the basic process is
outlined below:
1. A wireless station associates to the WLAN.
2. The Wireless Edge Services zl Module receives the station’s traffic from
the RP. As soon as the association becomes active, the module places the
station in a shutdown status. The module issues an EAP challenge and
refuses all traffic except EAP messages from the station.