Manualshelf

WESM zl Management and Configuration Guide WT.01.XX and greater

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
41424344454647484950
1-28
Introduction
ProCurve Wireless Edge Services zl Module
You can add either WEP or WPA/WPA2 encryption to a WLAN that uses Web-
Auth. Users must then know the encryption key in order to connect to the
network and even reach the login page.
MAC Authentication. The Wireless Edge Services zl Module can also con-
trol which wireless stations connect to a WLAN according to their MAC, or
hardware-based, addresses. This option is best suited for small networks and
for devices without user interfaces.
The module supports two types of MAC authentication: RADIUS and local.
RADIUS MAC Authentication. If you enable MAC authentication on a
WLAN, the Wireless Edge Services zl Module sends a request, which includes
a station’s MAC address as both the username and password, to a RADIUS
server. (See Figure 1-11.) The RADIUS request can be in the following formats:
Password Authentication Protocol (PAP)
Challenge Handshake Authentication Protocol (CHAP)
For information about configuring RADIUS MAC authentication, see
Chapter 4: “Wireless Local Area Networks (WLANs).”
Figure 1-11. RADIUS MAC Authentication
Local MAC Authentication. RADIUS MAC authentication allows you to
control stations centrally. Alternatively, you can control traffic locally with
MAC standard ACLs. On the Wireless Edge Services zl Module, these ACLs are
called filters and are configured separately from other ACLs.
You configure the following ACLs and associate them with WLANs:
Deny ACLs—Stations are prevented from connecting to your network.
Allow ACLs—Stations are permitted to connect to your network.