Manualshelf

WESM zl Management and Configuration Guide WT.01.XX and greater

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
51525354555657585960
1-30
Introduction
ProCurve Wireless Edge Services zl Module
802.1X with EAP—The module acts as the 802.1X authenticator, and the
external RADIUS server is the authentication server. The Wireless Edge
Services module has been certified for these EAP methods:
EAP-Transport Layer Security (TLS)
EAP-Tunneled TLS (TTLS)
PEAP with Microsoft CHAP version 2 (MS-CHAP v2)
EAP-Subscriber Identity Module (SIM)
EAP-Generic Token Card (GTC)
Note In 802.1X, the supplicant and the authentication server, not the authenticator,
agree on the EAP method. Because the module simply passes EAP messages
between the wireless station and the external server, rather than generating
the messages itself, it should support any standard EAP method. The module
has been certified those EAP method listed above.
For more information about EAP methods, see “EAP Methods” on page 1-31.
Internal RADIUS Server. The Wireless Edge Services zl Module’s internal
RADIUS server can authenticate stations that connect to the module’s WLANs.
The server can also respond to authentication requests from clients such as
switches that enforce port authentication in the Ethernet network.
The internal RADIUS server supports these types of authentication:
MAC authentication
Web-Auth
802.1X with EAP:
•EAP-TLS
EAP-TTLS with PAP
EAP-TTLS with MD5
PEAP with MS-CHAP v2
The internal RADIUS server can draw on one of two repositories for checking
user credentials:
Local database—The local database consists of user accounts and
groups. A user account includes a username and password and, for guest
accounts only, an expiration date and time. You assign a user to a group,
which defines policies, including valid access times and VLAN
assignment.