Wireless/Redundant Edge Services xl Module Management and Configuration Guide WS.01.03 or greater

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

211

212

213

214

215

216

217

218

219

220

3-51

Wireless Local Area Networks (WLANs)

Configuring a WLAN

b. As always, you should select a key that fits the highest security

standards. The longer the key, the more secure (it must be at least 22

characters to withstand a brute force attack).

You can enter the key in one of two ways:

– If you select ASCII Passphrase, enter a password of between 8 and

63 characters. Users must enter the same characters to access the

WLAN.

– Alternatively, you can select 256-bit key and enter the key manu-

ally in HEX. Again, users must enter these 64 HEX characters,

which you enter 16 to a field.

c. Click OK.

6. If you so desire, you can also configure advanced options. You can

configure these WPA/WPA2 options for WLANs that use any type of

authentication:

a. Click the Config button next to the encryption option that you have

selected.

b. If you so desire, check the box to enable Broadcast Key Rotation.

Because all stations must use the same broadcast key, this key is

clearly more vulnerable to hackers than the per-session keys. Period-

ically changing the broadcast key helps to protect your WLAN.

By default, the Wireless Edge Services xl Module rotates the broad-

cast key every 7200 seconds (two hours). In the Update broadcast keys

every field, you can enter any value between 60 and 86400 seconds

(one day). The shorter the rotation period, the more secure, but also

the more overhead added by the key redistribution.

c. You can also enable fast roaming features. A station might roam back

and forth between several RPs. Ideally, such roaming is hidden from

the wireless user, who need not know when he or she connects to a

new RP, but only that the wireless connection remains good.

Fast roaming speeds authentication to a new RP, which can be the

most time-consuming phase, so it only applies to WLANs that use

802.1X authentication.

Check these boxes to enable the Wireless Edge Services xl Module’s

fast roaming capabilities:

– PMK Caching—The RP and the wireless station agree on a PMK

identifier for their session, which each stores even after the

station disassociates. If the wireless station roams back to the RP,

the two can quickly exchange the PMK identifier and renegotiate

necessary keys, instead of completing the entire authentication

process.