Manualshelf

Wireless/Redundant Edge Services xl Module Management and Configuration Guide WS.01.03 or greater

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
231232233234235236237238239240
3-70
Wireless Local Area Networks (WLANs)
VLAN Assignment
One of the easiest ways to configure the VLAN assignment on the RADIUS
server itself is via an Identity Driven Management (IDM) agent installed on the
server. In this case, you would configure the assignment through ProCurve
IDM and its Policy Manager.
For example, on IDM, you create and deploy policies that assign one commu-
nity of users to one VLAN and another community of users to a different VLAN.
When a user connects to a WLAN and authenticates to the RADIUS server, the
RADIUS server sends the VLAN assignment configured for that user’s com-
munity to the Wireless Edge Services xl Module. The Wireless Edge Services
xl Module then tags all traffic from that user for that VLAN.
On the Wireless Edge Services xl Module, you must complete only this step to
enable the dynamic VLAN assignment:
1. Verify that WLANs use 802.1X EAP authentication.
Note Not all WLANs in the network have to use 802.1X authentication, but the
Wireless Edge Services xl Module will only implement dynamic VLAN assign-
ment for the WLANs that do.
On the wireless services-enabled switch, you must tag the module’s uplink
port for the user-based VLANs just as you would if you had configured the
VLAN assignment manually. (See ProCurve Series 6400cl Switches, 5300xl
Switches, and 3400cl Switches Management and Configuration Guide and
ProCurve Series 6400cl Switches, 5300xl Switches, and 3400cl Switches
Advanced Traffic Management Guide.)
Using IDM, you must:
1. Configure communities that include the wireless users.
2. Create policies that match these communities to the appropriate VLANs.
Note Remember that the Wireless Edge Services xl Module can receive identity-
based settings in addition to the VLAN assignment, including:
access control lists (ACLs)
a rate limit on traffic from the wireless station
Simply configure these settings in the IDM Policy Manager at the same
time that you configure the VLAN assignment.
3. Deploy the policies to the RADIUS server that the Wireless Edge Services
xl Module uses to authenticate wireless users.