Wireless/Redundant Edge Services xl Module Management and Configuration Guide WS.01.03 or greater
1-15
Introduction
ProCurve Wireless Edge Services xl Module
Table 1-2. Options for Authentication and Encryption on the Wireless Edge
Services xl Module
The sections below provide background on the three authentication methods.
To learn how to actually enable authentication, see Chapter 3: Wireless Local
Area Networks (WLANs) for 802.1X and Web-Auth, Chapter 6 for MAC authen-
tication, and Chapter 7: Web Authentication for Mobile Users for Web-Auth.
802.1X Authentication
802.1X, an IEEE standard specifically developed to provide identity-based
authentication for wireless users, calls for an authenticator to manage the
exchange between a wireless station and an authentication server.
The Wireless Edge Services xl Module act as this authenticator. When a
wireless user attempts to associate with a WLAN, the module blocks all traffic
from that wireless user until the user authenticates itself to a RADIUS server.
802.1X relies on Extensible Authentication Protocol (EAP), which leaves
designing the actual authentication process to individual product developers.
The basic process is:
1. A wireless station attempts to associate to the WLAN.
2. The Wireless Edge Services xl Module receives the traffic from the RP and
places the station in a shutdown status. The module issues an EAP
challenge and refuses all traffic from the station except EAP messages.
Authentication Options Encryption Options
802.1X • WEP (dynamic WEP), 64-bit or 128-bit
• WPA/WPA2 (Enterprise mode):
– with TKIP
–with AES
– with both TKIP and AES (802.11i Mixed
Mode)
Web-Auth No encryption
MAC authentication Depends on other authentication implemented
on the WLAN
No authentication WEP (static WEP), 64-bit or 128-bit
WPA/WPA2 (Personal mode):
– with TKIP
–with AES
– with both TKIP and AES (802.11i Mixed
Mode)