Manualshelf

Wireless/Redundant Edge Services xl Module Management and Configuration Guide WS.01.03 or greater

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
31323334353637383940
1-16
Introduction
ProCurve Wireless Edge Services xl Module
3. The station and the authentication server authenticate each other (the
exact process differs depending on the EAP type they use). The Wireless
Edge Services xl Module receives the EAP messages from the wireless
station (via the RP) and sends the appropriate RADIUS messages to the
server.
4. If the user sends the correct credentials (which may take various forms,
including a digital certificate or a username and password), the RADIUS
server sends an authentication acknowledgement.
5. If you have configured the WLAN to use encryption, the acknowledgement
message also includes a per-session Wired Equivalent Privacy (WEP)
encryption key or a key for Wi-Fi Protected Access (WPA).
6. If your network implements user-based controls—configured, for exam-
ple, through ProCurve Identity Driven Management (IDM)—the RADIUS
server sends dynamic settings for the station such as a VLAN assignment,
ACLs, and rate limits.
In short, 802.1X provides robust authentication as well as dynamic key man-
agement, and if you so desire, support for dynamic, user-based settings.
For 802.1X, the Wireless Edge Services xl Module supports these specific types
of EAP:
EAP-Transport Layer Security (EAP-TLS)
EAP-Tunneled TLS (EAP-TTLS)
Protected EAP (PEAP) with Microsoft Challenge Handshake Authentica-
tion Protocol version 2 (MS-CHAP v2)
EAP-Subscriber Identity Module (SIM)
EAP-Generic Token Card (EAP-GTC)
EAP-TLS uses digital certificates and an automatic TLS handshake to authen-
ticate both stations and servers. EAP-TTLS and PEAP support stations that
do not have digital certificates. These EAP types use the TLS handshake to
create a secure tunnel over which the station can authenticate itself with a
username and password. Wireless phones use EAP-SIM to authenticate, auto-
matically sending information stored on a smartcard rather than relying on a
user to enter credentials. EAP-GTC is an early EAP type that requires users to
enter information, usually read from a token card. (See Table 1-3.)