Wireless/Redundant Edge Services xl Module Management and Configuration Guide WS.01.03 or greater
1-17
Introduction
ProCurve Wireless Edge Services xl Module
Table 1-3. EAP Types Supported on the Wireless Edge Services xl Module
Servers and stations automatically negotiate the EAP type; however, be aware
that your RADIUS server must support one or more of the five EAP types listed
above if you plan to use 802.1X authentication.
Web Authentication (Web-Auth)
The Wireless Edge Services xl Module can also provide Web authentication
for stations that do not support 802.1X authentication.
In this case, the module confines unauthenticated wireless users’ access to a
list of approved IP addresses. The module forces a user to authenticate itself
by redirecting all nonapproved traffic to a login page on a Web server.
Because the module handles all background processes (such as forwarding
requests to Dynamic Host Configuration Protocol [DHCP], Domain Name
System [DNS], and RADIUS servers), the approved list typically includes only
the module and the Web server with the pages that guide the user through the
authentication process.
You can even opt to maintain the Web pages on the Wireless Edge Services xl
Module itself to secure your organization’s Web server.
Note You can also protect the module’s management interface from unauthorized
access. Simply associate the WLAN to which wireless users connect with a
guest VLAN, assign the module an IP address in that VLAN, and include that
IP address (instead of the module’s management address) in the approved list.
Figure 1-5 illustrates the Web-Auth process.
EAP Type Requirement
EAP-TLS Digital certificate on both the server and
stations
EAP-TTLS Digital certificate on the server
User-entered name and password
PEAP Digital certificate on the server
User-entered name and password
EAP-SIM Smartcard on the wireless station (phone)
EAP-GTC User-entered token card information