Manualshelf

Wireless/Redundant Edge Services xl Module Management and Configuration Guide WS.01.03 or greater

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
31323334353637383940
1-19
Introduction
ProCurve Wireless Edge Services xl Module
However, Web-Auth is not as secure as 802.1X. A downside in some enter-
prise environments is that you cannot enable encryption for a WLAN that
uses Web- Auth.
MAC Authentication
The Wireless Edge Services xl Module can also control which wireless stations
connect to a WLAN according to their MAC, or hardware-based, addresses.
You configure deny lists (stations prevented from connecting to your network)
and allow lists (stations allowed to connect to your network) and associate
these lists with WLANs. The module processes lists in order, stopping when
it first finds a match. It filters out any stations selected by a deny list before
these stations authenticate and associate with a particular WLAN. (It allows
all stations either selected by an allow list or not selected by any list to
associate.)
For example, you configure MAC authentication filters, or ACLs, and apply
them to a WLAN; you also enable 802.1X authentication on that WLAN. When
a station attempts to connect to the WLAN, the module first checks the
station’s MAC address. If the ACLs are configured to allow the station to
associate to the WLAN, the module lets it proceed to authenticate using
802.1X.
The Wireless Edge Services xl Module can store and apply up to 1000 ACLs.
Any kind of encryption supported on the module is supported on a WLAN that
uses MAC authentication, as these standards are configured entirely
separately.
Refer to Chapter 6: Wireless Network Management for information on
configuring MAC ACLs.
Controlling Traffic with Policies
The Wireless Edge Services xl Module manages which users connect to a
WLAN, as described above. It also manages how users connect to the network,
controlling traffic so that each wireless user receives access to the appropriate
services and resources. The module acts as the door between the wireless and
wired networks; it can open onto many different resources depending on the
policies it applies to wireless users’ traffic.
The module can apply policies:
that it receives dynamically from a RADIUS server
that you configure manually