Wireless/Redundant Edge Services xl Module Management and Configuration Guide WS.01.03 or greater
1-20
Introduction
ProCurve Wireless Edge Services xl Module
The following sections will describe these options in more detail.
Controlling Traffic with User-Based Policies
As you know, a RADIUS server matches usernames with passwords in order
to authenticate users that try to connect to your network. Using ProCurve
IDM, you can configure the RADIUS server to associate additional settings
with a user. When the user authenticates, the server sends these settings to
the Wireless Edge Services xl Module, and the module applies them to traffic
from that user.
Such settings are sometimes called user-based or identity-based because a
user’s identity (rather than simply a MAC address or a switch port) links
settings with traffic. The settings are also called dynamic because you do not
configure them permanently on the module; rather, the module receives them
only when a particular user connects. In addition, the module can receive and
apply different settings for different users or for the same user at different
times.
The RADIUS server sends the user-based settings as HP ProCurve Vendor
specific attributes in the message with which it accepts a user’s authentication.
The Wireless Edge Service’s xl module interprets these attributes and sets
rules based on them. For the duration of the user’s association, his or her
traffic is controlled accordingly.
The Wireless Edge Services xl Module can read these attributes:
■ a VLAN assignment
■ an ACL
■ a rate limit, which applies to ingress traffic (traffic from the wireless
station to the network)
Figure 1-6 shows how the user-based settings on the RADIUS server allow the
module to assign users that connect to the same WLAN to different VLANs.