Manualshelf

Wireless/Redundant Edge Services xl Module Management and Configuration Guide WS.01.03 or greater

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
381382383384385386387388389390
7-2
Web Authentication for Mobile Users
Overview
Overview
With the ProCurve Wireless Edge Services xl Module, you can require mobile
users to authenticate by entering their login credentials on a Web page. Like
other authentication methods, Web authentication (Web-Auth) is verified
through a RADIUS server.
You can use Web-Auth to provide limited network services for mobile users
who visit your company’s office. For example, you might want to provide
Internet access so that these users can browse the World Wide Web or
establish a virtual private network (VPN) to their company’s network.
Through the security provided over a VPN, users can access the applications
(such as email) and the data they need to do their jobs.
In addition to using Web-Auth to provide network services for visitors, you
can use Web-Auth to provide authenticated access for employees who are
using stations that do not support 802.1X. Because Web-Auth is easy to
configure and provides an easy access method for users, you may also want
to use this authentication method for employees who need limited network
services.
Although Web-Auth requires mobile users to authenticate, it does not allow
their stations to encrypt the data that they exchange with the radio port (RP).
For tighter security, users can establish a VPN to access their company
network or use Secure Sockets Layer (SSL) when accessing Web sites. (Of
course, the company network and the Web site must support these added
security measures.)
Note
With Web-Auth, mobile users cannot roam between radio ports. If mobile
users move out of a radio port’s range, they must re-authenticate.
The Web-Auth Process
To provide limited network access to mobile users through Web-Auth, you
set up a Dynamic Host Configuration Protocol (DHCP) server and instruct
the users to configure their stations to receive a dynamic IP address from this
server. When a mobile user tries to associate with a wireless LAN (WLAN)
that is configured for Web-Auth, the user’s station requests an IP address from
the DHCP server. (See Figure 7-1.)