Wireless/Redundant Edge Services xl Module Management and Configuration Guide WS.01.03 or greater

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

391

392

393

394

395

396

397

398

399

400

7-8

Web Authentication for Mobile Users

Configuring Web-Auth

Creating a Separate VLAN for Web-Auth Users

Management access to the Wireless Edge Services xl Module is protected by

a username and password. If a Web-Auth user attempts to access the Web

browser interface, that user must enter the correct username and password.

To block any attempts to guess the username and password, however, you

may want to create a separate virtual LAN (VLAN), such as VLAN 10, for the

WLAN that supports Web authentication. You could then assign this VLAN an

IP address and add this IP address to the Allow list for Web authentication.

(For information about assigning IP addresses to VLANs, see “Assigning an IP

Address to a VLAN” on page 2-21.) If you used another VLAN for the Web-Auth

WLAN, you would not need to list the default management interface for the

Wireless Edge Services xl Module on the Allow list, and it would not be

publicly available.

If you create a separate VLAN for the Web-Auth WLAN, you must configure

your network infrastructure appropriately so that this VLAN traffic can be

carried to and from the RADIUS and DHCP servers. For example, if these

servers are not connected directly to the wireless services-enabled switch, the

uplink port on the wireless services-enabled switch and any other switch ports

used to transmit traffic between the Wireless Edge Services xl Module and the

servers must be a member of this VLAN.

Configuring Web-Auth

To configure a WLAN, you must set the

service set identifier (SSID)

and the

VLAN in which traffic will be forwarded. Typically, you will want the SSID for

the Web-Auth WLAN to be broadcast (beaconed), so you must configure

WLAN 1, 2, 3, or 4 to use Web-Auth. For more information about SSIDs and

WLANs, including which SSIDs are broadcast by the Wireless Edge Services

xl Module, see Chapter 3: Wireless Local Area Networks (WLANs).

By default, the Wireless Edge Services xl Module places all wireless traffic in

VLAN 1. If your network has only one subnet, this configuration may be

adequate. Because VLAN 1 is often the default management interface, how-

ever, you may want to use a separate VLAN for the Web-Auth WLAN. If you

then assign the VLAN an IP address, you could enter this IP address in the

Allow list. (For more information, see “Allow List” on page 7-7.) Because the

IP address for the management interface is not listed on the Allow list, it is

not publicly available.