Security Solutions

ManualsBrandsHP ManualsSoftwareHP ProCurve Access Control Client Software

251

252

253

254

255

256

257

258

259

260

3-136

Designing Access Controls

Lay Out the Network

Choose the 802.1X deployment method if you use that access control method.

Otherwise, DHCP is the typical method. You could also use the inline method if

the public wireless zone connects to the rest of the network at a single choke

point.

VLAN Assignment and Other Dynamic Settings. ProCurve Wireless

Edge Services Modules and ProCurve APs act as PEPs, so VLAN assignments

and other dynamic settings take effect on those devices as they bridge traffic

from the wireless to the wired network.

Note The one exception is an AP 420 that connects to a switch that enforces Web-

Auth. In this case, the switch is the PEP, and the VLAN assignment is config-

ured (dynamically or otherwise) on the switch port.

The wireless PEP can receive dynamic settings from a RADIUS server, which

is configured with the policies you designed earlier. Or the PEP places all users

in the VLAN statically associated with the WLAN.

Choose APs. You must choose between a Wireless LAN System (Wireless

Edge Services Module and RPs) and standalone APs. Generally, the Wireless

LAN System is best for a large network that requires a great deal of wireless

coverage. In addition, if you have chosen to use integrated RADIUS servers,

the Wireless Edge Services Module has more capabilities than the AP 530. It

can bind to a directory service, receive authentication requests from wired

devices, and set dynamic VLAN assignments.

Table 3-109. Capabilities of ProCurve Wireless Products

Product Software Version Radios 802.11 Modes WLANs RADIUS

Server

Wireless Edge

Services zl Module

WS.02.02 • 12 RPs (possible 24

radios)—default

• 156 RPs (possible 312

radios)—with additive

licenses

• 802.11b/g

• 802.11a

256

(16 normal

mode)

• Bind to a