Designing Access Controls
Choose the Access Control Methods
For the wireless zones, the APs should implement the access control methods you select as long as they are capable of doing so. In some cases, the switch port to which the AP connects might enforce the access control instead (the AP might still require encryption); however, this strategy is less desirable for several reasons:
■When the AP implements 802.1X authentication, the EAP exchange fur- thers the negotiation of secure
■If the switch port acts as the authenticator, it can implement dynamic settings for a single user only (the first to authenticate). An AP can enforce different settings for each association with a different user.
■A switch might be limited in the number of users that it can authenticate on a single port.
Table
N o t e | ProCurve Networking periodically updates the software on APs, Wireless |
| Edge Services Modules, and switches. Check the ProCurve Web site at http:/ |
| /www.procurve.com to see if there is a newer software version, which delivers |
| new capabilities for these wireless products. |
| Table |
|
ProCurve Product | Software Version |
|
| 802.1X |
|
|
|
|
|
Wireless Edge Services xl Module | WS.02.07 | X | X | X |
Wireless Edge Services zl Module | WS.02.02 | X | X | X |
AP 530 | WA.01.19 | X |
| X |
AP 420 | 2.2.1 | X |
| X |
|
|
|
|
|
Example
Most of the switches on the PCU network support 802.1X and
Table 3-17. Access Control Method by Existing Infrastructure
Factor | Private Wired | Public Wired | Private Wireless | Public Wireless |
Existing infrastructure | 802.1X | 802.1X | 802.1X with WPA/ | 802.1X with WPA/ |
|
|
| WPA2 | WPA2 |
|
|
|
|
|
