Designing Access Controls
Lay Out the Network
Choose the 802.1X deployment method if you use that access control method. Otherwise, DHCP is the typical method. You could also use the inline method if the public wireless zone connects to the rest of the network at a single choke point.
VLAN Assignment and Other Dynamic Settings. ProCurve Wireless Edge Services Modules and ProCurve APs act as PEPs, so VLAN assignments and other dynamic settings take effect on those devices as they bridge traffic from the wireless to the wired network.
N o t e |
| The one exception is an AP 420 that connects to a switch that enforces Web- | ||
|
| Auth. In this case, the switch is the PEP, and the VLAN assignment is config- | ||
|
| ured (dynamically or otherwise) on the switch port. |
| |
|
| The wireless PEP can receive dynamic settings from a RADIUS server, which | ||
|
| |||
|
| is configured with the policies you designed earlier. Or the PEP places all users | ||
|
| in the VLAN statically associated with the WLAN. |
| |
|
| Choose APs. You must choose between a Wireless LAN System (Wireless | ||
|
| Edge Services Module and RPs) and standalone APs. Generally, the Wireless | ||
|
| LAN System is best for a large network that requires a great deal of wireless | ||
|
| coverage. In addition, if you have chosen to use integrated RADIUS servers, | ||
|
| the Wireless Edge Services Module has more capabilities than the AP 530. It | ||
|
| can bind to a directory service, receive authentication requests from wired | ||
|
| devices, and set dynamic VLAN assignments. |
| |
|
| Table |
| |
|
|
|
| |
Product | Software Version Radios | 802.11 Modes WLANs | RADIUS | |
|
|
|
| Server |
|
|
|
|
|
Wireless Edge | WS.02.02 | • | 12 RPs (possible 24 |
Services zl Module |
|
| |
|
| • | 156 RPs (possible 312 |
|
|
| |
|
|
| licenses |
• | 802.11b/g | 256 | • | Bind to a |
• | 802.11a | (16 normal |
| directory |
|
| mode) | • | 500 users |
(local)
Wireless Edge | WS.02.07 | • | 12 RPs (possible 24 |
Services xl Module |
|
| |
|
| • | 48 RPs (possible 96 |
|
|
| |
|
|
| licenses |
• | 802.11b/g | 32 | • | Bind to a |
• | 802.11a | (16 normal |
| directory |
|
| mode) | • | 500 users |
(local)
AP 530 | WA.01.19 | 2 radios | • | 802.11b/g | 16 | 100 users |
|
|
| • | 802.11a |
| (local) |
AP 420 | 2.2.1 | 1 radio | 802.11b/g | 8 | No | |
|
|
|
|
|
|
|
