manualshive.com logo in svg

HP 530 - Notebook PC, Management Manual

Share
Download
HP 530 - Notebook PC Management Manual Download Page 201

7-7

Wireless Security Configuration

Wireless Security Overview

address as the MAC authentication password. To avoid this compatibility 
issue, use the “radius” CLI command to configure the “mac-auth-password” 
for the AP 530 to be consistent with the Access Point 520 shared-secret 
password. For the CLI commands, see Section 9, 

“MAC Address Authentication” on 

page 9-72

.

MAC Authentication on the AP 530 includes the ability to lock out clients by 
MAC address, and to force an already connected client or station to deauthen-
ticate.

802.1X User Authentication

802.1X user authentication can be implemented either by using a remote 
authentication server, such as a RADIUS server, or by using the local built-in 
RADIUS server on the access point itself. The user’s credentials are exchanged 
with the servers (both remote and local built-in) using a mechanism called 
Extensible Authentication Protocol (EAP). EAP is a public-key encryption 
system that ensures that only authorized network users can access the net-
work. In wireless communications using EAP, a user requests connection to 
a WLAN through an access point, which then requests the identity of the user 
and transmits that identity to an authentication server such as RADIUS. The 
server asks the access point for proof of identity, which the access point gets 
from the user and sends back to the server to complete the authentication. 
The local built-in RADIUS server supports only one EAP type: PEAP-
MSCHAPv2. For remote server authentication, the access point serves as an 
intermediate authenticator to transparently pass any EAP type to the remote 
server as specified in RFC3748. 

The AP 530 supports all EAP types tested by the Wi-Fi Alliance: TLS, TTLS, 
PEAP-MSCHAPv2, PEAP1/GTC, and SIM. EAP types that do not provide key 
management (like MD5) are not suitable for wireless networks. User 802.1X 
authentication can be used with WEP, TKIP, and CCMP/AES encryption 
ciphers.

It is possible to use a combination of both MAC authentication and 802.1X 
authentication simultaneously on the same WLAN.

Access Point Authentication

ProCurve switches support port-access authentication which requires any 
equipment plugged into the port to prove its authenticity through 802.1X 
authentication, making their wireless networks less susceptible to rogue AP 

Summary of Contents for 530 - Notebook PC

Page 1: ...Management and Configuration Guide www procurve com ProCurve Wireless Access Point 530 ...

Page 2: ......

Page 3: ...ProCurve Wireless Access Point 530 Management and Configuration Guide ...

Page 4: ...ld be construed as constituting an additional warranty HP shall not be liable for technical or editorial errors or omissions contained herein Hewlett Packard assumes no responsibility for the use or reliability of its software on equipment that is not furnished by Hewlett Packard Warranty See the Customer Support Warranty booklet included with the product A copy of the specific warranty terms appl...

Page 5: ... IP Addressing 1 7 To Set Up and Install the Access Point in Your Network 1 8 2 Selecting a Management Interface Contents 2 2 Overview 2 3 Understanding Management Interfaces 2 4 Advantages of Using the CLI 2 5 Advantages of Using the ProCurve Access Point 530 Browser Interface 2 6 3 Using the Command Line Interface CLI Contents 3 2 Overview 3 3 Accessing the CLI 3 4 Direct Console Access 3 4 Teln...

Page 6: ...view 4 3 Starting a Web Browser Interface Session with the Access Point 4 4 Description of the Web Interface 4 6 The Home Page 4 6 Support Page 4 7 Online Help for the ProCurve Web Browser Interface 4 7 Using the Help in the Browser Interface 4 8 Web Interface Screens 4 9 Device Information Group 4 10 Device Information Summary 4 11 Wireless Stations Screen 4 12 AP LAN Statistics Screen 4 14 Wirel...

Page 7: ... 9 Web Configuring Access Controls 5 10 CLI Configuring Management Controls 5 12 Modifying System Information 5 15 Web Setting the System Name Location and Contact 5 15 CLI Setting the System Name 5 17 Configuring Ethernet Settings 5 19 Web Configuring IP Settings Statically or via DHCP 5 19 CLI Configuring IP Settings Statically or via DHCP 5 23 Configuring SNMP 5 25 MIB Support 5 26 Web Setting ...

Page 8: ...g Up Filter Control 5 55 Web Setting Traffic Filters 5 55 CLI Setting Traffic Filters 5 56 Configuring VLAN Support 5 57 Web Setting A Management VLAN 5 58 Web Changing the Untagged VLAN ID 5 59 CLI Enabling VLAN Support 5 61 Managing Group Configuration 5 63 Guidelines for Deploying Group Configuration 5 64 The Synchronization Process 5 64 Security and Integrity Recommendations 5 65 Web Enabling ...

Page 9: ...LI Setting the Transmit Power Reduction and Antenna Parameters 6 26 Adaptive Tx Power Control 6 28 Feature Overview 6 28 Scope of Neighboring APs 6 29 Adaptive Mode 6 29 Power Reduction Limit 6 30 Configuration Strategy 6 30 Web Configuring Adaptive Tx Power Control 6 31 CLI Configuring Adaptive Tx Power Control 6 32 Managing Multiple WLAN BSS SSID Interfaces 6 34 Web Configuring SSID Interfaces 6...

Page 10: ...Authentication 7 32 Web Setting RADIUS Server Parameters 7 33 CLI Setting RADIUS Server Parameters 7 35 Web Establishing Local RADIUS Accounts 7 36 Managing Existing RADIUS Accounts 7 36 Adding New RADIUS Accounts 7 37 Managing the RADIUS User Database 7 39 CLI Setting Local RADIUS Server Parameters 7 41 Configuring MAC Address Authentication 7 43 Authentication Order 7 43 Access Control List and ...

Page 11: ...for Authentication Screens 7 62 Login Screen Default Values 7 62 Welcome Screen Default Values 7 63 Failed Screen Default Values 7 63 Guidelines for Deploying Web Auth 7 63 Configuration Summary 7 64 Web Configuring the Global Address Pool 7 64 CLI Configuring the Global Address Pool 7 65 Web Configuring Global Guest Account Settings 7 66 CLI Configuring Global Guest Account Settings 7 67 Web Conf...

Page 12: ...8 23 Web Configuring STP Parameters 8 26 CLI Establishing STP Settings 8 27 AP Detection Commands 8 30 Web Configuring AP Detection Parameters 8 30 CLI Configuring AP Detection 8 33 Probe Table 8 35 Probe Table Description 8 35 Guidelines for Configuring the Probe Table 8 35 Identity Driven Management 8 36 IDM VLAN 8 36 IDM ACL 8 37 Configuring an ACL in a RADIUS Server 8 37 IDM Rate Limiting 8 37...

Page 13: ...show ssh 9 27 show system information 9 28 show version 9 30 System Logging Commands 9 31 log 9 31 logging 9 32 show debug 9 33 show logging 9 33 System Clock Commands 9 35 sntp 9 35 show sntp 9 36 show time 9 36 Network Management Application Commands 9 37 snmp server community restricted unrestricted 9 38 snmp server contact 9 39 snmp server host 9 40 snmp server location 9 41 snmp server port 9...

Page 14: ...w copy 9 57 show tech 9 57 show custom default 9 58 show running config 9 60 Group Configuration 9 61 group config 9 61 group config name 9 62 group config member id 9 62 show group config 9 63 RADIUS Accounting Authentication 9 65 radius accounting 9 65 radius failover to local retransmit 9 66 radius primary secondary 9 67 RADIUS Users 9 69 radius local 9 69 show radius local 9 70 MAC Address Aut...

Page 15: ...tion 9 83 show web auth 9 85 AP Authentication Commands 9 86 ap authentication 9 86 show ap authentication 9 87 Filtering Commands 9 87 inter station blocking 9 88 wireless mgmt block 9 88 show filters 9 89 Ethernet Interface Commands 9 91 interface 9 91 enable ethernet 9 92 disable ethernet 9 92 description 9 93 dns primary 9 93 dns secondary 9 94 ip address 9 95 ip default gateway 9 96 speed dup...

Page 16: ...112 fragmentation thresh 9 112 inactivity timeout 9 113 slot time 9 114 rts threshold 9 114 tx power reduction 9 115 enable wireless 9 116 disable wireless 9 117 show radio 9 117 show ssid 9 118 show wlan 9 120 show basic rate 9 122 show stations 9 123 show supported rate 9 124 Wireless Security Commands 9 125 security 9 126 wep default key 9 128 wep key ascii 9 129 wep key length 9 130 wep key 9 ...

Page 17: ...ion interval 9 139 ap detection max entries 9 139 show detected ap 9 140 Adaptive Tx Power Control Commands 9 142 atpc 9 142 atpc avoid other aps 9 143 atpc rf group name 9 143 atpc adapt 9 144 atpc max atpc atten 9 145 show atpc 9 145 VLAN Commands 9 147 vlan 9 147 untagged vlan 9 148 management vlan 9 148 QoS Commands 9 150 qos ap params 9 151 qos sta params 9 153 qos wmm 9 155 show qos 9 156 ra...

Page 18: ...or Using TFTP FTP or SCP To Download Software from a Server A 4 Web TFTP FTP or STP Software Download to the Access Point A 5 CLI Viewing Software Versions A 7 Transferring Configuration Files A 8 Web Configuration File Upload and Download A 8 CLI Performing Configuration File Commands A 10 Rebooting the Access Point A 14 Web Rebooting the System A 14 CLI Rebooting the System A 15 Manual Using the...

Page 19: ...7 AP Authentication B 8 Filtering B 8 Ethernet Interface B 8 Wireless Interface B 9 Wireless Security B 10 AP Detection B 10 VLAN B 11 Adaptive Tx Power Control B 11 QoS B 12 Wireless Distribution System WDS B 13 C Adaptive Tx Power Control Use Cases Contents C 2 Use Model Airport Deployment C 3 Airport Case 1 No RF Group Name C 3 Settings C 4 Decisions AP 1 C 4 Decisions AP 4 C 4 Results with No ...

Page 20: ...C 8 Results with Adaptive Mode AP C 8 Warehouse Case 2 Adaptive Mode AP Clients C 9 Settings C 9 Results with Adaptive Mode AP Clients C 9 Warehouse Model Analysis C 10 D Open Source Licenses Contents D 2 Overview D 3 GPL2 GNU General Public License v 2 D 4 GPL Linking Exception D 9 ClearSilver D 10 Dropbear License D 12 sFlow License D 14 LGPL GNU Lesser General Public License D 18 Intel 2 D 27 M...

Page 21: ...1 1 1 Getting Started ...

Page 22: ...d Syntax Statements 1 3 Command Prompts 1 4 Screen Examples 1 4 Related Publications 1 5 Getting Documentation From the Web 1 6 Sources for More Information 1 6 Need Just a Quick Start 1 7 IP Addressing 1 7 To Set Up and Install the Access Point in Your Network 1 8 ...

Page 23: ...e com See Getting Documentation From the Web on page 1 6 Conventions This section describes the conventions used for command syntax and displayed information Command Syntax Statements Syntax radius local username disabled password password realname realname Vertical bars separate alternative mutually exclusive elements Square brackets indicate optional elements Braces indicate a required choice Cu...

Page 24: ...k like this Commands typed by the user are shown in boldface In some cases brief command output sequences appear outside a numbered figure For example ProCurve Access Point 530 ethernet ip address 192 168 1 2 255 255 255 0 192 168 1 253 ProCurve Access Point 530 ethernet dns primary server 192 168 1 55 ProCurve Access Point 530 show version Image Software Version WA 02 00 0412 Boot Software Versio...

Page 25: ...ble analysis The Installation and Getting Started Guide and the Management and Configuration Guide canbedownloadedfromtheProCurveNetworkingWeb site See Getting Documentation From the Web on page 1 6 Release Notes Release notes are posted on the ProCurve Networking Web site and provide information on new software updates New features and how to configure and use them Software management including d...

Page 26: ...ulting web page double click on a document you want 5 When the document file opens click on the disk icon in the Acrobat toolbar and save a copy of the file Sources for More Information If you need information on specific features of the ProCurve Web Browser Interface use the online help available in the Web browser interface For more information on Web browser Help options see Online Help for the...

Page 27: ...evel prompt ProCurve Access Point 530 config 3 Enter interface ethernet for global configuration at the CLI level prompt ProCurve Access Point 530 config interface ethernet 4 Enter ip address followed by the address and the subnet mask at the CLI Ethernet Configuration level prompt ProCurve Access Point 530 ethernet ip address address subnet_mask 5 Optional Enter an address for the default IP gate...

Page 28: ...s point in your network Quickly assigning an IP address subnet mask and gateway setting a Manager password and optionally configuring other basic features Interpreting LED behavior Notes cautions and warnings related to installing and using the access point For the latest version of the Installation and Getting Started Guide and other documentation for your access point visit the ProCurve Networki...

Page 29: ...2 1 2 Selecting a Management Interface ...

Page 30: ...ng a Management Interface Contents Contents Contents 2 2 Overview 2 3 Understanding Management Interfaces 2 4 Advantages of Using the CLI 2 5 Advantages of Using the ProCurve Access Point 530 Browser Interface 2 6 ...

Page 31: ...2 3 Selecting a Management Interface Overview Overview This chapter describes the following Access Point management interfaces Advantages of using each interface type ...

Page 32: ...e offering status infor mation and access point configuration See Advantages of Using the ProCurve Access Point 530 Browser Interface on page 6 SNMP a network management application such as the ProCurve Manager to manage the access point via the Simple Network Management Protocol SNMP from a network management station This manual describes how to use the CLI and the Web browser interface and how t...

Page 33: ...vel for determining available options and vari ables CLI Usage ForinformationonhowtousetheCLI refertoChapter3 UsingtheCommand Line Interface CLI To perform specific procedures such as configuring IP addressing use the Table of Contents at the front of this manual to locate the information you need For information on individual CLI commands refer to Chapter 9 Command Line Reference or use the onlin...

Page 34: ...point from anywhere on the network Familiar browser interface locations of window objects consistent with commonly used browsers uses mouse clicking for navigation no terminal setup Many features have all their fields in one screen so you can view all values at once More visual cues using colors status bars device icons and other graphical objects instead of relying solely on alphanumeric values D...

Page 35: ...3 1 3 Using the Command Line Interface CLI ...

Page 36: ...word Security 3 6 Logging In 3 7 Command Levels 3 8 Manager Exec Level 3 8 Global Configuration Level 3 8 Context Specific Configuration Levels 3 9 Moving Between Command Levels 3 10 When Changes are Applied 3 10 Options for Getting Help in the CLI 3 11 Displaying All Available Commands 3 11 Completing the Current Command 3 13 Displaying Available Command Options 3 14 CLI Control and Editing 3 15 ...

Page 37: ... Command Line Interface CLI is a text based command interface for configuring and monitoring the access point The CLI gives you access to the access point s full set of commands while providing the same password protection that is used in the Web browser interface ...

Page 38: ...he access point use a null modem cable or an HP serial cable part number 5184 1894 shipped with many HP ProCurve switches Connecttheserial cable betweena VT 100 terminal or a PC terminal emulator and the access point s Console port Configure either one to operate with these settings If using a PC terminal emulator configure it as a DEC VT 100 ANSI terminal Port is COM1 COM1 is the standard port ho...

Page 39: ... PC using the access point s IP address or DNS name telnet 10 11 12 195 Enter Example of an IP address telnet AP530 Enter Example of a DNS type name Secure Shell Access Configuring the access point through an SSH client provides a secured connec tion as traffic is encrypted To configure the access point through an SSH session make sure the access point is configured with an IP address and that it ...

Page 40: ... the configuration to retain the changes upon rebooting the access point Password Security By default the access point defaults the Manager user name to admin for CLI access with the password defaulted to admin To secure management access to the access point you must set the Manager password Without a Manager password configured anyone having serial port or Telnet access to the access point can re...

Page 41: ...user name the default is admin After entry of the user name you will be prompted for the password The default password is admin For example Figure 3 1 Example of CLI Log On Screen with Password When you successfully log onto the CLI you will see the following command prompt ProCurve Access Point 530 ProCurve AP 530 admin Password Password Prompt ...

Page 42: ...name and the delimiter For example ProCurve Acess Point 530 Global Configuration Level Global Configuration level gives access to commands for configuring the access point s software features plus all the commands available at the lower Manager Exec level except for the configure terminal command To enter this level enter the configure command at the Exec prompt The prompt for this level adds the ...

Page 43: ...e Acess Point 530 wds2 Radio Configuration To enter the Radio context for radio 1 for example enter radio 1 at the Global Config prompt ProCurve Acess Point 530 config radio 1 ProCurve Acess Point 530 radio1 WLAN Configuration To enter the WLAN context for WLAN 1 on radio 1 enter wlan 1 at the radio 1 prompt ProCurve Acess Point 530 radio1 wlan 1 ProCurve Acess Point 530 radio1 wlan1 Table 3 1 Com...

Page 44: ...made to the running configuration and must be saved using the copy or write memory command if they are to persist following a reboot To save the running configuration changes to the startup configuration using the CLI Interface ProCurve Acess Point 530 ethernet write memory Change in Levels Example of Prompt Command and Result Manager Exec level to Global configuration level ProCurve Acess Point 5...

Page 45: ...r Manager Exec level For example typing at the Manager Exec level produces this listing Figure 3 3 Example of the Manager Exec Level Command Listing ProCurve Access Point 530 configure Enter the Configuration context copy Copy data and configuration files to from this device deauth mac Enter MAC address to de authenticate from this device end Return to the Manager level context erase Erase stored ...

Page 46: ...DHCP end Return to the Manager level context erase Erase stored files exit Return to the previous context or terminate current cons ole telnet session if you are in the Manager context lev el group config Add to a group remove from a group or re configure gro up config settings hostname Set the system hostname inter station blockingEnable disable blocking of direct communication between wireless s...

Page 47: ... have typed enough of the word for the CLI to distinguish it from other options the CLI completes the current word otherwise it displays the available completions For example at the Global Configuration level if you press Tab immediately after typing s the CLI displays the command that begins with s For example ProCurve Acess Point 530 config s Tab show snmp server snmpv3 sntp ssh stp Use Shorthan...

Page 48: ... How To List the Options for a Specific Command ProCurve Access Point 530 config snmp server community Add remove an SNMP community contact Specify a text string that identifies the main contact f or this device host Add remove an SNMP trap destination host community location Specify a text string that identifies the location of th is device port Specify the port to use for the SNMP server on this...

Page 49: ...Deletes from the cursor to the end of the command line Ctrl L or Ctrl R Repeats current command line on a new line Ctrl N or v Enters the next command line in the history buffer Ctrl P or Enters the previous command line in the history buffer Ctrl R Repeats current command line on a new line Ctrl U or Ctrl X Deletes from the cursor to the beginning of the command line Ctrl W Deletes the last word ...

Page 50: ...3 16 Using the Command Line Interface CLI CLI Control and Editing This page is intentionally unused ...

Page 51: ...4 1 4 Using the ProCurve Web Browser Interface ...

Page 52: ...1 Wireless Stations Screen 4 12 AP LAN Statistics Screen 4 14 Wireless Statistics Screen 4 15 Event Log Screen 4 17 Network Setup Group 4 18 Network Setup Summary 4 19 Management Group 4 20 Management Summary 4 21 Special Features Group 4 22 Special Features Summary 4 23 Tasks for Your First ProCurve Web Browser Interface Session 4 24 Changing the Management Password 4 24 If You Lose the Password ...

Page 53: ...rface lets you easily access the access point from a browser based PC on your network This chapter covers the following Starting a Web browser interface session Description of the Web browser interface An overview of the Web browser interface screens Tasks for your first Web browser interface session ...

Page 54: ...ation or Address field instead of the IP address Using DNS names typically improvesbrowserperformance Seeyournetworkadministratorforanyname associated with the access point For more information on assigning an IP address refer to Configuring IP Parameters on page 4 29 The operating and Web systems support recommended to manage the access point through the browser interface are as follows Microsoft...

Page 55: ...ely the access point also supports a secure Web HTTPS browser connection In this case type https followed by the IP address or DNS name in the browser Location or Address field and press Enter https 10 11 12 195 Enter Example of an IP address https AP530 Enter Example of a DNS type name Not e Internet Explorer on Windows XP To ensure proper screen refresh be sure that the browser options are confi...

Page 56: ... the Web Interface Subjects covered in this section include The Home Page The Support Page Online Help The Home Page The home page is the entry point for the Web browser interface The following figure identifies the various parts of the screen Figure 4 1 The Home Page Active Screen Menu Sashes ...

Page 57: ...access support using the Technical Support option through the left menu bar http www procurve com The support page provides key information regarding your access point including white papers software updates and more Online Help for the ProCurve Web Browser Interface Online Help is available for the Web browser interface The help is context sensitive and maps topics to the Web page you have access...

Page 58: ...ser interface screens displays a pop up window displaying details about the page you are viewing Figure 4 3 Viewing Online Help At the top left of the Online Help page is a Topic and Menu bar display for easy access to further information Options include Contents Index and Search as shown in figure 4 4 Figure 4 4 Example of the Online Help Panel Click Help and open context sensitive help page ...

Page 59: ...ace contain the four main screen groups Device Information Network Setup Management Special Features Clicking on the group sash reveals a list of the screens in the group and displays the summary screen for the group Clicking on the name of a screen below the group sash displays the corre sponding screen Figure 4 5 The Main Web Interface Screen ...

Page 60: ...ion Access Point 530 Home Page Wireless Stations AP LAN Statistics Wireless Statistics Event log These screens are primarily informational screens and are described in the following pages Table 4 1 Index of Device Information Group Screens Screen Name Page Device Information summary screen 4 11 Wireless Stations screen 4 12 AP LAN Statistics screen 4 14 Wireless Statistics screen 4 15 Event Log sc...

Page 61: ... access point Modifiable field Location The access point s assigned location Modifiable field Max length of 255 characters Contact Administrator responsible for the system Modifiable field Max length of 255 characters IP Address IP address of the management interface for this device MAC Address The physical layer address for the Ethernet port interface Software Version The version number for the r...

Page 62: ...hentication supported for 802 11 wireless networks are open system and shared key Open system authentication accepts any client attempting to connect to the access point without verifying its identity The shared key approach uses Wired Equivalent Privacy WEP to verify client identity by distributing a shared key to stations before attempting authentication Assoc Shows if the station has been succe...

Page 63: ...o security this parameter displays n a as it does not apply Received Packets Indicates total packets received by this access point Received Bytes Indicates total bytes received by this access point Sent Packets Indicates total packets sent by this access point Sent Bytes Indicates total bytes sent by this access point Refresh Refreshes the Wireless station results ...

Page 64: ...ess for the Ethernet port interface Spanning Tree State Indicates the spanning tree state if used Possible states include disabled listening learning forwarding or blocking Transmit Total Packets Indicates total packets transmitted by this access point Receive Total Packets Indicates total packets received by this access point Transmit Total Bytes Indicates total bytes sent by this access point Re...

Page 65: ...en displays dual radio information Radio One Two SSID Indicates the Service Set Identifier SSID for Radio 1 or Radio 2 MAC Address Indicates the physical layer address for the Ethernet port interface WDS LINK Indicates the configured WDS link Local MAC Indicates the remote MAC address of the WDS link Remote MAC Indicates the remote MAC address of the WDS link Spanning Tree Status Indicates the spa...

Page 66: ...r WDS link Transmit Total Bytes Indicates total bytes sent over the radio or WDS link Receive Total Bytes Indicates total bytes received over the radio or WDS link Transmit Errors Indicates total errors related to sending data Receive Errors Indicates total errors related to receiving data Refresh Refreshes the Wireless Statistics results ...

Page 67: ...sage was generated Type Indicates the logging type level associated with this message Service Indicates the service type associated with this message Description Indicates the content of the log message Refresh Refreshes the Event log results Not e The Web user interface has a limited amount of memory for containing and displaying the event log When the size of the event log has grown larger than ...

Page 68: ...ens belonging to the Network Setup group are described in their respective configuration sections Table 4 2 Index of Network Setup Group Screens Screen Name Page Network Setup summary screen 4 19 Ethernet screen 5 19 Radio screen 6 9 6 12 Advanced Settings sub screen 6 14 WLANs screen 6 35 Security sub screen Security tab 7 18 Security sub screen RADIUS Servers tab 7 33 Security sub screen Account...

Page 69: ...net mask of this device Gateway Gateway address of this device Radio One Two details basic Radio One Two parameters Status Indicates if the radio is up or down MAC Address The physical layer address Mode Displays the radio mode for Radio One IEEE 802 11b or IEEE 802 11g Channel Displays the channel on which the access point is currently broadcasting Max Tx Power Displays the maximum radio power le...

Page 70: ...ir respec tive configuration sections Table 4 3 Index of Management Group Screens Screen Name Page Management summary screen 4 21 Local MAC Authentication screen 7 45 Web Authentication screen Address Pool tab 7 64 Web Authentication screen Guest Account tab 7 66 SNMP screen Settings tab 5 26 SNMP screen Traps tab 5 32 SNMP screen Trap Hosts tab 5 32 SNMP screen SNMPv3 Users tab 5 40 Group Configu...

Page 71: ...v3 Indicates if SNMPv3 is enabled or disabled SNMPv3 Users Indicates the number of SNMPv3 users registered CLI Access Indicates the status enable or disable of CLI access inter faces through the serial port using Telnet or using SSH Button Access Indicates the status enable or disable for password factory custom and system resetting using the buttons on the back of the access point Web Access Indi...

Page 72: ... to the following screens QoS WDS Local RADIUS MAC Lockout AP Detection Filters Time The screens belonging to the Special Features group are described in their respective configuration sections Screen Name Page Special Features summary screen 4 23 QoS screen 8 5 WDS screen 8 19 Local RADIUS screen 7 36 User Database screen 7 39 MAC Lockout screen 7 50 AP Detection screen Settings tab 8 30 AP Detec...

Page 73: ...f Service packet prioritization also referred to as WiFi Multimedia or WMM is enabled or disabled AP Detection Indicates if AP Detection is enabled or disabled SNTP Server Indicates if the SNTP Server is enabled or disabled Group Configuration Indicates whether Group Configuration is enabled or disabled for the access point Local RADIUS The number of accounts registered on the local RADIUS server ...

Page 74: ...e access point country code which if needed can only be done using the CLI Optionally enabling one of the radios which allows inband access to the Web browser interface from the wireless network After performing the initial out of band configuration it is usually more convenient to continue the configuration process inband using the Web browser interface Some of important tasks that you may wish t...

Page 75: ...AP Access and select the Password tab 2 In the New Password field enter a new password 3 In the Confirm Password field re enter the new password 4 Click Update to activate the new password Not e s The password is case sensitive and must be at least 1 character and at most 32 characters long However only the first 8 characters of the password are used character number 9 and above are ignored at log...

Page 76: ... the Reset to Factory Default Reset button in the Reset Configuration area Reboot the AP Click Management System Maintenance and select the Reboot tab Then click the Reboot the Access Point Reboot button NO TE For details on manual reset of the access point reference the Installation and Configuration Guide and see File Uploads Downloads and Resets on page A 1 Setting SNMP Community Names You can ...

Page 77: ...n the access point click SNMPv1 v2c Enabled 3 To establish a public read only SNMP community type a name text string to replace the default community name public in the Community Name RO field 4 To establish a private read write SNMP community type a name text string to replace the default community name private in the Community Name R W field 5 To activate SNMPv3 functions on the access point cli...

Page 78: ...ure adequate separation between the two radios operating in the same frequency See Radio Configuration Summary Table on page 6 6 If using the worldwide product before configuring radio settings on the access point you must first use the CLI to set the Country Code so that the radio channels used conform to your local regulations It is your responsibility to select a correct country setting otherwi...

Page 79: ...ng the worldwide product the Radio screen is not available for configuration until the Country Code is set using the CLI Configuring TCP IP Settings You can use the Web browser interface to manage the access point only if it already has an IP address that is reachable through your network You can set an initial IP address for the access point by using the CLI interface After you have network acces...

Page 80: ...the Static IP Address and Subnet Mask fields The defaults automatically populate 5 Ifamanagementstationexistsonanothernetworksegment intheDefault Gateway field enter the IP address of a gateway that can route traffic between these segments 6 Enter the IPaddressfor the primary and secondary DNS servers to be used for host name to IP address resolution 7 Optionally enter the domain suffix for hostna...

Page 81: ...at are distributed to all stations Wired Equivalent Privacy WEP is implemented to provide a basic level of security preventing unauthorized access to the network and encrypting data transmitted between wireless stations and the access point The access point allows configuration of up to 16 SSIDs The Web interface provideseasyscreenstoconfigureSSIDparameters including enabling SSID names closed sys...

Page 82: ...4 32 Using the ProCurve Web Browser Interface Tasks for Your First ProCurve Web Browser Interface Session Figure 4 18 The WLANs Screen ...

Page 83: ... of the SSID 4 Click Update to save these IP settings 5 Click the Edit button to open the Security pop up window see figure 4 19 6 Select Static WEP in the Security Mode drop down 7 Check Shared for the Authentication option 8 Select 1 in the Transfer Key Index drop down to be used for the SSID interface 9 Selectthe key length to be used by all stations either 64 or 128 default bits 10 Select the ...

Page 84: ...tive data is transmitted For more robust wireless security you should consider implementing other features supported by the access point Wi Fi Protected Access WPA and IEEE 802 1X 2004 Port based network access control using the physical access characteristics of IEEE 802 Local Area Networks LAN infrastruc tures to provide a means of authenticating and authorizing devices attached to a LAN port th...

Page 85: ...5 1 5 General System Configuration ...

Page 86: ...ings 5 19 Web Configuring IP Settings Statically or via DHCP 5 19 CLI Configuring IP Settings Statically or via DHCP 5 23 Configuring SNMP 5 25 MIB Support 5 26 Web Setting Basic SNMP Parameters 5 26 CLI Setting Basic SNMP Parameters 5 28 Web Configuring SNMP v1 and v2c Traps 5 32 SNMP Traps 5 32 SNMP Trap Hosts 5 35 CLI Configuring SNMP v1 and v2c Traps 5 36 CLI Configuring SNMP v1 and v2c Trap D...

Page 87: ... Parameters 5 54 Setting Up Filter Control 5 55 Web Setting Traffic Filters 5 55 CLI Setting Traffic Filters 5 56 Configuring VLAN Support 5 57 Web Setting A Management VLAN 5 58 Web Changing the Untagged VLAN ID 5 59 CLI Enabling VLAN Support 5 61 Managing Group Configuration 5 63 Guidelines for Deploying Group Configuration 5 64 The Synchronization Process 5 64 Security and Integrity Recommendat...

Page 88: ...odify system management passwords Set management access controls View and modify access point system information Configure IP SNMP SNTP RADIUS Accounting and VLAN parameters Set up filter control between wireless stations between wireless stations and the management interface or for specified protocol types ...

Page 89: ...ace page 5 9 Management Interfaces Changing the default settings for password page 5 6 Limiting management access to the Ethernet side of the AP disabling wireless access to remote management interfaces page 5 9 Disabling unused remote management interfaces Web Telnet SSH SNMP page 5 9 Changing the default settings for SNMP read and read write community names page 5 25 Changing the default setting...

Page 90: ...ne having in band or out of band access to the access point may be able to compromise access point and network security Pressing the Clear button on the back of the access point for more than two seconds removes password protection Web Setting the Management Password The Password screen enables the access point s password to be set The Web interface enables you to modify these parameters New Passw...

Page 91: ...r and at most 32 characters long However only the first 8 characters of the password are used character number 9 and above are ignored at log in 4 In the Confirm Password field re enter the new password 5 Select Update Not e The password you assign in the Web browser interface will overwrite the previous settings assigned in either the Web browser interface or the access point console That is the ...

Page 92: ... you also modify the Web password Not e The password is case sensitive and must be at least 1 character and at most 32 characters long However only the first 8 characters of the password are used character number 9 and above are ignored at log in Command Syntax CLI Reference Page password manager password 9 21 ProCurve Access Point 530 configure ProCurve Access Point 530 config password manager 9g...

Page 93: ...independently Not e The HTTP and HTTPs services do not allow modification of the configured port numbers Secure Shell SSH Telnet is a remote management tool that can be used to configure the access point from anywhere in the network However Telnet is not secure from hostile attacks SSH can act as a secure replacement for Telnet The SSH protocol uses generated public keys to encrypt all data transf...

Page 94: ...nagement access through a Secure Shell version 2 0 client The default is Enabled Web Access HTTP Interface Enables or disables management access through and HTTP interface The default is Enabled SSL Interface Enables or disables management access through an SSL interface The default is Enabled Button Access For managing button access see Disabling the Access Point Push Buttons on page A 18 Factory...

Page 95: ...disable the serial Telnet or SSH interfaces Not e If using SSH for secure access to the CLI over a network connection you may want to disable the Telnet server 3 As required enable or disable the HTTP or SSL interfaces 4 As required enable or disable the manual push button options on the access point Not e The access point does not allow you to disable Factory Reset and the Serial Interface at the...

Page 96: ...lay the current status of the access routes using the show console command Not e Enter management commands one per line Command Syntax CLI Reference Page no console 9 23 no ssh 9 25 no telnet 9 24 show console 9 28 show system 9 28 ProCurve Access Point 530 configure ProCurve Access Point 530 config no console ProCurve Access Point 530 config show console CLI Access Serial Interface Disabled Telne...

Page 97: ...elnet connection to this device C a u t i o n You should use the no telnet command only when you are connected to the access point through another method Once you disable Telnet the Telnet connection is immediately lost ProCurve Access Point 530 configure ProCurve Access Point 530 config no ssh ProCurve Access Point 530 config show ssh SSH Status Disabled ProCurve Access Point 530 config ProCurve ...

Page 98: ...m Country Code us Software Version WA 02 00 0412 Ethernet MAC Address 00 14 C2 A5 6A B3 IP Address 192 168 15 200 Subnet Mask 255 255 255 0 Default Gateway 192 168 15 254 DHCP Client Disabled Management VLAN ID 1 Untagged VLAN ID 1 Radio 1 MAC Address 00 14 C2 A7 11 A0 Radio 1 Status Enabled 802 11g Radio 2 MAC Address 00 14 C2 A7 E1 20 Radio 2 Status Enabled 802 11g HTTP Interface Enabled SSL Int...

Page 99: ...e 6 6 Web Setting the System Name Location and Contact To modify the access point s system parameters use the Device Information screen the Home page or default screen The Web interface enables you to modify these parameters System Name An alias for the access point only enabling the device to be uniquely identified on the network Setting must be at least 1 character and a maximum of 63 characters...

Page 100: ...m Information 1 Select Device Information in the navigation bar 2 Type a name to uniquely identify the access point in the System Name field 3 Type alocationtoidentify wheretheaccess pointitlocatedintheLocation field 4 Type a name to identify the contact in the Contact field 5 Select Update to modify the system information ...

Page 101: ...tname syntax to set the name of the system Not e Enter management commands one per line To display the configured system name use the show system information command Command Syntax CLI Reference Page hostname hostname 9 20 show system information 9 28 ProCurve Access Point 530 configure ProCurve Access Point 530 config hostname ProCurve AP530 ProCurve Access Point 530 config ...

Page 102: ...0 0412 Ethernet MAC Address 00 14 C2 A5 6A B3 IP Address 192 168 15 200 Subnet Mask 255 255 255 0 Default Gateway 192 168 15 254 DHCP Client Disabled Management VLAN ID 1 Untagged VLAN ID 1 Radio 1 MAC Address 00 14 C2 A7 11 A0 Radio 1 Status Enabled 802 11g Radio 2 MAC Address 00 14 C2 A7 E1 20 Radio 2 Status Enabled 802 11g HTTP Interface Enabled SSL Interface Enabled SSH Interface Enabled Telne...

Page 103: ...HCP server on your network or DHCP fails the access point will automatically start up with a default IP address of 192 168 1 10 Web Configuring IP Settings Statically or via DHCP The Ethernet screen under Network Configuration allows the DHCP client to be enabled or the Transmission Control Protocol Internet Protocol TCP IP settings to be manually specified The Web interface enables you to modify ...

Page 104: ... The default is 192 168 1 10 Required field Subnet Mask Themaskthatidentifiesthehostaddressbitsused for routing to specific subnets The default is 255 255 255 0 Required field Default Gateway The default gateway is the IP address of the next hop gateway router for the access point which is used if the requesteddestinationaddressisnotonthelocalsubnet Required field DNS Nameservers Select Dynamic or...

Page 105: ...e drop down 5 Select Update to save the DHCP settings To Configure IP Settings Manually 1 Select Network Setup Ethernet 2 To configure the VLAN untagged enter a value in the VLAN field 3 To set the mode and speed of data transmission select Speed Duplex in the drop down 4 To set a manual connection select Static IP in the Connection Type drop down 5 If you chose Static IP the IP address and subnet...

Page 106: ...ute traffic between these segments This is a required field 7 To set dynamic DNS nameservers click the Dynamic button To set the nameservers manually click Manual 8 If you chose to manually enter the DNS nameservers enter the IP address for the primary and secondary DNS servers to be used for host name to IP address resolution 9 Select Update to save these IP settings ...

Page 107: ...to disable the DHCP client and then specify an IP address subnet mask default gateway and DNS server addresses C a u t i o n In order to disable the DHCP and assign a Static IP address you must have a serial port connection to the access point Otherwise you will lose connec tivity during the process of assigning a new static IP address Command Syntax CLI Reference Page interface interface 9 91 no ...

Page 108: ...cess Point 530 ethernet ip default gateway 192 168 1 1 ProCurve Access Point 530 ethernet exit ProCurve Access Point 530 config dns primary 204 127 202 0 ProCurve Access Point 530 config dns secondary 216 148 227 00 ProCurve Access Point 530 config ProCurve Access Point 530 show ip IP Address Information System Host Name HP AP 200 IP Address 192 168 15 200 Subnet Mask 255 255 255 0 Default Gateway...

Page 109: ... SNMP traps When SNMP management stations send GET or SET requests to the access point the SNMP responds with the requested data and or the status of the get or set operation The access point can also be configured to send information to SNMP managers through trap messages Not e The access point is shipped with a default read only community name Please change the community name or disable SNMP to ...

Page 110: ...ment stations using SNMP Read Only Support Read Write Support IEEE802dot11 MIB RFC1155 SMI MIB II RFC 1213 RFC 1215 SNMPv2 SMI RFC2578 SNMPv2 TC RFC2579 SNMPv2 CONF RFC2580 SNMPv2 MIB RFC3418 IANAifType MIB RFC2864 IF MIB RFC2863 BRIDGE MIB RFC1493 SNMP COMMUNITY MIB SNMP FRAMEWORK MIB SNMP MPD MIB SNMP USER BASED SM MIB SNMP VIEW BASED ACM MIB HP PROCURVE WLAN SMI HP PROCURVE WLAN TC HP PROCURVE ...

Page 111: ...d write access Authorized management stations are able to both retrieve and modify MIB objects Range 0 32 characters The default is private SNMPv3 Enables or disables SNMPv3 security functions The default is Enabled Engine ID The Engine ID is a system assigned identifier which uniquely identifies the access point in the agent s administrative domain Location Text string defining the physical locat...

Page 112: ... 4 To establish a private read write SNMP community enter a name text string to replace the default community name private in the Community Name R W field 5 To activate SNMPv3 security features on the access point click the SNMPv3 Enabled button 6 Enter a port value in the Port field 7 Select Update CLI Setting Basic SNMP Parameters CLI Commands Used in This Section Command Syntax CLI Reference Pa...

Page 113: ...settings to restricted and public To disable SNMP communities type the following commands ProCurve Access Point 530 configure ProCurve Access Point 530 config no snmp server community public restricted ProCurve Access Point 530 config no snmp server community system unrestricted ProCurve Access Point 530 config ...

Page 114: ...ty command prior to using the snmp server host command To display the current SNMP settings use the show snmp server command as shown in the following example ProCurve Access Point 530 configure ProCurve Access Point 530 config snmp server community alpha unrestricted ProCurve Access Point 530 config snmp server community beta restricted ProCurve Access Point 530 config snmp server host 192 16 8 1...

Page 115: ... Enabled hpWlanClientAuthentication Enabled hpWlanClientRequestFailure Enabled hpWlanClientReAssociation Enabled hpWlanDot1XAuthNotInitiated Enabled hpWlanDot1XAuthFailure Enabled hpWlanLocalMacAuthClientFailure Enabled hpWlanDot1XAuthSuccess Enabled hpWlanLocalMacAuthClientSuccess Enabled hpWlanMgmtAccessUpdate Enabled hpWlanPossibleNeighborApDetected Enabled hpWlanMgmtVlanIdUpdate Enabled hpWlan...

Page 116: ... tion about the file name server address and directionof configuration file The IP address is the file server s IP address AP Traps pertaining to the access point hpWlanApInterfaceUpdate This notification is sent out when the Ethernet or 802 11 wireless radio interface is enabled or disabled hpWlanApSSIDUpdate This notification is sent out when an SSID is enabled or disabled hpWlanClientAssociatio...

Page 117: ...d locally within the access point The notification value includes the MAC address of the authenticated station hpWlanLocalMacAuthClientFailure This notification is sent when a station fails to authenticate the MAC address with the data base stored locally within the access point The notification value includes the MAC address of the authenticated station Radio Traps pertaining to maintaining the a...

Page 118: ...ion value includes the MAC address of the authenticated station hpWlanDot1XAuthFailure This notification is sent when a station fails to authenticate with the RADIUS server The notification value includes the MAC address of the station that failed to authenticate hpWlanMacLockoutStaLockedOut This notification is sent when the station with the specified MAC address has been added to the global MAC ...

Page 119: ...f SNMP notifications For each destination enter the IP address or the host name and the community name IP Address Specifies the IP address or the host name from 1 to 20 characters for the recipient of SNMP notifications Community Name The community string sent with the notification operation Maximum length 32 characters Update Updates the Trap settings Figure 5 7 Configuring SNMP Trap Destinations...

Page 120: ...s Used in This Section To send SNMP v1 and v2c traps to a management station specify the host IP address using the snmp server host command and enable specific traps using the snmp server trap command Command Syntax CLI Reference Page no snmp server trap trap 9 43 show snmp server 9 45 ProCurve Access Point 530 configure ProCurve Access Point 530 config snmp server trap radiusAcctUpdate ProCurve A...

Page 121: ... hpWlanApInterfaceUpdate Enabled hpWlanClientDeAuthentication Enabled hpWlanClientAuthentication Enabled hpWlanClientRequestFailure Enabled hpWlanClientReAssociation Enabled hpWlanDot1XAuthNotInitiated Enabled hpWlanDot1XAuthFailure Enabled hpWlanLocalMacAuthClientFailure Enabled hpWlanDot1XAuthSuccess Enabled hpWlanLocalMacAuthClientSuccess Enabled hpWlanMgmtAccessUpdate Enabled hpWlanPossibleNei...

Page 122: ...ng SNMPv1 2c it will be necessary to log into the AP 530 using the CLI interface and add an SNMPv3 user manually See CLI Managing SNMPv3 Users on page 5 42 New SNMPv3 users will have read only access to MIBs This restriction remains inplace until either a privacy or authentication mode or typically both is assigned to the user If Privacy Type is specified for an SNMPv3 user then Authentication Typ...

Page 123: ... SNMP and select the Settings tab 2 Click the SNMPv3 Enabled button 3 Click Update To Disable SNMPv3 1 Click Management SNMP and select the Settings tab 2 Click the SNMPv3 Disabled button 3 Click Update CLI Enabling Disabling SNMPv3 CLI Commands Used in This Section Command Syntax CLI Reference Page no snmpv3 enable 9 46 ...

Page 124: ... Defines the username of the SNMPv3 user Authentication Type Password Specifies the type of Authentication to be applied to the SNMPv3 user and the authentication password The default is None Privacy Type Password Specifies the type of Privacy to be applied to the SNMPv3 user and the privacy password The default is None Update Updates the SNMPv3 user settings ProCurve Access Point 530 config ProCu...

Page 125: ...n 4 If you have selected an authentication method for the user you must enter a valid password in the Password field 5 Optionally select a privacy method from the Privacy Type drop down Adding a privacy method for the user requires that you also select an authentication method 6 If you have selected a privacy method for the user you must enter a valid password in the Password field 7 Click Update ...

Page 126: ... list of SNMPv3 users click the box next to the username you want to remove 3 Click Remove to remove the user from the list 4 Click Update CLI Managing SNMPv3 Users CLI Commands Used in This Section To create an SNMPv3 user enter the snmpv3 user name command To remove an SNMPv3 user enter the no snmpv3 user name command Command Syntax CLI Reference Page no snmpv3 user name user_name auth md5 sha a...

Page 127: ...ettings from the Manager Exec level use the show snmpv3 command ProCurve Access Point 530 config snmpv3 user name tjames auth md5 12345678 ProCurve Access Point 530 config ProCurve Access Point 530 config snmpv3 user name ltulina auth md5 12345678 priv aes 87654321 ProCurve Access Point 530 config Command Syntax CLI Reference Page show snmpv3 9 47 ProCurve Access Point 530 show snmpv3 SNMPv3 Enabl...

Page 128: ...e newest to the oldest Since the Web interface has a limited amount of memory for containing and displaying the event log you should use the CLI log command to view the complete list of logged events Log messages are only generated since the last reboot Rebooting the access point erases all previous log messages Consider configuring the access point to log messages to a server see CLI Setting Logg...

Page 129: ... default is 514 Update Updates the logging settings Not e To view log messages generated by the access point click Device Information Event Log and select the Log tab See Event Log on page 10 9 Figure 5 10 Setting Logging Parameters To Enable Logging 1 Click Device Information Event Log and select the Settings tab 2 Click the Primary Host box to enable the system log setup 3 Enter the IP address o...

Page 130: ...the settings no logging _host _port 9 32 show debug 9 33 show logging 9 33 ProCurve Access Point 530 configure ProCurve Access Point 530 config logging 10 1 0 3 ProCurve Access Point 530 config ProCurve Access Point 530 configure ProCurve Access Point 530 config show debug Debug Logging Syslog Relay 10 1 0 3 port 514 ProCurve Access Point 530 config Command Syntax CLI Reference Page ...

Page 131: ...ot login on ttyp0 I 01 05 00 05 35 48 wlan1 RADIUS Authentication server 127 0 0 1 1812 I 01 05 00 05 35 41 wlan1 RADIUS Authentication server 127 0 0 1 1812 I 01 05 00 05 34 04 wlan1 RADIUS Authentication server 127 0 0 1 1812 I 01 05 00 05 30 45 login 8495 root login on ttyp0 I 01 05 00 01 29 27 login 6498 root login on ttyp0 I 01 05 00 01 25 45 login 6491 root login on ttyp0 I 01 05 00 00 08 06...

Page 132: ...poll each server in the configured sequence SNTP is disabled by default Universal Time SNTP uses Coordinated Universal Time or UTC formerly Greenwich Mean Time or GMT based on the time at the Earth s prime meridian zero degrees longitude Web Setting SNTP Parameters The Special Features Time screen enables the SNTP server and time zone details to be configured for the access point The Web interface...

Page 133: ...m Configuration Configuring the Time SNTP To Set SNTP Parameters 1 Select Special Features Time 2 For SNTP click Enabled 3 For the SNTP Server enter the IP address or the hostname in the SNTP Server field 4 Click Update ...

Page 134: ...display the current SNTP status use the show sntp command as shown in the following example Command Syntax CLI Reference Page sntp server 9 35 no sntp 9 35 show sntp 9 36 ProCurve Access Point 530 configure ProCurve Access Point 530 config sntp 10 1 0 19 ProCurve Access Point 530 config ProCurve Access Point 530 configure ProCurve Access Point 530 config show sntp SNTP Status Enabled SNTP Server 1...

Page 135: ...unting software The user session information provided by the access point is sent to the server using standard RADIUS Accounting attributes refer to RFC 2866 The following describes the RADIUS attributes supported by the access point RADIUS Accounting Attribute Description Acct Status Type Contains the RADIUS Accounting message type Start Stop Interim Update Accounting On Accounting Off Acct Delay...

Page 136: ...RADIUS Accounting server The default is 0 0 0 0 which indicates disabled Port The User Datagram Protocol UDP port number used by the RADIUS Accounting server for accounting messages Setting the port number to zero disables RADIUS Accounting The default is 1813 Secret Key A shared text string used to encrypt messages between the access point and the RADIUS Accounting server Be sure that the same te...

Page 137: ... the primary RADIUS Accounting server enter the IP address in the IP field The default is 0 0 0 0 which indicates disabled 5 In the Port field specify the UDP port number used by the RADIUS Accounting server The default is 1813 6 In the Secret Key field specify the shared text string that is also used by the RADIUS server 7 Optional If you need to configure a secondary RADIUS Accounting server in ...

Page 138: ...et key on the access point Not e Enter radius commands one per line Command Syntax CLI Reference Page no radius accounting primary secondary ip ip port port key key 9 65 ProCurve Access Point 530 configure ProCurve Access Point 530 config radius accounting primary ip 192 168 1 52 ProCurve Access Point 530 config radius accounting primary port 161 ProCurve Access Point 530 config radius accounting ...

Page 139: ... Special Features Filters screen configures traffic filters The Web interface enables you to modify these parameters Inter Station Blocking Enables Disables the blocking of communica tions between wireless stations The default is Disabled Wireless Management Blocking Enables Disables the blocking of a wireless station s access to the access point The default is Disabled Update Updates the Filter s...

Page 140: ...hows the enabled filters Command Syntax CLI Reference Page no inter station blocking 9 88 no wireless mgmt block 9 88 show filters 9 89 ProCurve Access Point 530 configure ProCurve Access Point 530 config inter station blocking ProCurve Access Point 530 config ProCurve Access Point 530 configure ProCurve Access Point 530 config wireless mgmt block ProCurve Access Point 530 config ProCurve Access P...

Page 141: ...environ ment VLANs inherently provide a high level of network security since traffic must pass through a configured Layer 3 link to reach a different VLAN The access point can enable the support of VLAN tagged traffic passing between wireless stations and the wired network This VLAN tagging extends the wired network s VLANs to wireless stations Associated stations are assigned to a VLAN and can on...

Page 142: ... not include a VLAN tag Similarly traffic received from the wired network must be tagged with a known VLAN ID either an assigned client VLAN ID a default VLAN ID or the management VLAN ID Received traffic that has no tag is passed to the access point s untagged VLAN if configured otherwise it is dropped Received traffic that has an unknown VLAN ID or is tagged with the VLAN ID of the configured un...

Page 143: ...Changing the Untagged VLAN ID The Network Setup Ethernet screen configures the untagged VLAN ID The Web interface enables you to modify these parameters Untagged VLAN Allows setting of a VLAN ID to which all untagged packets will be assumed to belong The range is 1 4094 The default is 1 Connection Type Allows selection of a static or DHCP setting See Web Configuring IP Settings Statically or via D...

Page 144: ...em Configuration Configuring VLAN Support Figure 5 15 Changing Untagged VLAN ID To Set Untagged VLAN ID 1 Click Network Setup Ethernet 2 Enter a valid number between 1 and 4094 in the Untagged VLAN field 3 Select Update ...

Page 145: ... vid 9 148 management vlan vid 9 148 show wlans 9 118 ProCurve Access Point 530 configure ProCurve Access Point 530 config interface ethernet ProCurve Access Point 530 ethernet management vlan 9 ProCurve Access Point 530 ethernet ProCurve Access Point 530 configure ProCurve Access Point 530 config interface ethernet ProCurve Access Point 530 ethernet untagged vlan 9 ProCurve Access Point 530 ether...

Page 146: ...ne Disabled 13 SSID 13 not assigned yet none None Disabled 14 SSID 14 not assigned yet none None Disabled 15 SSID 15 not assigned yet none None Disabled 16 SSID 16 not assigned yet none None Disabled All WLANs on Radio 2 WLAN BSSID VLAN Security Status 1 PR3_WLAN 00 14 C2 A5 22 F0 9 U No Sec Enabled 2 SSID 2 not assigned yet none No Sec Disabled 3 SSID 3 not assigned yet none No Sec Disabled 4 SSI...

Page 147: ...at are not shared by different software versions cannot be shared between all APs Not e Group Configuration must not be enabled on an access point that participates in a WDS link Group Configuration will configure the WLAN 1 security profile as a group setting If this profile is changed the WDS link may break The Group Configuration Parameter Block The parameters that are shared by the members of ...

Page 148: ... mem on the CLI or pressing the Update button on the web browser interface before they will be shared None of the parameters in the GCPB require a reboot of the access point to take effect Guidelines for Deploying Group Configuration The Group Configuration feature creates a peer to peer system where no single access point controls or contains the Group Configuration Parameter Block and the entire...

Page 149: ...ration could become corrupted For instance if one parameter is simultaneously set to two different values on different APs the group s configuration could be synchronized inconsistently Similarly applying incompatible values to parameters with cross dependen cies could also produce unpredictable results The recommended method for ensuring integrity of a group configuration is to enforce a single a...

Page 150: ...e configuration interface of another member click on its link When a group is being formed there may be a delay of up to 2 seconds before all members are listed Figure 5 16 Configuring Group Configuration To add Group Configuration to the current access point 1 Click Management Group Configuration 2 Click Enabled to allow this access point to share configuration parameters with others in the same ...

Page 151: ... group config member id 9 62 show group config 9 63 ProCurve Access Point 530 configuration ProCurve Access Point 530 config group config name HBldg22 ProCurve Access Point 530 config group config member id AP 2 ProCurve Access Point 530 config group config ProCurve Access Point 530 config show group config Status Enabled Group name HBldg22 Member ID AP 2 mac ip 00 14 C2 A5 09 8C 10 0 1 101 00 14 ...

Page 152: ...5 68 General System Configuration Managing Group Configuration ...

Page 153: ... 6 14 Configuring Advanced Radio Settings 6 16 Configuring B G Mode 6 17 Configuring G Only Mode 6 19 Configuring Pure G Mode 6 20 CLI Configuring Radio Settings 6 21 Modifying Antenna Settings 6 23 Web Setting the Tx Power Reduction 6 23 Web Setting the Antenna Type and Antenna Mode 6 25 CLI Setting the Transmit Power Reduction and Antenna Parameters 6 26 Adaptive Tx Power Control 6 28 Feature Ov...

Page 154: ... Wireless Interface Configuration Managing Multiple WLAN BSS SSID Interfaces 6 34 Web Configuring SSID Interfaces 6 35 CLI Naming an SSID Interface 6 38 CLI Modifying WLAN BSS SSID Interface Settings 6 39 ...

Page 155: ...es Most radio parameters apply globally to all configured SSID interfaces For each SSID interface different security settings VLAN assignments and other parameters can be applied This chapter describes how to Set the access point country code Configure the radio working mode Modify global radio parameters Configure SSID interfaces ...

Page 156: ...ore configuring other radio settings The country code setting affects the radio channels that are available Not e The country code is preset to US in the Access Point 530 NA unit and can be changed from the U S to only the Canada Mexico or Taiwan country code When it is set to Canada Mexico or Taiwan and you want to reset it to the U S you must reset the unit back to its factory defaults The radio...

Page 157: ...ess Point 530 config show system information Serial Number TW633VV01D System Name HP AP 200 System Up Time 13 mins 17 secs System Location 2FS17 System Country Code us Software Version WA 02 00 0412 Ethernet MAC Address 00 14 C2 A5 6A B3 IP Address 192 168 15 200 Subnet Mask 255 255 255 0 Default Gateway 192 168 15 254 DHCP Client Disabled Management VLAN ID 1 Untagged VLAN ID 1 Radio 1 MAC Addres...

Page 158: ...e available for use on the 530 access point 802 11a 802 11b and 802 11g Two separate wireless LAN radios are available for use on the 530 access point Radio 1 and Radio 2 Radio 1 configuration allows only two modes 802 11b and 802 11g Radio 2 configuration allows all three modes 802 11a 802 11b and 802 11g If both Radio 1 and Radio 2 are configured to 802 11 b g mode then Radio 2 must be connected...

Page 159: ...t contain legacy 802 11b stations or legacy access points you can obtain maximum throughput by configuring pure G Mode s See Web Configuring Advanced Radio Settings on page 6 14 B G stations to the access points only and protected mode enabled Wifi G stations only and protected mode enabled Pure G stations only and protected mode disabled Dual 802 11b g Configuration External Antennas For dual 2 4...

Page 160: ...o multipath propagation interfer ence The IEEE 802 11g offers transmission over relatively short distances at up to 54 megabits per second Mbps compared with the 11 Mbps theoretical maximum of 802 11b The 802 11g uses orthogonal frequency division multi plexing OFDM the modulation scheme used in 802 11a toobtainhigherdata speed Computers or terminals set up for 802 11g can fall back to speeds of 1...

Page 161: ...formance try to limit any possible sources of radio interference within the service area Web Setting the Radio Working Mode The Network Setup Radio screen shown in Figure 6 1 enables you to set the access point s radio working mode Not e If you are using the worldwide product J8987A you must set the country code using the CLI before you can configure the radio settings See Setting the Country Code...

Page 162: ...t IEEE 802 11a Stations communicate in a data transfer range between 6 to 54 Mbps This standard operates in the 5 GHz U NII band using orthogonal frequency division multiplexing OFDM Radio 2 only Update Updates the radio parameters Figure 6 1 Setting the Radio Working Mode To Set the Radio Working Mode 1 Select Network Setup Radio 2 Select the appropriate radio 1 or 2 from the Radio drop down 3 To...

Page 163: ...gured on the access point Command Syntax CLI Reference Page radio radio_name 9 102 mode mode 9 105 show radios radio Use the parameter radio to display detailed information about the specified radio 9 117 ProCurve Access Point 530 configure ProCurve Access Point 530 config radio 1 ProCurve Access Point 530 radio1 mode g ProCurve Access Point 530 radio1 ProCurve Access Point 530 configure ProCurve ...

Page 164: ...nfiguring Basic Radio Settings The Network Setup Radio screen shown in Figure 6 2 configures basic settings for the access point s radio operation For the Advanced Settings see Web Configuring Advanced Radio Settings on page 6 14 The Web interface enables you to modify these parameters Max Tx Power The maximum power in dBm that the current radio mode supports The default is 0 Tx Power Reduction Ad...

Page 165: ...plicable radio at any one time The default is 256 Update Updates the radio parameters Figure 6 2 Configuring Basic Radio Settings To Modify Basic Radio Settings 1 Select Network Setup Radio 2 Select the radio channel from the drop down If you are deploying access points in the same area see the key points summarized in section Over view on page 6 3 3 To set a limit on the number of stations access...

Page 166: ...is Enabled Antenna Mode The mode of radio antenna utilized by this access point The default is Diversity For the configuration details see Web Setting the Antenna Type and Antenna Mode on page 6 25 Preamble Sets the length of the signal preamble used at the start of a data transmission Using a short preamble can increase data throughput on the access point but requires that all associated stations...

Page 167: ...even numbers The default is 2346 Inactivity Timeout Sets the length of time the wireless client is consid ered inactive if no traffic has been received from the station by this radio Range 30 86400 seconds Beacon Interval The rate at which beacon frames are transmitted from the access point The beacon frames allow wireless stations to maintain contact with the access point They may also carry powe...

Page 168: ...dit button for Advanced Settings A pop up window for Advanced Settings opens see figure 6 3 3 To enable rate limiting click the Broadcast Multicast Rate Limiting Enabled button 4 If you enabled Broadcast Multicast Rate Limiting enter the Rate Limit and the Rate Limit Burst amounts 5 To enable Protected Mode click the Enable button 6 Select the Preamble and Slot Times by clicking their respective L...

Page 169: ... transmissions enter values within the appropriate range for the Fragmentation Threshold and RTF Threshold fields 8 Enter the length of time value to establish Inactivity Timeout 9 Select values for the Supported and Basic Rate Sets 10 Select Update Configuring B G Mode Figure 6 4 Configuring B G Modes Radio Settings ...

Page 170: ...tings To Configure B G Modes The setting shown in Figure 6 5 allows both b stations and g stations to associate with the AP 1 Select Network Setup Radio tab IEEE 802 11g mode Edit Advanced Settings 2 Select Enable for Protected Mode to set this radio parameter 3 Select Update to set the advanced radio parameters ...

Page 171: ...tting shown in Figure 6 6 allows g only stations to associate with the AP This is Wi Fi standard based g only mode 1 Select Network Setup Radio tab IEEE 802 11g mode Edit Advanced Settings 2 Select Enable for Protected Mode to set this radio parameter 3 Select rate set values 24 12 and 6 using the Basic options 4 Select Update to set the advanced radio parameters ...

Page 172: ... a standard based configuration mode If this mode is used with legacy b stations and b access points this mode creates a detrimental effect leading to low throughput especially with Protected Mode being disabled 1 Select Network Setup Radio tab IEEE 802 11g mode Edit Advanced Settings 2 Select Disable for Protected Mode to set this radio parameter 3 Deselect rate set values 11 5 5 2 and 1 using th...

Page 173: ...to enable one radio and configure specific radio parameters on the access point Not e Enter radio commands one line at a time Command Syntax CLI Reference Page description string 9 117 no basic rate value 9 107 beacon interval value 9 109 fragmentation thresh value 9 112 rts threshold value 9 114 show stations 9 123 show radio radio 9 117 ProCurve Access Point 530 configure ProCurve Access Point 5...

Page 174: ... Beacon Interval K us 100 Max Power dBm 0 0 Power Reduction dB 0 Antenna Mode diversity Antenna s In Use internal RTS Threshold 2347 Fragment Threshold 2346 WMM QoS Disabled Inactivity Timeout 1800 Max Stations 256 Rate Limiting Disabled Rate Limit packets second 50 Burst Limit packets second 75 AP Detection Enabled Periodic Scan Duration ms 30 Periodic Scan Interval sec 10 List Max Entries 255 Li...

Page 175: ...e Installation and Getting Started Guide and the specific product antenna manuals Web Setting the Tx Power Reduction The Radio screen shown in Figure 6 8 enables you to configure the following settings for adjusting the transmit power reduction values Max Tx Power The maximum power that the current radio mode supports The default is maximum power Tx Power Reduction Adjusts the amount of attenuatio...

Page 176: ... Antenna Settings Figure 6 8 Setting Transmit Power Reduction To Modify the Transmit Power Reduction 1 Select Network Setup Radio 2 Use the Tx Power Reduction drop down to select a dBm value 3 Select Update to set the radio transmit power reduction ...

Page 177: ...ype and antenna mode parameters Not e Radio 2 must be configured to an external antenna if Radio 2 is configured to either the IEEE 802 11b or 802 11g mode The Radio 2 internal antenna must be configured to the IEEE 802 11a mode See Radio Configuration Summary Table on page 6 6 Figure 6 9 Setting Antenna Parameters To Modify the Antenna Parameters 1 Select Network Setup Radio tab Edit Advanced Set...

Page 178: ...xternal antenna and set the mode to Single on the access point The default mode is set to Diversity Command Syntax CLI Reference Page tx power reduction value 9 115 antenna external internal 9 106 antenna mode diversity single 9 106 show radio 9 117 ProCurve Access Point 530 config radio 1 ProCurve Access Point 530 radio1 tx power reduction 5 ProCurve Access Point 530 radio1 antenna external ProCu...

Page 179: ...nel 11 WLANs Supported 16 Preamble long CTS Protection Enabled Slot time short Beacon Interval K us 100 Max Power dBm 0 0 Power Reduction dB 0 Antenna Mode diversity Antenna s In Use internal RTS Threshold 2347 Fragment Threshold 2346 WMM QoS Disabled Inactivity Timeout 1800 Max Stations 256 Rate Limiting Disabled Rate Limit packets second 50 Burst Limit packets second 75 AP Detection Enabled Peri...

Page 180: ...s they all must be operating on the same channel and all must have ATPC enabled Once it is enabled ATPC is controlled by setting four parameters Adaptive Mode Avoid Neighbor APs RF Group Name Tx Power Reduction Limit How the ATPC feature responds to the presence of other APs depends on how these parameters are combined Scope Power levels can be configured to Adapt to selected APs and ignore others...

Page 181: ...D configurations within the group are ignored and all APs in the group will mutually adapt their transmit power to adapt to their neighbors in the group APs outside the group are not accommodated There is no limit to the number of APs in an RF Group Adapting to All Neighboring APs To apply ATPC to all neighboring APs regardless of RF Groups or SSID configurations enable the Avoid Neighbor APs sett...

Page 182: ... of APs Power Reduction Limit Setting the Transmit Power Reduction Limit determines the minimum power level of the radio This value combined with the radio s Tx Power Reduction setting establishes the range of Transmit Power adjustments in ATPC How this setting is tuned depends on the ATPC scope and adaptive mode selected The radio s Tx Power Reduction setting not the radio s Max Tx Power determin...

Page 183: ...llowing settings to configure ATPC characteristics Adaptive Tx Power Control Enables and disables Adaptive Tx Power Control on the selected radio The default is Disabled Avoid Neighbor APs When this setting is enabled ATPC adapts to all neighboring APs RF Group Names and SSIDs are ignored When this setting is disabled ATPC uses RF Group Name or SSIDs to determine which APs to accommodate The defau...

Page 184: ...Enabled button b To adapt transmit power to a group of specific neighboring APs enter the RF Group Name that identifies the group c To adapt transmit power to neighboring APs according to their respective SSID lists click the Avoid Neighbor APs Disabled button and leave the RF Group Name field blank 4 Select the Adaptive Mode you want by clicking either the AP button or the AP Clients button 5 To ...

Page 185: ...radio1 atpc adapt ap ProCurve Access Point 530 radio1 atpc max reduction 18 ProCurve Access Point 530 radio1 atpc rf group name AirportNet ProCurve Access Point 530 radio1 ProCurve Access Point 530 radio1 show atpc Radio 1 atpc enabled RF Group name AirportNet Avoid Other WLANs disabled Max Power Reduction 18 Adaptive Mode AP Current Beacon Backoff 4 dB Current Data Backoff 4 dB Radio 2 atpc disab...

Page 186: ...ns that want to connect to a network through an access point must set their SSIDs to match that of the access point Multiple SSID interfaces enable wireless traffic to be separated for different user groups using a single access point that services one area For each SSID interface differentsecuritysettings VLANassignments andotherparameters can be applied Wireless stations within the service area ...

Page 187: ... tab shown inFigure 6 11 enables you to configure SSIDs VLANS and closed system settings You can modify these parameters WLAN Displays the WLAN index number 1 through 16 Radio 1 Radio 2 Configures the access point to enable WLAN access using either or both radios when the appropriate box is checked SSID Lists the access point s SSID interfaces with their basic settings The Enabled option auto fill...

Page 188: ...pop up window with the following tabs Security tab Enables theSecurity Modedrop downwiththeoptions for this WLAN This is the default tab For security mode configura tion see Web Setting Security Options on page 7 18 RADIUS Servers tab Configures the primary secondary and internal server for RADIUS authentication For RADIUS server settings see Web Setting RADIUS Server Parameters on page 7 33 Accou...

Page 189: ...N ID per WlAN BSS SSSID enter a VLAN ID in the VLAN field 6 To establish security click Edit button and configure Security tab param eters 7 To configure Radius servers for RADIUS authentication click Edit and configure RADIUS Server tab parameters 8 To configure Accounting servers for RADIUS authentication click Edit and configure Accounting Servers tab parameters 9 To configure MAC filtering cli...

Page 190: ...hileonlytheEnable Disable command is available in the WLAN subcontexts from radio 2 Not e To configure an interface you need to be in the radio configuration level The names of the radio and WLAN BSS SSID context are displayed in the parentheses The WLAN index uses the format wlan x where x is a number between 1 and 16 To display a list of configured WLAN interface settings use the show wlan x com...

Page 191: ... Auth Mode local deny list only MAC Auth List not set Authentication open system only WEP Key Type ascii WEP Key 1 akshjsnensitk WEP Key Size 128bit Command Syntax CLI Reference Page ssid SSID 9 103 description description 9 103 disable enable 9 103 vlan vid 9 103 closed system 9 103 show wlan index 9 103 ProCurve Access Point 530 configure ProCurve Access Point 530 config radio 1 ProCurve Access ...

Page 192: ...d yet none No Sec Disabled 5 SSID 5 not assigned yet none No Sec Disabled 6 SSID 6 not assigned yet none No Sec Disabled 7 SSID 7 not assigned yet none No Sec Disabled 8 SSID 8 not assigned yet none No Sec Disabled 9 SSID 9 not assigned yet none No Sec Disabled 10 SSID 10 not assigned yet none No Sec Disabled 11 SSID 11 not assigned yet none No Sec Disabled 12 SSID 12 not assigned yet none No Sec ...

Page 193: ...6 41 Wireless Interface Configuration Managing Multiple WLAN BSS SSID Interfaces This page is intentionally unused ...

Page 194: ...6 42 Wireless Interface Configuration Managing Multiple WLAN BSS SSID Interfaces ...

Page 195: ...7 1 7 Wireless Security Configuration ...

Page 196: ...KIP with Preshared Key 7 10 AES with Preshared Key 7 10 TKIP with 802 1X 7 11 AES with 802 1X 7 11 Other Security Features 7 12 Establishing Security 7 16 Web Setting Security Options 7 18 Manual Configuration Using the CLI 7 24 CLI Configuring Security Settings 7 24 Configuring RADIUS Client Authentication 7 32 Web Setting RADIUS Server Parameters 7 33 CLI Setting RADIUS Server Parameters 7 35 We...

Page 197: ...eb Auth Process 7 57 Associating with the AP 530 7 57 URL Intercept 7 58 Logging In 7 58 Authenticating 7 58 Redirecting to the Destination URL 7 60 Web Auth Security 7 60 User Credentials 7 60 Optional Encryption 7 60 Other Security Features 7 60 The Web Auth Address Pool 7 61 Customizing the Authentication Screens 7 61 Default Text Values for Authentication Screens 7 62 Login Screen Default Valu...

Page 198: ...Wireless Security Configuration CLI Configuring Web Auth on a WLAN 7 70 Prerequisites 7 70 Web Customizing the Login Welcome and Failed Screens 7 72 CLI Customizing the Login Welcome and Failed Screens 7 74 ...

Page 199: ...his chapter describes how to Configure wireless security Configure encryption Configure key management Configure MAC and 802 1X authentication Configure MAC Lockout and Client Station Deauthentication Configure AP Authentication Configure Web Authentication ...

Page 200: ...asses between the access point and stations to protect against interception and eavesdropping Key management Assigning unique data encryption keys to each wire less station session and periodically changing the encryption keys to minimize the risk of their discovery User Authentication The two ways of authenticating users on the Access Point 530 are MAC authentication Based on the user s wireless ...

Page 201: ... a user requests connection to a WLAN through an access point which then requests the identity of the user and transmits that identity to an authentication server such as RADIUS The server asks the access point for proof of identity which the access point gets from the user and sends back to the server to complete the authentication The local built in RADIUS server supports only one EAP type PEAP ...

Page 202: ... secure method of encryption Wired Equivalent Privacy WEP WEP provides a basic level of security preventing unauthorized access to the network and encrypting data transmitted between wireless stations and the access point WEP is the security protocol initially specified in the IEEE 802 11 standard for wireless communications Unfortunately static WEP has been found to be seriously flawed and cannot...

Page 203: ...ng the data can be managed either dynamically using 802 1X authentication or statically using preshared keys between the access point and station Dynamic key management provides significantly better security than static keys Security Profiles Based on authentication encryption and key management the following is a list of security profiles in order of increasing robustness No Security Static WEP D...

Page 204: ... not recommended because it sends encryption keys that are viewable in plain text Dynamic Wired Equivalent Privacy WEP Dynamic WEP uses WEP as the encryption cipher and 802 1X as the authen tication mechanism In this way each client station is assigned a unique encryption key for each session from the authentication server The length of the cipher can be 64 bits or 128 bits and the encryption keys...

Page 205: ...er key to derive the encryption between the access point and the station AES with 802 1X The AES with 802 1X security profile uses AES as the encryption cipher and 802 1X as the authentication mechanism In this way each station is assigned a unique master key to derive the encryption between the access point and the station and the encryption keys can be automatically and periodically changed to f...

Page 206: ... network card driver native support provided in Windows XP and Windows Vista Provides dynamically generated keys that are periodically refreshed Provides similar shared key user authentication Provides robust security in small networks WPA PSK WPA2 Only Requires WPA enabled system and network card driver native support provided in Windows XP and Windows Vista Provides robust security in small netw...

Page 207: ...y 1 2 3 4 string no open system authentication no shared key authentication WEP supported station required Requires manual key management Encryptionindex length and type configured in the access point must match those configured in the stations Dynamic WEP 1 Enable Dynamic WEP Security 2 Set the Authentication Server and Protocol 3 Set RADIUS Key security dynamic wep radius accounting primary seco...

Page 208: ... ip port port key key radius primary secondary WPA supported station required Ifthereisamixof stations some supporting WPA2 and others supporting the original WPA configure for both set both wpa wpa2 allowed When both TKIP and CCMPauthentication methodsareset both TKIP and AES stations can associate with the access point WPA stations must have either a valid TKIP or an AES key to communicate For W...

Page 209: ...for entriessettoactivein the MAC Authentica tion Table Can be combined with other methodsforimproved security Local MAC authentication Local MAC Allow xx xx xx xx xx xx Not needed All MAC addresses denied except for entriessettoactivein MAC Authentication Table Can be combined with other methodsforimproved security Remote MAC authentication RADIUS MAC MAC address permission policybasedon RADIUS se...

Page 210: ...figuration for the WLAN Figure 7 1 Security Access Via the WLANs Screen Basic parameters required for a security option configuration are provided in the WLANs Security pop up window all other access point settings are made automatically Some options require a RADIUS server to be configured A link to the RADIUS Servers tab is provided where you can configure the RADIUS server parameters ...

Page 211: ...ee Protocol STP on page 8 15 CAU T IO N When access point configuration parameters are changed wireless stations may be temporarily disconnected until the new configuration parameter is enabled This includes any changes to a WLAN or radio parameter The recommended security option for WDS operation is WPA2 using the AES cipher because this setting provides the maximum security for data sent over th...

Page 212: ... keys ASCII Enter keys as 5 alphanumeric characters for 64 bit keys or 13 alphanumeric characters for 128 bit keys Hex Enter keys as 10 hexadecimal digits for 64 bit keys or 26 hexadecimal digits for 128 bit keys The default is Hex WEP Keys Enter up to four strings of character keys If you selected ASCII enter any combination of ASCII characters If you selected Hex enter hexadecimal digits any com...

Page 213: ...ption Standard AES It uses a CCM Combined Block Chaining Counter mode CBC CTR and Cipher Block Chaining Message Authentication Code CBC MAC for encryption and message integrity Both If you select both TKIP and AES Pairwise cipher is AES and Groupwise cipher is TKIP Pairwise cipher is used for unicast traffic and Groupwise cipher is used for multicast broadcast traffic Both TKIP and AES stations ca...

Page 214: ...RC4 to perform the encryption and changes temporal keys every 10 000 packets and distributes them thereby greatly improving the security of the network Default AES An IEEE 802 1X encryption method that uses the Advanced Encryption Standard AES It uses a CCM Combined Block Chaining Counter mode CBC CTR and Cipher Block Chaining Message Authentication Code CBC MAC for encryption and message integrit...

Page 215: ...y tab 3 Select Static WEP from the Security Mode drop down 4 To allow system authentication select Shared from the Authentication option 5 Select a key index from the Transfer Key Index to be used for encryption for the WLAN interface 6 Select the key length to be used by all stations 64 bits or 128 bits 7 Select the Hex or ASCII for Key Type 8 Enter the key value conforming to the length and type...

Page 216: ...Security tab 3 Select WPA PSK from the Security Mode drop down 4 Select WPA WPA2 or Both for WPA support as required 5 Select Enable pre authentication if you selected WPA2 or Both for the WPA version 6 Select TPIK recommended AES or Both to enable the type of Cipher encryption 7 For the key enter between 8 and 63 alphanumeric characters Be sure that all wireless stations use the same key 8 Select...

Page 217: ...ing the Security tab 3 Select WPA 802 1X from the Security Mode drop down 4 Select WPA WPA2 or Both for WPA support as required 5 Select Enable pre authentication if you selected WPA2 or Both for the WPA version 6 Select TPIK AES recommended if you selected WPA2 or Both to enable the type of Cipher encryption 7 Select RADIUS Servers to configure the RADIUS server to enhance secu rity 8 Select Upda...

Page 218: ...context of Radio 2 is to enable or disable the entire WLAN on Radio 2 CLI Configuring Security Settings CLI Commands Used in This Section Command Syntax CLI Reference Page security no security static wep dynamic wep wpa psk wpa 802 1x 9 126 wep default key 1 2 3 4 9 128 no wep key ascii 9 129 wep key length 64 128 9 130 wep key 1 2 3 4 string 9 130 no open system authentication 9 131 no shared key...

Page 219: ...rity The following example shows how to configure an WLAN interface to have no security set ProCurve Access Point 530 configure ProCurve Access Point 530 config radio 1 ProCurve Access Point 530 radio1 wlan 1 ProCurve Access Point 530 radio1 wlan1 security no security ProCurve Access Point 530 radio1 wlan1 ...

Page 220: ...ot set WPA or WPA2 WPA and WPA2 WPA Cipher TKIP only WPA Pre auth Disabled WPA Key Format ascii WPA ASCII Key abcdefghijklmnop WPA Hex Key not set Web Authentication Status Disabled Retry Limit 3 Username Password Login Enabled Guest Login Enabled Redirect URL www procurve com Default Login Page Enabled Default Login Failed Page Enabled Default Welcome Page Enabled RADIUS Failover To Local Disable...

Page 221: ...gth and Key Type settings If Key Length is 64 bits and the Key Type is ASCII then each WEP key must be 5 characters long If Key Length is 40 bits and Key Type is Hex then each WEP key must be 10 characters long If Key Length is 128 bits and Key Type is ASCII then each WEP key must be 13 characters long If Key Length is 128 bits and Key Type is Hex then each WEP key must be 26 characters long ProCu...

Page 222: ...ity mode configure an external authentication server and set the RADIUS key the RADIUS key is automatically provided if you are using the built in authentication server Not e Supported authentication servers are the built in authentication server on the access point or an external RADIUS server The RADIUS key value is used with an external RADIUS server only and is ignored for the internal RADIUS ...

Page 223: ...communicate ProCurve Access Point 530 configure ProCurve Access Point 530 config radio 1 ProCurve Access Point 530 radio1 wlan 1 ProCurve Access Point 530 radio1 wlan1 security dynamic wep ProCurve Access Point 530 radio1 wlan1 radius primary ip 192 168 1 52 ProCurve Access Point 530 radio1 wlan1 radius primary port 161 ProCurve Access Point 530 radio1 wlan1 radius primary key secret ProCurve Acce...

Page 224: ... CLI to Configure WPA 802 1X The following commands configure the access point to use the WPA 802 1X security mode to accept both the WPA and WPA2 stations and to allow pre authentication Not e WPA 802 1X is the recommended security mode The incorporation of the RADIUS server makes it superior to the WPA PSK security mode ProCurve Access Point 530 radio1 wlan1 wpa pre shared key goodsecret ProCurv...

Page 225: ... in authentication server on the access point or an external RADIUS server Use of the built in server automat ically establishes the RADIUS key ProCurve Access Point 530 configure ProCurve Access Point 530 config radio 1 ProCurve Access Point 530 radio1 wlan 1 ProCurve Access Point 530 radio1 wlan1 radius primary ip 192 168 1 52 ProCurve Access Point 530 radio1 wlan1 radius primary port 161 ProCur...

Page 226: ...tations If required the access point can support both MAC address and 802 1X authentication using a RADIUS server For more informa tion see Configuring MAC Address Authentication on page 7 43 Not e This configuration guide assumes that you have already configured the RADIUS server to support the access point The configuration of RADIUS server software is beyond the scope of this guide refer to the...

Page 227: ...ing settings to send user session information from the access point to a RADIUS accounting server Internal Server Enables the access point to use the internal server for authentication The default is Enable IP Address Specifies the IP address of the RADIUS server The default is 0 0 0 0 which indicates Disabled Port The User Datagram Protocol UDP port number used by the RADIUS server for accounting...

Page 228: ...stablish communication again with the primary server If communication with the primary server is reestablished the secondary server reverts to a backup role The default is Disable Internal Server as Failover Enables the internal server to begin authenticating in the event that the primary server is disconnected The default is Disabled Figure 7 5 Configuring RADIUS Servers on the Access Point To Se...

Page 229: ...IP address and other parameters in the appropriate fields Otherwise leave the IP address as all zeros 0 0 0 0 10 Select Internal Server as failover to ensure that RADIUS authentication remains uninterrupted if the primary server disconnects 11 Select Update to set the RADIUS servers for RADIUS authentication CLI Setting RADIUS Server Parameters CLI Commands Used in This Section The following examp...

Page 230: ...he account Real Name Displays the real name assigned to the account Status Displays the status of the account Enabled or Disabled Enable Enables the selected account Disable Disables the selected account Remove Removes the selected account ProCurve Access Point 530 configure ProCurve Access Point 530 config radio 1 ProCurve Access Point 530 radio1 wlan 1 ProCurve Access Point 530 radio1 wlan1 radi...

Page 231: ...t select Disable To remove the account from the system select Remove Adding New RADIUS Accounts The Local Radius screen shown in Figure 7 7 enables you to modify the RADIUS account details to use RADIUS authentication on the access point Add User Account Configure the following account details The access point limits the local radius account users to 100 Username Provides an alphanumeric text stri...

Page 232: ...nfiguring a Local Radius User To Add Local RADIUS User Accounts 1 Select Special Features Local Radius Users tab 2 In the User Name field specify the User Name used by the RADIUS server for authentication 3 In the Real Name field specify the full name of the user that is used by the RADIUS server only for informational purposes 4 In the Password field specify the password to be associated with the...

Page 233: ... The selected file is displayed in the Restore User Database field Restore Restores selected file Return to Local Radius Return Returns to the Local Radius screen Figure 7 8 Backing Up a User Database To Create a Backup File of Local RADIUS User Accounts Information 1 Select Special Features Local Radius to display the Local RADIUS screen and user account information 2 Click backup or restore user...

Page 234: ...al Features Local Radius to display the Local RADIUS screen and user account information 2 Click backup or restore user database link to display the User Database screen 3 Use Browse to select the user database file ubk file you want to restore The selected file pathname filename ubk displays in the Restore User Database field 4 Click Restore to complete the process 5 Click Return to close the Use...

Page 235: ...gnmentofVLANIDsbasedonuserauthentication An external RADIUS server is required to support assignment of VLAN IDs based on authentication of an individual user If you are using the local built in RADIUS server the RADIUS accounting feature must be disabled and or set to use an external RADIUS accounting server Command Syntax CLI Reference Page no radius local username Disabled password password rea...

Page 236: ...se the show radius local command as shown in the following example ProCurve Access Point 530 configure ProCurve Access Point 530 config radius local chris realname csmith ProCurve Access Point 530 config radius local chris password chrisopen ProCurve Access Point 530 config ProCurve Access Point 530 config ProCurve Access Point 530 config show radius local Local Radius User Accounts wireless clien...

Page 237: ... first configure the server in the RADIUS servers screen For details on config uring RADIUS servers see Web Setting RADIUS Server Parameters on page 7 33 Authentication Order Connection requests are authenticated in the following order First against the MAC Lockout list Then against the local Access Control List Last against the RADIUS server Access Control List and RADIUS Server Client station MA...

Page 238: ...lly managed If you choose to configure RADIUS MAC authentication and 802 1X AP Authentication together the RADIUS MAC address authentication occurs before 802 1X AP Authentication If RADIUS MAC authentication is successful AP Authentication is performed If RADIUS MAC authentication fails AP Authentication is not performed MAC Lockout and Client Station Deauthentication When a MAC address is added ...

Page 239: ...s the WLAN BSS SSID interface by removing prohib iting the selected MAC configuration MAC Address Add Adds the entered MAC address to selected ACL list List Name Specifies a new list name MAC Entry Specifies the MAC address for the list New ACL Add Adds the New ACL to the list of Access Control Lists Figure 7 9 Configuring an Access Control List To Configure the Access Control List 1 Select Manage...

Page 240: ...ing MAC Address Authentication The MAC Authentication tab shown in Figure 7 10 enables the WLAN BSS SSID interface to be configured to use MAC authentication You can modify these parameters MAC Authentication Configures either the local or remote MAC authentication on this access point Selecting the Enabled option enables access to the Local or Remote parameters Access Control List Selects among p...

Page 241: ...te 5 To apply a configured authentication list select list from the ACL drop down 6 To allow only known MAC addresses access to the network select the Allow only stations in list policy option 7 To prohibit specific MAC addresses from gaining access to the network select the Block all stations in list policy option 8 Select Update to set MAC Authentication on the access point CLI Configuring MAC A...

Page 242: ...how to display the current authentication configuration on the access point from the Manager Exec level ProCurve Access Point 530 configure ProCurve Access Point 530 config mac auth local mylist mac 00 11 22 33 44 55 ProCurve Access Point 530 config mac auth local mylist mac 00 aa bb cc dd ee ProCurve Access Point 530 config ProCurve Access Point 530 configure ProCurve Access Point 530 config radi...

Page 243: ...re auth Disabled WPA Key Format ascii WPA ASCII Key abcdefghijklmnop WPA Hex Key not set Web Authentication Status Disabled Retry Limit 3 Username Password Login Enabled Guest Login Enabled Redirect URL www procurve com Default Login Page Enabled Default Login Failed Page Enabled Default Welcome Page Enabled RADIUS Failover To Local Disabled Retransmit Num 3 Primary Auth local built in server Prim...

Page 244: ...ese parameters Remove Removes the selected MAC address from the MAC Lockout list Field entry Add Adds the entered MAC address to the MAC Lockout list Add Adds the entered MAC address to MAC Lockout list Figure 7 11 Configuring MAC Lockout To Configure MAC Lockout 1 Select Special Features MAC Lockout tab 2 To add a MAC address to the MAC Lockout list enter the desired MAC address and click Add 3 T...

Page 245: ...the MAC Lockout list using the no lockout mac command Displaying the MAC Lockout list The following example shows how to display the current MAC Lockout list Command Syntax CLI Reference Page no lockout mac mac_address 9 75 show lockout mac 9 76 lockout mac clear mac_address all 9 76 ProCurve Access Point 530 configure ProCurve Access Point 530 config lockout mac 00 14 C2 A5 09 8D ProCurve Access ...

Page 246: ... Unlike MAC Lockout a deauthenticated client station is not blocked from re authenticating CLI Commands Used in This Section Deauthenticating a device from the access point The following exam ple shows how to force a client device to deauthenticate from the access point ProCurve Access Point 530 configure ProCurve Access Point 530 config lockout mac clear all 2 MAC addresses removed from lockout l...

Page 247: ...e Connections in client limit mode or single host mode are not supported Guidelines for AP Authentication As with normal users the user account for the AP must be created on the RADIUS server before authentication can occur Authentication is performed using the PEAP MSCHAPv2 or EAP MD5 protocol The username and password are encrypted in the access point s configu ration file If AP Authentication i...

Page 248: ...e that will take precedence over any statically defined VLAN tagging on the port If this occurs management traffic will not be sent from the port after authenti cation Web Configuring AP Authentication The AP Authentication screen shown in Figure 7 12 enables 802 1X AP authentication on the Access Point 530 You can modify the following parameters AP Authentication Enables 802 1X AP authentication ...

Page 249: ...Authentication on the access point by selecting the Disabled button AP Authentication is disabled and any previously used username and pass word are cleared from the access point configuration file CLI Configuring AP Authentication CLI Commands Used in This Section Enabling AP Authentication on the access point The following exam ple enables AP Authentication with username AP2167 password 21B83j0k...

Page 250: ...s of the access point Disabling AP Authentication on the access point To remove AP Authentication on the access point use the no ap authentication command ProCurve Access Point 530 config show ap authentication AP Authentication Settings for the Access Point Status Enabled EAP Type peap ProCurve Access Point 530 config ProCurve Access Point 530 config no ap authentication ProCurve Access Point 530...

Page 251: ...er against the AP 530 s local RADIUS server or against a specified remote RADIUS server The Web Auth Process The AP 530 controls the Web Authentication process restricting connectivity to only the access point until the user has been authenticated by the desig nated RADIUS server The main steps in the Web Auth process are 1 Associating with the AP 530 2 URL Intercept 3 Logging In 4 Authenticating ...

Page 252: ...rough the network The AP 530 intercepts this request and redirects the user s Web browser to the Web Auth login page to initiate the authentication process Logging In Figure 7 13 Web Auth Login Screen On the Web Auth Login page the user either enters a valid username and password to authenticate against the RADIUS server or clicks the Guest button to authenticate using Guest credentials see figure...

Page 253: ...which he or she has rights Failed Authentication If the user enters an invalid username and pass word the RADIUS server denies access and the AP 530 displays the Web Auth Invalid Credentials or Failed page figure 7 15 In this case the user s station remains in the unauthenticated Web Auth state Figure 7 15 Web Auth Failed Authentication The number of attempted logins is configurable After the maxi...

Page 254: ... and Registered users For authentication you can specify both a primary RADIUS server and a secondary RADIUS server to ensure high availability the local RADIUS server may also be used Optional Encryption Users connecting thorough Web Auth may associate with the AP 530 s VLAN interface using No security Static WEP or WPA 2 PSK Other Security Features PAP authentication is supported Web Auth is com...

Page 255: ...th if the IP address and subnet mask are correctly configured for connecting to the AP 530 Customizing the Authentication Screens The fields in three of the informational pages displayed during the Web Authentication process may be customized Login page Welcome page Failed page Each of the customizable pages has four text areas that may be customized by the administrator Title Text The text displa...

Page 256: ...ered users Only guest users Both registered and guest users Login Screen Default Values Table 7 5 Login Screen Default Values Title Text Descr Text Footer Text Header Text Registered User Only Guest User Only Registered Guest User Title Text Login Page Login Page Login Page Header Text Login Page Login Page Login Page Footer Text Contact the network administrator if you do not have an account Subm...

Page 257: ...st User Only Registered Guest User Title Text Authentication Success Success Authentication Success Header Text Authentication Success Success Authentication Success Footer Text You now have access to the network You now have access to the network You now have access to the network Descriptive Text Please wait while the network connection refreshes itself Please wait while the network connection r...

Page 258: ...figuring RADIUS Client Authentication on page 7 32 4 Configure the Web Auth guest credentials if you are using Guest Login 5 Configure the Web Auth temporary IP address pool 6 Configure Web Auth for the WLAN a Select a login type User Login Guest Login or both b Specify the redirect URL and retry limit c Accept the default screen fields or customize them for your environ ment d Enable Web Auth Web...

Page 259: ...ol tab 2 Enter the starting IP address in the Starting IP Address field 3 Enter the desired subnet mask in the Subnet Mask field 4 Enter the desired lease time for temporary addresses that are assigned to Web Auth users from the pool 5 Click Update CLI Configuring the Global Address Pool CLI Commands Used in This Section Command Syntax CLI Reference Page no web auth starting ip address ip address ...

Page 260: ... for all Guest users Password Specifies the password used for all Guest users Update Updates the global Guest Account credentials Figure 7 18 Configuring Guest Account Credentials To Configure the global Guest User credentials 1 Select Web Authentication Guest Account tab 2 Enter the username to be assigned to all Guest users in the Username field ProCurve Access Point 530 config web auth starting...

Page 261: ... global Guest user credentials that will be assigned to Web Auth Guest users Not e The username and password for the global Guest User account must be registered on the selected Web Auth RADIUS server before guest users can be authenticated using Web Auth Command Syntax CLI Reference Page no web auth guest username username 9 81 no web auth guest password password 9 81 ProCurve Access Point 530 co...

Page 262: ...uthentication screen shown in Figure 7 19 configures Web Authen tication on the selected WLAN BSS SSID interface You can modify these parameters Web Authentication Enables disables web authentication on the selected WLAN Guest Login Enables guests clients to authenticate using the username and password of the preconfigured Guest account User Login Enables registered clients to authenticate using t...

Page 263: ...LAN The WLAN Configuration Security pop up window opens 3 Select the Web Authentication tab 4 Click Web Authentication Enabled 5 To enable Guest logins click the Guest Login box 6 To enable registered User logins click the User Login box 7 Enter the destination URL to which the user will be redirected after web authentication is successful 8 Enter the maximum number of log in attempts permitted in...

Page 264: ...LI Configuring the Global Address Pool on page 7 65 Before enabling the optional Guest Login option the Guest User creden tials must be defined as described in CLI Configuring Global Guest Account Settings on page 7 67 CLI Commands Used in This Section Command Syntax CLI Reference Page no web auth 9 82 no web auth guest login 9 82 no web auth username login 9 82 no web auth redirect url 9 82 web a...

Page 265: ...lan 1 WLAN 1 on Radio 1 Description Radio 1 WLAN 1 Status Enabled SSID PR3_WLAN VLAN 1 Untagged BSSID 00 14 C2 A7 11 A0 DTIM Period 2 Security Type wpa psk WPA PSK Closed System Disabled MAC Auth Mode local accept list only MAC Auth List ACL 1 Authentication open system only WEP Key Type hex WEP Key 1 not set WEP Key Size 128bit WEP Key 2 not set Default Key WEP Key 1 WEP Key 3 not set WEP Key 4 n...

Page 266: ... three tabs you can modify these same parameters Default Text When this box is checked the custom fields are disabled on the tab and the default values for all fields will be displayed on the selected screen When this box is unchecked the custom fields are enabled and their values replace the default values on the selected screen Title Text Specifies the custom Title text Header Text Specifies the...

Page 267: ...N Configuration Security pop up window opens 3 Select the Web Authentication tab 4 Select the Login sub tab 5 Click the Default Text box to uncheck it and to enable the fields below 6 Enter your customized Title text in the Title Text field 7 Enter your customized Header text in the Header Text field 8 Enter your customized Footer text in the Footer Text field 9 Enter your customized Descriptive t...

Page 268: ... Text box to check it and to clear and disable the fields below 4 Click Update CLI Customizing the Login Welcome and Failed Screens CLI Commands Used in This Section Command Syntax CLI Reference Page no web auth default login page 9 83 no web auth custom login text title title text header header text footer footer text descriptive descriptive text 9 83 no web auth default welcome page 9 83 no web ...

Page 269: ... its default values The following example customizes the resets the text fields on the Login screen to their default values The same procedure applies to the Welcome screen and the Failed screen as well using their respective commands ProCurve Access Point 530 radio1 wlan1 web auth custom login text title GS User Login ProCurve Access Point 530 radio1 wlan1 web auth custom login text header GS Use...

Page 270: ...7 76 Wireless Security Configuration Web Authentication for Mobile Users ...

Page 271: ...8 1 8 Special Features ...

Page 272: ...ribution System WDS and Spanning Tree Protocol STP 8 15 Web Configuring WDS Parameters 8 19 CLI Configuring WDS Links 8 23 Web Configuring STP Parameters 8 26 CLI Establishing STP Settings 8 27 AP Detection Commands 8 30 Web Configuring AP Detection Parameters 8 30 CLI Configuring AP Detection 8 33 Probe Table 8 35 Probe Table Description 8 35 Guidelines for Configuring the Probe Table 8 35 Identi...

Page 273: ...ods for config uring special features such as QoS upgrading software WDS AP detection and STP This chapter describes how to Configure QoS parameters Maintain configuration and upgrade files Modify WDS parameters Enable AP detection Enable and configure Probe Table settings Configure STP from the CLI ...

Page 274: ...ss to the channel is called WSM IEEE 802 11e specifications for wireless QoS enhancements include packet prioritization scheduled access and call admission control Eager to spur interoperability among multi vendor wireless gear the Wi Fi Alliance created a certification process on a subset of 802 11e called Wi Fi Multi media WMM WMM provides four categories of relative QoS voice video best effort ...

Page 275: ... WMM deactivates QoS control of station EDCA parameters on upstream traffic flowing from the station to the access point however you can still set some parameters on the downstream traffic flowing from the access pointtotheclientstation APEDCAparameters Thedefaultisenabled Advanced Settings Opens the WMM Settings pop up window to configure specific queue QoS parameters Update Updates the access po...

Page 276: ...is queue Data 1 Video High priority queue minimum delay Time sensitive video data is automatically sent to this queue Data 2 Best Effort Medium priority queue medium throughput and delay Most traditional IP data is sent to this queue Data 3 Background Lowest priority queue high throughput Bulk data that requires maximum throughput and is not time sensitive is sent to this queue FTP data for exampl...

Page 277: ...om AP to station to configure Data 0 Voice High priority queue minimum delay Time sensitive data such as VoIP and streaming media are automati cally sent to this queue Data 1 Video High priority queue minimum delay Time sensitive video data is automatically sent to this queue Data 2 Best Effort Medium priority queue medium throughput and delay Most traditional IP data is sent to this queue Data 3 ...

Page 278: ...d button 3 Click the Advanced Settings Edit button to set queue QoS parameters in the WMM Settings pop up window 4 To affect the flow from the access point to the client station down stream update the AP EDCA parameter options 5 To affect the flow from the client station to the client station upstream update the Station EDCA parameter options 6 Select Update to save the settings CLI Configuring Qo...

Page 279: ... parameter on the AP EDCA medium priority queue ProCurve Access Point 530 radio1 qos ap params voice aifs 10 ProCurve Access Point 530 radio1 ProCurve Access Point 530 radio1 qos ap params video cwmin 1 ProCurve Access Point 530 radio1 qos ap params video cwmax 7 ProCurve Access Point 530 radio1 ProCurve Access Point 530 radio1 qos ap params background burst 1 ProCurve Access Point 530 radio1 ...

Page 280: ...d EDCA high priority queue Using the CLI to Enable WME This example enables Wireless Multimedia Extensions as the preferred priority method ProCurve Access Point 530 radio1 qos sta params voice aifs 10 ProCurve Access Point 530 radio1 ProCurve Access Point 530 radio1 qos sta params video cwmin 1 ProCurve Access Point 530 radio1 qos sta params video cwmax 15 ProCurve Access Point 530 radio1 ProCurv...

Page 281: ...ive Inter Contention Contention Maximum Burst Queue Frame Space Min Window Max Window Length Voice 1 3 7 1 5 Video 1 7 15 3 0 Best Effort 3 15 63 0 Background 7 15 1023 0 ProCurve Access Point 530 radio1 show qos sta params Transmission queue QoS settings for wireless stations Radio 1 Adaptive Inter Contention Contention Transmission Queue Frame Space Min Window Max Window Opportunity Limit Voice ...

Page 282: ...ology instead of requiring the agent to inspect every packet that passes through as some other flow sampling methods do uses sample based profiling That is the agent inspects approximately every nth packet from each data source available to sFlow The sampling algorithm is designed to give a high certainty that the total traffic within a small margin of error On the Access Point 530 data sources ar...

Page 283: ...number of inbound packets outbound packets and retransmitted frames The sFlow agent obtains the counters by polling the interfaces periodically as needed to fill datagrams most efficiently However you can configure the maximum time that can elapse before an interface must be polled sFlow Collector The sFlow collector which receives samples from agents all over the network combines and analyzes the...

Page 284: ...sage before the timeout expires the agent erases the sFlow receiver s owner string and allows another sFlow receiver to claim the instance When the collector reserves a receiver instance it also configures one or both of two types of sFlow instances One type allows the collector to receive flow samples and the other allows the collector to receive counters from polled radios When the sFlow receive...

Page 285: ...rvicing the WDS link It is not recommended that the same WDS radio be configured to support wireless stations although it is possible to do so When a radio is configured to support both WDS and wireless stations the data handling capacity of the radio must be split between these two separate activities Thus any wireless station activity on the WDS radio reduces the data handling capacity of the WD...

Page 286: ...Point 530 can then provide wireless WDS links for up to six other Access Point 530 units In this configuration the connected Access Point 530 the one with the Ethernet connection serves as a central access point to pass traffic to and from the other remote access points This configuration is illustrated in Figure 8 3 Figure 8 3 Wired Access Point Provides Wireless WDS Links to Wireless Access Poin...

Page 287: ...buildings across the street from one another by attaching an Access Point 530 to each separate network and configuring with a WDS link between them This process is illustrated in Figure 8 4 In this configuration it is recommended that one radio on each access point be dedicated to the WDS link to maximize WDS link throughput the other radio can either be disabled or used to service wireless statio...

Page 288: ... 5 In this configuration the intermediate access point serves as a repeater to bridge wireless traffic between an access point with an Ethernet connection and a more remote access point on the other side All three access points in this configuration can support wireless stations in addition to bridging network traffic between one another Figure 8 5 WDS Links with AP Repeater to Remote Access Point...

Page 289: ... you to modify the following wireless parameters Spanning Tree Protocol Status Enables disables STP capabilities on the access point The default is Enabled Link 1 6 Enables disables WDS link 1 6 capabilities on the access point You can set up to six links on the access point The default is Disabled When a link is enabled the following parameters are enabled for that link Radio Selects a radio for ...

Page 290: ...WEP key for security WDS WPA Security see Figure 8 8 SSID Establishes an alphanumeric string of up to 32 characters that uniquely identifies a wireless local area network It is also referred to as the network name Not e When using WPA over WDS an SSID is required and must match the SSID on the WDS partner access point for successful opera tion Key Configures WPA key for security Update Updates the...

Page 291: ... to establish the WDS link use the Radio drop down 4 Enter the remote MAC Address or if AP detection is enabled select the remote MAC Address from the drop down of the access point to which you are trying to establish the WDS link The Security mode is preconfigured when the WLAN Security is config ured See Table 7 4 WLAN 1 and WDS Security Configuration on page 17 5 Modify defaulted Key Length and...

Page 292: ...to establish the WDS link use the Radio drop down 4 Enter the remote MAC Address or if AP detection is enabled select the remote MAC Address from the drop down of the access point to which you are trying to establish the WDS link The Security mode is preconfigured to WPA PSK when WLAN 1 Security is configured with either WPA 802 1X security or WPA PSK See Table 7 4 WLAN 1 and WDS Security Configur...

Page 293: ...ce Page enable 9 160 radio used 1 2 9 161 remote mac mac 9 162 wds ssid ssid required when using WPA over WDS 9 161 wep key ascii 9 164 wep key key 9 163 wep key length 64 128 9 164 wpa pre shared key key 9 165 show wds show wds wds_name 9 162 ProCurve Access Point 530 config interface wds1 ProCurve Access Point 530 wds1 enable ProCurve Access Point 530 configure ProCurve Access Point 530 config i...

Page 294: ... key type to hexadecimal This example sets the WDS WEP key length when using static wep security The options are 64 and 128 This example defines the wep key used for data encryption on a WDS inter face Using the CLI to View WDS Parameters These examples use the show wds command to display the status of the WDS links ProCurve Access Point 530 wds1 radio used 1 ProCurve Access Point 530 wds1 remote ...

Page 295: ...et Disabled no security ProCurve Access Point 530 wds1 ProCurve Access Point 530 wds1 show wds 1 WDS 1 Description WDSLINK Status Enabled Use Radio 1 Local MAC 00 14 C2 A4 14 BO Remote MAC 00 0D 9D C6 98 7E STP State forwarding WDS SSID marge Security Type no security from WLAN 1 WEP Key Type hex WEP Key not set WEP Key Size 128bit WPA Key goodsecret Bytes Rx 3562 Bytes Tx 7234 Packets Rx 0 Packet...

Page 296: ...me between any two network devices this prevents the loops but establishes the redundant links as a backup in case the initial link fails If STP costs change or if one network segment in the STP becomes unreach able the spanning tree algorithm reconfigures the spanning tree topology and reestablishes the link by activating the standby path Without STP in place it is possible that both connections ...

Page 297: ...ree Protocol settings for the device The no version of the command disables STP on the device The hello time range is 1 10 the forward delay range is 4 30 and the bridge priority range is 0 65535 Command CLI Reference Page no stp hello time value forward delay value priority value 9 166 show interface ethernet 9 98 ProCurve Access Point 530 configure ProCurve Access Point 530 config stp hello time...

Page 298: ... MAC address 00 14 C2 A5 08 CB Speed duplex auto Administrative status Enabled Management VLAN ID 1 U Untagged VLAN ID 1 Spanning Tree STP Enabled STP Port State forwarding STP Hello Interval 10 0 STP Forward Delay 10 STP Bridge Priority 255 Bytes Rx 22911 Bytes Tx 46107 Packets Rx 240 Packets Tx 299 Compressed Rx 0 Compressed Tx 0 Mcast packets Rx 0 Carrier errors Tx 0 Dropped Rx packets 0 Droppe...

Page 299: ...led Use Radio 1 Local MAC 00 14 C2 A5 22 61 Remote MAC 00 14 C2 A4 14 A0 STP State blocking WDS SSID WDS SSID 1 Security Type no security from WLAN 1 WEP Key Type hex WEP Key not set WEP Key Size 128bit WPA Key not set Bytes Rx 7140 Bytes Tx 76 Packets Rx 66 Packets Tx 1 Compressed Rx 0 Compressed Tx 0 Mcast packets Rx 0 Carrier errors Tx 0 Dropped Rx packets 0 Dropped Tx packets 0 FIFO overflows ...

Page 300: ...performed without losing wireless traffic Web Configuring AP Detection Parameters The AP Detection screen provides configuration for access point detection The AP List tab shown in Figure 8 10 enables you to display and refresh the list of neighboring access points that have been detected during previous scans For each detected access point the following parameters are displayed BSSID Displays the...

Page 301: ...n each radio This setting applies to background scanning only Range 10 3600 seconds The default is 10 Scan Duration Sets the amount of time spent scanning other channels when background scanning is being performed This setting applies to background scanning only Range 5 30 milliseconds The default is 30 Entry Expiration Time Sets expiration value for the listed detected AP entries Range 1 604800 s...

Page 302: ...etection Settings tab 2 To enable scanning select Enable from the AP Detection drop down for the radio you are configuring 3 To specify the beacon transmission interval enter the interval value in the Scan Interval field 4 To specify the duration of scanning enter the duration value in the Scan Duration field 5 Select Update to save the settings ...

Page 303: ... establishes the interval between scans Using the CLI to Set AP List Parameters This example sets the time that a detected AP remains on the AP list and sets the maximum number of AP entries displayed on the list Command CLI Reference Page no ap detection dedicated 9 137 ap detection duration value 9 138 ap detection interval value 9 139 ap detection expire time value 9 138 ap detection max entrie...

Page 304: ...detection results ProCurve Access Point 530 radio1 ap detection expire time 55 ProCurve Access Point 530 radio1 ap detection max entries 100 ProCurve Access Point 530 radio1 show detected ap Neighboring APs BSSID SSID Sec Chan Type 00 14 02 A0 4F BC SSID1 none 3 AP 00 14 03 A2 4F DE SSID2 wpa 3 AP ProCurve Access Point 530 ...

Page 305: ...ved PROBE request timestamp Data rate at which the PROBE was received When existing entries are updated with new PROBE requests the following attributes are modified RSSI PROBE request SSID Number of PROBE requests for this client Last received PROBE request timestamp Data rate at which the PROBE was received Guidelines for Configuring the Probe Table The Probe Table feature is disabled by default...

Page 306: ...cess Control List ACL Rate Limiting IDM on the Access Point 530 can be accomplished using either 802 1X authen tication or MAC authentication The 802 1X authentication is more secure while MAC authentication can be used with stations that don t have 802 1X supplicant Although it is possible to use MAC authentication along with 802 1X there are known user and ACL assignment overrides that occur Ess...

Page 307: ...s section provides general guidelines for configuring a RADIUS server to specify RADIUS based ACLs refer to the RADIUS server documentation for details A RADIUS based ACL configuration has the following Vendor and ACL identifiers ProCurve HP Vendor Specific ID 11 Vendor Specific Attribute for ACLs 61 string HP IP FILTER RAW Setting HP IP FILTER RAW permit or deny Access Control Entry ACE Not e Per...

Page 308: ...8 38 Special Features Identity Driven Management This page is intentionally unused ...

Page 309: ...9 1 9 Command Line Reference ...

Page 310: ...9 16 System Management Commands 9 17 country 9 18 hostname 9 20 domain 9 21 password manager 9 21 buttons 9 22 cli confirmation 9 23 console 9 23 telnet 9 24 ssh 9 25 web management 9 25 show buttons 9 26 show console 9 27 show ssh 9 27 show system information 9 28 show version 9 30 System Logging Commands 9 31 log 9 31 logging 9 32 show debug 9 33 show logging 9 33 ...

Page 311: ...er trap 9 43 show snmp server 9 45 snmpv3 enable 9 46 snmpv3 user name 9 47 show snmpv3 9 47 lldp 9 48 show lldp 9 49 Flash File Commands 9 50 copy 9 51 copy custom default startup config 9 51 copy startup config 9 52 copy factory default 9 53 copy running config 9 53 erase 9 54 write 9 55 show config 9 56 show copy 9 57 show tech 9 57 show custom default 9 58 show running config 9 60 Group Config...

Page 312: ...5 show lockout mac 9 76 lockout mac clear 9 76 Client Station Deauthentication 9 78 deauth mac 9 78 Web Authentication Commands 9 79 web auth Global Address Pool 9 80 web auth Global Guest User 9 81 web auth WLAN Configuration 9 82 web auth WLAN Screen Customization 9 83 show web auth 9 85 AP Authentication Commands 9 86 ap authentication 9 86 show ap authentication 9 87 Filtering Commands 9 87 in...

Page 313: ... 103 description 9 104 closed system 9 104 mode 9 105 antenna 9 106 antenna mode 9 106 basic rate 9 107 supported rate 9 108 channel policy 9 108 beacon interval 9 109 dtim period 9 110 max stations 9 111 preamble 9 111 protected mode 9 112 fragmentation thresh 9 112 inactivity timeout 9 113 slot time 9 114 rts threshold 9 114 tx power reduction 9 115 enable wireless 9 116 disable wireless 9 117 s...

Page 314: ...9 133 wpa cipher tkip 9 134 wpa cipher aes 9 134 wpa psk ascii 9 135 wpa psk hex 9 135 rsn preauthentication 9 136 Neighbor AP Detection Commands 9 137 ap detection 9 137 ap detection duration 9 138 ap detection expire time 9 138 ap detection interval 9 139 ap detection max entries 9 139 show detected ap 9 140 Adaptive Tx Power Control Commands 9 142 atpc 9 142 atpc avoid other aps 9 143 atpc rf g...

Page 315: ...show qos 9 156 rate limit 9 158 Wireless Distribution System WDS 9 159 description wds 9 159 disable wds 9 160 enable wds 9 160 wds ssid 9 161 radio used 9 161 remote mac wds 9 162 show wds 9 162 wep key wds 9 163 wep key ascii wds 9 164 wep key length wds 9 164 wpa pre shared key wds 9 165 Spanning Tree Protocol STP 9 166 stp 9 166 ...

Page 316: ...h File Commands Configures relating to resetting configuration and factory files 9 50 RADIUS Accounting Authentication Commands Configures RADIUS accounting and authentication parameters 9 65 Radius Users Configures RADIUS users 9 69 MAC Address Authentication Configures MAC parameters 9 72 Filtering Commands Configures filtering settings 9 87 Ethernet Interface Commands Configures Ethernet interf...

Page 317: ...ng tables is indicated by these abbrevi ations GC Global Configuration MC Manager Executive Configuration IC E Ethernet Interface Configuration IC WDS WDS Interface Configuration IC R Radio Wireless Interface Configuration and IC R WLAN WLAN Wireless Interface Configuration ...

Page 318: ...text level to the Global Configuration level MC 9 10 copy See Flash File Commands on page 9 50 9 51 end Sets the current context level to the Manager Exec level MC 9 11 erase See Flash File Commands on page 9 50 9 54 exit Sets the current command level to the previous command level MC 9 11 log See System Logging Commands on page 9 31 9 31 logout Terminates the CLI session MC 9 12 ping Sends ICMP e...

Page 319: ...xt level to the Manager Exec level Syntax end Default Setting N A Command Mode Manager Exec Example This example shows how to return to the Manager Exec level from the Ethernet Interface Configuration mode exit Thiscommandsetsthecurrentcommandleveltothepreviouscommandlevel At the Manager Exec level this command acts the same as logout ProCurve Access Point 530 configure ProCurve Access Point 530 c...

Page 320: ...rom the Interface Configuration mode and finally logging out of the CLI session logout This command terminates the CLI session Syntax logout Default Setting N A Command Mode Manager Exec Example ProCurve Access Point 530 ethernet exit ProCurve Access Point 530 config exit ProCurve Access Point 530 exit Connection to host lost ProCurve Access Point 530 logout Connection to host is lost ...

Page 321: ... reached The following are some results of the ping command Normal response The normal response occurs in one to ten seconds depending on network traffic Destination does not respond If the host does not respond a timeout appears in ten seconds Destination unreachable The gateway for this destination indi cates that the destination is unreachable Network or host unreachable The gateway found no co...

Page 322: ...dius local running config snmp server sntp ssh ssid stations supported rate system information time version wlans wds basic rate Shows advertised transmission rates for this device See show basic rate on page 9 122 buttons Shows current status of the buttons on this device See show buttons on page 9 26 config Shows the startup configuration file of this device See show config on page 9 56 console ...

Page 323: ...al MAC address authen tication control lists See show mac auth local on page 9 74 qos Shows QoS details on this device and wireless system See show qos on page 9 156 radios Showsinformationabouttheradio s onthisdevice See show radio on page 9 117 radius local Shows status of the internal RADIUS server on device See show radius local on page 9 70 running config Shows the running configuration file ...

Page 324: ...lans Show WLANs information on this device or radio context See show wlan on page 9 120 wds Show information about the WDS s on this device See show wds on page 9 162 terminal This command sets terminal line parameters Syntax terminal length width length Set number of lines on a screen 2 1000 Number of lines on a screen width Set width of display terminal 61 1920 Number of characters on a screen l...

Page 325: ...agement access MC 9 21 no buttons Enables the ability to clear the password s and or configurations MC 9 22 no cli configuration Enables all CLI confirmation dialog prompts MC 9 25 no console Enables the access point to be managed through a serial port MC 9 23 no telnet Enables the access point to managed through a Telnet connection MC 9 24 no ssh Enables remote Secure Shell access to the device M...

Page 326: ...DZ Estonia EE Libyan Arab Jamahiriya LY Saudi Arabia SA Andorra AD Finland FI Liechtenstein LI Serbia and Montenegro CS Angola AO France FR Lithuania LT Seychelles SC Argentina AR French Guiana GF Luxembourg LU Singapore SG Armenia AM Georgia GE Macau MO Slovakia SK Australia AU Germany DE Macedonia The Former Yugoslav Republic Of MK Slovenia SI Austria AT Gibraltar GI Malaysia MY South Africa ZA ...

Page 327: ...e UA Cambodia KH Ireland IE Norway NO UnitedArabEmirates AE Canada CA Israel IL Oman OM United Kingdom GB Chile CL Italy IT Pakistan PK United States US China CN Jamaica JM Palestinian Territory Occupied PS Uruguay UY Colombia CO Japan JP Panama PA Uzbekistan UZ Costa Rica CR Jordan JO Paraguay PY Venezuela VE Croatia HR Kazakhstan KZ Peru PE Vietnam VN Cuba CU Korea Democratic People Republic Of ...

Page 328: ...sing the erase startup config command or by pressing the reset button and clear buttons simulta neously see Appendix A Resets the configuration back to factory defaults on page A 17 Example hostname This command sets the system hostname Syntax hostname hostname hostname A text string to identify the system Maximum length 50 characters Default Setting ProCurve AP 530 Command Mode Global Configurati...

Page 329: ... None Command Mode Global Configuration Example password manager This command sets the password for entering the Manager Exec level Syntax password manager password password Atextstringtoestablishsecurity forentryintotheManager Exec level Note The password is case sensitive and must be at least 1 character and at most 32 characters long However only the first 8 characters of the password are used ...

Page 330: ...iguration via the buttons The no version of the command disables this devices ability to reset this device to the factory default configuration via the buttons The no buttons factory reset command will not work ifthe serialconsole is already disabled e g no console has been executed password reset Enables the ability to reset the password s on this device via the buttons The no version of the comm...

Page 331: ... point The no version disables the serial console on the access point The no console command will not work if the factory reset button is already disabled e g no buttons factory reset has been executed ProCurve Access Point 530 configure ProCurve Access Point 530 config no buttons custom reset ProCurve Access Point 530 config no buttons factory reset ProCurve Access Point 530 config no buttons pas...

Page 332: ...l Configuration Example telnet This command enables remote Telnet access The no version disables remote Telnet access to this device Syntax telnet no telnet Default Setting Enabled Command Mode Global Configuration ProCurve Access Point 530 configure ProCurve Access Point 530 config console ProCurve Access Point 530 config ...

Page 333: ...rsion disables the remote Web access to this device Syntax web management plaintext ssl no web management plaintext Enables remote HTTP insecure access to the device The no version of the command disables remote HTTP access ssl Enable remote HTTPS secure access to the device The no version of the command disables remote HTTPS access ProCurve Access Point 530 configure ProCurve Access Point 530 con...

Page 334: ...ult Setting N A Command Mode Manager Exec General Configuration Context Example This example displays the status of the push buttons on the access point ProCurve Access Point 530 configure ProCurve Access Point 530 config web management ssl ProCurve Access Point 530 config ProCurve Access Point 530 show buttons Custom Reset Enabled Factory Reset Enabled Password Reset Enabled System Reset Enabled ...

Page 335: ...sh This command displays the current SSH configuration and the status of the active SSH connections on this device Syntax show ssh Default Setting N A Command Mode Manager Exec ProCurve Access Point 530 config show console CLI Access Serial Interface Enabled Telnet Interface Enabled SSH Interface Enabled CLI Confirmation Dialogs Enabled Web Access HTTP Interface Enabled SSL Interface Enabled ProCu...

Page 336: ... information about the device and the hostname DNS information This command is the same as the show system command Syntax show system information Default Setting N A Command Mode Manager Exec Global Configuration ProCurve Access Point 530 config show ssh SSH Status Enabled ProCurve Access Point 530 config ...

Page 337: ...WA 01 00 Ethernet MAC Address 00 14 C2 A5 08 CB IP Address 192 168 15 100 Subnet Mask 255 255 255 0 Default Gateway 192 168 15 1 DHCP Client Enabled Management VLAN ID 1 Untagged VLAN ID 1 Radio 1 MAC Address 00 14 C2 A5 22 E0 Radio 1 Status Disabled 802 11g Radio 2 MAC Address 00 14 C2 A5 22 F0 Radio 2 Status Disabled 802 11a HTTP Interface Enabled SSL Interface Enabled SSH Interface Enabled Teln...

Page 338: ...splays the version of the software running on the device Syntax show version Default Setting N A Command Mode Manager Exec Global Configuration Example ProCurve Access Point 530 show version Image Software Version WA 02 00 0412 Boot Software Version WAB 01 00 ProCurve Access Point 530 ...

Page 339: ...s functionally the same as the show logging command Syntax log Default Setting N A Command Mode Manager Exec Command Function Mode Page log Displays all log entries in access point memory MC 9 31 no logging syslog_host syslog_port Adds a syslog server host IP address and assign a port number that will receive logging messages GC 9 32 show debug Displays the debugging results MC 9 33 show logging D...

Page 340: ...ceiving syslog server Default Setting Disabled Command Mode Global Configuration ProCurve Access Point 530 log Keys M eMergency C Critical W Warning I Information A Alert E Error N Notice D Debug Event Log Listing Most Recent Events First I 01 03 00 03 57 15 login 29765 root login on ttyp0 I 01 03 00 02 28 56 login 24466 root login on ttyp0 I 01 02 00 04 00 49 login 7445 root login on ttyp0 I 01 0...

Page 341: ...his device Syntax show debug Default Setting N A Command Mode Manager Exec Global Configuration Example show logging This command displays all the entries in the event log on the device This command is functionally the same as the log command Syntax ProCurve Access Point 530 configure ProCurve Access Point 530 config logging 10 1 0 3 514 ProCurve Access Point 530 config ProCurve Access Point 530 s...

Page 342: ...Event Log Listing Most Recent Events First I 01 03 00 03 57 15 login 29765 root login on ttyp0 I 01 03 00 02 28 56 login 24466 root login on ttyp0 I 01 02 00 04 00 49 login 7445 root login on ttyp0 I 01 02 00 02 23 30 login 1248 root login on ttyp0 I 01 01 00 07 10 33 login 28706 root login on ttyp0 I 01 01 00 05 59 52 login 24293 root login on ttyp0 I 01 01 00 03 00 16 login 13449 root login on t...

Page 343: ... to record accurate dates and times for log events Without SNTP the access point only records the time starting from the factory default set at the last bootup i e 00 14 00 January 1 1970 When SNTP client mode is enabled the sntp server command specifies the time servers from which the access point polls for time updates The access point will poll the time servers in the order specified until a re...

Page 344: ...ult Setting N A Command Mode Manager Exec Example show time This command displays the current date and time Syntax show time Default Setting N A Command Mode Manager Exec Example ProCurve Access Point 530 show sntp SNTP Status Enabled SNTP Server 10 1 0 19 ProCurve Access Point 530 ProCurve Access Point 530 show time Sat Jan 3 16 35 14 2008 ProCurve Access Point 530 ...

Page 345: ...no snmp server contact contact Sets the contact string GC 9 40 snmp server port port Sets the SNMP server port number GC 9 42 no snmp server trap trap Enables and disables SNMP traps GC 9 43 show snmp server Displays the status of SNMP communications MC 9 45 SNMPv3 no snmpv3 enable Enables and disablesSNMPv3functionson the access point GC 9 46 no snmpv3user name name auth md5 sha password priv des...

Page 346: ...ecifies read only access Authorized management stations are only able to retrieve MIB objects The no version of the command clears the read only community value unrestricted Specifies read write access Authorized management stations are only able to retrieve MIB objects The no version of the command clears the read write community value Default Setting Restricted community with a public access def...

Page 347: ...the SNMP contact name Use the no form to remove the specified contact name Syntax snmp server contact contact no snmp server contact contact Name of the contact Default Setting Command Mode Global Configuration Example ProCurve Access Point 530 config snmp server contact J Wilson ProCurve Access Point 530 config ...

Page 348: ...lthough you can set this string using the snmp server host command by itself we recommend that you define this string using the snmp server community command prior to using the snmp server host command Maximum length 32 characters Default Setting Host Address None Community String public Command Mode Global Configuration Command Usage Thesnmp serverhost commandisusedinconjunctionwiththesnmp server...

Page 349: ...location description Use the no form to remove the specified location description Syntax snmp server location location no snmp server location location Name of the contact Default Setting Command Mode Global Configuration Example ProCurve Access Point 530 config snmp server location BHall6 ProCurve Access Point 530 config ...

Page 350: ...ill use on this device Syntax snmp server port port port The number specifying the port to which the SNMP server will listen This must be an unused port on the AP Default Setting 161 Command Mode Global Configuration Example ProCurve Access Point 530 configure ProCurve Access Point 530 config snmp server port 161 ProCurve Access Point 530 config ...

Page 351: ...buttonUpdate clientAssociation clientAuthentication clientDeAuthenticate clientReAssociation clientRequestFailure dot1XAuthFailure dot1XAuthNotInitiated dot1XAuthSuccess localMacAuthFailure localMacAuthSuccess mgmtAccessUpdate mgmtVlanIdUpdate possibleNeighborAp radioAntennaUpdate radiusAcctUpdate radiusServerFailover remoteMacAddrAuthFail remoteMacAddrAuthSucc sysConfigFileTransfer systemDown sys...

Page 352: ...Command Line Reference Network Management Application Commands Example ProCurve Access Point 530 configure ProCurve Access Point 530 config snmp server trap radiusAcctUpdate ProCurve Access Point 530 config ...

Page 353: ...onUpdate Enabled hpWlanClientAssociation Enabled hpWlanApInterfaceUpdate Enabled hpWlanClientDeAuthentication Enabled hpWlanClientAuthentication Enabled hpWlanClientRequestFailure Enabled hpWlanClientReAssociation Enabled hpWlanDot1XAuthNotInitiated Enabled hpWlanDot1XAuthFailure Enabled hpWlanLocalMacAuthClientFailure Enabled hpWlanDot1XAuthSuccess Enabled hpWlanLocalMacAuthClientSuccess Enabled ...

Page 354: ... Access Point 530 config ProCurve Access Point 530 config snmpv3 enable ProCurve Access Point 530 config show snmpv3 SNMPv3 Enabled SNMP engine ID 00 00 00 0b 00 00 00 14 c2 a5 6a b3 SNMPv3 user accounts Username Auth Protocol Privacy Protocol tjameson MD5 AES ProCurve Access Point 530 config no snmpv3 enable ProCurve Access Point 530 config show snmpv3 SNMPv3 Disabled SNMP engine ID 00 00 00 0b 0...

Page 355: ... SHA authentication auth pass The password for the selected authentication method priv Adds a privacy method to the user settings des Uses DES encryption aes Uses AES encryption priv pass The password for the selected privacy method Default Setting None Command Mode Global Configuration Example Related Commands snmpv3 enable page 9 46 show snmpv3 page 9 47 show snmpv3 This command displays the cur...

Page 356: ...bles Link Layer Discovery Protocol LLDP service on the device The no version of the command disables LLDP on the device Syntax lldp no lldp Default Enabled Command Mode Global Configuration ProCurve Access Point 530 show snmpv3 SNMPv3 Enabled SNMP engine ID 00 00 00 0b 00 00 00 14 c2 a5 09 8c SNMPv3 user accounts Username Auth Protocol Privacy Protocol ltulina MD5 AES afanto None None tjames MD5 N...

Page 357: ...y Protocol LLDP service on the device Syntax show lldp Default N A Command Mode Global Configuration Example ProCurve Access Point 530 configure ProCurve Access Point 530 config lldp ProCurve Access Point 530 config ProCurve Access Point 530 configure ProCurve Access Point 530 config show lldp LLDP Status Enabled ProCurve Access Point 530 config ...

Page 358: ...default Reset a configuration file to the factory default configuration on the device MC 9 53 copy running config startup config custom default Reset a configuration file to the running configuration on the device MC 9 53 erase Reset the specified configuration file stored on the device MC 9 54 write View or save the running configuration of the device MC 9 55 show config Display the startup confi...

Page 359: ...ration file This operation will replace the existing startup configuration file on the device ip The IP address of the remote server file The filename of the file on the remote server user name user password pass Specify the username and pass word for the FTP and SCP remote servers Default Setting N A Command Mode Manager Exec Example copy custom default startup config This command sets the startu...

Page 360: ... scp tftp flash startup config ip file user name user password pass startup config Specify that the type of file to copy is the startup configuration file ftp scp tftp Specify the type of remote server where the file will be placed Possible servers are File Transfer Protocol FTP Secure Copy Protocol SCP and the Trivial File Transfer Protocol TFTP ip The IP address of the remote server file The fil...

Page 361: ...default Resetthe defaultconfiguration file to contain the same settings as the factory default configuration file Default Setting N A Command Mode Manager Exec Example copy running config This command saves the running default to a configuration file on the device Syntax copy running default startup config custom default ProCurve Access Point 530 copy startup config ftp 192 168 1 52 copystart user...

Page 362: ...le Default Setting N A Command Mode Manager Exec Example Related Commands write page 9 55 erase This command resets the specified configuration file stored on the device Syntax erase custom default startup config custom default Resets the customer modified version of the factory default configuration startup config Resets the startup configuration to the custom default configuration and reloads th...

Page 363: ...device Syntax write memory terminal memory Copies the running configuration to the startup configura tion file This is the same as the copy running default startup config command terminal Displays the running configuration of the device on the terminal Default Setting N A Command Mode Manager Exec Example Related Commands copy running config startup config page 9 53 ProCurve Access Point 530 erase...

Page 364: ...cy wep key length 104 wep key length radio wlan1 radio wds ssid WDS SSID 2 wds ssid wep key ascii no wep key ascii wds wpa psk format ascii wds wpa psk format description Wireless Distribution System Link 2 description interface interface name wlan0wds4 type wds type status down status wds security policy no security wds security policy wep key length 104 wep key length radio wlan1 radio wds ssid ...

Page 365: ...nfiguration Example show tech This command displays the output of a predefined command sequence used by technical support Syntax show tech Default Setting N A Command Mode Manager Exec Global Configuration ProCurve Access Point 530 show copy Copy Operation Status FTP SCP TFTP Last software image flash copy result not initiated Last configuration file copy result not initiated ProCurve Access Point...

Page 366: ...0 show tech Description Radio 1 WLAN 10 Status Disabled SSID SSID 10 VLAN None BSSID not assigned yet DTIM Period 2 Security Type no security No Sec Closed System Disabled MAC Auth Mode local deny list only MAC Auth List not set Authentication open system only WEP Key Type hex WEP Key 1 WEP Key Size 128bit WEP Key 2 Default Key WEP Key 1 WEP Key 3 WEP Key 4 WPA or WPA2 WPA and WPA2 WPA Cipher TKIP...

Page 367: ...ds security policy wep key length 104 wep key length radio wlan1 radio wds ssid WDS SSID 2 wds ssid wep key ascii no wep key ascii wds wpa psk format ascii wds wpa psk format description Wireless Distribution System Link 2 description interface interface name wlan0wds0 type wds type status down status wds security policy wpa psk wds security policy wep key length 104 wep key length remote mac remo...

Page 368: ...key length radio wlan1 radio wds ssid WDS SSID 2 wds ssid wep key ascii no wep key ascii wds wpa psk format ascii wds wpa psk format description Wireless Distribution System Link 2 description interface interface name wlan0wds4 type wds type status down status wds security policy no security wds security policy wep key length 104 wep key length radio wlan1 radio wds ssid WDS SSID 5 wds ssid wep ke...

Page 369: ...enables or disables the group configuration feature on the access point Syntax no group config group config Enables the group configuration feature no group config Disables the group configuration feature Default Setting N A Command Mode Global Configuration Example Command Function Mode Page no group config Enables and disables the group configuration feature on the access point GC 9 61 group con...

Page 370: ...llowing example specifies that the access point will belong to group WHBldg22 group config member id The command sets an optional string that identifies the access point within the group The member id identifies the access point in the member list Syntax group config member id member id ProCurve Access Point 530 configure ProCurve Access Point 530 config group config ProCurve Access Point 530 conf...

Page 371: ...s the access point in the member list as AP1 show group config The command displays the current group configuration settings for the access point Syntax show group config show group config Displays the current group configuration settings Default Setting None Command Mode Manager Exec ProCurve Access Point 530 configure ProCurve Access Point 530 config group config member id AP1 ProCurve Access Po...

Page 372: ...eference Group Configuration Example ProCurve Access Point 530 show group config Status Enabled Group name WHBldg22 Member ID AP1 mac ip 00 14 C2 A5 09 8C 10 0 1 101 00 14 C2 A5 6A B3 10 0 1 102 ProCurve Access Point 530 ...

Page 373: ...mand disables use of the primary RADIUS accounting server by clearing the IP address setting secondary Configure settings IP port key for the secondary RADIUS accounting server The no version of the command disables use of the secondary RADIUS accounting server by clearing the IP address setting ip ip The IP address of the RADIUS server port port The port of the RADIUS server key key The shared se...

Page 374: ...mmand disables use of the local built in RADIUS authentication server as an additional server retransmit limit Set the number of retry attempts that are made to a RADIUS authentication accounting server until switching to the next server on the list The no version of the command is not available for this parameter Valid values 1 30 Default Setting Disabled Retransmit value set to 3 Command Mode WL...

Page 375: ...he command disables use of the secondary RADIUS authentication server by clearing the IP address setting ip ip The IP address of the RADIUS server Default is 192 168 1 10 local Use the local built in radius server port port The port of the RADIUS server key string The shared secret string for the RADIUS server mac auth password password Set the password that will be used by wireless stations for r...

Page 376: ...led Command Mode WLAN Radio Interface Configuration Example ProCurve Access Point 530 configure ProCurve Access Point 530 config radio 1 ProCurve Access Point 530 radio1 wlan 1 ProCurve Access Point 530 radio1 wlan1 radius primary key open ProCurve Access Point 530 radio1 wlan1 radius primary ip 192 168 1 53 ProCurve Access Point 530 radio1 wlan1 radius primary mac format multi colon ProCurve Acce...

Page 377: ...moves the user account with the specified username Maximum characters 50 disabled Set the user account to be disabled The no version of the command re enables the user account password Specify the password to be used with the user account Range 1 32 alphanumeric characters realname Specify the real name for the account holder on the user account No spaces Maximum characters 50 Default Setting None...

Page 378: ...ount information for the internal RADIUS server on this device Syntax show radius local Default Setting N A Command Mode Manager Exec ProCurve Access Point 530 configure ProCurve Access Point 530 config radius local chris ProCurve Access Point 530 config radius local chris password chrisopen ProCurve Access Point 530 config ProCurve Access Point 530 configure ProCurve Access Point 530 config radiu...

Page 379: ...eference RADIUS Users Example ProCurve Access Point 530 configure ProCurve Access Point 530 config show radius local Username Real Name Status MSmith Mr Smith Enabled Chris CSmith Enabled ProCurve Access Point 530 config ...

Page 380: ...t and all entries in the entire list mac address Specifies an entry in the authentication control list by MAC address The no version of the command removes the specific MAC address entry from the specific MAC address authentication control list Valid format is 00 00 00 00 00 00 FF FF FF FF FF FF accept list The wireless stations whose MAC address is on the list will be allowed access to the device...

Page 381: ...x mac auth remote no mac auth remote Default None Command Mode WLAN Interface Configuration Example ProCurve Access Point 530 configure ProCurve Access Point 530 config radio 1 ProCurve Access Point 530 radio1 wlan 1 ProCurve Access Point 530 radio1 wlan1 mac auth local Bob accept list ProCurve Access Point 530 radio1 wlan1 ProCurve Access Point 530 configure ProCurve Access Point 530 config radio...

Page 382: ...ice Syntax show mac auth local name name Displays only MAC address entries for the specified list Default N A Command Mode WLAN Radio Interface Configuration Example ProCurve Access Point 530 show mac auth local mylist MAC address entries for authentication control list mylist MAC Addresses 00 11 22 33 44 55 00 aa bb cc dd ee ProCurve Access Point 530 ProCurve Access Point 530 ...

Page 383: ...ss entry from the MAC Lockout list Valid format is 00 00 00 00 00 00 FF FF FF FF FF FF Default None Command Mode Global Configuration Example Command Function Mode Page no lockout mac mac address Adds or removes the selected MAC address to the MAC Lockout list GC 9 75 show lockout mac Shows all entries in the MAC Lockout list MC 9 76 lockout mac clear mac address all Clears a selected MAC address ...

Page 384: ...ries in the MAC Lockout list on the device Syntax lockout mac clear mac address all mac address Specifies an entry in the MAC Lockout list Valid format is 00 00 00 00 00 00 FF FF FF FF FF FF all Clears all addresses from the MAC Lockout list Default None Command Mode Global Configuration ProCurve Access Point 530 show lockout mac Locked out addresses 00 14 C2 A5 09 8D 0A 16 D2 5A 23 78 Number of l...

Page 385: ... ProCurve Access Point 530 configure ProCurve Access Point 530 config lockout mac clear all 2 MAC addresses removed from lockout list ProCurve Access Point 530 config show lockout mac No MAC addresses in lockout list ProCurve Access Point 530 config ...

Page 386: ...ess point Syntax deauth mac mac address mac address Specifies the MAC Address to deauthenticate Valid format is 00 00 00 00 00 00 FF FF FF FF FF FF Default None Command Mode Global Configuration Example Command Function Mode Page deauth mac mac address Deauthenticates the specified MAC address from the device GC 9 78 ProCurve Access Point 530 deauth mac 00 d0 59 c8 62 dd ProCurve Access Point 530 ...

Page 387: ...addresses GC 9 80 no web auth guest username username Specifies the username that will be used for Guest user logins using Web Auth GC 9 81 no web auth guest password password Specifies the password that will be used for Guest user logins using Web Auth GC 9 81 show web auth Displays the current Web Auth settings MC 9 85 Per WLAN no web auth guest login Enables or disables Web Auth for Guest users...

Page 388: ...r the Login screen IC R WLAN 9 83 web auth custom login text title title text header header text footer footer text descriptive descriptive text Specifies the custom text field values on the Web Auth Login screen IC R WLAN 9 83 no web auth default welcome page Enables or disables the default field values for the Welcome screen IC R WLAN 9 83 web auth custom welcome text title title text header hea...

Page 389: ... 530 config web auth starting ip address 192 168 0 1 255 255 240 0 ProCurve Access Point 530 config web auth lease time 60 ProCurve Access Point 530 config show web auth Temporary Address Pool Start 192 168 0 1 Subnet 255 255 240 0 Lease time secs 60 Guest Username lbg_guest Guest Password lbgpassword ProCurve Access Point 530 config ProCurve Access Point 530 config web auth guest username lbg_gue...

Page 390: ... redirect url web auth retry limit retries guest login Enables or disables Web Auth for Guest users on the selected WLAN username login Enables or disables Web Auth for Registered users on the selected WLAN redirect url Specifies the URL the user is redirected to following successful Web Authentication retries Specifies the number of failed login attempts from 1 to 9 a user may make before logins ...

Page 391: ...th redirect url www procurve com ProCurve Access Point 530 radio1 wlan1 show wlan 1 WLAN 1 on Radio 1 Description Radio 1 WLAN 1 Status Enabled SSID PR3_WLAN VLAN 1 Untagged BSSID 00 14 C2 A7 11 A0 DTIM Period 2 Security Type wpa psk WPA PSK Closed System Disabled MAC Auth Mode local accept list only MAC Auth List ACL 1 Authentication open system only WEP Key Type hex WEP Key 1 not set WEP Key Siz...

Page 392: ...stom login text Specifies that the following custom text is for the Login screen default welcome page Enables or disables the default field values for the Welcome screen custom welcome text Specifies that the following custom text is for the Welcome screen default failed page Enables or disables the default field values for the Failed screen custom failed text Specifies that the following custom t...

Page 393: ... Access Point 530 radio1 wlan1 web auth custom login text header GS User Login ProCurve Access Point 530 radio1 wlan1 web auth custom login text descriptive Enter your General Services Department username and password ProCurve Access Point 530 radio1 wlan1 show wlan 1 ProCurve Access Point 530 config show web auth Temporary Address Pool Start 192 168 0 1 Subnet 255 255 240 0 Lease time secs 60 Gue...

Page 394: ...oint password Specifies the password for the access point user no ap authentication eap type eap type eap type Specifies the EAP authentication type for the access point user either MD5 or PEAP Default Disabled Command Mode Global Configuration Example Command Function Mode Page no ap authentication Enables and disables AP authentication on the access point GC 9 86 show ap authentication Displays ...

Page 395: ...munications between wireless stations control access to the management interface from wireless stations and filter traffic using specific Ethernet protocol types ProCurve Access Point 530 config show ap authentication Status Enabled EAP Type peap ProCurve Access Point 530 config Command Function Mode Page no inter station blocking Enables communication between wireless stations GC 9 88 no wireless...

Page 396: ...mand Mode Global Configuration Example wireless mgmt block This command enables access to the management interfaces http telnet etc from the wireless side on the device The no version of the command disables this ability on the device Syntax wireless mgmt block no wireless mgmt block Default Disabled Command Mode Global Configuration Manager Exec Example ProCurve Access Point 530 configure ProCurv...

Page 397: ...nd displays management traffic security filter settings for the device Syntax show filters Default N A Command Mode Global Configuration Manager Exec ProCurve Access Point 530 configure ProCurve Access Point 530 config wireless mgmt block ProCurve Access Point 530 config ...

Page 398: ...ommand Line Reference Filtering Commands Example ProCurve Access Point 530 show filters Traffic Security Filters Wireless Management Blocking Enabled Inter Station Blocking Disabled ProCurve Access Point 530 ...

Page 399: ...nterface IC E 9 92 disable Disables the interface IC E 9 92 description Specifies a human readable description of this interface IC E 9 93 dns primary server_1 Specifies the primary name server GC 9 93 dns secondary server_2 Specifies the secondary name server GC 9 94 no ip address ip mask ip bits dhcp Sets the IP address for the Ethernet interface IC E 9 95 no ip default gateway ip Sets the stati...

Page 400: ...ode Ethernet Interface Configuration Example disable ethernet This command disables the specified interface Syntax disable Default Setting N A Command Mode Ethernet Interface Configuration ProCurve Access Point 530 config interface ethernet ProCurve Access Point 530 ethernet ProCurve Access Point 530 config interface ethernet ProCurve Access Point 530 ethernet enable ProCurve Access Point 530 ethe...

Page 401: ...e alphabetical description of the interface Maximum characters 1 255 Default Setting None Command Mode Ethernet Interface Configuration Example dns primary This command establishes the primary DNS server address The no version of the command clears the primary IP address if one is set and does not require for the IP to be specified ProCurve Access Point 530 config interface ethernet ProCurve Acces...

Page 402: ... made with a DHCP server then the DHCP client must be disabled in order to implement a static ip address Example dns secondary This command establishes the secondary DNS server address The no version of the command clears the secondary IP address if one is set and does not require for the IP to be specified Syntax dns secondary server_2 server_2 A static ip address set to the secondary dns server ...

Page 403: ... bits Specify the static network mask in CIDR notation to be used when DHCP is not used The no version of the command clears the statically assigned IP address and network mask dhcp Enable the DHCP client on this interface The no version of the command disables the DHCP client on this interface secondary Specifies a secondary IP address Default Setting IP address 192 168 1 1 Netmask 255 255 255 0 ...

Page 404: ...p command Valid IP addresses consist of four numbers 0 to 255 separated by periods Anything other than this format will not be accepted by the configuration program Example ip default gateway This command sets the static default gateway router for the device The no version of the command does not require parameters and resets the address of the default gateway router if any Syntax ip default gatew...

Page 405: ...s half duplex 10 full 10 Mbps full duplex 100 full 100 Mbps full duplex secondary Specifies a secondary IP address Default Setting auto Command Mode Interface Configuration Ethernet Example show ip This command displays the IP address information static default gateway router configuration and the DHCP client configuration status on the device Syntax ProCurve Access Point 530 config interface ethe...

Page 406: ...rmation about the specified interface i e ethernet Default Setting N A Command Mode Manager Exec ProCurve Access Point 530 show ip IP Address Information System Host Name ProCurve AP 530 IP Address 192 168 1 2 Subnet Mask 255 255 255 0 Default Gateway 192 168 1 253 DHCP Client Enabled DNS Information Obtained from DHCP Domain Name Suffix example ca example net Primary DNS Server 204 127 202 0 Seco...

Page 407: ...s 00 14 C2 A5 08 CB Speed duplex auto Administrative status Enabled Link status add in future Management VLAN ID 1 U Untagged VLAN ID 1 Spanning Tree STP Enabled STP Port State forwarding STP Hello Interval 10 0 STP Forward Delay 10 STP Bridge Priority 255 Bytes Rx 70912184 Bytes Tx 30955292 Packets Rx 194926 Packets Tx 286333 Compressed Rx 0 Compressed Tx 0 Mcast packets Rx 0 Carrier errors Tx 0 ...

Page 408: ...ess Information System Host Name ProCurve AP 530 IP Address 192 168 1 2 Subnet Mask 255 255 255 0 Default Gateway 192 168 1 253 DHCP Client Enabled DNS Information Obtained from DHCP Domain Name Suffix example net Primary DNS Server 204 127 202 0 Secondary DNS Server 216 148 227 00 ProCurve Access Point 530 ...

Page 409: ...ntenna mode IC R 9 106 basic rate value Configuresthemaximumdatarateatwhichthe access point can transmit traffic IC R 9 107 supported rate value Configuresthemaximumdatarateatwhichthe access point can transmit traffic IC R 9 108 channel policy static auto Sets the policy on the channel to static or automatic IC R 9 108 beacon interval interval Configures the rate at which beacon frames are transmi...

Page 410: ...enttothereceivingstationpriortothe sending station starting communications IC R 9 114 tx power reduction Adjusts the power of the radio signals transmitted from the access point IC R 9 115 enable Enables the radio or SSID wireless interfaces IC R IC R WLAN 9 116 disable Disables the radio or SSID wireless interfaces IC R IC R WLAN 9 117 show radio radio Shows the status for the wireless interface ...

Page 411: ...ndexes is 16 Any index number in the range 1 to 16 can be selected for an SSID interface per radio Each SSID interface name must be unique stations that want to connect to the network via the access point must set their SSIDs to match one of the access point s SSID interfaces Example ProCurve Access Point 530 configure ProCurve Access Point 530 config radio 1 ProCurve Access Point 530 radio1 ProCu...

Page 412: ...ters Default Setting Radio Radio 1 WLAN 1 SSID SSID 1 Command Mode Radio Interface Configuration WDS Radio Interface Configuration WLAN Interface Configuration Example closed system This command closes access to stations without a pre configured SSID Use the no form to disable this feature Syntax closed system no closed system Default Setting Disabled ProCurve Access Point 530 configure ProCurve A...

Page 413: ...d spectrum DSSS or frequency hopping spread spectrum FHSS in the 2 4 GHz ISM band as well as comple mentary code keying CCK to provide the higher data rates It supports data rates ranging from 1 to 11 Mbps Supported on both the access point s radios 1 and 2 g 802 11g stations operate at a higher speed extension up to 54 Mbps to the 802 11b PHY while operating in the 2 4 GHz band It uses orthogonal...

Page 414: ...iguration Example antenna mode This command sets the antenna diversity mode on this radio These settings only have an effect if the external antenna configuration is used Syntax antenna mode diversity single diversity Diversity 2 connections elements antenna system ProCurve Access Point 530 configure ProCurve Access Point 530 config radio 1 ProCurve Access Point 530 radio1 mode g ProCurve Access P...

Page 415: ...tax basic rate value no basic rate value The transmit data rate value set Options 1 2 5 5 6 9 11 Mbps for a and b modes 1 2 5 5 6 9 11 12 18 24 36 54 Mbps for g mode Default Setting Radio 1 1 2 5 5 11 Mbps for g mode Radio 2 6 12 24 for a mode Command Mode Radio Interface Configuration Example ProCurve Access Point 530 configure ProCurve Access Point 530 config radio 1 ProCurve Access Point 530 ra...

Page 416: ...6 54 Mbps Default Setting Options 1 2 5 5 6 9 11 12 18 24 36 54 Mbps Command Mode Interface Configuration Wireless Example channel policy This command sets the channel utilization policy on this radio Syntax channel policy auto static channel auto Automatically detect and use the least congested channel static Use the statically configured channel channel The specific channel Default Setting auto ...

Page 417: ...fault behavior is to send a beacon frame once every 100 microseconds or 10 per second Command Mode Radio Interface Configuration Command Usage The beacon frames allow wireless stations to maintain contact with the access point They may also carry power management information Example Related Commands rate limit page 9 158 ProCurve Access Point 530 configure ProCurve Access Point 530 config radio 1 ...

Page 418: ...necessary to wake up stations that are using Power Save mode The DTIM is the interval between two synchronous frames with broadcast multicast information The default value of 2 indicates that the access point will save all broadcast multicast frames for the Basic Service Set BSS and forward them after every second beacon Using smaller DTIM intervals delivers broadcast multicast frames in a more ti...

Page 419: ...t Setting 256 Command Mode Radio Interface Configuration Example preamble This command sets the length of the signal preamble for this radio Syntax preamble long short long Uses a long preamble only short Uses a short or long preamble Default Setting long Command Mode Radio Interface Configuration ProCurve Access Point 530 configure ProCurve Access Point 530 config radio 1 ProCurve Access Point 53...

Page 420: ...imum packet frame size that can be fragmented when passing through the access point Syntax fragmentation thresh value value Minimum packet frame size for which fragmentation is allowed Range 256 2346 bytes Default Setting 2346 This effectively disables fragmentation ProCurve Access Point 530 configure ProCurve Access Point 530 config radio 1 ProCurve Access Point 530 radio1 preamble short ProCurve...

Page 421: ...setting the fragment size to send smaller fragments This will speed up the retransmission of smaller frames However it is more efficient to set the fragment size larger if very little or no interference is present because it requires overhead to send multiple frames Example inactivity timeout This command configures the length of time after which a wireless station is considered inactive if no tra...

Page 422: ... RequesttoSend RTS signal must be sent to the receiving station prior to the sending station starting communications Syntax rts threshold threshold threshold Threshold packet size for which to send an RTS Range 0 2347 bytes Default Setting 2347 ProCurve Access Point 530 configure ProCurve Access Point 530 config radio 1 ProCurve Access Point 530 radio1 inactivity timeout 10 ProCurve Access Point 5...

Page 423: ...tation sends a CTS frame to notify the sending station that it can start sending data Access points contending for the wireless medium may not be aware of each other The RTS CTS mechanism can solve this Hidden Node problem Example tx power reduction This command adjusts the power value of the radio signals transmitted from the access point Syntax trx power reduction value value Set the value which...

Page 424: ... access point coverage area Default is 0 Example enable wireless This command enables either the radio ssid or wds interfaces Syntax enable Default Setting N A Command Mode Radio Interface Configuration WDS Interface Configuration WLAN Interface Configuration Example ProCurve Access Point 530 configure ProCurve Access Point 530 config radio 1 ProCurve Access Point 530 radio1 tx power reduction 5 P...

Page 425: ...WDS Interface Configuration WLAN Interface Configuration Example show radio This command displays detailed information about the radio Syntax show radio radio radio Display detailed information about the specified radio Default Setting N A Command Mode Manager Exec ProCurve Access Point 530 configure ProCurve Access Point 530 config radio 1 ProCurve Access Point 530 radio1 disable ProCurve Access ...

Page 426: ...nnel TX Power 1 Disabled 00 14 C2 A5 22 E0 802 11g 1 Auto 0 dBm 2 Disabled 00 14 C2 A5 22 F0 802 11a 36 Auto 0 dBm ProCurve Access Point 530 show radio 1 Description Radio 1 802 11g Base MAC 00 14 C2 A7 11 A0 Status Enabled Mode 802 11g Channel Policy Auto Channel 1 WLANs Supported 16 Preamble long CTS Protection Enabled Slot time short Beacon Interval K us 100 Max Power dBm 16 0 Power Reduction d...

Page 427: ...security No Sec Closed System Disabled MAC Auth Mode local deny list only MAC Auth List not set Authentication open system only WEP Key Type ascii WEP Key 1 akshjsnensitk WEP Key Size 128bit WEP Key 2 not set Default Key WEP Key 1 WEP Key 3 not set WEP Key 4 not set WPA or WPA2 WPA and WPA2 WPA Cipher TKIP only WPA Pre auth Disabled WPA Key Format ascii WPA ASCII Key abcdefghijklmnop WPA Hex Key n...

Page 428: ...o in context This is functionally equivalent to the show ssid command Syntax show wlans name statistics all name Displays detailed information about the specified WLAN SSID BSS statistics Display traffic counters in addition to information about the WLAN SSID BSS all Display information about the WLAN SSID BSS on both radios only has an effect when in a radio or WLAN context Default N A Command Mo...

Page 429: ... Sec Disabled 7 SSID 7 not assigned yet none No Sec Disabled 8 SSID 8 not assigned yet none No Sec Disabled 9 SSID 9 not assigned yet none No Sec Disabled 10 SSID 10 not assigned yet none No Sec Disabled 11 SSID 11 not assigned yet none No Sec Disabled 12 SSID 12 not assigned yet none No Sec Disabled 13 SSID 13 not assigned yet none No Sec Disabled 14 SSID 14 not assigned yet none No Sec Disabled ...

Page 430: ...riod 2 Security Type no security No Sec Closed System Disabled MAC Auth Mode local deny list only MAC Auth List not set Authentication open system only WEP Key Type ascii WEP Key 1 akshjsnensitk WEP Key Size 128bit WEP Key 2 not set Default Key WEP Key 1 WEP Key 3 not set WEP Key 4 not set WPA or WPA2 WPA and WPA2 WPA Cipher TKIP only WPA Pre auth Disabled WPA Key Format ascii WPA ASCII Key abcdef...

Page 431: ...ormation about wireless stations Syntax show stations detail detail Display detailed information about associated wireless stations Default N A Command Mode Global Configuration ProCurve Access Point 530 show basic rate Basic advertised data rates Mbps Radio 1 802 11g 1 2 5 5 11 Radio 2 802 11a 6 12 24 54 ProCurve Access Point 530 ...

Page 432: ...ion 00 11 50 55 50 11 Authenticated Yes Radio WLAN work1 2 1 Associated Yes Last RSSI 66 Forwarding n a Rate Mbps 54 Listen Interval 10 Transmitted to station packets 0 bytes 0 Received from station packets 13 bytes 1374 Station 00 15 00 47 5f 6a Authenticated Yes Radio WLAN SSID 10 1 10 Associated Yes Last RSSI Forwarding Yes Rate Mbps 54 Listen Interval 10 Transmitted to station packets 1 bytes ...

Page 433: ...ines the up to four security keys if using the static wep security IC W S 9 130 no open system authentication Enables or disables open system authentication for SSID association IC W S 9 131 no shared key authentication Enables or disables shared key authentication for SSID association IC W S 9 132 no wpa allowed no wpa2 allowed Enables or disables wireless stations to use the original WPA and WPA...

Page 434: ... 8021x Use the Wi Fi Protected Access WPA and or WPA2 with a RADIUS server This is the recommended security mode Default Setting No security Command Mode WLAN Interface Configuration Command Usage When using this command to configure WPA or 802 1X for authenti cation and dynamic keying you must use the open system argument Shared key authentication can only be used when a static WEP key has been d...

Page 435: ...n After successful 802 11 association each client is allowed to access the network When 802 1X is supported the access point supports 802 1X authen tication only for stations initiating the 802 1X authentication process The access point does NOT initiate 802 1X authentication For stations initiating 802 1X only those stations successfully authenti cated are allowed to access the network For those ...

Page 436: ... command When WEP is enabled all wireless stations must be configured with the same shared key to communicate with the access point s SSID interface When using IEEE 802 1X the access point uses a dynamic WEP keys to encrypt data sent to 802 1X enabledstations However because the access point sends the WEP keys during the 802 1X authentication process these keys do not have to appear in the client ...

Page 437: ...rity The no version of the command sets the key type to hexadecimal Syntax wep key ascii no wep key ascii Default Setting Enabled Command Mode WLAN Interface Configuration Example ProCurve Access Point 530 configure ProCurve Access Point 530 config radio 1 ProCurve Access Point 530 radio1 wlan 1 ProCurve Access Point 530 radio1 wlan1 security static wep ProCurve Access Point 530 radio1 wlan1 wep k...

Page 438: ...st second third and fourth wep keys used with static wep security 1 4 key Sets the character string for security The number of characters depend on the number of characters required for each WEP key depends on the Key Length and Key Type settings If Key Length is 40 bits and the Key Type is ASCII then each WEP key must be five 5 characters long If Key Length is 40 bits and Key Type is Hex then eac...

Page 439: ...WLAN Interface Configuration Command Usage Supported authentications are open system shared key or both Example ProCurve Access Point 530 radio1 wlan1 wep key ascii ProCurve Access Point 530 radio1 wlan1 wep key length 64 ProCurve Access Point 530 radio1 wlan1 wep key 1 abcde ProCurve Access Point 530 radio1 wlan1 wep key 2 fghi ProCurve Access Point 530 radio1 wlan1 wep key 3 klmn ProCurve Access...

Page 440: ...ion Command Usage Supported authentications are open system shared key or both Example wpa allowed wpa2 allowed Enables wireless stations to use the original WPA or WPA2 on this WLAN The no version of these commands disables stations from being able to use the original WPA or WPA2 on this WLAN Syntax wpa allowed wpa2 allowed no wpa allowed no wpa2 allowed Default Setting Both enabled Command Mode ...

Page 441: ... key to communicate with the access point Shared secret keys can include spaces and special characters if the key is placed inside quotation marks goodsecret If the key is a string of characters with no spaces or special characters in it the quotation marks are not necessary Example ProCurve Access Point 530 radio1 wlan1 wpa allowed ProCurve Access Point 530 radio1 wlan1 wpa2 allowed ProCurve Acce...

Page 442: ...red to establish proper WPA PSK or WPA 802 1X security When both TKIP and AES authentication methods are set both TKIP and AES stations can associate with the access point WPA stations must have either a valid TKIP or AES Key to communicate Example wpa cipher aes This command enables Advanced Encryption Standard AES for WPA on this WLAN The no version of the command disables AES for WPA on this WL...

Page 443: ...icate Example wpa psk ascii This command enables the use of an ASCII key for WPA PSK The key must be between 8 and 63 characters Syntax wpa psk ascii Default Setting None Command Mode WLAN Interface Configuration Example wpa psk hex This command enables the use of a hex key for WPA PSK The key must be exactly 64 hex characters Syntax wpa psk hex Default Setting None ProCurve Access Point 530 radio...

Page 444: ...o version of the command disables WPA2 stations from being able to pre authenticate Syntax rsn preauthentication no rsn preauthentication Default Setting Disabled Command Mode WLAN Interface Configuration Example ProCurve Access Point 530 radio1 wlan1 wpa psk hex ProCurve Access Point 530 radio1 wlan1 ProCurve Access Point 530 radio1 wlan1 rsn preauthentication ProCurve Access Point 530 radio1 wla...

Page 445: ...will not be able to service wireless stations or WDS links if it is dedicated to AP detection The no version of this command is not available for this parameter Default Setting Disabled Command Function Mode Page no ap detection dedicated Enables the periodic or dedicated detection of nearby access points IC R 9 137 ap detection duration value Sets the duration of the passive detection of nearby a...

Page 446: ...ction duration This command sets the duration of channel scanning for the background scanning detection of nearby access points Syntax ap detection duration value value The length of time in milliseconds Range 5 30 Default Setting 30 ms Command Mode Radio Interface Configuration Example ap detection expire time This command sets the amount of time that a dedicated AP will remain on the detected AP...

Page 447: ...orming periodic passive scanning Syntax ap detection interval value value The length of time in seconds between scans Range 10 3600 Default Setting 10 s Command Mode Radio Interface Configuration Example ap detection max entries This command sets the maximum amount of AP entries to be saved to the detected AP list Syntax ProCurve Access Point 530 radio1 ap detection expire time 15 ProCurve Access ...

Page 448: ...Default Setting 255 Command Mode Radio Interface Configuration Example show detected ap This command displays the current AP detection configuration Syntax show detected ap Default Setting N A Command Mode Manager Exec Radio Interface Configuration ProCurve Access Point 530 radio1 ap detection max entries 30 ProCurve Access Point 530 radio1 ...

Page 449: ...ve Access Point 530 radio1 show detected ap Neighboring AP detection status Radio 1 AP detection Enabled 802 11g Radio 2 AP detection Disabled Neighboring APs BSSID SSID Sec Chan Type 00 14 02 a0 4F bc SSID1 none 3 AP 00 14 03 a2 4F de SSID2 wpa 3 AP ProCurve Access Point 530 ...

Page 450: ...tion Mode Page no atpc Enables and disables Adaptive Tx Power Control on the selected radio The default is Disabled IC R 9 142 no atpc avoid other aps Enables and disables the Avoid Other APs function The default is Disabled IC R 9 143 no atpc rf group name name The name used to group APs for Adaptive Transmit PowerControl The default is blank IC R 9 143 atpc adapt ap ap clients Chooses between AP...

Page 451: ...eighboring APs RF Group Names and SSIDs are ignored When this setting is disabled uses RF Group Name or SSIDs to determine which APs to accommodate Example atpc rf group name This command sets the name used to group APs for Adaptive Transmit Power Control Syntax no atpc rf group name group name no Clears the RF Group Name on the selected radio group name Specifies the name of the group to which th...

Page 452: ...mand chooses between AP and AP Clients adaptive modes Syntax atpc adapt ap ap clients ap Specifies AP adaptive mode on the selected radio ap clients Specifies AP Clients adaptive mode on the selected radio Default Setting AP mode Command Mode Interface Configuration Radio Command Usage When ap mode is selected beacons and data transmissions are given the same adaptive transmit power levels When ap...

Page 453: ... 18 in decibels that the radio s Tx Power may be attenuated when adapting to other APs on the same channel Default Setting Disabled Command Mode Interface Configuration Radio Example show atpc This command enables and disables on the selected radio Syntax show atpc Default Setting none Command Mode Global Configuration ProCurve Access Point 530 radio1 atpc adapt ap ProCurve Access Point 530 radio1...

Page 454: ...up name AirportNet Avoid Other WLANs disabled Max Power Reduction 18 Adaptive Mode AP Current Beacon Backoff 4 dB Current Data Backoff 4 dB Radio 2 atpc disabled RF Group name not configured Avoid Other WLANs disabled Max Power Reduction 18 Adaptive Mode AP Current Beacon Backoff 0 dB Current Data Backoff 0 dB ProCurve Access Point 530 ...

Page 455: ...on using IEEE 802 1X and a central RADIUS server If a user does not have a configured VLAN ID the access point assigns the user to the default VLAN ID a number between 1 and 4094 of the associated SSID interface Example Command Function Mode Page vlan Configures the default VLAN for an SSID interface IC R WLAN 9 147 no untagged vlan vid Configure the global untagged VLAN ID for the AP The no versi...

Page 456: ... vlan 1 untagged Command Mode Ethernet Interface Configuration Example management vlan This command configures the VLAN ID for the management interfaces Web UI SNMP Telnet etc The management vlan is for the remote or network management of the AP Syntax management vlan vid vid The VLAN identifier to use for management Default Setting 1 Command Mode Ethernet Interface Configuration ProCurve Access P...

Page 457: ...d Line Reference VLAN Commands Example ProCurve Access Point 530 configure ProCurve Access Point 530 config interface ethernet ProCurve Access Point 530 ethernet management vlan 9 ProCurve Access Point 530 ethernet ...

Page 458: ...e qos ap params voice video best effort background aifs aifs cwmin swmin cwmax cwmax burst burst Configure QoS related parameters on the device for this radio IC R 9 151 qos sta params voice video best effort background a ifs aifs cwmin swmin cwmax cwmax txop limit txop limit Configure QoS related parameters on the wireless stations IC R 9 153 no qos wmm Enables using Wireless Multimedia Extension...

Page 459: ...n milliseconds for data frames Valid values are 1 255 cwmin cwmin Specifies the Minimum Contention Window QoS parameter The value specified is the lower limit in milliseconds of a range from which the initial random backoff wait time is deter mined Valid values for the cwmin are 1 3 7 15 31 63 127 255 511 or 1024 The value for cwmin must be lower than the value for cwmax cwmax cwmax Specifies the ...

Page 460: ...ntention Maximum Burst Queue Frame Space Min Window Max Window Length Voice 1 3 7 1 5 Video 1 7 15 3 0 Best Effort 3 15 63 0 Background 7 15 1023 0 Radio 2 Adaptive Inter Contention Contention Maximum Burst Queue Frame Space Min Window Max Window Length Voice 1 3 7 1 5 Video 1 7 15 3 0 Best Effort 3 15 63 0 Background 7 15 1023 0 ProCurve Access Point 530 radio1 qos ap params voice aifs 10 ProCurv...

Page 461: ...ds for data frames Valid values are 1 255 cwmin cwmin Specifies the Minimum Contention Window QoS parameter The value specified is the lower limit in milliseconds of a range from which the initial random backoff wait time is deter mined Valid values for the cwmin are 1 3 7 15 31 63 127 255 511 or 1024 The value for cwmin must be lower than the value for cwmax cwmax cwmax Specifies the Maximum Cont...

Page 462: ...n Contention Maximum Burst Queue Frame Space Min Window Max Window Length Voice 1 3 7 47 Video 1 7 15 94 Best Effort 3 15 63 0 Background 7 15 1023 0 Radio 2 Adaptive Inter Contention Contention Maximum Burst Queue Frame Space Min Window Max Window Length Voice 1 3 7 47 Video 1 7 15 94 Best Effort 3 15 63 0 Background 7 15 1023 0 ProCurve Access Point 530 radio1 qos sta params voice aifs 10 ProCur...

Page 463: ...ss Multimedia Extensions on this WLAN The no version of this command is set at the no qos and disables the quality of service on this WLAN Syntax qos wmm no qos wmm Default Setting Disabled Command Mode Radio Interface Configuration Example ProCurve Access Point 530 radio1 qos sta params background txop limit 1 ProCurve Access Point 530 radio1 ProCurve Access Point 530 radio1 qos wmm ProCurve Acce...

Page 464: ... Interface Configuration Example tx queue ProCurve Access Point 530 radio1 show qos ap params Transmission Queue QoS Settings for the Access Point Radio 1 Adaptive Inter Contention Contention Maximum Burst Queue Frame Space Min Window Max Window Length Voice 1 3 7 1 5 Video 1 7 15 3 0 Best Effort 3 15 63 0 Background 7 15 1023 0 Radio 2 Adaptive Inter Contention Contention Maximum Burst Queue Fram...

Page 465: ...tention Contention Transmission Queue Frame Space Min Window Max Window Opportunity Limit Voice 2 3 7 47 Video 2 7 15 94 Best Effort 3 15 1023 0 Background 7 15 1023 0 Radio 2 Adaptive Inter Contention Contention Transmission Queue Frame Space Min Window Max Window Opportunity Limit Voice 2 3 7 47 Video 2 7 15 94 Best Effort 3 15 1023 0 Background 7 15 1023 0 ProCurve Access Point 530 radio1 ...

Page 466: ...in packets per second The no version is disabled for this parameter Valid values are any number greater than 0 burst Thebroadcast multicastrateburstvalueinpacketspersecond Thisvalue specifiesthe lengthoftimeallowedfora packetburst Valid values are any number greater than 0 Default Setting Disabled Rate limit rate is 50 Rate limit burst is 75 Command Mode Radio Interface Configuration Example Relat...

Page 467: ...on IC WDS 9 160 disable Disables the WDS link IC WDS 9 160 enable Establishes the WDS link IC WDS 9 160 radio used Sets the radio that will be used by this WDS link IC WDS 9 161 remote mac Sets the mac address for the remote connection to the access point IC WDS 9 162 show wds Displays WDS link information IC WDS 9 162 wds ssid ssid Establishes the SSID name for this WDS link IC WDS 9 161 wep key ...

Page 468: ...and enables the WDS link Syntax enable Default Setting Disabled Command Mode WDS Interface Configuration ProCurve Access Point 530 configure ProCurve Access Point 530 config interface wds1 ProCurve Access Point 530 wds1 description WDSEXAMPLE ProCurve Access Point 530 wds1 ProCurve Access Point 530 configure ProCurve Access Point 530 config interface wds1 ProCurve Access Point 530 wds1 disable Pro...

Page 469: ...partner access point for successful operation Default Setting WDS SSID X where X is the index of the WDS interface Command Mode WDS Interface Configuration Example radio used This command sets the radio used with this WDS link Syntax radio used 1 2 1 2 Specifies the radio number ProCurve Access Point 530 configure ProCurve Access Point 530 config interface wds1 ProCurve Access Point 530 wds1 enabl...

Page 470: ...cation control list by MAC address Valid format is 00 00 00 00 00 00 FF FF FF FF FF FF Default None Command Mode WDS Interface Configuration Example show wds This command information about the Wireless Distribution System WDS settings on the device Syntax show wds wds_name wds_name Displays detailed information about the specified WDS Default Wireless Distribution System Link 1 ProCurve Access Poi...

Page 471: ...then each WEP key must be 10 characters long If Key Length is 104 bits and Key Type is ASCII then each WEP Key must be 13 characters long ProCurve Access Point 530 wds1 show wds 1 WDS 1 Description WDSLINK Status Enabled Use Radio 1 Local MAC 00 14 03 A2 4F DE Remote MAC 00 0D 9D C6 98 7E STP State forwarding WDS SSID marge Security Type no security from WLAN 1 WEP Key Type hex WEP Key not set WEP...

Page 472: ...he no version of the command sets the key type to hexadecimal Syntax wep key ascii no wep key ascii Default Setting Enabled Command Mode WDS Interface Configuration Example wep key length wds This command sets the WDS WEP key length when using static wep security Syntax wep key length 64 128 64 The 64 bit wep key length with initializing vector otherwise it is 40 bits ProCurve Access Point 530 wds...

Page 473: ...de WDS Interface Configuration Command Usage If WPA is used in pre shared key mode all wireless stations must be configured with the same pre shared key to communicate with the access point Shared secret keys can include spaces and special characters if the key is placed inside quotation marks goodsecret If the key is a string of characters with no spaces or special characters in it the quotation ...

Page 474: ...fies the STP forward delay interval Range 4 30 priority value Specifies the STP bridge priority Range 0 65535 Default Setting None Command Mode Global Configuration Command Usage Any two access points can be connected by only a single path either a WDS bridge wireless or an Ethernet connection wired but not both Do not create duplicate WDS links between the same two access points If you can trace ...

Page 475: ...le ProCurve Access Point 530 configure ProCurve Access Point 530 config stp ProCurve Access Point 530 config stp hello time 5 ProCurve Access Point 530 config stp forward delay 10 ProCurve Access Point 530 config stp priority 255 ProCurve Access Point 530 config ...

Page 476: ...9 168 Command Line Reference Spanning Tree Protocol STP This page is intentionally unused ...

Page 477: ...A 1 A File Uploads Downloads and Resets ...

Page 478: ...oad to the Access Point A 5 CLI Viewing Software Versions A 7 Transferring Configuration Files A 8 Web Configuration File Upload and Download A 8 CLI Performing Configuration File Commands A 10 Rebooting the Access Point A 14 Web Rebooting the System A 14 CLI Rebooting the System A 15 Manual Using the Reset and Clear Buttons A 15 Disabling the Access Point Push Buttons A 18 Web Disabling the Push ...

Page 479: ...and upload or download config uration files These features are useful for acquiring periodic access point software upgrades and for storing or retrieving a switch configuration This appendix includes the following information Downloading access point software Transferring access point configurations ...

Page 480: ... It is recommended that you save a copy of the configuration file before upgrading your access point software See Transferring Configuration Files on page A 8 for informa tion on saving the access point s configuration file After updating the access point software be sure to clear the browser cache before attempting to manage the access point using the Web interface Assumptions for Using TFTP FTP ...

Page 481: ...e automatically selected and if in the event the primary is corrupted the secondary image is utilized as a backup The Web interface enables you to modify these parameters Remote Upgrade Parameters and actions needed to perform a remote software upgrade Model Indicates the model identifier of the access point Platform Indicates the platform on the access point Software Version Indicates the current...

Page 482: ...ess point Valid characters A Z a z 0 9 _ Browse Performs local system search for upgrade file Update Updates the system with the specified parameters and performs any requested actions Figure A 1 Software Tab To Upload Download A Remote Software File 1 Select Management System Maintenance Software tab 2 Select FTP TFTP or SCP for the Server Type option 3 Enter IP Address File Name Username and Pas...

Page 483: ... complete restart the access point by clicking on the Reboot button Alternatively you can reset the access point defaults and reboot the system by clicking on the Reset button on the Reset tab Resetting the access point is highly recommended CLI Viewing Software Versions CLI Commands Used in This Section Using the CLI to View Software Versions This example displays how to display the version of th...

Page 484: ...eded to save a running configuration Save Saves the current configuration as a personalized default Transfer Configuration Parameters and actions needed to upload or download a configuration Server Type Indicates the type of server to configure FTP TFTP SCP Default is FTP Direction Indicates whether to save the file remotely or import the file Download Restore Upload Save Default is Download Serve...

Page 485: ...to Custom Default Resets the AP to the saved custom config file Figure A 2 Configuration Files Tab To Save A Running Configuration 1 Select Management System Maintenance Configuration Files tab 2 To save the current running configuration click Save to save the file as a custom default configuration file To Transfer A Configuration File 1 Select Management System Maintenance Configuration Files tab...

Page 486: ...o the custom default configuration click Reset on the Reset to Custom Default option CLI Performing Configuration File Commands CLI Commands Used in This Section Command CLI Reference Page Copy Commands copy ftp scp tftp flash startup config ip file user name user password pass 9 51 write memory 9 55 copystartup config ftp scp tftp flash startup config ip file user name user password pass 9 52 cop...

Page 487: ...onfiguration file on the device Using the CLI to Copy Config files to a Remote Server This example displays how to copy the startup configuration from the device to a remote server TFTP If using this command for a FTP or STP server you will need to include the username and password for the server ProCurve Access Point 530 copy factory default startup config ProCurve Access Point 530 ProCurve Acces...

Page 488: ...ation on the device ProCurve Access Point 530 copy ftp flash 192 168 1 52 copystart user name chris password open ProCurve Access Point 530 ProCurve Access Point 530 write terminal xml version 1 0 config interface name wlan0wds1 radio wlan0 radio type wds type status down status wep key length 104 wep key length wep key ascii no wep key ascii description Wireless Distribution System Link 2 descrip...

Page 489: ...adio wlan0 radio type wds type status down status wep key length 104 wep key length wep key ascii no wep key ascii description Wireless Distribution System Link 1 description interface interface name wlan0wds3 radio wlan0 radio type wds type status down status wep key length 104 wep key length wep key ascii no wep key ascii description Wireless Distribution System Link 4 description interface inte...

Page 490: ...he last saved configuration file The Web interface enables you to perform this action Reboot Submits a request to reboot the access point A system confir mation message appears and provides opportunity to cancel NO TE During a reboot connection to the AP is lost and the browser will not stay on the System Maintenance screen while the reboot takes place Test the connec tion to find out when the pro...

Page 491: ...Point unit possesses two buttons that when pressed perform reset and clear operations C a u t i o n The Reset button is provided for your convenience but if you are concerned with the security of the access point configuration and operation you should disable it The two push buttons located on the back panel of the access point enables you to perform these actions Reset Reboots the AP Use a pointe...

Page 492: ... and Resets Rebooting the Access Point button while the LEDs are still flashing then the AP is rebooted Please note that this function can be disabled by the CLI or Web UI See Disabling the Access Point Push Buttons on page A 18 ...

Page 493: ...then flash about once per second iii While the LEDs are still flashing release the clear button The configuration sets to the custom default settings and the AP is rebooted NO TE Please note that only the reset function can be disabled by the CLI or Web UI See Disabling the Access Point Push Buttons on page A 18 Resets the configuration back to factory defaults i Press the reset and clear buttons ...

Page 494: ...on page 5 9 The Web interface enables you to perform these actions Factory Reset Enables or disables button control access back panel of the access point to a factory default file reset Default is Disabled NO TE You can not disable the factory reset if you already have disabled the Serial Interface See Setting Management Access Controls on page 5 9 Custom Reset Enables or disables button control a...

Page 495: ...lick Update to set the push button parameters CLI Disabling the Access Point Buttons CLI Commands Used in This Section Using the CLI to Disable the Reset and Clear Buttons On the Access Point This example displays how to disable the ability to manually use the reset and clear push buttons on the back panel of the device Using the CLI to View the Reset and Clear Buttons Status This example displays...

Page 496: ...oads and Resets Disabling the Access Point Push Buttons ProCurve Access Point 530 config show buttons Custom Reset Disabled Factory Reset Disabled Password Reset Disabled System Reset Disabled ProCurve Access Point 530 config ...

Page 497: ...A 21 File Uploads Downloads and Resets Disabling the Access Point Push Buttons This page is intentionally unused ...

Page 498: ...A 22 File Uploads Downloads and Resets Disabling the Access Point Push Buttons ...

Page 499: ...B 1 B Defaults ...

Page 500: ...nfiguration B 6 RADIUS Accounting Authentication B 7 RADIUS Users B 7 MAC Address Authentication B 7 Web Authentication B 7 AP Authentication B 8 Filtering B 8 Ethernet Interface B 8 Wireless Interface B 9 Wireless Security B 10 AP Detection B 10 VLAN B 11 Adaptive Tx Power Control B 11 QoS B 12 Wireless Distribution System WDS B 13 ...

Page 501: ...eneral Flash File This appendix follows the syntax grouping structure in the Chapter 9 refer ence CLI section and includes the following information System Management System Logging System Clock SNMP Group Configuration RADIUS Accounting Authentication RADIUS Users MAC Address Authentication Web Authentication AP Authentication Filtering Ethernet Interface Wireless Interface Wireless Security Neig...

Page 502: ...try code For NA units preset to US GC 9 18 hostname hostname ProCurve AP 530 GC 9 20 password manager password admin MC 9 21 no buttons Enabled MC 9 22 no cli confirmation Enabled MC 9 23 no console Enabled MC 9 23 no telnet Enabled MC 9 24 no ssh Enabled MC 9 25 no web management Enabled MC 9 25 ...

Page 503: ...gging _host _port Disabled GC 9 32 Command Default Setting Mode Page sntp server None GUI is disabled NOTE The GUI System Uptime parameter displays the Coordinated Universal Time or UTC formerlyGreenwichMeanTime orGMT based on the time at the Earth s prime meridian zero degrees longitude GC 9 35 ...

Page 504: ...GC 9 41 no snmp server host host comm Host Address None Community String public GC 9 40 snmp server port port By default an SNMP agent only listens to requests from port 161 However you can configure this so the agent listens to requests on another port GC 9 42 snmp server location location None GC 9 41 snmpv3 Disabled GC 9 46 no lldp Enabled GC 9 48 Command Default Settings Mode Page group config...

Page 505: ...smit value is 3 GC 9 66 no radius primary secondary Disabled GC 9 67 Command Default Settings Mode Page no radius local username disabled password password realname realname Ip address is 192 168 1 10 DHCP is enabled GC 9 69 Command Default Settings Mode Page no mac auth local name mac mac None GUI MAC Authentication is disabled GC 9 72 no mac auth remote None GUI MAC Authentication is disabled GC...

Page 506: ...inter station blocking Disabled GC 9 88 no wireless mgmt block Disabled GC MC 9 88 Command Default Settings Mode Pag e interface interface N A GC 9 91 enable N A IC E 9 92 disable N A IC E 9 92 description None IC E 9 93 dns primary server_1 Disabled GC 9 93 dns secondary server_2 Disabled GC 9 94 no ip address ip mask ip bits dhcp IP address 192 168 1 1 Netmask 255 255 255 0 IC E 9 95 ...

Page 507: ...6 12 and 24 Mbps for a mode IC W 9 107 supported rate value Options 1 2 5 5 6 9 11 12 18 24 36 54 Mbps IC W 9 108 channel policy static CHANNEL auto Auto IC W 9 108 beacon interval interval 100 The default behavior is to send a beacon frame once every 100 milliseconds or 10 per second IC W 9 109 dtim period 2 IC W 9 110 max stations 256 IC R 9 111 preamble long IC R 9 111 protected mode Enabled IC...

Page 508: ...bled IC W S 9 131 no shared key auth Disabled IC W S 9 132 no wpa allowed no wpa2 allowed Both Enabled IC W S 9 132 wpa pre shared key key None IC W S 9 133 wpa cipher tkip Enabled This is the default CIPHER protocol IC W S 9 134 wpa cipher aes Disabled IC W S 9 134 rsn preauthentication Disabled IC W S 9 136 Command Default Settings Mode Page no ap detection Disabled IC R 9 137 ap detection durat...

Page 509: ... Page no vlan None IC W S 9 147 no untagged vlan vid 1 GC 9 148 management vlan vid tagged untagged 1 MC 9 148 Command Default Settings Mode Page atpc Disabled IC R 9 142 atpc avoid other aps Disabled IC R 9 143 atpc adapt AP mode IC R 9 144 atpc max atpc atten Disabled IC R 9 145 ...

Page 510: ...3 0 Best Eff 3 15 63 0 Background 7 15 1023 0 IC W S 9 151 qos sta params Radio 1 Adap Inter Content Content Max Burst Queue Frame Space Min Window Max Window Length Voice 1 3 7 47 Video 1 7 15 394 Best Eff 3 15 63 0 Background 7 15 1023 0 Radio 2 Adap Inter Content Content Max Burst Queue Frame Space Min Window Max Window Length Voice 1 3 7 47 Video 1 7 15 94 Best Eff 3 15 63 0 Background 7 15 10...

Page 511: ...ds None IC W W 9 159 enable wds Disabled IC W W 9 160 wds ssid WDS SSID X where X is the index of the WDS interface IC W W 9 161 radio used 2 IC W W 9 161 remote mac None IC W W 9 162 wep key wds None IC W W 9 163 wep key ascii wds Enabled IC W W 9 164 wep key length wds 128 IC W W 9 164 wpa pre shared key wds None IC W W 9 165 ...

Page 512: ...B 14 Defaults Wireless Distribution System WDS This page is intentionally unused ...

Page 513: ...C 1 C Adaptive Tx Power Control Use Cases ...

Page 514: ...t Case 2 With RF Group Name B 5 Settings B 5 Decisions AP 1 B 5 Decisions AP 4 B 5 Results with RF Group Name B 6 Airport Model Analysis B 6 Use Model Warehouse Deployment B 7 Warehouse Case 1 Adaptive Mode AP B 7 Settings B 8 Decisions AP 1 and AP 4 B 8 Results with Adaptive Mode AP B 8 Warehouse Case 2 Adaptive Mode AP Clients B 9 Settings B 9 Results with Adaptive Mode AP Clients B 9 Warehouse ...

Page 515: ...oncession Jimbo s also has an access point AP N which does not support In these access points the parameters that impact are configured as follows AP 1 and AP 4 operate on the same channel and as such will negotiate their power levels when is enabled AP 2 and AP 3 are not affected by as they each operate alone on their respective channels AP 1 and AP 4 are able to hear each other and both can hear...

Page 516: ... SSID configuration with AP 4 T Mobile Since AP 1 has an SSID Boingo that is not on AP 4 AP 1 will not consider reducing power for AP 4 AP 1 AP N AP 1 T Mobile Boingo compares its SSID configuration with AP N Jimbo s Since none of the AP 1 SSIDs are on AP N AP 1 will not consider reducing power for AP N Decisions AP 4 AP 4 AP 1 AP 4 T Mobile compares its SSID configuration with AP 1 T Mobile Boing...

Page 517: ...er reduction calculations Decisions AP 1 AP 1 AP 4 AP 1 AirportNet compares its RF Group Name with those of AP 1 AirportNet Since AP 1 and AP 4 are in the same RF Group AP 1 will consider reducing power for AP 4 AP 1 AP N Since AP N is not in the AirportNet RF Group AP 1 will not consider reducing power for AP N Decisions AP 4 AP 4 AP 1 AP 4 AirportNet compares its RF Group Name with AP 1 AirportN...

Page 518: ...th each other while ignoring APs outside their administrative domain Whether to model a deployment after Case 1 or Case 2 depends on the desired behavior of the network It may be desirable to have greater coverage for APs that supportSSIDs thatarenotsupportedelsewhereinthenetwork InCase 1 the absence of an RF Group Name allows the only AP supporting Boingo to operate at full power If this is desir...

Page 519: ...use Case 1 Adaptive Mode AP In this scenario there are six AP 530s in a Warehouse network AP1 AP6 The configured values in these APs for the parameters that impact Adaptive Power Control are as follows We ll look at the behavior of in AP1 and AP4 as they are on operating on the same channel and as such will be considered in each other s power control calculations Since configurations are the same ...

Page 520: ...tenuated based on power levels of audible APs in the RF Group but not the power levels of associated clients Decisions AP 1 and AP 4 AP 1 and AP 4 compare their RF Group Name storage 1 Since AP 1 and AP 4 are in the same RF Group each will consider reducing power for the other Results with Adaptive Mode AP The transmit power levels of AP1 and AP4 are reduced for both data and beacons Power levels ...

Page 521: ...ata power levels Data transmissions are attenuated to minimize co channel interference with the closest AP but attenuation will decrease further that is higher transmit power to maintain connection with the associated station with the lowest RSSI That is the AP will always attempt to maintain a connection with a client that might otherwise be out of range AP 1 AP 2 AP 3 AP 4 AP 5 AP 6 Channel 1 6 ...

Page 522: ...mount and location of material coming and going through the warehouse Additionally client stations may be mounted on moving objects like forklifts that move throughout the warehouse The combination of mobile clients and varying levels of obstructions and open space mean there is no single optimum level of RF coverage that can be set on the APs For these reasons the AP Clients adaptive mode will pr...

Page 523: ...D 1 D Open Source Licenses ...

Page 524: ...NU General Public License v 2 C 4 GPL Linking Exception C 9 ClearSilver C 10 Dropbear License C 12 sFlow License C 14 LGPL GNU Lesser General Public License C 18 Intel 2 C 27 MIT C 28 BSD C 29 CMU Carnegie Mellon University C 30 OpenSSL C 31 OpenSSL C 28 ...

Page 525: ...D 3 Open Source Licenses Overview This appendix includes the following information Open Source licenses ...

Page 526: ... and that you know you can do these things To protect your rights we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights These restrictions translate to certain responsibilities for you if you distribute copies of the software or if you modify it For example if you distribute copies of such a program whether gratis or for a fee you must give ...

Page 527: ...tice and disclaimer of warranty keep intact all the notices that refer to this License and to the absence of any warranty and give any other recipients of the Program a copy of this License along with the Program You may charge a fee for the physical act of transferring a copy and you may at your option offer warranty protection in exchange for a fee 2 You may modify your copy or copies of the Pro...

Page 528: ...e on a medium customarily used for software interchange or b Accompany it with a written offer valid for at least three years to give any third party for a charge no more than your cost of physically performing source distribution a complete machine readable copy of the corresponding source code to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software i...

Page 529: ...s of this License they do not excuse you from the conditions of this License If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations then as a consequence you may not distribute the Program at all For example if a patent license would not permit royalty free redistribution of the Program by all those who receive copies direct...

Page 530: ...ion will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally NO WARRANTY 11 BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE THERE IS NO WARRANTY FOR THE PROGRAM TO THE EXTENT PERMITTED BY APPLICABLE LAW EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND OR OTHER PARTIES PROVIDE T...

Page 531: ...D 9 Open Source Licenses GPL Linking Exception GPL2 GNU General Public License v 2 plus an exception permitting linking the library with other software ...

Page 532: ...Neotonic Software Corporation http www neotonic com Alternately this acknowledgment may appear in the software itself if and wherever such third party acknowledgments normally appear 4 The names Neotonic and Neotonic ClearSilver must not be used to endorse or promote products derived from this software without prior written permission For written permission please contact clearsilver neotonic com ...

Page 533: ...individuals on behalf of Neotonic Software Corporation For more information on Neotonic Software Corporation please see http www neotonic com Some of the concepts of this software are based on previous software developed by Scott Shambarger Paul Clegg and John Cwikla The current authors wish to thank them for their efforts Copyright 2005 Brandon Long All rights reserved ...

Page 534: ...NTABILITY FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM DAMAGES OR OTHER LIABILITY WHETHER IN AN ACTION OF CONTRACT TORT OR OTHERWISE ARISING FROM OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE LibTomCrypt and LibTomMath are c Tom St Denis under TDCAL Tom Doesn t Care About Lic...

Page 535: ...iction including without limitation the rights to use copy modify merge publish distribute sublicense and or sell copies of the Software and to permit persons to whom the Software is furnished to do so subject to the following conditions The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software THE SOFTWARE IS PROVIDED AS IS WITHO...

Page 536: ...uthority domestic or foreign including all applications and registrations relating to any of the foregoing Licensee Hardware means all computers routers or other equipment owned or controlled by or on behalf of Licensee Products means any and all software applications computers routers or other equipment manufactured by or on behalf of Licensee for the purpose of resale or lease to any other third...

Page 537: ... trademark laws and practice of such other country and v not alter or impair any acknowledgment of copyright or trademark rights of InMon that may appear in or on the Software the Documentation or the Specifications In the event InMon determines that Licensee is not complying with its obligations under clauses i v above InMon shall notify Licensee of such non compliance and if Licensee fails to co...

Page 538: ...n or that implement the Specifications The rights and obligations contained in Sections 1 3 5 6 7 and 8 shall survive any termination of this Agreement 8 General Provisions 8 1 Assignment This Agreement shall be binding upon and inure to the benefit of the parties hereto and their permitted successors and permitted assigns InMon will have the right to assign this Agreement without notice to Licens...

Page 539: ...h provision were so excluded and shall be enforceable in accordance with its terms The court in its discretion may substitute for the excluded provision an enforceable provision which in economic substance reasonably approximates the excluded provision 8 8 Compliance With Law Licensee shall comply with all applicable laws and regulations including privacy laws and regulations having application to...

Page 540: ...ur General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software and charge for this service if you wish that you receive source code or can get it if you want it that you can change the software and use pieces of it in new free programs and that you are informed that you can do these things To protect your rights we need to make restrictions tha...

Page 541: ...e ordinary General Public License It also provides other free software developers Less of an advantage over competing non free programs These disadvantages are the reason we use the ordinary General Public License for many libraries However the Lesser license provides advantages in certain special circumstances For example on rare occasions there may be a special need to encourage the widest possi...

Page 542: ...the scripts used to control compilation and installation of the library Activities other than copying distribution and modification are not covered by this License they are outside its scope The act of running a program using the Library is not restricted and output from such a program is covered only if its contents constitute a work based on the Library independent of the use of the Library in a...

Page 543: ...es extend to the entire whole and thus to each and every part regardless of who wrote it Thus it is not the intent of this section to claim rights or contest your rights to work written entirely by you rather the intent is to exercise the right to control the distribution of derivative or collective works based on the Library In addition mere aggregation of another work not based on the Library wi...

Page 544: ...parameters data structure layouts and accessors and small macros and small inline functions ten lines or less in length then the use of the object file is unrestricted regardless of whether it is legally a derivative work Executables containing this object code plus portions of the Library will still fall under Section 6 Otherwise if the work is a derivative of the Library you may distribute the o...

Page 545: ...e required form of the work that uses the Library must include any data and utility programs needed for reproducing the executable from it However as a special exception the materials to be distributed need not include anything that is normally distributed in either source or binary form with the major components compiler kernel and so on of the operating system on which the executable runs unless...

Page 546: ...se If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations then as a consequence you may not distribute the Library at all For example if a patent license would not permit royalty free redistribution of the Library by all those who receive copies directly or indirectly through you then the only way you could satisfy both it a...

Page 547: ...ed by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally NO WARRANTY 15 BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE THERE IS NO WARRANTY FOR THE LIBRARY TO THE EXTENT PERMITTED BY APPLICABLE LAW EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND OR OTHER PARTIES PROVIDE THE LIBRARY AS IS...

Page 548: ... Public License as published by the Free Software Foundation either version 2 of the License or at your option any later version This library is distributed in the hope that it will be useful but WITHOUT ANY WARRANTY without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE See the GNU Lesser General Public License for more details You should have received a copy of ...

Page 549: ... may be used to endorse or promote products derived from this software without specific prior written permission THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS AS IS AND ANY EXPRESS OR IMPLIED WARRANTIES INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED IN NO EVENT SHALL INTEL OR CONTRIBUTORS BE LIABLE FO...

Page 550: ... subject to the following conditions The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software THE SOFTWARE IS PROVIDED AS IS WITHOUT WARRANTY OF ANY KIND EXPRESS OR IMPLIED INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT...

Page 551: ...oped by the Computer Systems Engineering Group at Lawrence Berkeley Laboratory Neither the name of the University nor of the Laboratory may be used to endorse or promote products derived from this software without specific prior written permission THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS AS IS AND ANY EXPRESS OR IMPLIED WARRANTIES INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIE...

Page 552: ...ithout prior written permission For permission or any legal details please contact Office of Technology Transfer Carnegie Mellon University 5000 Forbes Avenue Pittsburgh PA 15213 3890 412 268 4387 fax 412 268 7395 tech transfer andrew cmu edu 4 Redistributions of any form whatsoever must retain the following acknowledgment This product includes software developed by Computing Services at Carnegie ...

Page 553: ...use of this software must display the following acknowledgment This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit http www openssl org 4 The names OpenSSL Toolkit and OpenSSL Project must not be used to endorse or promote products derived from this software without prior written permission For written permission please contact openssl core openssl org 5 ...

Page 554: ...red by the same copyright terms except that the holder is Tim Hudson tjh cryptsoft com Copyright remains Eric Young s and as such any Copyright notices in the code are not to be removed If this package is used in a product Eric Young should be given attribution as the author of the parts of the library used This can be in the form of a textual message at program startup or in documentation online ...

Page 555: ...ONTRIBUTORS BE LIABLE FOR ANY DIRECT INDIRECT INCIDENTAL SPECIAL EXEMPLARY OR CONSEQUENTIAL DAMAGES INCLUDING BUT NOT LIMITED TO PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES LOSS OF USE DATA OR PROFITS OR BUSINESS INTERRUPTION HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY WHETHER IN CONTRACT STRICT LIABILITY OR TORT INCLUDING NEGLIGENCE OR OTHERWISE ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWAR...

Page 556: ...D 34 Open Source Licenses ...

Page 557: ... 86 B 8 AP detection B 10 configuring parameters CLI 8 33 configuring parameters Web 8 26 8 32 AP Enhanced Distribution Channel Access EDCA 8 6 ATPC B 11 ATPC use cases C 3 B burst AP EDCA 8 7 C Clear button 4 26 CLI configuration levels 3 8 keystroke shortcuts 3 15 client station deauthentication 9 78 clock system B 5 closed system 4 31 9 104 community name 5 27 community string 9 38 Country Code...

Page 558: ... 9 65 9 69 B 7 RADIUS server 9 65 9 69 B 7 lost password 4 26 M MAC Address Authentication AP configuration guidelines 7 44 configuring accept list CLI 7 48 7 51 configuring parameters CLI 7 48 MAC address authentication B 7 configuring parameters Web 7 45 7 46 7 50 7 64 7 66 7 68 7 72 MAC address authentication CLI 9 72 9 75 9 78 MAC Authentication 7 15 MAC lockout 9 75 maintenance configuration ...

Page 559: ...parameters Web 6 25 b g modes Web 6 18 basic Web 6 12 country code CLI 6 4 mode CLI 6 11 mode Web 6 10 parameter configuration table 6 6 parameters CLI 6 21 pure G mode Web 6 20 transmit power Web 6 23 Wifi G only mode Web 6 19 RADIUS Accounting Server setting parameters CLI 5 54 RADIUS accounting server setting parameters Web 5 52 RADIUS Authentication setting RADIUS parameters CLI 7 41 RADIUS au...

Page 560: ... setting system information CLI 5 17 system log setting CLI 5 46 setting Web 5 45 system logging B 5 system management B 4 T telnet access 3 5 TXOP Limit Station EDCA 8 8 U untagged VLAN 5 19 use cases ATPC C 3 user name using for browser or console access 4 24 V VLAN client VLAN 5 57 enabling untagged VLAN Web 5 59 enabling VLAN support CLI 5 61 management VLAN 5 58 setting a management VLAN Web ...

Page 561: ......

Page 562: ...hange without notice Copyright 2008 Hewlett Packard Development Company L P Reproduction adaptation or translation without prior written permission is prohibited except as allowed under the copyright laws January 2008 Manual Part Number 5991 2193 5991 2193 ...

Reviews:

No comments

Brands by name

Popular brands

Load more brands