manualshive.com logo in svg

HP a-msr, Configuration Manual

Looking for a comprehensive Configuration Manual for your HP a-msr device? Look no further! Download the user manual for free from manualshive.com, packed with all the information you need to get the most out of your product. Find step-by-step instructions and expert guidance at your fingertips.

Share
Download
background image

 

49 

WLAN IDS configuration 

The terms 

AP

 and 

fat AP

 in this document refer to A-MSR900 and A-MSR20-1X routers with IEEE 802.11b/g 

and A-MSR series routers installed with a SIC WLAN module. 
802.11 networks are susceptible to a wide array of threats such as unauthorized access points and clients, ad 
hoc networks, and DoS attacks. Rogue devices are a serious threat to enterprise security. WIDS is used for 
the early detection of malicious attacks and intrusions on a wireless network. WIPS helps to protect enterprise 
networks  and  users  from  unauthorized  wireless  access.  The  rogue  detection  feature  is  a  part  of  the 
WIDS/WIPS  solution,  which  detects  the  presence  of  rogue  devices  in  a  WLAN  network  and  takes 
countermeasures to prevent rogue devices operation. 

Terminology 

 

WLAN intrusion detection system

: WLAN IDS is designed to be deployed in an area that an existing 

wireless network covers. It aids in the detection of malicious outsider attacks and intrusions via the 
wireless network. 

 

Rogue AP

: An unauthorized or malicious access point on the network, such as an employee setup AP, 

misconfigured AP, neighbor AP or an attacker operated AP. As it is not authorized, if any vulnerability 
occurs on the AP, the hacker has an opportunity to compromise your network security. 

 

Rogue client

: An unauthorized or malicious client on the network.  

 

Rogue wireless bridge

: Unauthorized wireless bridge on the network. 

 

Monitor AP

: An AP that scans or listens to 802.11 frames to detect wireless attacks in the network. 

 

Ad hoc mode

: Sets the working mode of a wireless client to ad hoc. An ad hoc terminal can directly 

communicate with other stations without support from any other device. 

 

Passive scanning

: In passive scanning, a monitor AP listens to all the 802.11 frames over the air in that 

channel. 

 

Active  scanning

: In active scanning, a monitor AP, besides listening to all 802.11 frames, sends a 

broadcast probe request and receives all probe response messages on that channel. Each AP in the 
vicinity  of  the  monitor  AP  replies  to  the  probe  request.  This  helps  identify  all  authorized  and 
unauthorized APs by processing probe response frames. The monitor AP masquerades as a client when 
sending the probe request. 

WIDS attack detection 

The WIDS attack detection function  detects intrusions or attacks on a WLAN network, and informs the 
network  administrator  of  the  attacks  through  recording  information  or  sending  logs.  At  present,  WIDS 
detection supports detection of the following attacks: 

 

Flood attack 

 

Spoofing attack 

 

Weak IV attack 

Flood attack detection 

Summary of Contents for a-msr

Page 1: ...dures These configuration guides also provide configuration examples to help you apply software features to different network scenarios This documentation is intended for network planners field technical support and servicing engineers and network administrators working with the HP A Series products Part number 5998 2030 Software version CMW520 R2207P02 Document version 6PW100 20110810 ...

Page 2: ... MATERIAL INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE Hewlett Packard shall not be liable for errors contained herein or for incidental or consequential damages in connection with the furnishing performance or use of this material The only warranties for HP products and services are set forth in the express warranty statements accompa...

Page 3: ...7 Displaying and maintaining WLAN service 18 Configuring WLAN client isolation 19 Enabling WLAN client isolation 19 Configuring SSID based access control 19 Specifying a permitted SSID in a user profile 19 WLAN service configuration examples 20 WLAN service configuration example 20 802 11n configuration example 21 WLAN RRM configuration 23 Configuration task list 23 Configuring data transmit rates...

Page 4: ...n 51 WLAN IDS frame filtering configuration 52 Blacklist and white list 52 Configuring WLAN IDS frame filtering 53 Displaying and maintaining WLAN IDS frame filtering 54 WLAN IDS frame filtering configuration example 54 WLAN QoS configuration 55 Terminology 55 WMM protocol overview 55 Protocols and standards 57 WMM configuration 57 Displaying and maintaining WMM 59 WMM configuration examples 59 WM...

Page 5: ...nfiguring a WLAN radio interface To configure a WLAN radio interface To do Use the Command Remarks 1 Enter system view system view 2 Enter WLAN radio interface view interface wlan radio interface number Required 3 Set the description for the interface description text Optional By default the description string of an interface is interface name Interface 4 Restore the default settings of the WLAN r...

Page 6: ...ser number Optional 256 by default 7 Restore the default settings of the WLAN BSS interface default Optional 8 Shut down the WLAN BSS interface shutdown Optional By default a WLAN BSS interface is up Before you execute the port access vlan command make sure the VLAN specified by the vlan id parameter already exists Use the vlan command to create a VLAN For more information about the port access vl...

Page 7: ...down mtu description enable snmp trap updown 2 Configure ARP arp max learning num arp proxy enable proxy arp enable 3 Configure the interface as a BOOTP client ip address bootp alloc 4 Configure DHCP Configure DHCP server dhcp select server global pool Configure DHCP relay dhcp relay address check dhcp relay information enable dhcp relay information format dhcp relay information strategy dhcp rela...

Page 8: ... ipv6 policy based route 13 Configure NAT PT natpt enable 14 Configure IS IS isis authentication mode isis circuit level isis circuit type p2p isis cost isis dis name isis dis priority isis enable isis mesh group isis small hello isis timer csnp isis timer hello isis timer holding multiplier isis timer lsp isis timer retransmit isis silent 15 Configure OSPF ospf authentication mode simple ospf aut...

Page 9: ...ricin ripng metricout ripng poison reverse ripng split horizon ripng summary address 20 Configure basic MPLS capabilities mpls mpls ldp mpls ldp timer hello hold mpls ldp timer keepalive hold mpls ldp transport address 21 Configure BGP MPLS VPN ip binding vpn instance 22 Configure PPPoE pppoe server bind virtual template pppoe client dial bundle number 23 Configure bridge sets bridge set 24 Config...

Page 10: ...ery igmp version Configure MLD mld enable mld last listener query interval mld max response time mld require router alert mld send router alert mld robust count mld timer other querier present mld timer query mld version mld static group mld group policy mld fast leave Configure PIM pim bsr boundary pim hello option pim holdtime pim require genid pim sm pim dm pim state refresh capable pim timer g...

Page 11: ...nce qos max bandwidth 26 Configure firewall firewall ethernet frame filter firewall packet filter firewall packet filter ipv6 firewall aspf 27 Configure NAT nat outbound nat outbound static nat server 28 Configure Portal portal auth network portal server 29 Configure IPsec ipsec policy 30 Configure the backup center standby interface standby threshold standby timer delay standby timer flow check s...

Page 12: ...tion about WLAN Radio interfaces display interface wlan radio brief down begin exclude include regular expression display interface wlan radio interface number brief begin exclude include regular expression Available in any view Display information about WLAN BSS interfaces display interface wlan bss brief down begin exclude include regular expression display interface wlan bss interface number br...

Page 13: ...n methods Seamless roaming of WLAN clients in the mobility domain Basic concepts Client A handheld computer or laptop with a wireless NIC can be a WLAN client Access point An AP bridges frames between wireless and wired networks Fat AP A fat AP controls and manages all associated wireless stations and bridges frames between wired and wireless networks SSID Service set identifier A client scans all...

Page 14: ...er a specified SSID is carried in a probe request A client sends a probe request with the SSID null or the SSID IE length is 0 The client periodically sends a probe request frame on each of its supported channels to scan wireless networks APs that receive the probe request send a probe response which carries the available wireless network information The client associates with the AP with the stro...

Page 15: ...ts to save battery power Typically VoIP clients adopt the passive scanning mode The passive scanning process is as shown in Figure 4 Figure 4 Passive scanning Authentication To secure wireless links the wireless clients must be authenticated before accessing the AP and only wireless clients passing the authentication can be associated with the AP 802 1 1 links define two authentication mechanisms ...

Page 16: ...asons such as Receiving a data frame from a client which is authenticated and unassociated Receiving a PS Poll frame from a client which is authenticated and unassociated WLAN topologies WLAN topologies for fat APs consist of Single BSS Multi ESS Single ESS Multi BSS Single BSS The coverage of an AP is a BSS Each BSS is identified by a BSSID The most basic WLAN network can be established with only...

Page 17: ... can be configured on the fat AP The fat AP can be configured to accept clients in these ESS domains once their credentials are acceptable Single ESS Multi BSS the multi radio case This topology describes a scenario where a fat AP has two radios that are in the same ESS but belong to different BSSs Figure 7 Single ESS multiple BSS network Use this network scenario when both 802 1 1a and 802 1 1b g...

Page 18: ...mand Remarks 1 Enter system view system view 2 Configure the client idle timeout interval wlan client idle timeout interval Optional By default the idle timeout interval is 3600 seconds 3 Configure the client keep alive interval wlan client keep alive interval Optional By default keep alive function is disabled 4 Enable the fat AP to respond to the probe requests with the SSID null sent by the cli...

Page 19: ...template with type as crypto To configure a service template To do Use the command Remarks 1 Enter system view system view 2 Create a WLAN service template and enter WLAN service template view wlan service template service template number clear crypto Required 3 Specify the service set identifier ssid ssid name Required By default no SSID is set 4 Hide the SSID in beacon frames beacon ssid hide Op...

Page 20: ...io power varies with country codes channels AP models radio types and antenna types If 802 11n is adopted the maximum radio power also depends on the bandwidth mode 7 Specify the type of preamble preamble long short Optional By default the short preamble is supported This command does not apply to 802 11a radios Configuring the radio of the AP To configure the radio of the AP To do Use the command...

Page 21: ... 20 MHz channels can either work separately with one channel acting as the primary channel and the other acting as the secondary channel or both can work together as a 40 MHz channel This provides a simple way of doubling the data rate 2 Improving channel usage through these methods 802 1 1n introduces the A MPDU frame format By using only one PHY header each A MPDU can accommodate multiple MPDUs ...

Page 22: ...a SIC_WLAN module that supports 802 11n Available for routers with a SIC_WLAN module that supports 802 11n Available for routers with a SIC_WLAN module that supports 802 11n Available for routers with a SIC_WLAN module that supports 802 11n Displaying and maintaining WLAN service To do Use the command Remarks Display WLAN client information display wlan client interface wlan radio radio number mac...

Page 23: ...ctly or learn one another s MAC and IP addresses Enabling WLAN client isolation To enable WLAN client isolation To do Use the command Remarks 1 Enter system view system view 2 Enable WLAN client isolation wlan client isolation enable Optional Disabled by default Configuring SSID based access control When a user wants to access a WLAN temporarily the administrator can specify a permitted SSID in th...

Page 24: ...ion Guide WLAN service configuration examples WLAN service configuration example Network requirements As shown in Figure 9 enable the client to access the internal network resources at any time The AP provides a plain text wireless access service with SSID service 802 1 1g is adopted Figure 9 Network diagram for WLAN service configuration Configuration procedure 1 Configure the fat AP Create a WLA...

Page 25: ... with a SIC_WLAN module that supports 802 11n Network requirements As shown in Figure 10 deploy an 802 1 1n network to provide high bandwidth access for multi media applications The AP provides a plain text wireless service with SSID service 802 1 1gn is adopted to inter work with the existing 802 1 1g network and protect the current investment Figure 10 Network diagram for 802 11n configuration C...

Page 26: ...20 AP WLAN Radio2 0 service template 1 interface WLAN BSS 1 2 Verify the configuration The clients can associate with the APs and access the WLAN You can use the display wlan verbose command to view the online clients The 802 1 1n client information is displayed in the output information of the command ...

Page 27: ...enced personnel to implement regularly which brings high maintenance costs WLAN RRM is a scalable radio resource management solution It delivers a real time intelligent integrated radio resource management solution which enables a WLAN network to quickly adapt to radio environment changes and keep staying in a healthy state Configuration task list Complete the following tasks to configure WLAN RRM...

Page 28: ...ata rate table 40 MHz is shown in Table 2 For the whole table see IEEE P802 1 1n D2 00 As shown in the two tables MCS 0 through MCS 7 use one spatial stream and the data rate corresponding to MCS 7 is the highest MCS 8 through MCS 15 use two spatial streams and the data rate corresponding to MCS 15 is the highest Table 1 MCS data rate table 20 MHz MCS index Number of spatial streams Modulation Dat...

Page 29: ...es supported by the AP besides the mandatory rates Supported rates allow some clients that support both mandatory and supported rates to choose higher rates when communicating with the AP Multicast rates Multicast rates supported by the AP besides the mandatory rates Multicast rates allow clients to send multicast traffic at the multicast rates When you specify the maximum MCS index you actually s...

Page 30: ...r WLAN RRM view wlan rrm 3 Configure non 802 1 1h channel scanning autochannel set avoid dot11h Optional By default all channels of the country code are scanned Enabling 802 11g protection When both 802 1 1b and 802 1 1g clients access a WLAN network interference easily occurs and access rate is greatly degraded because they adopt different modulation modes To enable both 802 1 1b and 802 1 1g cli...

Page 31: ...1g protection enable Optional Disabled by default NOTE Enabling 802 11g protection reduces network performance Displaying and maintaining WLAN RRM To do Use the command Remarks Display WLAN RRM configuration information display wlan rrm begin exclude include regular expression Available in any view ...

Page 32: ...lgorithms Essentially it is a null authentication algorithm Any client that requests authentication with this algorithm can be authenticated Open system authentication is not required to be successful as an AP may decline to authenticate the client Open system authentication involves a two step authentication process In the first step the wireless client sends a request for authentication In the s...

Page 33: ...security Compared with WEP encryption TKIP encryption uses 128 bit RC4 encryption algorithm and increases the length of IVs from 24 bits to 48 bits Second TKIP allows for dynamic key negotiation to avoid static key configuration TKIP replaces a single static key with a base key generated by an authentication server TKIP dynamic keys cannot be easily deciphered Third TKIP offers MIC and countermeas...

Page 34: ...words the MAC addresses of allowed clients is created on the wireless access device and the clients are authenticated by the wireless access device Only clients whose MAC addresses are included in the list can pass the authentication and access the WLAN MAC address authentication through RADIUS server The wireless access device serves as the RADIUS client and sends the MAC address of each requesti...

Page 35: ...tional Enabling an authentication method You can enable open system or shared key authentication or both To enable an authentication method To do Use the command Remarks Enter system view system view 1 Enter WLAN service template view wlan service template service template number crypto 2 Enable the authentication method authentication method open system shared key Optional Open system authenticat...

Page 36: ... occurs Packet based GTK rekey After the specified number of packets is sent GTK rekey occurs You can also configure the device to start GTK rekey when a client goes offline Configuring GTK rekey based on time To configure GTK rekey based on time To do Use the command Remarks 1 Enter system view system view 2 Enter WLAN service template view wlan service template service template number crypto 3 E...

Page 37: ...ation includes WPA and RSN configuration For WPA and RSN configuration open system authentication is required WPA ensures greater protection than WEP WPA operates in either WPA PSK or Personal mode or WPA 802 1X or Enterprise mode In Personal mode a pre shared key or pass phrase is used for authentication In Enterprise mode 802 1X and RADIUS servers and the EAP are used for authentication Configur...

Page 38: ...er has a different key from the sender it discards the packets received from the sender In shared key authentication mode the WEP key is used for both encryption and authentication If the key of a client is different from that of the authenticator the client cannot go online To configure WEP encryption To do Use the command Remarks 1 Enter system view system view 2 Enter WLAN service template view...

Page 39: ...l Configuring CCMP cipher suite CCMP adopts the AES encryption algorithm To configure the CCMP cipher suite To do Use the command Remarks 1 Enter system view system view 2 Enter WLAN service template view wlan service template service template number crypto 3 Enable the CCMP cipher suite cipher suite ccmp Required By default no cipher suite is enabled Configuring port security The authentication t...

Page 40: ...ce number Required 3 Enable 802 1 1key negotiation port security tx key type 11key Required Not enabled by default 4 Enable the 802 1X port security mode port security port mode userlogin secure ext Required port security port mode userlogin secure Configuring MAC authentication To configure MAC authentication To do Use the command Remarks 1 Enter system view system view 2 Enter WLAN BSS interface...

Page 41: ...on interface interface list Available in any view Display the MAC address information of port security display port security mac address security interface interface type interface number vlan vlan id count Available in any view Display the PSK user information of port security display port security preshared key user interface interface type interface number Available in any view Display the conf...

Page 42: ...ice template 1 crypto Sysname wlan st 1 ssid psktest Sysname wlan st 1 security ie rsn Sysname wlan st 1 cipher suite ccmp Sysname wlan st 1 authentication method open system Sysname wlan st 1 service template enable Sysname wlan st 1 quit Bind interface WLAN BSS 1 to service template 1 on interface WLAN radio 2 0 Sysname interface wlan radio 2 0 Sysname WLAN Radio2 0 radio type dot11g Sysname WLA...

Page 43: ...MP cipher suite Sysname wlan st 1 security ie rsn Sysname wlan st 1 cipher suite ccmp Configure the open system authentication and enable the service template Sysname wlan st 1 authentication method open system Sysname wlan st 1 service template enable Sysname wlan st 1 quit Configure a RADIUS scheme named rad and configure the IP addresses of the primary authentication server and accounting serve...

Page 44: ... bss 1 2 Configure the RADIUS server IMC PLAT 5 0 The following takes the IMC the IMC versions are IMC PLAT 5 0 and IMC UAM 5 0 as an example to illustrate the basic configurations of the RADIUS server Add an access device Log in to the IMC management platform Select the Service tab and then select User Access Manager Access Device Management Access Device from the navigation tree to enter the acc...

Page 45: ...s 00146c8a43ff Select the service mac Figure 17 Add account 3 Verify the configuration After the client passes the MAC authentication the client can associate with the AP and access the WLAN You can use the display wlan client command display connection command and display mac authentication command to view the online clients 802 1X authentication configuration example Network requirements As show...

Page 46: ...omain Sysname radius radius1 quit Configure AAA domain imc by referencing RADIUS scheme rad Sysname domain imc Sysname isp imc authentication lan access radius scheme rad Sysname isp imc authorization lan access radius scheme rad Sysname isp imc accounting lan access radius scheme rad Sysname isp imc quit Configure the default ISP domain Sysname domain default enable imc Set the port mode for WLAN...

Page 47: ...0 See Configure the RADIUS server IMC PLAT 5 0 3 Configure the wireless card Double click the icon at the bottom right corner of your desktop The Wireless Network Connection Status window appears Click the Properties button in the General tab The Wireless Network Connection Properties window appears In the Wireless Networks tab select wireless network with the SSID dot1x and then click Properties ...

Page 48: ...44 Figure 19 Configure the wireless card I ...

Page 49: ...45 Figure 20 Configure the wireless card II ...

Page 50: ...ion introduces the combinations that can be used during the cipher suite configuration RSN For RSN the WLAN WSEC module supports only CCMP and TKIP ciphers as the pair wise ciphers and WEP cipher suites are only used as group cipher suites Below are the cipher suite combinations that WLAN WSEC supports for RSN WEP40 WEP104 and WEP128 are mutually exclusive Unicast cipher Broadcast cipher Authentic...

Page 51: ...P and TKIP ciphers as the pair wise ciphers and WEP cipher suites are only used as group cipher suites Below are the cipher suite combinations that WLAN WSEC supports for WPA WEP40 WEP104 and WEP128 are mutually exclusive Unicast cipher Broadcast cipher Authentication method Security Type CCMP WEP40 PSK WPA CCMP WEP104 PSK WPA CCMP WEP128 PSK WPA CCMP TKIP PSK WPA CCMP CCMP PSK WPA TKIP WEP40 PSK ...

Page 52: ...supports only WEP cipher suites WEP40 WEP104 and WEP128 are mutually exclusive Unicast cipher Broadcast cipher Authentication method Security Type WEP40 WEP40 Open system no Sec Type WEP104 WEP104 Open system no Sec Type WEP128 WEP128 Open system no Sec Type WEP40 WEP40 Shared key no Sec Type WEP104 WEP104 Shared key no Sec Type WEP128 WEP128 Shared key no Sec Type ...

Page 53: ...ny vulnerability occurs on the AP the hacker has an opportunity to compromise your network security Rogue client An unauthorized or malicious client on the network Rogue wireless bridge Unauthorized wireless bridge on the network Monitor AP An AP that scans or listens to 802 1 1 frames to detect wireless attacks in the network Ad hoc mode Sets the working mode of a wireless client to ad hoc An ad ...

Page 54: ...d de authentication frame can cause a client to get de authenticated from the network This can affect the normal operation of the WLAN At present spoofing attack detection counters this type of attack by detecting broadcast de authentication and disassociation frames sent on behalf of an AP When such a frame is received it is identified as a spoofed frame and the attack is immediately logged Weak ...

Page 55: ...all the attacks detected by WLAN IDS IPS display wlan ids history begin exclude include regular expression Available in any view Display the count of attacks detected by WLAN IDS IPS display wlan ids statistics begin exclude include regular expression Available in any view Clear the history of attacks detected by the WLAN system reset wlan ids history Available in user view Clear the statistics of...

Page 56: ... other clients are discarded Static blacklist Contains the MAC addresses of clients forbidden to access the WLAN This list is configured manually Dynamic blacklist Contains the MAC addresses of clients forbidden to access the WLAN A client is added dynamically to the list if it is considered sending attacking frames until the timer of the entry expires A dynamic blacklist can collaborate with ARP ...

Page 57: ...enied Whenever WLAN IDS detects a flood attack the attacking device is added into the dynamic blacklist You can set a lifetime in seconds for dynamic blacklist entries After the lifetime of an entry expires the device entry is removed from the dynamic blacklist If a flood attack from the device is detected again before the lifetime expires the entry is refreshed To configure WLAN IDS frame filteri...

Page 58: ...wlan dynamic blacklist mac address mac address all Available in user view WLAN IDS frame filtering configuration example Network requirements As shown in Figure 23 Client 1 0000 000f 121 1 is a rogue client To ensure WLAN security add the MAC address of the client into the blacklist on the AC to disable it from accessing the wireless network through any AP Figure 23 WLAN IDS frame filtering config...

Page 59: ...ories They are AC VO voice queue AC VI video queue AC BE best effort queue and AC BK background queue in the descending order of priority When contending for a channel a high priority AC queue preempts a low priority AC queue 4 CAC CAC limits the number of clients that are using high priority AC queues including AC VO and AC VI queues to guarantee sufficient bandwidth for existing high priority tr...

Page 60: ... for transmission thus guaranteeing bandwidth to the clients that have gained access CAC controls real time traffic AC VO and AC VI traffic but not common data traffic AC BE and AC BK traffic If a client wants to use a high priority AC queue it must send a request to the AP The AP returns a positive or negative response based on either of the following admission control policy Channel utilization ...

Page 61: ...ue SVP stipulates that random backoff is not performed for SVP packets Therefore you can set both ECWmin and ECWmax to 0 when there are only SVP packets in an AC queue ACK policy WMM defines two ACK policies Normal ACK and No ACK When the No ACK policy is used the recipient does not acknowledge received packets during wireless packet exchange This policy is suitable in the environment where commun...

Page 62: ...P uses the default EDCA parameters shown in Table 4 and uses the Normal ACK policy 7 Set the CAC policy wmm cac policy channelutilization channelutilization value users users number Optional By default the users based admission policy applies with the maximum number of users being 20 8 Map SVP packets to a specified AC queue wmm svp map ac ac vi ac vo ac be ac bk Optional By default the SVP packet...

Page 63: ...ess begin exclude include regular expression Available in any view Display radio or client WMM configuration information display wlan wmm radio interface wlan radio wlan radio number client all interface wlan radio wlan radio number mac address mac address begin exclude include regular expression Available in any view Clear radio or client WMM statistics reset wlan wmm radio interface wlan radio w...

Page 64: ...on method open system Sysname wlan st 1 service template enable Configure the radio type as 802 1 1g for radio interface WLAN Radio 2 0 and map service template 1 to interface WLAN BSS1 on the radio interface Sysname interface wlan radio 2 0 Sysname WLAN Radio2 0 radio type dot11g Sysname WLAN Radio2 0 service template 1 interface wlan bss 1 Enable WMM on radio interface WLAN Radio 2 0 Sysname WLA...

Page 65: ...1 authentication method open system Sysname wlan st 1 service template enable Configure the radio type as 802 1 1g for radio interface WLAN Radio 2 0 and map service template 1 to interface WLAN BSS1 on the radio interface Sysname interface wlan radio 2 0 Sysname WLAN Radio2 02 radio type dot11g Sysname WLAN Radio2 0 service template 1 interface wlan bss 1 Configure radio interface WLAN radio 2 0 ...

Page 66: ...e interface wlan bss 1 Sysname WLAN BSS1 qos trust dot11e Sysname WLAN BSS1 quit Configure interface Ethernet 1 0 to use the 802 1p priority of received packets for priority mapping Sysname interface ethernet 1 0 Sysname Ethernet1 0 qos trust dot1p Sysname Ethernet1 0 quit Create a clear type WLAN service template configure its SSID as market configure its authentication method as Open System and ...

Page 67: ...me command to view the support of the radio chip for the EDCA parameters Make sure the configured EDCA parameters are supported by the radio chip 2 Check that the values configured for the EDCA parameters are valid SVP or CAC configuration failure Symptom The SVP packet priority mapping function configured with the wmm svp map ac command does not take effect CAC configured with the wmm edca client...

Page 68: ... wwalerts After registering you will receive email notification of product enhancements new driver versions firmware updates and other product resources Related information Documents To find related documents browse to the Manuals page of the HP Business Support Center website http www hp com support manuals For related documentation navigate to the Networking section and select a networking categ...

Page 69: ...parated by vertical bars from which you select one choice multiple choices or none 1 n The argument or keyword and argument combination before the ampersand sign can be entered 1 to n times A line that starts with a pound sign is comments GUI conventions Convention Description Boldface Window names button names field names and menu items are in bold text For example the New User window appears cli...

Page 70: ...ing capable device such as a router or Layer 3 switch Represents a generic switch such as a Layer 2 or Layer 3 switch or a router that supports Layer 2 forwarding and other Layer 2 features Port numbering in examples The port numbers in this document are for illustration only and might be unavailable on your device ...

Page 71: ... 32 GTK rekey based on time 32 GTK rekey method 32 HP customer support and resources 64 document conventions 65 documents and manuals 64 icons used 65 subscription service 64 support contact information 64 symbols used 65 websites 64 icons 65 IDS attack detection 50 displaying and maintaining 51 MAC and PSK authentication example 38 MAC authentication 36 manuals 64 multi ESS 13 non dot1 1h channel...

Page 72: ...echanism 57 WMM configuration 57 WMM protocol overview 55 WLAN QoS configuration 55 WLAN QoS examples CAC service configuration example 60 network requirements 59 60 62 SVP service example 62 WMM basic configuration 59 WMM configuration examples 59 WLAN QoS protocols and standards 57 WLAN QoS troubleshooting 63 EDCA parameter configuration failure 63 SVP or CAC configuration failure 63 WLAN RRM 80...

Page 73: ... the AP 16 radio parameters 15 scanning 10 single BSS 12 single ESS Multi BSS the multi radio case 13 specifying a permitted SSID in a user profile 19 SSID 9 SSID based access control 19 task list 14 topologies 12 wireless client access 9 wireless medium 9 WLAN client isolation 19 WLAN service examples 20 WLAN service template 15 WLAN service configuration 9 WLAN service configuration example 20 W...

Reviews:

No comments

Related manuals for a-msr

N-Tron 702-W User Manual & Installation Manual preview
702-W
Brand: N-Tron Pages: 62
IBM TotalStorage SAN16M-R SAN Installation And Service Manual preview
TotalStorage SAN16M-R SAN
Brand: IBM Pages: 116
Garland INT10G10SP2 User Manual preview
INT10G10SP2
Brand: Garland Pages: 6
Enginko MCF-LW06424 Operating Manual preview
MCF-LW06424
Brand: Enginko Pages: 19
ZyXEL Communications ZyAIR G-3000H User Manual preview
ZyAIR G-3000H
Brand: ZyXEL Communications Pages: 299
Macsense MPC-200 User Manual preview
MPC-200
Brand: Macsense Pages: 13
IndigoVision Compact NVR-AS 4000 User Manual preview
Compact NVR-AS 4000
Brand: IndigoVision Pages: 38
INNOSILICON T3-43T User Manual preview
T3-43T
Brand: INNOSILICON Pages: 11
Zoom Realtek Series User Manual preview
Realtek Series
Brand: Zoom Pages: 31
AirLive Ether-GSH24T v3 Quick Setup Manual preview
Ether-GSH24T v3
Brand: AirLive Pages: 2
Airlink101 AR725W User Manual preview
AR725W
Brand: Airlink101 Pages: 64
ETAS ES1337.2 User Manual preview
ES1337.2
Brand: ETAS Pages: 29
SmartBridges airPoint Nexus sB3210 User Manual preview
airPoint Nexus sB3210
Brand: SmartBridges Pages: 55
Honeywell Home LTEM-PA Installation And Setup Manual preview
LTEM-PA
Brand: Honeywell Home Pages: 36
PairGain T1L2F10A Manual preview
T1L2F10A
Brand: PairGain Pages: 76
MikroTik wAP series User Manual preview
wAP series
Brand: MikroTik Pages: 5
NetApp SG1000 Troubleshooting Installations preview
SG1000
Brand: NetApp Pages: 10
Cabletron Systems TRMIM-10R Installation Manual preview
TRMIM-10R
Brand: Cabletron Systems Pages: 54

Brands by name

Popular brands

Load more brands