HP M210 Configuration And Administration Manual Download | Manualshive

Page: 37 / 110

background image

Managing wireless communities

37

Security method

By default, no security is defined for a wireless community. It is strongly recommended to
configure a security method to provide encrypted data exchanges between wireless clients and
the M210. See

Wireless protection on page 37

for details on the available security methods.

Wireless protection

The M210 provides several methods to protect wireless transmissions from eavesdropping and
to safeguard network access by unauthorized users. To choose the method that best meets the
needs of your network, refer to the sections that follow.

Static WEP

Static WEP enables you to encrypt wireless transmissions, but does not provide for user
authentication. WEP is not as secure as the other security methods available.

Note

WEP cannot be used when the radio operating mode supports 802.11n.

Transfer key index

This value indicates which of the four configured WEP keys the AP uses to encrypt the data it
transmits.

Key length

The number of characters you specify for the key determines the level of encryption.

•

For 64-bit encryption, specify 5 ASCII characters or 10 hexadecimal digits.

•

For 128-bit encryption, specify 13 ASCII characters or 26 hexadecimal digits.

«
...
35
36
37
38
39
...
»

Summary of Contents for M210

Page 1: ...HP M210 802 1 1n Access Point Configuration and Administration Guide HP Part Number 5998 5756 Published April 2014 Edition 1 ...

Page 2: ...statements accompanying such products and services Nothing herein should be construed as constituting an additional warranty HP shall not be liable for technical or editorial errors or omissions contained herein Acknowledgments Windows is a U S registered trademark of the Microsoft group of companies Warranty WARRANTY STATEMENT See the warranty information sheet provided in the product box and ava...

Page 3: ...ator login credentials 28 SNMP configuration 28 Supported MIBs 29 System time 29 Set system time 31 Daylight savings 31 4 Working with wireless communities and authentication 33 Overview 33 Configuring global RADIUS servers 33 Managing wireless communities 35 About the default wireless community 35 Wireless community configuration options 36 Wireless protection 37 MAC authentication 44 5 Wireless ...

Page 4: ...ommunities 78 VLAN assignment via RADIUS 79 Port statistics 80 8 Clustering multiple M210s 81 Overview 81 Shared settings in a cluster 81 IPv4 and IPv6 clusters 82 Cluster formation 83 Client connections 85 Channel planning 86 Configuration 86 Current channel assignments 87 9 Maintenance 89 Configuration file management 89 Reset 89 Save 89 Restore 90 Reboot 90 Software updates 91 Software informat...

Page 5: ... Packet trace file download 104 Ping 105 11 Support and other resources 107 Online Documentation 107 Contacting HP 107 HP Websites 107 Conventions 108 A Resetting to factory defaults 109 Factory reset procedures 109 Using the reset button 109 Using the management tool 109 ...

Page 6: ...6 ...

Page 7: ...rk and on the Internet Guests connect to wireless community 2 which is protected with WEP All guest traffic exits the M210 on VLAN 2 providing access only to the Internet Note WEP is available only when the radio mode does not support 802 1 1n For offices that already have a wired networking infrastructure the M210 is easily integrated to provide wireless networking It can also be used to extend t...

Page 8: ...inct employee groups access to the Internet through a router on the network The M210s are joined in a cluster which enables them to share a single configuration and to be administered as a single unit Channel planning may be implemented on the cluster to reduce interference and optimize wireless bandwidth usage Wireless community File server DHCP server computers WDS Wireless link Employee Main of...

Page 9: ... license agreement displays When you accept the agreement a page displays to enable you to select your country so that wireless radio settings are configured appropriately Select Save to display the first page in the Quick setup wizard This page lets you choose one of five configuration scenarios to use as the basis for your setup as described in the following sections Basic wireless network Choos...

Page 10: ...o create multiple wireless networks to support users with different networking requirements For example you could create two wireless networks one for employees and one for guests This option can be used to connect the M210 to a network using static IP DHCP or IPv6 addressing This scenario also supports clustering mode where multiple APs in the network are deployed and administered as a single ent...

Page 11: ... and supports clustering mode Multiple wireless networks with RADIUS authentication Choose this option if you want to Create multiple wireless networks to support users with different requirements Map the traffic from each wireless network to a specific VLAN Authenticate user login credentials using a third party RADIUS server This option can be used to connect the M210 to a network using static I...

Page 12: ... you want this AP to join the cluster Accessing Quick setup after your first login When you log in subsequent to completing or cancelling out of the Quick setup wizard the System summary page displays by default You can view and configure the Quick setup global settings by selecting Home Quick setup See Quick setup global settings page on page 24 ...

Page 13: ...ess networks with wired VLANs Multiple wireless networks with RADIUS authentication Add to wireless network with existing AP cluster Step 1 Specify access point settings For a complete description of all settings see the online help Configure the radio Wireless mode Select a radio mode IEEE 802 1 1a Up to 54 Mbps in the 5 GHz frequency band IEEE 802 1 1b g Compatibility mode Up to 1 1 Mbps for 802...

Page 14: ...nter a Static IPv6 address specify the Static IPv6 address prefix length and enter the Default IPv6 gateway address The Static IPv6 address status shows the configured address The possible values are as follows Operational The IP address has been verified as unique on the LAN and is usable on the interface Tentative The M210 initiates a duplicate address detection DAD process automatically when a ...

Page 15: ...figure whether this AP functions as a member of a cluster of APs on the network APs in a cluster have a single point of administration enabling you to view deploy configure and secure the wireless network as a single entity rather than a series of separate wireless devices When APs are clustered you can also configure channel planning which helps to reduce radio interference and maximize bandwidth...

Page 16: ...ings for client access and encryption This section displays different settings depending on the selected network environment For a Basic wireless network the page displays fields for configuring the network name SSID and security settings For a Multiple wireless networks configuration an additional table displays for adding wireless networks ...

Page 17: ...community For a Multiple wireless networks with RADIUS authentication configuration an appropriate security method is selected and additional fields display to configure RADIUS server information For an Add to wireless network with existing AP cluster configuration this section does not display as no security settings or additional wireless communities are needed ...

Page 18: ... fields in the Wireless community settings area display default values for the new community 2 Modify the default values if necessary See Wireless community settings for a description of these fields 3 Select Add 4 Select Save to accept the default settings in the Wireless community settings area or modify the settings and select Add then Save If you select Cancel before selecting Add the new wire...

Page 19: ...er than the management VLAN ID which is 1 by default then packets from this wireless community are tagged with the specified VLAN ID when forwarded to the wired network The VLAN ID can be from 1 to 4094 Secure the wireless network Use this section to define security settings for the wireless network Security method The available security methods and selected default settings vary depending on the ...

Page 20: ...re supported Multiple wireless networks with RADIUS authentication If the wireless mode includes 802 1 1n WPA WPA2 Personal WPA WPA2 Enterprise default If the wireless mode does not include 802 1 1n Static WEP see note 802 1X Dynamic WEP see note WPA WPA2 Personal WPA WPA2 Enterprise default Add to wireless network with existing AP cluster The AP will inherit its security settings from the cluster...

Page 21: ...s the RADIUS IP address type enter the IP address of the RADIUS server that all wireless communities use by default for example 192 168 10 23 If IPv6 is selected enter the IPv6 address of the RADIUS server for example 2001 0db8 1234 abcd Note You can configure only one RADIUS server using the Quick setup wizard You can however configure additional RADIUS servers using the Wireless Communities page...

Page 22: ...s which support only the original WPA select both WPA and WPA2 This setting enables both WPA and WPA2 wireless clients to associate and authenticate but uses the more robust WPA2 for clients that support it This WPA configuration allows more interoperability at the expense of some security RADIUS IP address type Select an IP version for communicating with the RADIUS server RADIUS IP or IPv6 addres...

Page 23: ...ort encryption cannot communicate with the M210 The same encryption key must be used on the M210 and all wireless clients Key type Select the format used to specify the encryption key ASCII ASCII keys are much weaker than carefully chosen hexadecimal keys You can include ASCII characters from 32 to 126 inclusive in the key However note that not all wireless clients support non alphanumeric charact...

Page 24: ... This page will also display if you select Manually configure wireless network settings check box on the initial Quick setup page This page enables you to configure the same settings as available in the Quick setup wizard See Quick setup wizard on page 13 for instructions In addition the Quick setup global settings page enables you to configure the following settings ...

Page 25: ...wizard you can configure only one System summary After you complete the Quick setup wizard when you log into the management tool again the System summary page displays This page includes the following information IP address The IP address assigned to the AP See the Network IP page to configure IP information Static IPv6 address The IPv6 address assigned to the AP if one is configured IPv6 autoconf...

Page 26: ...or each additional wireless community that you create For example if the Ethernet and wlan0 interfaces are assigned MAC address 00 55 9A 3C 7A 00 then the next wireless community you create will be assigned MAC address 00 55 9A 3C 7A 01 and so on Software version The version of software installed on the AP Product identifier The AP hardware model ID number Hardware version The AP hardware version ...

Page 27: ...8 1 1 or https 192 168 1 1 For information on launching the management tool for the first time see the HP M210 802 1 1n Access Point Quickstart Configuring web server settings Select Management Management tool to open the Configure web server settings page Web server configuration Use this section to configure web access to the management tool HTTPS server status HTTP server status The M210 softwa...

Page 28: ...t use special characters or spaces For security purposes it is recommended that the password be at least 6 characters Caution If you forget the administrator password the only way to access the administrator account is to reset the M210 to factory default settings See Resetting to factory defaults on page 109 SNMP configuration The M210 provides a robust SNMP v1 v2 implementation supporting both i...

Page 29: ... System time Correct system time is important for proper operation of the M210 especially when using the logs to troubleshoot Select Management System time to open the System time page This page enables you to configure time server and time zone information BRIDGE MIB 802 1d SNMP TARGET MIB ENTITY MIB RFC 2737 SNMP USM DH OBJECTS MIB IANAifType MIB SNMPv2 CONF IEEE802dot1 1 MIB SNMPv2 MIB RFC 2418...

Page 30: ...30 Managing the M210 ...

Page 31: ...y the NTP hostname or IP address although using the IP address is not recommended as these are more likely to change If you specify a hostname note the following requirements The length must be from 1 to 63 characters Upper and lower case characters numbers and hyphens are accepted The first character must be a letter a to z or A to Z and the last character cannot be a hyphen A actual NTP server h...

Page 32: ...32 Managing the M210 ...

Page 33: ...eans that all wireless users can reach resources on the corporate network However communication between wireless users may or may not be possible depending on the configuration settings defined for each wireless community Configuring global RADIUS servers M210 communities can use third party RADIUS servers to validate user login credentials for the WPA enterprise 802 1X or MAC based authentication...

Page 34: ...p to four server IP addresses of the selected type The first address is the primary RADIUS server If it is unavailable the M210 will attempt to use the others in sequence RADIUS key 1 2 3 The RADIUS key is the shared secret key for the global RADIUS server The first key corresponds to the first IP address and so on Enter up to 64 alphanumeric and special characters The key is case sensitive and yo...

Page 35: ...fter saving a new wireless community select Update then Save You can select Cancel before selecting Update to undo any changes to these settings See Wireless community configuration options on page 36 for details on the settings About the default wireless community By default a single wireless community is defined It is named HP which is also its network name SSID You can modify settings for the d...

Page 36: ...eless community on the Ethernet port All traffic sent received on the Ethernet port by the wireless community will be assigned to this VLAN Note Depending on the security protocol in use for the wireless community members may be assigned to a VLAN other than the default the default VLAN ID is 1 Client VLAN assignments from a RADIUS server override the default VLAN assignment MAC authentication Thi...

Page 37: ... method that best meets the needs of your network refer to the sections that follow Static WEP Static WEP enables you to encrypt wireless transmissions but does not provide for user authentication WEP is not as secure as the other security methods available Note WEP cannot be used when the radio operating mode supports 802 1 1n Transfer key index This value indicates which of the four configured W...

Page 38: ...y client to associate with the AP whether or not that client has the correct WEP key It does not ensure however that an associated client can exchange traffic with the AP A client must have the correct WEP key to be able to successfully access and decrypt data from an AP and to transmit readable data to it Shared key This method requires the client to have the correct WEP key to associate with the...

Page 39: ...ties page When not selected you can configure each wireless community to use a different set of RADIUS servers RADIUS IP address type You can toggle between the address types to configure IPv4 and IPv6 RADIUS server addresses Note however that the AP contacts only the RADIUS server or servers of the address type selected in this field RADIUS IP address RADIUS IPv6 address Enter the IPv4 or IPv6 ad...

Page 40: ...y 1 to 3 Enter the RADIUS key associated with the configured backup RADIUS servers The server at RADIUS IP address 1 uses RADIUS key 1 RADIUS IP address 2 uses RADIUS key 2 and so on Enable RADIUS accounting Select this option to track and measure the resources a particular user has consumed such as system time amount of data transmitted and received and so on If you enable RADIUS accounting it is...

Page 41: ...d WPA2 are supported at the same time Some legacy WPA clients may not work if this mode is selected This mode is slightly less secure than using the WPA2 AES CCMP mode Note WPA2 AES must be selected when the radio mode supports 802 1 1n If an 802 1 1n only mode is selected only WPA2 AES can be used Key The M210 uses the preshared key PSK you specify to generate the WPA TKIP or WPA2 AES keys that a...

Page 42: ...t none support WPA2 then select WPA WPA2 AES If all wireless clients on the network support WPA2 we suggest using WPA2 which provides the best security per the IEEE 802 1 1i standard Note WPA TKIP cannot be used when the radio operating mode supports 802 1 1n If you have a mix of clients some of which support WPA2 and others which support only the original WPA select both WPA TKIP and WPA2 AES Thi...

Page 43: ... the IP address of the RADIUS server that all wireless communities use by default for example 192 168 10 23 If IPv6 is selected enter the IPv6 address of the primary global RADIUS server for example 2001 0db8 1234 abcd RADIUS IP or IPv6 address 1 to 3 Enter up to three IPv4 and or IPv6 addresses to use as the backup RADIUS servers for this wireless community The field label is RADIUS IP address wh...

Page 44: ...se a list stored on a RADIUS server see Wireless community configuration options on page 36 Caution MAC authentication is vulnerable to MAC address spoofing where users in the network who are not granted access to the M210 gain access by changing their MAC addresses to an authorized user s address For better security administrators should consider using an additional authentication method WPA Pers...

Page 45: ...whose MAC addresses appear in the MAC address list can connect to the wireless network created by this community Block all stations in list Users whose MAC address appear in the MAC address list are blocked from accessing the wireless network created by this community Stations list Up to 512 MAC addresses are supported To remove an address select it in the list and select Remove MAC address To add...

Page 46: ...46 Working with wireless communities and authentication ...

Page 47: ... all wireless APs operating in the immediate area so that you can effectively set the operating frequencies This feature also makes it easy for you to find rogue APs See Detecting Rogue APs on page 60 Select Status Wireless to view detailed information about packets sent and received transmission errors and other low level events Caution APs that operate in the 2 4 GHz band may experience interfer...

Page 48: ... on the same frequency overlap throughput can be reduced in both APs Reduced throughput occurs because a wireless user that is attempting to transmit data defers delays transmission if another station is transmitting In a network with many users and much traffic these delayed transmissions can severely affect performance because wireless users may defer several times before the channel becomes ava...

Page 49: ...25 MHz frequency separation always perform worse than two channels that use maximum separation It is always best to use the greatest separation possible between overlapping networks With the proliferation of wireless networks it is very possible that the areas of coverage of APs outside your control overlap your intended area of coverage To choose the best operating frequency select Wireless Rogue...

Page 50: ... overlapping channels is 25 MHz in other words they must be at least five channels apart the recommended maximum number of overlapping APs you can have in most regions is three The following table gives examples relevant to North America and Europe for channels in the 2 4 GHz band Channel Frequency Channel Frequency 1 2 3 4 5 6 7 2412 2417 2422 2427 2432 2437 2442 8 9 10 1 1 12 13 14 2447 2452 245...

Page 51: ...rating frequencies as shown in the following figure Alternatively you can stagger APs to reduce overlap and increase channel separation as shown in the following figure AP 1 Channel 1 AP 2 Channel 6 AP 3 Channel 11 AP AP AP AP 1 Channel 1 AP 2 Channel 6 AP 3 Channel 11 AP 4 Channel 1 AP AP AP AP ...

Page 52: ...o exist on the same frequencies despite using different signal modulation schemes Since older 802 1 1b only clients cannot detect the newer 802 1 1g modulation scheme 802 1 1g clients must protect their transmissions by first sending a signal that alerts 802 1 1b clients to not attempt to transmit for a specified period of time If protection is not used 802 1 1b clients may transmit while an 802 1...

Page 53: ... 802 1 1n 5 GHz and IEEE 802 1 1n 2 4 GHz HP refers to these two modes as Pure n When the M210 radio is in either of these modes it will not allow non 802 1 1n clients to associate Legacy clients can see the M210 and may attempt to associate but they will be rejected The M210 makes this determination based on information on supported capabilities that the client presents during its association req...

Page 54: ...0 and 40 MHz clients can associate The channel selected on the Modify radio settings page is the primary channel and the secondary or extension channel is located adjacent to it The secondary channel is either above or below depending on which channel was selected as the primary In 5 GHz IEEE 802 1 1n mode the channels are paired for example channels 36 and 40 are always used together 44 and 48 ar...

Page 55: ...no wireless clients can connect Mode Select the mode that best supports the wireless clients at your location Supported wireless modes are determined by the regulatory domain country Available options may include one or more of the following IEEE 802 1 1a Up to 54 Mbps for 802 1 1a in the 5 GHz frequency band IEEE 802 1 1b g Compatibility mode Up to 1 1 Mbps for 802 1 1b and 54 Mbps for 802 1 1g i...

Page 56: ...the country and radio mode If DFS is not supported then the AP scans all valid channels for the current radio band and selects the channel with the least number of APs found The channel defines the portion of the radio spectrum the radio uses for transmitting and receiving Each mode offers a number of channels depending on how the spectrum is licensed by national and transnational authorities such...

Page 57: ... wireless clients associated with a different wireless community This selection is applied to all wireless communities on the AP Advanced radio settings When you select the next to Advanced radio settings the following settings display Multidomain regulatory mode This mode causes the AP to broadcast as a part of its beacons and probe responses the country in which it is configured for operation Th...

Page 58: ...ransmissions do not cause interference with legacy stations or applications By default these protection mechanisms are enabled Auto With protection enabled protection mechanisms will be invoked if legacy devices are within range of the AP You can disable these protection mechanisms Off When protection is off however legacy clients or APs within range can be affected by 802 1 1n transmissions Prote...

Page 59: ...n greatly reduce throughput RTS threshold Specify a Request to Send RTS threshold value from 0 to 2347 The RTS threshold indicates the number of octets in an MPDU below which an RTS CTS handshake is not performed Changing the RTS threshold can help control traffic flow through the AP especially one with many clients If you specify a low threshold value RTS packets will be sent more frequently This...

Page 60: ...ion The default and maximum rate limit setting is 50 packets per second Rate limit burst The rate limit burst sets a threshold rate for traffic bursts above which all traffic is considered to exceed the rate limit This burst limit allows intermittent bursts of traffic that are above the set Rate limit but below the Rate limit burst The default and maximum rate limit burst setting is 75 packets per...

Page 61: ...APs it is displayed in the Detected rogue AP list The following information displays for each detected rogue AP Field Description MAC The MAC address of the neighboring AP detected during a scan Beacon Int The Beacon interval being used by this AP Beacon frames are transmitted by an AP at regular intervals to announce the existence of the wireless network The default behavior is to send a beacon f...

Page 62: ...ity On indicates that the neighboring device has some security in place WPA Whether WPA security is on or off for this AP Band The 802 1 1 band used on this AP as follows 2 4 indicates 802 1 1b 802 1 1g or 802 1 1n mode or a combination of the modes 5 indicates 802 1 1a or 802 1 1n mode or both modes Channel The channel on which the AP is currently broadcasting The channel defines the portion of t...

Page 63: ...lect Save and then save the file to your PC or network By default the filename is Rogue2 cfg You can use a text editor or web browser to open the file and view its contents In the Import AP list section you can import a list that was previously saved from this AP or from another M210 Select one of the following options Replace The imported list will replace the Known APs list Merge APs from the im...

Page 64: ...sociation status Keep the following points in mind with regard to this field If the Security method is None or Static WEP the authentication and association status of clients showing on the Client associations page will be in line with what is expected that is if a client shows as authenticated to the AP it will be able to transmit and receive data This is because Static WEP uses only IEEE 802 1 1...

Page 65: ...itted Total packets transmitted by the AP WLAN bytes transmitted Total bytes transmitted by the AP WLAN packets receive dropped Number of packets received by the AP that were dropped WLAN bytes receive dropped Number of bytes received by the AP that were dropped WLAN packets transmit dropped Number of packets transmitted by the AP that were dropped WLAN bytes transmit dropped Number of bytes trans...

Page 66: ...t retry limit or the long retry limit Transmit retry count Number of times an MSDU is successfully transmitted after one or more retries Multiple retry count Number of times an MSDU is successfully transmitted after more than one retry RTS success count Count of CTS frames received in response to an RTS frame RTS failure count Count of CTS frames not received in response to an RTS frame ACK failur...

Page 67: ...network that includes WDS links should be distinguished from a group of clustered APs WDS enables wirelessly extending the network whereas clustering is used to simplify AP administration and optimize bandwidth use See Clustering multiple M210s on page 81 for more information Simultaneous AP and WDS support The M210 simultaneously supports wireless communities and one or more WDS links Although th...

Page 68: ...guration considerations The following guidelines apply when you create a WDS link between two or more M210s The 5 GHz band has a shorter reach when compared to the 2 4 GHz band This could be a factor depending on the distance your WDS link span All radios must be set to the same operating frequency and channel This means that on the Wireless Radio page under Channel you cannot select Auto The Ethe...

Page 69: ...C address of the wireless port on the M210 This address needs to be entered on the M210 to which this link will connect Spanning tree mode The Spanning Tree Protocol STP can be enabled to prevent undesirable loops from occurring in the network that may result in decreased throughput Enabling spanning tree is recommended ...

Page 70: ...y length Select 64 bits or 128 bits Key type Select ASCII or Hex WEP key If you selected ASCII enter any combination of 0 to 9 a to z and A to Z and special characters such as and If you selected Hex enter hexadecimal digits any combination of 0 to 9 and a to f or A to F These are the RC4 encryption keys shared with the stations using the AP Confirm key Re enter the key WPA PSK Configure the follo...

Page 71: ...e address text box and select the MAC address of the remote M210 Or if you cannot identify it in the list connect to the management tool on M210 2 open the home page and write down its MAC address B Set up the WDS link on M210 1 2 Open the management tool on M210 1 3 Select Wireless Radio to display the Modify radio settings page 4 In the Basic settings area configure the following Set Mode to 5 G...

Page 72: ... Encryption to WPA PSK Set the Link name to M210_WDS1 Set Key to a39xm210 8 Select Save C Setup the WDS link on M210 2 Configuration settings on M210 2 are similar to those defined on M210 1 9 Open the management tool on M210 2 10 Select Wireless Radio 1 1 In the Basic settings area configure the following Set Mode to 5 GHz IEEE 802 1 1n Set Channel to 36 12 Select Save ...

Page 73: ... you entered for the first M210 M210_WDS1 Set Key to a39xm210 15 Select Save D Test the link and make performance adjustments The WDS link should now be active 16 Select Tools Ping on M210 1 and ping the address of M210 2 192 168 5 20 If the ping succeeds it means that the WDS link is working 17 To view the operational status and traffic statistics for the WDS interface on either M210 select Statu...

Page 74: ...74 Creating WDS links ...

Page 75: ...eived on a different VLAN is ignored Untagged VLAN Untagged VLAN ID All traffic from wireless clients to the AP is associated with a VLAN ID The VLAN ID may be assigned by a RADIUS server or determined by the client s association with a wireless community Traffic between the wired network and the AP however might not be associated with a VLAN that is the traffic is untagged These settings determin...

Page 76: ...ill assign an address from its pool of available addresses You can find the IP address of the M210 by looking for its Ethernet base MAC address in the DHCP server log The Ethernet MAC address is printed on the M210 label identified as Ethernet Base MAC or listed on the management tool IP page as MAC address To have the DHCP server assign a specific IP address to the M210 you need to preconfigure t...

Page 77: ... static IPv6 address even if addresses have already been configured automatically Enter an address in the form XXXX XXXX XXXX XXXX Static IPv6 address prefix length The prefix length must be an integer in the range from 0 to 128 The prefix length determines the part of the IPv6 address that identifies the network that the M210 is attached to Default IPv6 gateway The default gateway address for IPv...

Page 78: ...utomatically obtained IPv6 address IPv6 autoconfigured global addresses If the AP has been assigned one or more IPv6 addresses automatically the addresses are listed VLAN configuration When the AP receives traffic from a wireless client the AP may forward it on the Ethernet network to which the AP connects Client traffic may be associated with a VLAN as it is forwarded to the Ethernet network VLAN...

Page 79: ...efined in a user s RADIUS account it always overrides the VLAN defined for a wireless community This enables you to define an VLAN setting for a community and then override it on a per user basis as required RADIUS assigned VLANs are created and deleted dynamically as clients associate and disassociate with the M210 When the first client assigned by RADIUS to a particular VLAN authenticates with t...

Page 80: ...unity does not use RADIUS All traffic on the Guest community is assigned to VLAN 20 providing access to the shared printer and the Internet Port statistics To view statistics on Ethernet packets received and transmitted on the wired and wireless ports select Status Ports The Port statistics page displays The statistics accumulate until the AP is rebooted Port The LAN port is listed as Port 1 The W...

Page 81: ... and maximize bandwidth on the wireless network The AP cluster is a dynamic configuration aware group of APs in the same wired subnet of a network Multiple clusters can exist within a subnet Each cluster can have up to four members Shared settings in a cluster When clustering is enabled some configuration items are shared by the entire cluster and other items remain unique to each M210 In the mana...

Page 82: ...dio Radio mode Channel bandwidth Primary channel Station Isolation Multi domain regulatory mode Short guard interval supported STBC mode Protection Fragmentation threshold RTS threshold Fixed multicast rate Broadcast multicast rate limiting Wireless community settings MAC authentication Basic SNMP settings Channel planning Admin password to secure any new cluster members Email alert settings WDS l...

Page 83: ...e configuration change is shared with all members of the cluster and the configured AP assumes control of the cluster When two separate clusters join into one then the cluster that was created first wins arbitration for cluster control The configuration on the newly formed cluster is overwritten by the configuration on the new cluster controller If a cluster does not receive cluster advertisements...

Page 84: ...obal address and statically configured IPv6 global address Ensure that when using IPv6 for clustering all the APs in the cluster either use link local addresses only or use global addresses Clustering will not work with mixed address versions 6 Select Save The M210 begins searching for other APs in the subnet that are configured with the same cluster name and IP version A potential cluster member ...

Page 85: ...s page shows a maximum of 20 clients on each clustered AP To see all clients associated with a particular AP view the Wireless Client connections page directly on that AP AP MAC Media Access Control MAC address of the AP The address shown here is the MAC address for the Ethernet interface and the default wireless community wlan0 This is the address by which the AP is known externally to other netw...

Page 86: ...cy of communication over the wireless network You must start channel planning to get automatic channel assignments It is disabled by default At a specified interval the channel manager maps APs to channel use and measures interference levels in the cluster If significant channel interference is detected the channel manager automatically reassigns some or all of the APs to new channels according to...

Page 87: ... you reset the minimal channel interference threshold to 25 percent the proposed channel plan will be implemented and channels will be reassigned as needed Last proposed channels applied If a channel plan was previously applied on the AP this field shows the number of hours and minutes that have passed since it was applied Current channel assignments Use this section to view the list of all APs in...

Page 88: ...n the proposal and the application of the proposed channel Status Indicates whether the channel is up or down Locked You can select to lock the AP onto the current channel When selected automated channel plans cannot reassign the AP to a different channel as a part of the optimization strategy Instead APs with locked channels will be factored in as requirements for the plan ...

Page 89: ...by selecting Maintenance Config file management Reset See Resetting to factory defaults on page 109 Save The Save feature enables you to back up your configuration settings so that they can be easily restored in case of failure Before you install new software you should always back up your current configuration To start the process select a Download method and then select Download ...

Page 90: ...nt to restore then select Restore For a TFTP restore specify the file path and file name on the TFTP server and enter the TFTP server address Then select Restore After restoring the configuration file the system automatically reboots Note The M210 automatically restarts when the upload is completed Reboot For maintenance purposes or as a troubleshooting measure you can reboot the M210 by selecting...

Page 91: ...age switch is in progress When the image switch is complete the AP restarts The M210 resumes normal operation with the same configuration settings it had before the upgrade Software upgrade When a software upgrade is available you can download the image to the M210 Caution Before updating be sure to check for update issues in the Release Notes Even though configuration settings are preserved durin...

Page 92: ...ditor The file contains configuration settings including those that have been customized by the user The file is named showtech rtf by default In the Save system information area you can download an encrypted binary file Although you cannot read this file you can provide it to customer support to assist in debugging efforts This file contains additional configuration and device information It is n...

Page 93: ...mber of log messages from RAM select Tools System log System log configuration You can use the System log configuration section of the System log page to configure the size of the system log and specify which system events result in messages to store in the log based on their severity level You can configure the following log settings Persistence If the system unexpectedly reboots log messages can...

Page 94: ...verwritten by the new log message Remote syslog configuration You can view up to 512 messages stored in RAM in the Events section of the System log page To view a longer history of messages you must set up a remote syslog server that acts as a syslog log relay host on your network Then you can configure the M210 to send syslog messages to the remote server The Severity level setting configured in ...

Page 95: ...r network and that your syslog server is also configured to use that port Events The Events section of the System log page shows real time system events on the AP such as wireless clients associating with the AP and being authenticated The log shows the date the event occurred its severity level the software program or process that caused the event message and the message text You can select Refre...

Page 96: ... immediately Critical indicates critical conditions Error indicates error conditions Warning indicates warning conditions Notice indicates normal but significant conditions Informational indicates informational messages Debug indicates debug level messages Non urgent severity This setting determines the severity level for log messages that are considered to be non urgent Messages in this category ...

Page 97: ...er security setting Specify the username to use for authentication with the mail server The username can be up to 64 characters long and can include any printable characters Password Specify the password associated with the username configured in the previous field Message configuration To address 1 2 3 Configure the first email address to which alert messages are sent and optionally a second and ...

Page 98: ...tratively enabled or disabled Number of emails sent The number of alert emails sent since the feature was enabled Number of emails failed The number of alert emails sent since the feature was enabled that did not reach the intended destination Time since last email sent The date and time of the last alert email sent From AP 192 168 1 1 mailserver com Sent Wednesday February 08 2014 11 16 AM To adm...

Page 99: ... interface 802 3 packets received and transmitted within wireless communities or on internal logical interfaces such as WDS interfaces To configure network trace settings and initiate packet captures select Tools Network trace Packet trace configuration Use this section to configure parameters that affect how packet trace functions on the radio interfaces Trace beacons Enable to trace the 802 1 1 ...

Page 100: ...roceeds until one of the following occurs The trace time reaches configured duration The trace file reaches its maximum size The administrator stops the trace During the trace you can monitor the trace status elapsed trace time and the current trace file size You can select Refresh to update this information while the trace is in progress Performing a packet file trace To perform a packet file tra...

Page 101: ...ou to display log and analyze captured traffic When the remote trace mode is in use the M210 does not store any captured data locally in its file system Setting up Wireshark sessions You can trace up to five interfaces on the M210 at the same time However you must start a separate Wireshark session for each interface You can configure the IP port number used for connecting Wireshark to the M210 Th...

Page 102: ...owing trace filter is automatically installed on the M210 not portrange 58000 58004 Enabling the packet trace feature impacts M210 performance and can create a security issue unauthorized clients may be able to connect to the AP and trace user data The M210 performance is negatively impacted even if there is no active Wireshark session with the AP The performance is negatively impacted to a greate...

Page 103: ...specify the Remote trace port Specify the remote port to use as the destination for packet captures The range is 1 to 65530 and the default port is 2002 If you change this value you must select Save prior to starting the remote trace 4 Select Start Remote Trace The trace session will run for the specified duration You can view the trace status in the Packet trace status section Select Refresh to s...

Page 104: ... HTTP download Select HTTP to download to your PC or a network location When you select Download you will be able to browse to the desired location TFTP download Select TFTP to download to download to a TFTP server TFTP server filename The file will be saved to the TFTP server under this name and path Server IP Enter the IP address of the TFTP server When you select Download a progress bar display...

Page 105: ... or a hostname Timeout Specify the amount of time in seconds after which an unsuccessful ping will time out Results The results window shows the size and number of each packet sent and if the host is reached the size and number of each packet received in response and its round trip time It also displays statistics about packet loss and if the host is reached the average round trip time for all pac...

Page 106: ...106 Tools ...

Page 107: ...ation see the HP Support Website www hp com networking support Before contacting HP collect the following information Product model names and numbers Technical support registration number if applicable Product serial numbers Error messages Operating system type and revision level Problem description and any detailed questions HP Websites For additional information see the following HP Websites www...

Page 108: ...terface Refer to the following image for identification of key user interface elements and then the table below for example directions Example directions in this guide What to do in the user interface Select Wireless Radio Select Wireless on the main menu and then select Radio on the sub menu Set Mode to 5 GHz IEEE 802 1 1n For the Mode setting select the 5 GHz IEEE 802 1 1n from the list Main Sub...

Page 109: ...in and enables the DHCP client on the Ethernet port If no DHCP server assigns an address to the M210 its address defaults to 192 168 1 1 Using the reset button Using a tool such as a paper clip press and hold the reset button for a few seconds until the status lights blink three times Using the management tool To reset the M210 to factory defaults 1 Launch the management tool default https 192 168...

Page 110: ...110 ...

Reviews:

No comments

Related manuals for M210

Brand: ICP DAS USA Pages: 8

Brand: Navini Networks Pages: 8

Brand: Alloy Pages: 30

3CRWER101U-75 - Wireless 11g Cable/DSL...

Brand: 3Com Pages: 76

Brand: C Spire Pages: 44

Brand: FS Pages: 36

Brand: LevelOne Pages: 31

Brand: Billion Pages: 61

Brand: Arista Pages: 4

Brand: Arista Pages: 4

Brand: Linksys Pages: 32

Brand: VDO Pages: 2

Brand: Dell Pages: 16

Brand: Dell Pages: 5

Networking 207 Series

Brand: Dell Pages: 4

Brand: Dell Pages: 2

Brand: Dell Pages: 4

Brand: Dell Pages: 2

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands