manualshive.com logo in svg

HP ProCurve 530 NA, Management And Configuration Manual

The HP ProCurve 530 NA provides reliable network management and configuration capabilities. Accessing its full potential is made easy with the comprehensive "Management And Configuration Manual" available for free download on our website. Unlock the power of this exceptional product with our user-friendly manual at manualshive.com.

Share
Download
background image

7-2

Wireless Security Configuration

Contents

Overview  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .  7-5

Wireless Security Overview   . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .  7-6

User Authentication   . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .  7-6

MAC Authentication   . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .  7-6
802.1X User Authentication   . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .  7-7

Access Point Authentication  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .  7-7

Encryption  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .  7-8

Wired Equivalent Privacy (WEP)  . . . . . . . . . . . . . . . . . . . . . . . . . . .  7-8
Temporal Key Integrity Protocol (TKIP)   . . . . . . . . . . . . . . . . . . . .  7-8
Counter Mode/CBC-MAC Protocol (CCMP) . . . . . . . . . . . . . . . . . .  7-9

Key Management  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .  7-9

Security Profiles   . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .  7-9

No Security  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .  7-9
Static Wired Equivalent Privacy (WEP)   . . . . . . . . . . . . . . . . . . . .  7-10
Dynamic Wired Equivalent Privacy (WEP)   . . . . . . . . . . . . . . . . .  7-10
TKIP with Preshared Key   . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .  7-10
AES with Preshared Key  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .  7-10
TKIP with 802.1X  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .  7-11
AES with 802.1X  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .  7-11

Other Security Features  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .  7-12

Establishing Security  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .  7-16

Web: Setting Security Options  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .  7-18

Manual Configuration Using the CLI  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .  7-24

CLI: Configuring Security Settings   . . . . . . . . . . . . . . . . . . . . . . . . . . . .  7-24

Configuring RADIUS Client Authentication  . . . . . . . . . . . . . . . . . . . . . . . .  7-32

Web: Setting RADIUS Server Parameters   . . . . . . . . . . . . . . . . . . . . . .  7-33

CLI: Setting RADIUS Server Parameters  . . . . . . . . . . . . . . . . . . . . . . .  7-35

Web: Establishing Local RADIUS Accounts   . . . . . . . . . . . . . . . . . . . .  7-36

Managing Existing RADIUS Accounts . . . . . . . . . . . . . . . . . . . . . .  7-36
Adding New RADIUS Accounts  . . . . . . . . . . . . . . . . . . . . . . . . . . .  7-37
Managing the RADIUS User Database   . . . . . . . . . . . . . . . . . . . . .  7-39

CLI: Setting Local RADIUS Server Parameters  . . . . . . . . . . . . . . . . . .  7-41

Configuring MAC Address Authentication  . . . . . . . . . . . . . . . . . . . . . . . . .  7-43

Authentication Order   . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .  7-43

Summary of Contents for ProCurve 530 NA

Page 1: ...Management and Configuration Guide www procurve com ProCurve Wireless Access Point 530 ...

Page 2: ......

Page 3: ...ProCurve Wireless Access Point 530 Management and Configuration Guide ...

Page 4: ...uld be construed as constituting an additional warranty HP shall not be liable for technical or editorial errors or omissions contained herein Hewlett Packard assumes no responsibility for the use or reliability of its software on equipment that is not furnished by Hewlett Packard Warranty See the Customer Support Warranty booklet included with the product A copy of the specific warranty terms app...

Page 5: ... IP Addressing 1 6 To Set Up and Install the Access Point in Your Network 1 7 2 Selecting a Management Interface Contents 2 2 Overview 2 3 Understanding Management Interfaces 2 4 Advantages of Using the CLI 2 5 Advantages of Using the ProCurve Access Point 530 Browser Interface 2 6 3 Using the Command Line Interface CLI Contents 3 2 Overview 3 3 Accessing the CLI 3 4 Direct Console Access 3 4 Teln...

Page 6: ...iew 4 3 Starting a Web Browser Interface Session with the Access Point 4 4 Description of the Web Interface 4 6 The Home Page 4 6 Support Window 4 7 Online Help for the ProCurve Web Browser Interface 4 7 Using the Help in the Browser Interface 4 8 Web Interface Screens 4 9 Device Information Group 4 10 Device Information Summary 4 11 Wireless Stations Screen 4 12 AP LAN Statistics Screen 4 14 Wire...

Page 7: ... 9 Web Configuring Access Controls 5 10 CLI Configuring Management Controls 5 12 Modifying System Information 5 15 Web Setting the System Name Location and Contact 5 15 CLI Setting the System Name 5 17 Configuring Ethernet Settings 5 19 Web Configuring IP Settings Statically or via DHCP 5 19 CLI Configuring IP Settings Statically or via DHCP 5 23 Configuring SNMP 5 25 MIB Support 5 26 Web Setting ...

Page 8: ...g Up Filter Control 5 55 Web Setting Traffic Filters 5 55 CLI Setting Traffic Filters 5 56 Configuring VLAN Support 5 57 Web Setting A Management VLAN 5 58 Web Changing the Untagged VLAN ID 5 59 CLI Enabling VLAN Support 5 61 Managing Group Configuration 5 63 Guidelines for Deploying Group Configuration 5 64 The Synchronization Process 5 64 Security and Integrity Recommendations 5 65 Web Enabling ...

Page 9: ...LI Setting the Transmit Power Reduction and Antenna Parameters 6 27 Adaptive Tx Power Control 6 29 Feature Overview 6 29 Scope of Neighboring APs 6 30 Adaptive Mode 6 30 Power Reduction Limit 6 31 Configuration Strategy 6 31 Web Configuring Adaptive Tx Power Control 6 32 CLI Configuring Adaptive Tx Power Control 6 34 Managing Multiple WLAN BSS SSID Interfaces 6 36 Web Configuring SSID Interfaces 6...

Page 10: ...Authentication 7 32 Web Setting RADIUS Server Parameters 7 33 CLI Setting RADIUS Server Parameters 7 35 Web Establishing Local RADIUS Accounts 7 36 Managing Existing RADIUS Accounts 7 36 Adding New RADIUS Accounts 7 37 Managing the RADIUS User Database 7 39 CLI Setting Local RADIUS Server Parameters 7 41 Configuring MAC Address Authentication 7 43 Authentication Order 7 43 Access Control List and ...

Page 11: ...for Authentication Screens 7 62 Login Screen Default Values 7 62 Welcome Screen Default Values 7 63 Failed Screen Default Values 7 63 Guidelines for Deploying Web Auth 7 63 Configuration Summary 7 64 Web Configuring the Global Address Pool 7 64 CLI Configuring the Global Address Pool 7 65 Web Configuring Global Guest Account Settings 7 66 CLI Configuring Global Guest Account Settings 7 67 Web Conf...

Page 12: ...8 23 Web Configuring STP Parameters 8 26 CLI Establishing STP Settings 8 27 AP Detection Commands 8 30 Web Configuring AP Detection Parameters 8 30 CLI Configuring AP Detection 8 33 Probe Table 8 35 Probe Table Description 8 35 Guidelines for Configuring the Probe Table 8 35 Identity Driven Management 8 36 IDM VLAN 8 36 IDM ACL 8 37 Configuring an ACL in a RADIUS Server 8 37 IDM Rate Limiting 8 37...

Page 13: ...show ssh 9 26 show system information 9 27 show version 9 29 System Logging Commands 9 30 log 9 30 logging 9 31 show debug 9 32 show logging 9 32 System Clock Commands 9 34 sntp 9 34 show sntp 9 35 show time 9 35 Network Management Application Commands 9 37 snmp server community restricted unrestricted 9 38 snmp server contact 9 39 snmp server host 9 40 snmp server location 9 41 snmp server port 9...

Page 14: ...w copy 9 57 show tech 9 57 show custom default 9 58 show running config 9 60 Group Configuration 9 61 group config 9 61 group config name 9 62 group config member id 9 62 show group config 9 63 RADIUS Accounting Authentication 9 65 radius accounting 9 65 radius failover to local retransmit 9 66 radius primary secondary 9 67 RADIUS Users 9 69 radius local 9 69 show radius local 9 70 MAC Address Aut...

Page 15: ...tion 9 83 show web auth 9 85 AP Authentication Commands 9 86 ap authentication 9 86 show ap authentication 9 87 Filtering Commands 9 87 inter station blocking 9 88 wireless mgmt block 9 88 show filters 9 89 Ethernet Interface Commands 9 90 interface 9 90 enable ethernet 9 91 disable ethernet 9 91 description 9 92 dns primary 9 92 dns secondary 9 93 ip address 9 94 ip default gateway 9 95 speed dup...

Page 16: ...111 fragmentation thresh 9 111 inactivity timeout 9 112 slot time 9 113 rts threshold 9 113 tx power reduction 9 114 enable wireless 9 115 disable wireless 9 116 show radio 9 116 show ssid 9 117 show wlan 9 119 show basic rate 9 121 show stations 9 122 show supported rate 9 123 Wireless Security Commands 9 124 security 9 125 wep default key 9 127 wep key ascii 9 128 wep key length 9 129 wep key 9 ...

Page 17: ...ion interval 9 138 ap detection max entries 9 138 show detected ap 9 139 Adaptive Tx Power Control Commands 9 140 atpc 9 140 atpc avoid other aps 9 141 atpc rf group name 9 141 atpc adapt 9 142 atpc max atpc atten 9 143 show atpc 9 143 VLAN Commands 9 145 vlan 9 145 untagged vlan 9 146 management vlan 9 146 QoS Commands 9 148 qos ap params 9 149 qos sta params 9 151 qos wmm 9 153 show qos 9 154 ra...

Page 18: ...or Using TFTP FTP or SCP To Download Software from a Server A 4 Web TFTP FTP or STP Software Download to the Access Point A 5 CLI Viewing Software Versions A 7 Transferring Configuration Files A 8 Web Configuration File Upload and Download A 8 CLI Performing Configuration File Commands A 10 Rebooting the Access Point A 14 Web Rebooting the System A 14 CLI Rebooting the System A 15 Manual Using the...

Page 19: ... 6 AP Authentication B 7 Filtering B 7 Ethernet Interface B 7 Wireless Interface B 8 Wireless Security B 9 AP Detection B 9 VLAN B 10 Adaptive Tx Power Control B 10 QoS B 11 Wireless Distribution System WDS B 12 C Adaptive Tx Power Control Use Cases Contents C 2 Use Model Airport Deployment C 3 Airport Case 1 No RF Group Name C 3 Settings C 4 Decisions AP 1 C 4 Decisions AP 4 C 4 Results with No R...

Page 20: ...C 8 Results with Adaptive Mode AP C 8 Warehouse Case 2 Adaptive Mode AP Clients C 9 Settings C 9 Results with Adaptive Mode AP Clients C 9 Warehouse Model Analysis C 10 D Open Source Licenses Contents D 2 Overview D 3 GPL2 GNU General Public License v 2 D 4 GPL Linking Exception D 9 ClearSilver D 10 Dropbear License D 12 sFlow License D 14 LGPL GNU Lesser General Public License D 18 Intel 2 D 27 M...

Page 21: ...1 1 1 Getting Started ...

Page 22: ...d Syntax Statements 1 3 Command Prompts 1 4 Screen Examples 1 4 Related Publications 1 4 Getting Documentation from the Web 1 5 Sources for More Information 1 5 Need Just a Quick Start 1 6 IP Addressing 1 6 To Set Up and Install the Access Point in Your Network 1 7 ...

Page 23: ... This section describes the conventions used for command syntax and displayed information Command Syntax Statements Syntax radius local username disabled password password realname real name Vertical bars separate alternative mutually exclusive elements Square brackets indicate optional elements Braces indicate a required choice Curly brackets surrounding several sets of square brackets indicate t...

Page 24: ...to prepare for and perform the physical installation That guide also steps you through the process of connecting the access point to your network and assigning IP addressing as well as describes the LED indications for correct operation and trouble analysis The Installation and Getting Started Guide and the Management and Configuration Guide canbedownloadedfromtheProCurveNetworkingWeb site See Get...

Page 25: ...ve com manuals 2 Click on the name of the product for which you want documentation 3 On the resulting web page double click on a document you want 4 Save the document to your hard disk Sources for More Information The AP530 Web browser interface provides online help as described in Online Help for the ProCurve Web Browser Interface on page 4 7 For more information on ProCurve technology visit the ...

Page 26: ...evel prompt ProCurve Access Point 530 config 3 Enter interface ethernet for global configuration at the CLI level prompt ProCurve Access Point 530 config interface ethernet 4 Enter ip address followed by the address and the subnet mask at the CLI Ethernet Configuration level prompt ProCurve Access Point 530 ethernet ip address address subnet_mask 5 Optional Enter an address for the default IP gate...

Page 27: ...s point in your network Quickly assigning an IP address subnet mask and gateway setting a Manager password and optionally configuring other basic features Interpreting LED behavior Notes cautions and warnings related to installing and using the access point For the latest version of the Installation and Getting Started Guide and other documentation for your access point visit the ProCurve Networki...

Page 28: ...1 8 Getting Started Need Just a Quick Start This page is intentionally unused ...

Page 29: ...2 1 2 Selecting a Management Interface ...

Page 30: ...electing a Management Interface Contents Contents Overview 2 3 Understanding Management Interfaces 2 4 Advantages of Using the CLI 2 5 Advantages of Using the ProCurve Access Point 530 Browser Interface 2 6 ...

Page 31: ...2 3 Selecting a Management Interface Overview Overview This chapter describes the following Access Point management interfaces Advantages of using each interface type ...

Page 32: ...e offering status infor mation and access point configuration see Advantages of Using the ProCurve Access Point 530 Browser Interface on page 2 6 SNMP a network management application such as the ProCurve Manager to manage the access point via the Simple Network Management Protocol SNMP from a network management station This manual describes how to use the CLI and the Web browser interface and how...

Page 33: ...for determining available options and vari ables CLI Usage For information on how to use the CLI refer to Chapter 3 UsingtheCommand Line Interface CLI To perform specific procedures such as configuring IP addressing use the Table of Contents at the front of this manual to locate the information you need For information on individual CLI commands refer to Chapter 9 Command Line Reference or use the...

Page 34: ...point from anywhere on the network Familiar browser interface locations of window objects consistent with commonly used browsers uses mouse clicking for navigation no terminal setup Many features have all their fields in one screen so you can view all values at once More visual cues using colors status bars device icons and other graphical objects instead of relying solely on alphanumeric values D...

Page 35: ...3 1 3 Using the Command Line Interface CLI ...

Page 36: ...curity 3 6 Logging In 3 7 Command Levels 3 8 Manager Exec Level 3 8 Global Configuration Level 3 8 Context Specific Configuration Levels 3 9 Moving Between Command Levels 3 10 When Changes are Applied 3 10 Options for Getting Help in the CLI 3 11 Displaying All Available Commands 3 11 Completing the Current Command 3 13 Displaying Available Command Options 3 14 CLI Control and Editing 3 15 ...

Page 37: ... Command Line Interface CLI is a text based command interface for configuring and monitoring the access point The CLI gives you access to the access point s full set of commands while providing the same password protection that is used in the Web browser interface ...

Page 38: ...e access point use a null modem cable or an HP serial cable part number 5184 1894 shipped with many HP ProCurve switches Connecttheserial cable betweena VT 100 terminal or a PC terminal emulator and the access point s Console port Configure either one to operate with these settings If using a PC terminal emulator configure it as a DEC VT 100 ANSI terminal Port is COM1 COM1 is the standard port how...

Page 39: ...PC using the access point s IP address or DNS name telnet 10 11 12 195 Enter Example of an IP address telnet AP530 Enter Example of a DNS type name Secure Shell Access Configuring the access point through an SSH client provides a secured connec tion as traffic is encrypted To configure the access point through an SSH session make sure the access point is configured with an IP address and that it i...

Page 40: ... the configuration to retain the changes upon rebooting the access point Password Security By default the access point defaults the Manager user name to admin for CLI access with the password defaulted to admin To secure management access to the access point you must set the Manager password Without a Manager password configured anyone having serial port or Telnet access to the access point can re...

Page 41: ...user name the default is admin After entry of the user name you will be prompted for the password The default password is admin For example Figure 3 1 Example of CLI Log On Screen with Password When you successfully log onto the CLI you will see the following command prompt ProCurve Access Point 530 ProCurve AP 530 admin Password Password Prompt ...

Page 42: ...name and the delimiter For example ProCurve Acess Point 530 Global Configuration Level Global Configuration level gives access to commands for configuring the access point s software features plus all the commands available at the lower Manager Exec level except for the configure terminal command To enter this level enter the configure command at the Exec prompt The prompt for this level adds the ...

Page 43: ...2 ProCurve Acess Point 530 wds2 Radio Configuration To enter the Radio context for radio 1 for example enter radio 1 at the Global Config prompt ProCurve Acess Point 530 config radio 1 ProCurve Acess Point 530 radio1 WLAN Configuration To enter the WLAN context for WLAN 1 on radio 1 enter wlan 1 at the radio 1 prompt ProCurve Acess Point 530 radio1 wlan 1 ProCurve Acess Point 530 radio1 wlan1 Tabl...

Page 44: ...erface are only made to the running configuration and must be saved using the copy or write memory command if they are to persist following a reboot To save the running configuration changes to the startup configuration using the CLI Interface ProCurve Acess Point 530 ethernet write memory Change in Levels Example of Prompt Command and Result Manager Exec to Global configuration ProCurve Acess Poi...

Page 45: ...r Manager Exec level For example typing at the Manager Exec level produces this listing Figure 3 3 Example of the Manager Exec Level Command Listing ProCurve Access Point 530 configure Enter the Configuration context copy Copy data and configuration files to from this device deauth mac Enter MAC address to de authenticate from this device end Return to the Manager level context erase Erase stored ...

Page 46: ...DHCP end Return to the Manager level context erase Erase stored files exit Return to the previous context or terminate current cons ole telnet session if you are in the Manager context lev el group config Add to a group remove from a group or re configure gro up config settings hostname Set the system hostname inter station blockingEnable disable blocking of direct communication between wireless s...

Page 47: ... have typed enough of the word for the CLI to distinguish it from other options the CLI completes the current word otherwise it displays the available completions For example at the Global Configuration level if you press Tab immediately after typing s the CLI displays the command that begins with s For example ProCurve Acess Point 530 config s Tab show snmp server snmpv3 sntp ssh stp Use Shorthan...

Page 48: ... How To List the Options for a Specific Command ProCurve Access Point 530 config snmp server community Add remove an SNMP community contact Specify a text string that identifies the main contact f or this device host Add remove an SNMP trap destination host community location Specify a text string that identifies the location of th is device port Specify the port to use for the SNMP server on this...

Page 49: ...rl K Deletes from the cursor to the end of the command line Ctrl L or Ctrl R Repeats current command line on a new line Ctrl N or v Enters the next command line in the history buffer Ctrl P or Enters the previous command line in the history buffer Ctrl R Repeats current command line on a new line Ctrl U or Ctrl X Deletes from the cursor to the beginning of the command line Ctrl W Deletes the last ...

Page 50: ...3 16 Using the Command Line Interface CLI CLI Control and Editing This page is intentionally unused ...

Page 51: ...4 1 4 Using the ProCurve Web Browser Interface ...

Page 52: ...11 Wireless Stations Screen 4 12 AP LAN Statistics Screen 4 14 Wireless Statistics Screen 4 15 Event Log Screen 4 17 Network Setup Group 4 18 Network Setup Summary 4 19 Management Group 4 20 Management Summary 4 21 Special Features Group 4 22 Special Features Summary 4 23 Tasks for Your First ProCurve Web Browser Interface Session 4 24 Changing the Management Password 4 24 If You Lose the Password...

Page 53: ...rface lets you easily access the access point from a browser based PC on your network This chapter covers the following Starting a Web browser interface session Description of the Web browser interface An overview of the Web browser interface screens Tasks for your first Web browser interface session ...

Page 54: ...hat you can type in the Location or Address field instead of the IP address Using DNS names typically improvesbrowserperformance Seeyournetworkadministratorforanyname associated with the access point For more information on assigning an IP address refer to Configuring IP Parameters on page 4 29 Web browser support recommended to manage the access point include Microsoft Internet Explorer version 5...

Page 55: ...ely the access point also supports a secure Web HTTPS browser connection In this case type https followed by the IP address or DNS name in the browser Location or Address field and press Enter https 10 11 12 195 Enter Example of an IP address https AP530 Enter Example of a DNS type name Note Internet Explorer on Windows XP To ensure proper screen refresh be sure that the browser options are config...

Page 56: ... the Web Interface Subjects covered in this section include The Home Page The Support Page Online Help The Home Page The home page is the entry point for the Web browser interface The following figure identifies the various parts of the screen Figure 4 1 The Home Page Active Screen Menu Sashes ...

Page 57: ...aying links to online support options The support page provides key information regarding your access point including links to white papers software updates and more Online Help for the ProCurve Web Browser Interface Online Help is available for the Web browser interface The help is context sensitive and maps topics to the Web page you have accessed Figure 4 2 The Help and Support Options The Help...

Page 58: ...terface screens displays a pop up window displaying details about the page you are viewing Figure 4 3 Viewing Online Help At the top left of the Online Help page is a Topic and Menu bar display for easy access to further information Options include Contents Index and Search as shown in Figure 4 4 Figure 4 4 Example of the Online Help Panel Click Help and open context sensitive help page ...

Page 59: ...ace contain the four main screen groups Device Information Network Setup Management Special Features Clicking on the group sash reveals a list of the screens in the group and displays the summary screen for the group Clicking on the name of a screen below the group sash displays the corre sponding screen Figure 4 5 The Main Web Interface Screen ...

Page 60: ...ion Access Point 530 Home Page Wireless Stations AP LAN Statistics Wireless Statistics Event log These screens are primarily informational screens and are described in the following pages Table 4 1 Index of Device Information Group Screens Screen Name Page Device Information summary screen 4 11 Wireless Stations screen 4 12 AP LAN Statistics screen 4 14 Wireless Statistics screen 4 15 Event Log sc...

Page 61: ... access point Modifiable field Location The access point s assigned location Modifiable field Max length of 255 characters Contact Administrator responsible for the system Modifiable field Max length of 255 characters IP Address IP address of the management interface for this device MAC Address The physical layer address for the Ethernet port interface Software Version The version number for the r...

Page 62: ...hentication supported for 802 11 wireless networks are open system and shared key Open system authentication accepts any client attempting to connect to the access point without verifying its identity The shared key approach uses Wired Equivalent Privacy WEP to verify client identity by distributing a shared key to stations before attempting authentication Assoc Shows if the station has been succe...

Page 63: ...o security this parameter displays n a as it does not apply Received Packets Indicates total packets received by this access point Received Bytes Indicates total bytes received by this access point Sent Packets Indicates total packets sent by this access point Sent Bytes Indicates total bytes sent by this access point Refresh Refreshes the Wireless station results ...

Page 64: ...ess for the Ethernet port interface Spanning Tree State Indicates the spanning tree state if used Possible states include disabled listening learning forwarding or blocking Transmit Total Packets Indicates total packets transmitted by this access point Receive Total Packets Indicates total packets received by this access point Transmit Total Bytes Indicates total bytes sent by this access point Re...

Page 65: ...en displays dual radio information Radio One Two SSID Indicates the Service Set Identifier SSID for Radio 1 or Radio 2 MAC Address Indicates the physical layer address for the Ethernet port interface WDS LINK Indicates the configured WDS link Local MAC Indicates the remote MAC address of the WDS link Remote MAC Indicates the remote MAC address of the WDS link Spanning Tree Status Indicates the spa...

Page 66: ...r WDS link Transmit Total Bytes Indicates total bytes sent over the radio or WDS link Receive Total Bytes Indicates total bytes received over the radio or WDS link Transmit Errors Indicates total errors related to sending data Receive Errors Indicates total errors related to receiving data Refresh Refreshes the Wireless Statistics results ...

Page 67: ...ssage was generated Type Indicates the logging type level associated with this message Service Indicates the service type associated with this message Description Indicates the content of the log message Refresh Refreshes the Event log results Note The Web user interface has a limited amount of memory for containing and displaying the event log When the size of the event log has grown larger than ...

Page 68: ...ens belonging to the Network Setup group are described in their respective configuration sections Table 4 2 Index of Network Setup Group Screens Screen Name Page Network Setup summary screen 4 19 Ethernet screen 5 19 Radio screen 6 9 6 12 Advanced Settings sub screen 6 14 WLANs screen 6 37 Security sub screen Security tab 7 18 Security sub screen RADIUS Servers tab 7 33 Security sub screen Account...

Page 69: ...net mask of this device Gateway Gateway address of this device Radio One Two details basic Radio One Two parameters Status Indicates if the radio is up or down MAC Address The physical layer address Mode Displays the radio mode for Radio One IEEE 802 11b or IEEE 802 11g Channel Displays the channel on which the access point is currently broadcasting Max Tx Power Displays the maximum radio power le...

Page 70: ...ir respec tive configuration sections Table 4 3 Index of Management Group Screens Screen Name Page Management summary screen 4 21 Local MAC Authentication screen 7 45 Web Authentication screen Address Pool tab 7 64 Web Authentication screen Guest Account tab 7 66 SNMP screen Settings tab 5 26 SNMP screen Traps tab 5 32 SNMP screen Trap Hosts tab 5 32 SNMP screen SNMPv3 Users tab 5 40 Group Configu...

Page 71: ...v3 Indicates if SNMPv3 is enabled or disabled SNMPv3 Users Indicates the number of SNMPv3 users registered CLI Access Indicates the status enable or disable of CLI access inter faces through the serial port using Telnet or using SSH Button Access Indicates the status enable or disable for password factory custom and system resetting using the buttons on the back of the access point Web Access Indi...

Page 72: ... to the following screens QoS WDS Local RADIUS MAC Lockout AP Detection Filters Time The screens belonging to the Special Features group are described in their respective configuration sections Screen Name Page Special Features summary screen 4 23 QoS screen 8 5 WDS screen 8 19 Local RADIUS screen 7 36 User Database screen 7 39 MAC Lockout screen 7 50 AP Detection screen Settings tab 8 30 AP Detec...

Page 73: ...f Service packet prioritization also referred to as WiFi Multimedia or WMM is enabled or disabled AP Detection Indicates if AP Detection is enabled or disabled SNTP Server Indicates if the SNTP Server is enabled or disabled Group Configuration Indicates whether Group Configuration is enabled or disabled for the access point Local RADIUS The number of accounts registered on the local RADIUS server ...

Page 74: ...e access point country code which if needed can only be done using the CLI Optionally enabling one of the radios which allows inband access to the Web browser interface from the wireless network After performing the initial out of band configuration it is usually more convenient to continue the configuration process inband using the Web browser interface Some of important tasks that you may wish t...

Page 75: ...AP Access and select the Password tab 2 In the New Password field enter a new password 3 In the Confirm Password field re enter the new password 4 Click Update to activate the new password Note s The password is case sensitive and must be at least 1 character and at most 32 characters long However only the first 8 characters of the password are used character number 9 and above are ignored at log ...

Page 76: ... the Reset to Factory Default Reset button in the Reset Configuration area Reboot the AP Click Management System Maintenance and select the Reboot tab Then click the Reboot the Access Point Reboot button NOT E For details on manual reset of the access point reference the Installation and Configuration Guide and see File Uploads Downloads and Resets on page A 1 Setting SNMP Community Names You can ...

Page 77: ...on the access point click SNMPv1 v2cEnabled 3 To establish a public read only SNMP community type a name text string to replace the default community name public in the Community Name RO field 4 To establish a private read write SNMP community type a name text string to replace the default community name private in the Community Name R W field 5 To activate SNMPv3 functions on the access point cli...

Page 78: ...nsure adequate separation between the two radios operating in the same frequency See Radio Configuration Summary Table on page 6 6 If using the worldwide product before configuring radio settings on the access point you must first use the CLI to set the Country Code so that the radio channels used conform to your local regulations It is your responsibility to select a correct country setting other...

Page 79: ...worldwide product the Radio screen is not available for configuration until the Country Code is set using the CLI Configuring TCP IP Settings You can use the Web browser interface to manage the access point only if it already has an IP address that is reachable through your network You can set an initial IP address for the access point by using the CLI interface After you have network access to th...

Page 80: ...tatic IP Address and Subnet Mask fields The defaults automatically populate 5 Ifamanagementstationexistsonanothernetworksegment intheDefault Gateway field enter the IPaddressofagatewaythat can route traffic between these segments 6 Enter the IP address for the primary and secondary DNS servers to be used for host name to IP address resolution 7 Optionally enter the domain suffix for hostname domai...

Page 81: ...at are distributed to all stations Wired Equivalent Privacy WEP is implemented to provide a basic level of security preventing unauthorized access to the network and encrypting data transmitted between wireless stations and the access point The access point allows configuration of up to 16 SSIDs The Web interface provideseasyscreenstoconfigureSSIDparameters including enabling SSID names closed sys...

Page 82: ...4 32 Using the ProCurve Web Browser Interface Tasks for Your First ProCurve Web Browser Interface Session Figure 4 18 The WLANs Screen ...

Page 83: ...vent broadcasting of the SSID 4 Click Update to save these IP settings 5 Click the Edit button to open the Security pop up window see Figure 4 19 6 Select Static WEP in the Security Mode drop down 7 Check Shared for the Authentication option 8 Select 1 in the Transfer Key Index drop down to be used for the SSID interface 9 Select the key length to be used by all stations either 64 or 128 default b...

Page 84: ...e use where highly sensitive data is transmitted For more robust wireless security you should consider implementing other features supported by the access point Wi Fi Protected Access WPA and IEEE 802 1X 2004 Port based network access control using the physical access characteristics of IEEE 802 Local Area Networks LAN infrastruc tures to provide a means of authenticating and authorizing devices a...

Page 85: ...5 1 5 General System Configuration ...

Page 86: ...ings 5 19 Web Configuring IP Settings Statically or via DHCP 5 19 CLI Configuring IP Settings Statically or via DHCP 5 23 Configuring SNMP 5 25 MIB Support 5 26 Web Setting Basic SNMP Parameters 5 26 CLI Setting Basic SNMP Parameters 5 28 Web Configuring SNMP v1 and v2c Traps 5 32 SNMP Traps 5 32 SNMP Trap Hosts 5 35 CLI Configuring SNMP v1 and v2c Traps 5 36 CLI Configuring SNMP v1 and v2c Trap D...

Page 87: ... Parameters 5 54 Setting Up Filter Control 5 55 Web Setting Traffic Filters 5 55 CLI Setting Traffic Filters 5 56 Configuring VLAN Support 5 57 Web Setting A Management VLAN 5 58 Web Changing the Untagged VLAN ID 5 59 CLI Enabling VLAN Support 5 61 Managing Group Configuration 5 63 Guidelines for Deploying Group Configuration 5 64 The Synchronization Process 5 64 Security and Integrity Recommendat...

Page 88: ...odify system management passwords Set management access controls View and modify access point system information Configure IP SNMP SNTP RADIUS Accounting and VLAN parameters Set up filter control between wireless stations between wireless stations and the management interface or for specified protocol types ...

Page 89: ...ace page 5 9 Management Interfaces Changing the default settings for password page 5 6 Limiting management access to the Ethernet side of the AP disabling wireless access to remote management interfaces page 5 9 Disabling unused remote management interfaces Web Telnet SSH SNMP page 5 9 Changing the default settings for SNMP read and read write community names page 5 25 Changing the default setting...

Page 90: ...having in band or out of band access to the access point may be able to compromise access point and network security Pressing the Clear button on the back of the access point for more than two seconds removes password protection Web Setting the Management Password The Password screen enables the access point s password to be set The Web interface enables you to modify these parameters New Password...

Page 91: ...er and at most 32 characters long However only the first 8 characters of the password are used character number 9 and above are ignored at log in 4 In the Confirm Password field re enter the new password 5 Select Update Note The password you assign in the Web browser interface will overwrite the previous settings assigned in either the Web browser interface or the access point console That is the ...

Page 92: ...ou also modify the Web password Note The password is case sensitive and must be at least 1 character and at most 32 characters long However only the first 8 characters of the password are used character number 9 and above are ignored at log in Command Syntax CLI Reference Page password manager password 9 21 ProCurve Access Point 530 configure ProCurve Access Point 530 config password manager 9gY2d...

Page 93: ...independently Note The HTTP and HTTPs services do not allow modification of the configured port numbers Secure Shell SSH Telnet is a remote management tool that can be used to configure the access point from anywhere in the network However Telnet is not secure from hostile attacks SSH can act as a secure replacement for Telnet The SSH protocol uses generated public keys to encrypt all data transfe...

Page 94: ...nagement access through a Secure Shell version 2 0 client The default is Enabled Web Access HTTP Interface Enables or disables management access through and HTTP interface The default is Enabled SSL Interface Enables or disables management access through an SSL interface The default is Enabled Button Access For managing button access see Disabling the Access Point Push Buttons on page A 18 Factory...

Page 95: ... disable the serial Telnet or SSH interfaces Note If using SSH for secure access to the CLI over a network connection you may want to disable the Telnet server 3 As required enable or disable the HTTP or SSL interfaces 4 As required enable or disable the manual push button options on the access point Note The access point does not allow you to disable Factory Reset and the Serial Interface at the ...

Page 96: ...lay the current status of the access routes using the show console command Note Enter management commands one per line Command Syntax CLI Reference Page no console 9 23 no ssh 9 24 no telnet 9 23 show console 9 27 show system 9 27 ProCurve Access Point 530 configure ProCurve Access Point 530 config no console ProCurve Access Point 530 config show console CLI Access Serial Interface Disabled Telnet...

Page 97: ... Telnet connection to this device Caut ion You should use the no telnet command only when you are connected to the access point through another method Once you disable Telnet the Telnet connection is immediately lost ProCurve Access Point 530 configure ProCurve Access Point 530 config no ssh ProCurve Access Point 530 config show ssh SSH Status Disabled ProCurve Access Point 530 config ProCurve Acc...

Page 98: ...m Country Code us Software Version WA 02 00 0412 Ethernet MAC Address 00 14 C2 A5 6A B3 IP Address 192 168 15 200 Subnet Mask 255 255 255 0 Default Gateway 192 168 15 254 DHCP Client Disabled Management VLAN ID 1 Untagged VLAN ID 1 Radio 1 MAC Address 00 14 C2 A7 11 A0 Radio 1 Status Enabled 802 11g Radio 2 MAC Address 00 14 C2 A7 E1 20 Radio 2 Status Enabled 802 11g HTTP Interface Enabled SSL Int...

Page 99: ... 6 6 Web Setting the System Name Location and Contact To modify the access point s system parameters use the Device Information screen the Home page or default screen The Web interface enables you to modify these parameters System Name An alias for the access point only enabling the device to be uniquely identified on the network Setting must be at least 1 character and a maximum of 63 characters ...

Page 100: ...m Information 1 Select Device Information in the navigation bar 2 Type a name to uniquely identify the access point in the System Name field 3 Type alocationtoidentify wheretheaccess pointitlocatedintheLocation field 4 Type a name to identify the contact in the Contact field 5 Select Update to modify the system information ...

Page 101: ...tname syntax to set the name of the system Note Enter management commands one per line To display the configured system name use the show system information command Command Syntax CLI Reference Page hostname hostname 9 19 show system information 9 27 ProCurve Access Point 530 configure ProCurve Access Point 530 config hostname ProCurve AP530 ProCurve Access Point 530 config ...

Page 102: ...0 0412 Ethernet MAC Address 00 14 C2 A5 6A B3 IP Address 192 168 15 200 Subnet Mask 255 255 255 0 Default Gateway 192 168 15 254 DHCP Client Disabled Management VLAN ID 1 Untagged VLAN ID 1 Radio 1 MAC Address 00 14 C2 A7 11 A0 Radio 1 Status Enabled 802 11g Radio 2 MAC Address 00 14 C2 A7 E1 20 Radio 2 Status Enabled 802 11g HTTP Interface Enabled SSL Interface Enabled SSH Interface Enabled Telne...

Page 103: ...e is no DHCP server on your network or DHCP fails the access point will automatically start up with a default IP address of 192 168 1 10 Web Configuring IP Settings Statically or via DHCP The Ethernet screen under Network Setup allows the DHCP client to be enabled or the Transmission Control Protocol Internet Protocol TCP IP settings to be manually specified The Web interface enables you to modify...

Page 104: ...parated by periods The default is 192 168 1 10 Required field Subnet Mask Themaskthatidentifiesthehostaddressbitsused for routing to specific subnets The default is 255 255 255 0 Required field Default Gateway The default gateway is the IP address of the next hop gateway router for the access point which is used if the requesteddestinationaddressisnotonthelocalsubnet Required field DNS Nameservers...

Page 105: ...e drop down 5 Select Update to save the DHCP settings To Configure IP Settings Manually 1 Select Ethernet 2 To configure the VLAN untagged enter a value in the VLAN field 3 To set the mode and speed of data transmission select the Speed Duplex setting in the drop down 4 To set a manual connection select Static IP in the Connection Type drop down 5 If you choose StaticIP the IP address and subnet m...

Page 106: ...ork segment enter the IP address of a gateway in the that can route traffic between these segments in the Default Gateway field This is a required field 7 Enter the IP address for the primary and secondary DNS Nameservers to be used for host name to IP address resolution 8 Select Update to save these IP settings ...

Page 107: ...s how to disable the DHCP client and then specify an IP address subnet mask default gateway and DNS server addresses Caut ion In order to disable the DHCP and assign a Static IP address you must have a serial port connection to the access point Otherwise you will lose connec tivity during the process of assigning a new static IP address Command Syntax CLI Reference Page interface interface 9 90 no...

Page 108: ...cess Point 530 ethernet ip default gateway 192 168 1 1 ProCurve Access Point 530 ethernet exit ProCurve Access Point 530 config dns primary 204 127 202 0 ProCurve Access Point 530 config dns secondary 216 148 227 00 ProCurve Access Point 530 config ProCurve Access Point 530 show ip IP Address Information System Host Name HP AP 200 IP Address 192 168 15 200 Subnet Mask 255 255 255 0 Default Gateway...

Page 109: ... SNMP traps When SNMP management stations send GET or SET requests to the access point the SNMP responds with the requested data and or the status of the get or set operation The access point can also be configured to send information to SNMP managers through trap messages Note The access point is shipped with a default read only community name Please change the community name or disable SNMP to p...

Page 110: ...ment stations using SNMP Read Only Support Read Write Support IEEE802dot11 MIB RFC1155 SMI MIB II RFC 1213 RFC 1215 SNMPv2 SMI RFC2578 SNMPv2 TC RFC2579 SNMPv2 CONF RFC2580 SNMPv2 MIB RFC3418 IANAifType MIB RFC2864 IF MIB RFC2863 BRIDGE MIB RFC1493 SNMP COMMUNITY MIB SNMP FRAMEWORK MIB SNMP MPD MIB SNMP USER BASED SM MIB SNMP VIEW BASED ACM MIB HP PROCURVE WLAN SMI HP PROCURVE WLAN TC HP PROCURVE ...

Page 111: ...d write access Authorized management stations are able to both retrieve and modify MIB objects Range 0 32 characters The default is private SNMPv3 Enables or disables SNMPv3 security functions The default is Enabled Engine ID The Engine ID is a system assigned identifier which uniquely identifies the access point in the agent s administrative domain Location Text string defining the physical locat...

Page 112: ... 4 To establish a private read write SNMP community enter a name text string to replace the default community name private in the Community Name R W field 5 To activate SNMPv3 security features on the access point click the SNMPv3 Enabled button 6 Enter a port value in the Port field 7 Select Update CLI Setting Basic SNMP Parameters CLI Commands Used in This Section Command Syntax CLI Reference Pa...

Page 113: ...settings to restricted and public To disable SNMP communities type the following commands ProCurve Access Point 530 configure ProCurve Access Point 530 config no snmp server community public restricted ProCurve Access Point 530 config no snmp server community system unrestricted ProCurve Access Point 530 config ...

Page 114: ...ty command prior to using the snmp server host command To display the current SNMP settings use the show snmp server command as shown in the following example ProCurve Access Point 530 configure ProCurve Access Point 530 config snmp server community alpha unrestricted ProCurve Access Point 530 config snmp server community beta restricted ProCurve Access Point 530 config snmp server host 192 16 8 1...

Page 115: ... Enabled hpWlanClientAuthentication Enabled hpWlanClientRequestFailure Enabled hpWlanClientReAssociation Enabled hpWlanDot1XAuthNotInitiated Enabled hpWlanDot1XAuthFailure Enabled hpWlanLocalMacAuthClientFailure Enabled hpWlanDot1XAuthSuccess Enabled hpWlanLocalMacAuthClientSuccess Enabled hpWlanMgmtAccessUpdate Enabled hpWlanPossibleNeighborApDetected Enabled hpWlanMgmtVlanIdUpdate Enabled hpWlan...

Page 116: ... tion about the file name server address and directionof configuration file The IP address is the file server s IP address AP Traps pertaining to the access point hpWlanApInterfaceUpdate This notification is sent out when the Ethernet or 802 11 wireless radio interface is enabled or disabled hpWlanApSSIDUpdate This notification is sent out when an SSID is enabled or disabled hpWlanClientAssociatio...

Page 117: ...ed locally within the access point The notification value includes the MAC address of the authenticated station hpWlanLocalMacAuthClientFailure This notification is sent when a station fails to authenticate the MAC address with the data base stored locally within the access point The notification value includes the MAC address of the authenticated station Radio Traps pertaining to maintaining the ...

Page 118: ...ion value includes the MAC address of the authenticated station hpWlanDot1XAuthFailure This notification is sent when a station fails to authenticate with the RADIUS server The notification value includes the MAC address of the station that failed to authenticate hpWlanMacLockoutStaLockedOut This notification is sent when the station with the specified MAC address has been added to the global MAC ...

Page 119: ...f SNMP notifications For each destination enter the IP address or the host name and the community name IP Address Specifies the IP address or the host name from 1 to 20 characters for the recipient of SNMP notifications Community Name The community string sent with the notification operation Maximum length 32 characters Update Updates the Trap settings Figure 5 7 Configuring SNMP Trap Destinations...

Page 120: ...s Used in This Section To send SNMP v1 and v2c traps to a management station specify the host IP address using the snmp server host command and enable specific traps using the snmp server trap command Command Syntax CLI Reference Page no snmp server trap trap 9 43 show snmp server 9 45 ProCurve Access Point 530 configure ProCurve Access Point 530 config snmp server trap radiusAcctUpdate ProCurve A...

Page 121: ... hpWlanApInterfaceUpdate Enabled hpWlanClientDeAuthentication Enabled hpWlanClientAuthentication Enabled hpWlanClientRequestFailure Enabled hpWlanClientReAssociation Enabled hpWlanDot1XAuthNotInitiated Enabled hpWlanDot1XAuthFailure Enabled hpWlanLocalMacAuthClientFailure Enabled hpWlanDot1XAuthSuccess Enabled hpWlanLocalMacAuthClientSuccess Enabled hpWlanMgmtAccessUpdate Enabled hpWlanPossibleNei...

Page 122: ...ng SNMPv1 2c it will be necessary to log into the AP 530 using the CLI interface and add an SNMPv3 user manually See CLI Managing SNMPv3 Users on page 5 42 New SNMPv3 users will have read only access to MIBs This restriction remains inplace until either a privacy or authentication mode or typically both is assigned to the user If Privacy Type is specified for an SNMPv3 user then Authentication Typ...

Page 123: ... SNMP and select the Settings tab 2 Click the SNMPv3 Enabled button 3 Click Update To Disable SNMPv3 1 Click Management SNMP and select the Settings tab 2 Click the SNMPv3 Disabled button 3 Click Update CLI Enabling Disabling SNMPv3 CLI Commands Used in This Section Command Syntax CLI Reference Page no snmpv3 enable 9 46 ...

Page 124: ... Defines the username of the SNMPv3 user Authentication Type Password Specifies the type of Authentication to be applied to the SNMPv3 user and the authentication password The default is None Privacy Type Password Specifies the type of Privacy to be applied to the SNMPv3 user and the privacy password The default is None Update Updates the SNMPv3 user settings ProCurve Access Point 530 config ProCu...

Page 125: ...n 4 If you have selected an authentication method for the user you must enter a valid password in the Password field 5 Optionally select a privacy method from the Privacy Type drop down Adding a privacy method for the user requires that you also select an authentication method 6 If you have selected a privacy method for the user you must enter a valid password in the Password field 7 Click Update ...

Page 126: ... list of SNMPv3 users click the box next to the username you want to remove 3 Click Remove to remove the user from the list 4 Click Update CLI Managing SNMPv3 Users CLI Commands Used in This Section To create an SNMPv3 user enter the snmpv3 user name command To remove an SNMPv3 user enter the no snmpv3 user name command Command Syntax CLI Reference Page no snmpv3 user name user_name auth md5 sha a...

Page 127: ...ettings from the Manager Exec level use the show snmpv3 command ProCurve Access Point 530 config snmpv3 user name tjames auth md5 12345678 ProCurve Access Point 530 config ProCurve Access Point 530 config snmpv3 user name ltulina auth md5 12345678 priv aes 87654321 ProCurve Access Point 530 config Command Syntax CLI Reference Page show snmpv3 9 48 ProCurve Access Point 530 show snmpv3 SNMPv3 Enabl...

Page 128: ...e newest to the oldest Since the Web interface has a limited amount of memory for containing and displaying the event log you should use the CLI log command to view the complete list of logged events Log messages are only generated since the last reboot Rebooting the access point erases all previous log messages Consider configuring the access point to log messages to a server see CLI Setting Logg...

Page 129: ...he IP address of a server Port The UDP port used by a server The default is 514 Update Updates the logging settings Note To view log messages generated by the access point click Device Information Event Log and select the Log tab Figure 5 10 Setting Logging Parameters To Enable Logging 1 Click Device Information Event Log and select the Settings tab 2 Click the Primary Syslog Host box to enable th...

Page 130: ... The following example shows the settings Command Syntax CLI Reference Page log 9 30 no logging host port 9 31 show debug 9 32 show logging 9 32 ProCurve Access Point 530 configure ProCurve Access Point 530 config logging 10 1 0 3 ProCurve Access Point 530 config ProCurve Access Point 530 configure ProCurve Access Point 530 config show debug Debug Logging Syslog Relay 10 1 0 3 port 514 ProCurve Ac...

Page 131: ...ot login on ttyp0 I 01 05 00 05 35 48 wlan1 RADIUS Authentication server 127 0 0 1 1812 I 01 05 00 05 35 41 wlan1 RADIUS Authentication server 127 0 0 1 1812 I 01 05 00 05 34 04 wlan1 RADIUS Authentication server 127 0 0 1 1812 I 01 05 00 05 30 45 login 8495 root login on ttyp0 I 01 05 00 01 29 27 login 6498 root login on ttyp0 I 01 05 00 01 25 45 login 6491 root login on ttyp0 I 01 05 00 00 08 06...

Page 132: ...server in the configured sequence SNTP is disabled by default Universal Time SNTP uses Coordinated Universal Time or UTC formerly Greenwich Mean Time or GMT based on the time at the Earth s prime meridian zero degrees longitude Web Setting SNTP Parameters The Special Features Time screen enables the SNTP server and time zone details to be configured for the access point The Web interface enables y...

Page 133: ...ring SNTP Settings To Set SNTP Parameters 1 Select Special Features Time 2 For SNTP click Enabled 3 For the SNTP Server enter the IP address or the hostname in the SNTP Server field 4 Select the appropriate time zone for the SNTP server from the Time Zone drop down 5 Click Update ...

Page 134: ... 8 hours To display the current SNTP status use the show sntp command as shown in the following example Command Syntax CLI Reference Page sntp server time zone 9 34 no sntp 9 34 show sntp 9 35 ProCurve Access Point 530 configure ProCurve Access Point 530 config sntp 10 1 0 19 time zone 480 ProCurve Access Point 530 config ProCurve Access Point 530 configure ProCurve Access Point 530 config show sn...

Page 135: ...ing software The user session information provided by the access point is sent to the server using standard RADIUS Accounting attributes refer to RFC 2866 The following describes the RADIUS attributes supported by the access point RADIUS Accounting Attribute Description Acct Status Type Contains the RADIUS Accounting message type Start Stop Interim Update Accounting On Accounting Off Acct Delay Ty...

Page 136: ...sed by the RADIUS Accounting server for accounting messages Setting the port number to zero disables RADIUS Accounting The default is 1813 Key A shared text string used to encrypt messages between the access point and the RADIUS Accounting server Be sure that the same text string is specified on the RADIUS server Note The only characters allowed in the shared key are A Z a z 0 9 comma hyphen tab b...

Page 137: ...mary RADIUS Accounting server enter the IP address in the IP Address field The default is 0 0 0 0 which indicates disabled 5 In the Port field specify the UDP port number used by the RADIUS Accounting server The default is 1813 6 In the Key field specify the shared text string that is also used by the RADIUS server 7 Optional If you need to configure a secondary RADIUS Accounting server in the net...

Page 138: ...et key on the access point Note Enter radius commands one per line Command Syntax CLI Reference Page no radius accounting primary secondary ip ip port port key key 9 65 ProCurve Access Point 530 configure ProCurve Access Point 530 config radius accounting primary ip 192 168 1 52 ProCurve Access Point 530 config radius accounting primary port 161 ProCurve Access Point 530 config radius accounting p...

Page 139: ... Special Features Filters screen configures traffic filters The Web interface enables you to modify these parameters Inter Station Blocking Enables Disables the blocking of communica tions between wireless stations The default is Disabled Wireless Management Blocking Enables Disables the blocking of a wireless station s access to the access point The default is Disabled Update Updates the Filter s...

Page 140: ...hows the enabled filters Command Syntax CLI Reference Page no inter station blocking 9 88 no wireless mgmt block 9 88 show filters 9 89 ProCurve Access Point 530 configure ProCurve Access Point 530 config inter station blocking ProCurve Access Point 530 config ProCurve Access Point 530 configure ProCurve Access Point 530 config wireless mgmt block ProCurve Access Point 530 config ProCurve Access P...

Page 141: ... environ ment VLANs inherently provide a high level of network security since traffic must pass through a configured Layer 3 link to reach a different VLAN The access point can enable the support of VLAN tagged traffic passing between wireless stations and the wired network This VLAN tagging extends the wired network s VLANs to wireless stations Associated stations are assigned to a VLAN and can o...

Page 142: ...ement VLAN ID Received traffic that has no tag is passed to the access point s untagged VLAN if configured otherwise it is dropped Received traffic that has an unknown VLAN ID or is tagged with the VLAN ID of the configured untagged VLAN is dropped As part of ensuring appropriate VLAN support configure the attached network switch port to support IEEE 802 1Q tagged VLAN frames from the accesspoint ...

Page 143: ...the Untagged VLAN ID The Network Setup Ethernet screen configures the untagged VLAN ID The Web interface enables you to modify these parameters Untagged VLAN Allows setting of a VLAN ID to which all untagged packets will be assumed to belong The range is 1 4094 The default is 1 Connection Type Allows selection of a static or DHCP setting See Web Configuring IP Settings Statically or via DHCP on pa...

Page 144: ...al System Configuration Configuring VLAN Support Figure 5 15 Changing Untagged VLAN ID To Set Untagged VLAN ID 1 Click Ethernet 2 Enter a valid number between 1 and 4094 in the Untagged VLAN field 3 Select Update ...

Page 145: ... vid 9 146 management vlan vid 9 146 show wlans 9 117 ProCurve Access Point 530 configure ProCurve Access Point 530 config interface ethernet ProCurve Access Point 530 ethernet management vlan 9 ProCurve Access Point 530 ethernet ProCurve Access Point 530 configure ProCurve Access Point 530 config interface ethernet ProCurve Access Point 530 ethernet untagged vlan 9 ProCurve Access Point 530 ether...

Page 146: ...ne Disabled 13 SSID 13 not assigned yet none None Disabled 14 SSID 14 not assigned yet none None Disabled 15 SSID 15 not assigned yet none None Disabled 16 SSID 16 not assigned yet none None Disabled All WLANs on Radio 2 WLAN BSSID VLAN Security Status 1 PR3_WLAN 00 14 C2 A5 22 F0 9 U No Sec Enabled 2 SSID 2 not assigned yet none No Sec Disabled 3 SSID 3 not assigned yet none No Sec Disabled 4 SSI...

Page 147: ...are versions cannot be shared between all APs Note Group Configuration must not be enabled on an access point that participates in a WDS link Group Configuration will configure the WLAN 1 security profile as a group setting If this profile is changed the WDS link may break The Group Configuration Parameter Block The parameters that are shared by the members of a configuration group are called the ...

Page 148: ...rs in the GCPB require a reboot of the access point to take effect Guidelines for Deploying Group Configuration The Group Configuration feature creates a peer to peer system where no single access point controls or contains the Group Configuration Parameter Block and the entire group can be managed through the user interface of any member AP in the group The Synchronization Process Each member acc...

Page 149: ...onized inconsistently Similarly applying incompatible values to parameters with cross dependen cies could also produce unpredictable results The recommended method for ensuring integrity of a group configuration is to enforce a single administration point in the group This ensures that conflicting changes to the group configuration cannot be applied to the group Depending on administrative require...

Page 150: ...ng formed there may be a delay of up to 2 seconds before all members are listed Figure 5 16 Configuring Group Configuration To add Group Configuration to the current access point 1 Click Management Group Configuration 2 Click Enabled to allow this access point to share configuration parameters with others in the same group 3 In Group Name enter the name of the group the access point should belong ...

Page 151: ...config member id 9 62 show group config 9 63 ProCurve Access Point 530 configuration ProCurve Access Point 530 config group config name HBldg22 ProCurve Access Point 530 config group config member id AP 2 ProCurve Access Point 530 config group config ProCurve Access Point 530 config show group config Status Enabled Group name HBldg22 Member ID AP 2 mac ip 00 14 C2 A5 09 8C 10 0 1 101 00 14 C2 A5 6...

Page 152: ...5 68 General System Configuration Managing Group Configuration This page is intentionally unused ...

Page 153: ... 6 14 Configuring Advanced Radio Settings 6 16 Configuring B G Mode 6 17 Configuring G Only Mode 6 19 Configuring Pure G Mode 6 20 CLI Configuring Radio Settings 6 21 Modifying Antenna Settings 6 23 Web Setting the Tx Power Reduction 6 23 Web Setting the Antenna Type and Antenna Mode 6 25 CLI Setting the Transmit Power Reduction and Antenna Parameters 6 27 Adaptive Tx Power Control 6 29 Feature Ov...

Page 154: ... Wireless Interface Configuration Managing Multiple WLAN BSS SSID Interfaces 6 36 Web Configuring SSID Interfaces 6 37 CLI Naming an SSID Interface 6 40 CLI Modifying WLAN BSS SSID Interface Settings 6 41 ...

Page 155: ...es Most radio parameters apply globally to all configured SSID interfaces For each SSID interface different security settings VLAN assignments and other parameters can be applied This chapter describes how to Set the access point country code Configure the radio working mode Modify global radio parameters Configure SSID interfaces ...

Page 156: ...fore configuring other radio settings The country code setting affects the radio channels that are available Note The country code is preset to US in the Access Point 530 NA unit and can be changed from the U S to only the Canada Mexico or Taiwan country code When it is set to Canada Mexico or Taiwan and you want to reset it to the U S you must reset the unit back to its factory defaults The radio...

Page 157: ...ss Point 530 config show system information Serial Number TW633VV01D System Name HP AP 200 System Up Time 13 mins 17 secs System Location 2FS17 System Country Code us Software Version WA 02 00 0412 Ethernet MAC Address 00 14 C2 A5 6A B3 IP Address 192 168 15 200 Subnet Mask 255 255 255 0 Default Gateway 192 168 15 254 DHCP Client Disabled Management VLAN ID 1 Untagged VLAN ID 1 Radio 1 MAC Address...

Page 158: ...re available for use on the 530 access point 802 11a 802 11b and 802 11g Two separate wireless LAN radios are available for use on the 530 access point Radio 1 and Radio 2 Radio 1 configuration allows only two modes 802 11b and 802 11g Radio 2 configuration allows all three modes 802 11a 802 11b and 802 11g If both Radio 1 and Radio 2 are configured to 802 11 b g mode then Radio 2 must be connecte...

Page 159: ...erfere with each other No channel interference in 802 11a mode If your environment does not contain legacy 802 11b stations or legacy access points you can obtain maximum throughput by configuring pure G Mode s See Web Configuring Advanced Radio Settings on page 6 14 B G stations to the access points only and protected mode enabled Wifi G stations only and protected mode enabled Pure G stations on...

Page 160: ...ision multi plexing OFDM the modulation scheme used in 802 11a toobtainhigherdata speed Computers or terminals set up for 802 11g can fall back to speeds of 11 Mbps so that 802 11b and 802 11g devices can be compatible within a single network To simultaneously support both 802 11g and 802 11b stations the access point uses a special protected mode operation as required for compliance with the IEEE...

Page 161: ...87A you must set the country code using the CLI before you can configure the radio settings See Setting the Country Code on page 6 4 Use the write memcommand to save the setting The Web interface enables you to modify these parameters Radio Allows toggling to either Radio 1 or Radio 2 parameter sets The default is Radio 1 Status Allows enabling disabling of the respective radio If the radio is ena...

Page 162: ...orthogonal frequency division multiplexing OFDM Radio 2 only Update Updates the radio parameters Figure 6 1 Setting the Radio Working Mode To Set the Radio Working Mode 1 Select Network Setup Radio 2 Select the appropriate radio 1 or 2 from the Radio drop down 3 To enable the radio click the Status On button 4 Select the radio mode using the Mode drop down 5 Select Update to save the settings ...

Page 163: ...ured on the access point Command Syntax CLI Reference Page radio radio_name 9 101 mode mode 9 104 show radios radio 9 116 Use the parameter radio to display detailed information about the specified radio ProCurve Access Point 530 configure ProCurve Access Point 530 config radio 1 ProCurve Access Point 530 radio1 mode g ProCurve Access Point 530 radio1 ProCurve Access Point 530 configure ProCurve A...

Page 164: ...figuring Basic Radio Settings The Network Setup Radio screen shown in Figure 6 2 configures basic settings for the access point s radio operation For the Advanced Settings see Web Configuring Advanced Radio Settings on page 6 14 The Web interface enables you to modify these parameters Max Tx Power The maximum power in dBm that the current radio mode supports The default is 0 Tx Power Reduction Adj...

Page 165: ... applicable radio at any one time The default is 256 Update Updates the radio parameters Figure 6 2 Configuring Basic Radio Settings To Modify Basic Radio Settings 1 Select Network Setup Radio 2 Select the radio channel from the drop down If you are deploying access points inthe same area see the keypointssummarizedinsection Overview on page 6 3 3 To set a limit on the number of stations accessing...

Page 166: ... is Enabled Antenna Mode The mode of radio antenna utilized by this access point The default is Diversity For the configuration details see Web Setting the Antenna Type and Antenna Mode on page 6 25 Preamble Sets the length of the signal preamble used at the start of a data transmission Using a short preamble can increase data throughput on the access point but requires that all associated station...

Page 167: ...erhead to send multiple frames If set to 2346 this feature is disabled Range 256 2346 even numbers The default is 2346 Beacon Interval The rate at which beacon frames are transmitted from the access point The beacon frames allow wireless stations to maintain contact with the access point They may also carry power management information Range 20 2000 K us The default is 100 Rate Sets Rates are expr...

Page 168: ...Setup Radio 2 Click Status On to enable the radio 3 Click the Edit button for Advanced Settings A pop up window for Advanced Settings opens see Figure 6 3 4 To enable rate limiting click the Broadcast Multicast Rate Limiting Enabled button 5 If you enabled Broadcast Multicast Rate Limiting enter the Rate Limit and the Rate Limit Burst amounts 6 To enable Protected Mode click the Enable button ...

Page 169: ...o configure the communication periods and packet size transmissions enter values within the appropriate range for the Fragmentation Threshold and RTS Threshold fields 9 Enter the desired value for Beacon Interval 10 Select values for the Supported and Basic Rate Sets 11 Select Update Configuring B G Mode Figure 6 4 Configuring B G Modes Radio Settings ...

Page 170: ...lows both b stations and g stations to associate with the AP 1 Select Network Setup Radio 2 Click Status On to enable the radio 3 Select IEEE 802 11g Mode 4 Click the Edit button for Advanced Settings A pop up window for Advanced Settings opens see Figure 6 5 5 Select Enable for Protected Mode to set this radio parameter 6 Select Update to set the advanced radio parameters ...

Page 171: ...ith the AP This is Wi Fi standard based g only mode 1 Select Network Setup Radio 2 Click Status On to enable the radio 3 Select IEEE 802 11g Mode 4 Click the Edit button for Advanced Settings A pop up window for Advanced Settings opens see Figure 6 6 5 Select Enable for Protected Mode to set this radio parameter 6 Select rate set values 24 12 and 6 using the Basic options 7 Select Update to set th...

Page 172: ...is mode is not a standard based configuration mode If this mode is used with legacy b stations and b access points this mode creates a detrimental effect leading to low throughput especially with Protected Mode being disabled 1 Select Network Setup Radio 2 Click Status On to enable the radio 3 Select IEEE 802 11g Mode 4 Click the Edit button for Advanced Settings A pop up window for Advanced Setti...

Page 173: ...nd to save the setting Configuring One Radio The following example details how to enable one radio and configure specific radio parameters on the access point Note Enter radio commands one line at a time Command Syntax CLI Reference Page description string 9 116 no basic rate value 9 106 beacon interval value 9 108 fragmentation thresh value 9 111 rts threshold value 9 113 show stations 9 122 show...

Page 174: ... Beacon Interval K us 100 Max Power dBm 0 0 Power Reduction dB 0 Antenna Mode diversity Antenna s In Use internal RTS Threshold 2347 Fragment Threshold 2346 WMM QoS Disabled Inactivity Timeout 1800 Max Stations 256 Rate Limiting Disabled Rate Limit packets second 50 Burst Limit packets second 75 AP Detection Enabled Periodic Scan Duration ms 30 Periodic Scan Interval sec 10 List Max Entries 255 Li...

Page 175: ...e Installation and Getting Started Guide and the specific product antenna manuals Web Setting the Tx Power Reduction The Radio screen shown in Figure 6 8 enables you to configure the following settings for adjusting the transmit power reduction values Max Tx Power The maximum power that the current radio mode supports The default is maximum power Tx Power Reduction Adjusts the amount of attenuatio...

Page 176: ... Antenna Settings Figure 6 8 Setting Transmit Power Reduction To Modify the Transmit Power Reduction 1 Select Network Setup Radio 2 Use the Tx Power Reduction drop down to select a dBm value 3 Select Update to set the radio transmit power reduction ...

Page 177: ...mode parameters Note Radio 2 must be configured to an external antenna if Radio 2 is configured to either the IEEE 802 11b or 802 11g mode The Radio 2 internal antenna must be configured to the IEEE 802 11a mode See Radio Configuration Summary Table on page 6 6 Figure 6 9 Setting Antenna Parameters To Modify the Antenna Parameters 1 Select Network Setup Radio 2 Click Status On to enable the radio ...

Page 178: ...6 26 Wireless Interface Configuration Modifying Antenna Settings 6 Select Update to set the antenna parameters ...

Page 179: ...xternal antenna and set the mode to Single on the access point The default mode is set to Diversity Command Syntax CLI Reference Page tx power reduction value 9 114 antenna external internal 9 105 antenna mode diversity single 9 105 show radio 9 116 ProCurve Access Point 530 config radio 1 ProCurve Access Point 530 radio1 tx power reduction 5 ProCurve Access Point 530 radio1 antenna external ProCu...

Page 180: ...nnel 11 WLANs Supported 16 Preamble long CTS Protection Enabled Slot time short Beacon Interval K us 100 Max Power dBm 0 0 Power Reduction dB 0 Antenna Mode diversity Antenna s In Use internal RTS Threshold 2347 Fragment Threshold 2346 WMM QoS Disabled Inactivity Timeout 1800 Max Stations 256 Rate Limiting Disabled Rate Limit packets second 50 Burst Limit packets second 75 AP Detection Enabled Per...

Page 181: ... they all must be operating on the same channel and all must have ATPC enabled Once it is enabled ATPC is controlled by setting four parameters Adaptive Mode Avoid Neighbor APs RF Group Name Tx Power Reduction Limit How the ATPC feature responds to the presence of other APs depends on how these parameters are combined Scope Power levels can be configured to Adapt to selected APs and ignore others ...

Page 182: ...D configurations within the group are ignored and all APs in the group will mutually adapt their transmit power to adapt to their neighbors in the group APs outside the group are not accommodated There is no limit to the number of APs in an RF Group Adapting to All Neighboring APs To apply ATPC to all neighboring APs regardless of RF Groups or SSID configurations enable the Avoid Neighbor APs sett...

Page 183: ... of APs Power Reduction Limit Setting the Transmit Power Reduction Limit determines the minimum power level of the radio This value combined with the radio s Tx Power Reduction setting establishes the range of Transmit Power adjustments in ATPC How this setting is tuned depends on the ATPC scope and adaptive mode selected The radio s Tx Power Reduction setting not the radio s Max Tx Power determin...

Page 184: ...llowing settings to configure ATPC characteristics Adaptive Tx Power Control Enables and disables Adaptive Tx Power Control on the selected radio The default is Disabled Avoid Neighbor APs When this setting is enabled ATPC adapts to all neighboring APs RF Group Names and SSIDs are ignored When this setting is disabled ATPC uses RF Group Name or SSIDs to determine which APs to accommodate The defau...

Page 185: ...e in the ATPC calculations do one of the following a To adapt transmit power to all neighboring APs on the same channel click the Avoid Neighbor APs Enabled button b To adapt transmit power to a group of specific neighboring APs enter the RF Group Name that identifies the group c To adapt transmit power to neighboring APs according to their respective SSID lists click the Avoid Neighbor APs Disabl...

Page 186: ...Configuring Adaptive Tx Power Control CLI Commands Used in This Section Command Syntax CLI Reference Page no atpc 9 140 no atpc avoid other aps 9 141 no atpc rf group name name 9 141 atpc adapt ap ap clients 9 142 atpc max atpc atten max reduction 9 143 show atpc 9 143 ...

Page 187: ...530 radio1 atpc max reduction 18 ProCurve Access Point 530 radio1 atpc rf group name AirportNet ProCurve Access Point 530 radio1 ProCurve Access Point 530 radio1 show atpc Radio 1 atpc enabled RF Group name AirportNet Avoid Other WLANs disabled Max Power Reduction 18 Adaptive Mode AP Current Beacon Backoff 4 dB Current Data Backoff 4 dB Radio 2 atpc disabled RF Group name not configured Avoid Othe...

Page 188: ...ns that want to connect to a network through an access point must set their SSIDs to match that of the access point Multiple SSID interfaces enable wireless traffic to be separated for different user groups using a single access point that services one area For each SSID interface differentsecuritysettings VLANassignments andotherparameters can be applied Wireless stations within the service area ...

Page 189: ... tab shown inFigure 6 11 enables you to configure SSIDs VLANS and closed system settings You can modify these parameters WLAN Displays the WLAN index number 1 through 16 Radio 1 Radio 2 Configures the access point to enable WLAN access using either or both radios when the appropriate box is checked SSID Lists the access point s SSID interfaces with their basic settings The Enabled option auto fill...

Page 190: ...urity Modedrop downwiththeoptions for this WLAN This is the default tab For security mode configura tion see Web Setting Security Options on page 7 18 RADIUS Servers tab Configures the primary secondary and internal server for RADIUS authentication For RADIUS server settings see Web Setting RADIUS Server Parameters on page 7 33 Accounting Servers tab Configures the primary and secondary server for...

Page 191: ...tablish security click Edit button and configure Security tab param eters 7 To configure Radius servers for RADIUS authentication click Edit and configure RADIUS Server tab parameters 8 To configure Accounting servers for RADIUS authentication click Edit and configure Accounting Servers tab parameters 9 To configure MAC filtering click Edit and configure MAC Authentication tab parameters 10 Click ...

Page 192: ...AN BSS SSID context are displayed in the parentheses The WLAN index uses the format wlan x where x is a number between 1 and 16 To display a list of configured WLAN interface settings use the showwlan x command as shown in the following example Command Syntax CLI Reference Page ssid SSID 9 102 show wlans name all 9 117 ProCurve Access Point 530 configure ProCurve Access Point 530 config radio 1 Pr...

Page 193: ... 102 description description 9 102 disable enable 9 102 vlan vid 9 102 closed system 9 102 show wlan index 9 102 ProCurve Access Point 530 configure ProCurve Access Point 530 config radio 1 ProCurve Access Point 530 radio1 wlan 1 ProCurve Access Point 530 radio1 wlan1 disable ProCurve Access Point 530 radio1 wlan1 description unsecure ProCurve Access Point 530 radio1 wlan1 vlan 9 ProCurve Access P...

Page 194: ...d yet none No Sec Disabled 5 SSID 5 not assigned yet none No Sec Disabled 6 SSID 6 not assigned yet none No Sec Disabled 7 SSID 7 not assigned yet none No Sec Disabled 8 SSID 8 not assigned yet none No Sec Disabled 9 SSID 9 not assigned yet none No Sec Disabled 10 SSID 10 not assigned yet none No Sec Disabled 11 SSID 11 not assigned yet none No Sec Disabled 12 SSID 12 not assigned yet none No Sec ...

Page 195: ...7 1 7 Wireless Security Configuration ...

Page 196: ...KIP with Preshared Key 7 10 AES with Preshared Key 7 10 TKIP with 802 1X 7 11 AES with 802 1X 7 11 Other Security Features 7 12 Establishing Security 7 16 Web Setting Security Options 7 18 Manual Configuration Using the CLI 7 24 CLI Configuring Security Settings 7 24 Configuring RADIUS Client Authentication 7 32 Web Setting RADIUS Server Parameters 7 33 CLI Setting RADIUS Server Parameters 7 35 We...

Page 197: ...eb Auth Process 7 57 Associating with the AP 530 7 57 URL Intercept 7 58 Logging In 7 58 Authenticating 7 58 Redirecting to the Destination URL 7 60 Web Auth Security 7 60 User Credentials 7 60 Optional Encryption 7 60 Other Security Features 7 60 The Web Auth Address Pool 7 61 Customizing the Authentication Screens 7 61 Default Text Values for Authentication Screens 7 62 Login Screen Default Valu...

Page 198: ...Wireless Security Configuration CLI Configuring Web Auth on a WLAN 7 70 Prerequisites 7 70 Web Customizing the Login Welcome and Failed Screens 7 72 CLI Customizing the Login Welcome and Failed Screens 7 74 ...

Page 199: ...his chapter describes how to Configure wireless security Configure encryption Configure key management Configure MAC and 802 1X authentication Configure MAC Lockout and Client Station Deauthentication Configure AP Authentication Configure Web Authentication ...

Page 200: ...asses between the access point and stations to protect against interception and eavesdropping Key management Assigning unique data encryption keys to each wire less station session and periodically changing the encryption keys to minimize the risk of their discovery User Authentication The two ways of authenticating users on the Access Point 530 are MAC authentication Based on the user s wireless ...

Page 201: ... a user requests connection to a WLAN through an access point which then requests the identity of the user and transmits that identity to an authentication server such as RADIUS The server asks the access point for proof of identity which the access point gets from the user and sends back to the server to complete the authentication The local built in RADIUS server supports only one EAP type PEAP ...

Page 202: ... secure method of encryption Wired Equivalent Privacy WEP WEP provides a basic level of security preventing unauthorized access to the network and encrypting data transmitted between wireless stations and the access point WEP is the security protocol initially specified in the IEEE 802 11 standard for wireless communications Unfortunately static WEP has been found to be seriously flawed and cannot...

Page 203: ...ng the data can be managed either dynamically using 802 1X authentication or statically using preshared keys between the access point and station Dynamic key management provides significantly better security than static keys Security Profiles Based on authentication encryption and key management the following is a list of security profiles in order of increasing robustness No Security Static WEP D...

Page 204: ...t recommended because it sends encryption keys that are viewable in plain text Dynamic Wired Equivalent Privacy WEP Dynamic WEP uses WEP as the encryption cipher and 802 1X as the authen tication mechanism In this way each client station is assigned a unique encryption key for each session from the authentication server The length of the cipher can be 64 bits or 128 bits and the encryption keys ca...

Page 205: ...er key to derive the encryption between the access point and the station AES with 802 1X The AES with 802 1X security profile uses AES as the encryption cipher and 802 1X as the authentication mechanism In this way each station is assigned a unique master key to derive the encryption between the access point and the station and the encryption keys can be automatically and periodically changed to f...

Page 206: ...etwork card driver native support provided in Windows XP and Windows Vista Provides dynamically generated keys that are periodically refreshed Provides similar shared key user authentication Provides robust security in small networks WPA PSK WPA2 Only Requires WPA enabled system and network card driver native support provided in Windows XP and Windows Vista Provides robust security in small networ...

Page 207: ...y 2 Set the Authentication Server and Protocol 3 Set RADIUS Key security dynamic wep radius accounting primary secondary ip ip port port key key radius primary secondary Theradius keyvalueisusedwithanexternalRADIUS serveronlyandisignoredfortheinternalradiusserver It should be set to the shared secret key that is configured on the external RADIUS server RADIUS server required 802 1X supplicant requ...

Page 208: ...ions can associate with the access point WPA stationsmusthaveeither a valid TKIP or an AES key to communicate For WPA2 wireless stations to send pre authentication packets enable Pre authentication The AP 530 supports the following Extensible Authentication Protocol EAP methods TLS TTLS MD5 and PEAP MS CHAP v2 when configured to use an external RADIUS server for authentication The AP 530 supports ...

Page 209: ...ntries set to active in the MAC AuthenticationTable Can be combined with other methods for improved security Local MAC authentication Local MAC Allow xx xx xx xx xx xx Not needed AllMACaddressesdenied except for entries set to active in MAC AuthenticationTable Can be combined with other methods for improved security Remote MAC authentication RADIUS MAC MAC address permission policy based on RADIUS...

Page 210: ...figuration for the WLAN Figure 7 1 Security Access Via the WLANs Screen Basic parameters required for a security option configuration are provided in the WLANs Security pop up window all other access point settings are made automatically Some options require a RADIUS server to be configured A link to the RADIUS Servers tab is provided where you can configure the RADIUS server parameters ...

Page 211: ...ee Protocol STP on page 8 15 CAUT I O N When access point configuration parameters are changed wireless stations may be temporarily disconnected until the new configuration parameter is enabled This includes any changes to a WLAN or radio parameter The recommended security option for WDS operation is WPA2 using the AES cipher because this setting provides the maximum security for data sent over th...

Page 212: ...r keys ASCII Enter keys as 5 alphanumeric characters for 64 bit keys or 13 alphanumeric characters for 128 bit keys Hex Enter keys as 10 hexadecimal digits for 64 bit keys or 26 hexadecimal digits for 128 bit keys The default is Hex WEP Keys Enter up to four strings of character keys If you selected ASCII enter any combination of ASCII characters If you selected Hex enter hexadecimal digits any co...

Page 213: ...ption Standard AES It uses a CCM Combined Block Chaining Counter mode CBC CTR and Cipher Block Chaining Message Authentication Code CBC MAC for encryption and message integrity Both If you select both TKIP and AES Pairwise cipher is AES and Groupwise cipher is TKIP Pairwise cipher is used for unicast traffic and Groupwise cipher is used for multicast broadcast traffic Both TKIP and AES stations ca...

Page 214: ...RC4 to perform the encryption and changes temporal keys every 10 000 packets and distributes them thereby greatly improving the security of the network Default AES An IEEE 802 1X encryption method that uses the Advanced Encryption Standard AES It uses a CCM Combined Block Chaining Counter mode CBC CTR and Cipher Block Chaining Message Authentication Code CBC MAC for encryption and message integrit...

Page 215: ... Select Static WEP from the Security Mode drop down 4 To allow system authentication select Shared from the Authentication option 5 Select a key index from the Transfer Key Index to be used for encryption for the WLAN interface 6 Select the key length to be used by all stations 64 bits or 128 bits 7 Select the Hex or ASCII for Key Type 8 Enter the key value conforming to the length and type alread...

Page 216: ...y tab 3 Select WPA PSK from the Security Mode drop down 4 Select WPA WPA2 or Both for WPA support as required 5 Select Enable pre authentication if you selected WPA2 or Both for the WPA version 6 Select TPIK recommended AES or Both to enable the type of Cipher encryption 7 For the key enter between 8 and 63 alphanumeric characters Be sure that all wireless stations use the same key 8 Select Update...

Page 217: ... Security tab 3 Select WPA 802 1X from the Security Mode drop down 4 Select WPA WPA2 or Both for WPA support as required 5 Select Enable pre authentication if you selected WPA2 or Both for the WPA version 6 Select TPIK AES recommended if you selected WPA2 or Both to enable the type of Cipher encryption 7 Select RADIUS Servers to configure the RADIUS server to enhance secu rity 8 Select Update to s...

Page 218: ...ontext of Radio 2 is to enable or disable the entire WLAN on Radio 2 CLI Configuring Security Settings CLI Commands Used in This Section Command Syntax CLI Reference Page security no security static wep dynamic wep wpa psk wpa 802 1x 9 125 wep default key 1 2 3 4 9 127 no wep key ascii 9 128 wep key length 64 128 9 129 wep key 1 2 3 4 string 9 129 no open system authentication 9 130 no shared key ...

Page 219: ...rity The following example shows how to configure an WLAN interface to have no security set ProCurve Access Point 530 configure ProCurve Access Point 530 config radio 1 ProCurve Access Point 530 radio1 wlan 1 ProCurve Access Point 530 radio1 wlan1 security no security ProCurve Access Point 530 radio1 wlan1 ...

Page 220: ...ot set WPA or WPA2 WPA and WPA2 WPA Cipher TKIP only WPA Pre auth Disabled WPA Key Format ascii WPA ASCII Key abcdefghijklmnop WPA Hex Key not set Web Authentication Status Disabled Retry Limit 3 Username Password Login Enabled Guest Login Enabled Redirect URL www procurve com Default Login Page Enabled Default Login Failed Page Enabled Default Welcome Page Enabled RADIUS Failover To Local Disable...

Page 221: ...th and Key Type settings If Key Length is 64 bits and the Key Type is ASCII then each WEP key must be 5 characters long If Key Length is 40 bits and Key Type is Hex then each WEP key must be 10 characters long If Key Length is 128 bits and Key Type is ASCII then each WEP key must be 13 characters long If Key Length is 128 bits and Key Type is Hex then each WEP key must be 26 characters long ProCur...

Page 222: ...y mode configure an external authentication server and set the RADIUS key the RADIUS key is automatically provided if you are using the built in authentication server Note Supported authentication servers are the built in authentication server on the access point or an external RADIUS server The RADIUS key value is used with an external RADIUS server only and is ignored for the internal RADIUS ser...

Page 223: ...ommunicate ProCurve Access Point 530 configure ProCurve Access Point 530 config radio 1 ProCurve Access Point 530 radio1 wlan 1 ProCurve Access Point 530 radio1 wlan1 security dynamic wep ProCurve Access Point 530 radio1 wlan1 radius primary ip 192 168 1 52 ProCurve Access Point 530 radio1 wlan1 radius primary port 161 ProCurve Access Point 530 radio1 wlan1 radius primary key secret ProCurve Acces...

Page 224: ... CLI to Configure WPA 802 1X The following commands configure the access point to use the WPA 802 1X security mode to accept both the WPA and WPA2 stations and to allow pre authentication Note WPA 802 1X is the recommended security mode The incorporation of the RADIUS server makes it superior to the WPA PSK security mode ProCurve Access Point 530 radio1 wlan1 wpa pre shared key goodsecret ProCurve...

Page 225: ... in authentication server on the access point or an external RADIUS server Use of the built in server automat ically establishes the RADIUS key ProCurve Access Point 530 configure ProCurve Access Point 530 config radio 1 ProCurve Access Point 530 radio1 wlan 1 ProCurve Access Point 530 radio1 wlan1 radius primary ip 192 168 1 52 ProCurve Access Point 530 radio1 wlan1 radius primary port 161 ProCur...

Page 226: ...stations If required the access point can support both MAC address and 802 1X authentication using a RADIUS server For more informa tion see Configuring MAC Address Authentication on page 7 43 Note This configuration guide assumes that you have already configured the RADIUS server to support the access point The configuration of RADIUS server software is beyond the scope of this guide refer to the...

Page 227: ...wing settings to send user session information from the access point to a RADIUS accounting server Internal Server Enables the access point to use the internal server for authentication The default is Enable IP Address Specifies the IP address of the RADIUS server The default is 0 0 0 0 which indicates Disabled Port The User Datagram Protocol UDP port number used by the RADIUS server for accountin...

Page 228: ...ts to establish communication again with the primary server If communication with the primary server is reestablished the secondary server reverts to a backup role The default is Disable Internal Server as Failover Enables the internal server to begin authenticating in the event that the primary server is disconnected The default is Disabled Figure 7 5 Configuring RADIUS Servers on the Access Poin...

Page 229: ...IP address and other parameters in the appropriate fields Otherwise leave the IP address as all zeros 0 0 0 0 10 Select Internal Server as failover to ensure that RADIUS authentication remains uninterrupted if the primary server disconnects 11 Select Update to set the RADIUS servers for RADIUS authentication CLI Setting RADIUS Server Parameters CLI Commands Used in This Section The following examp...

Page 230: ...he account Real Name Displays the real name assigned to the account Status Displays the status of the account Enabled or Disabled Enable Enables the selected account Disable Disables the selected account Remove Removes the selected account ProCurve Access Point 530 configure ProCurve Access Point 530 config radio 1 ProCurve Access Point 530 radio1 wlan 1 ProCurve Access Point 530 radio1 wlan1 radi...

Page 231: ...t select Disable To remove the account from the system select Remove Adding New RADIUS Accounts The Local Radius screen shown in Figure 7 7 enables you to modify the RADIUS account details to use RADIUS authentication on the access point Add User Account Configure the following account details The access point limits the local radius account users to 100 Username Provides an alphanumeric text stri...

Page 232: ...nfiguring a Local Radius User To Add Local RADIUS User Accounts 1 Select Special Features Local Radius Users tab 2 In the User Name field specify the User Name used by the RADIUS server for authentication 3 In the Real Name field specify the full name of the user that is used by the RADIUS server only for informational purposes 4 In the Password field specify the password to be associated with the...

Page 233: ... selected file is displayed in the Restore User Database field Restore Restores selected file Return to Local Radius Return Returns to the Local Radius screen Figure 7 8 Backing Up a User Database To Create a Backup File of Local RADIUS User Accounts Information 1 Select Special Features Local Radius to display the Local RADIUS screen and user account information 2 Click backup or restore user dat...

Page 234: ...al Features Local Radius to display the Local RADIUS screen and user account information 2 Click backup or restore user database link to display the User Database screen 3 Use Browse to select the user database file ubk file you want to restore The selected file pathname filename ubk displays in the Restore User Database field 4 Click Restore to complete the process 5 Click Return to close the Use...

Page 235: ...nmentofVLANIDsbasedonuserauthentication An external RADIUS server is required to support assignment of VLAN IDs based on authentication of an individual user If you are using the local built in RADIUS server the RADIUS accounting feature must be disabled and or set to use an external RADIUS accounting server Command Syntax CLI Reference Page no radius local username Disabled password password real...

Page 236: ...se the show radius local command as shown in the following example ProCurve Access Point 530 configure ProCurve Access Point 530 config radius local chris realname csmith ProCurve Access Point 530 config radius local chris password chrisopen ProCurve Access Point 530 config ProCurve Access Point 530 config ProCurve Access Point 530 config show radius local Local Radius User Accounts wireless clien...

Page 237: ... first configure the server in the RADIUS servers screen For details on config uring RADIUS servers see Web Setting RADIUS Server Parameters on page 7 33 Authentication Order Connection requests are authenticated in the following order First against the MAC Lockout list Then against the local Access Control List Last against the RADIUS server Access Control List and RADIUS Server Client station MA...

Page 238: ...managed If you choose to configure RADIUS MAC authentication and 802 1X AP Authentication together the RADIUS MAC address authentication occurs before 802 1X AP Authentication If RADIUS MAC authentication is successful AP Authentication is performed If RADIUS MAC authentication fails AP Authentication is not performed MAC Lockout and Client Station Deauthentication When a MAC address is added to t...

Page 239: ...s the WLAN BSS SSID interface by removing prohib iting the selected MAC configuration MAC Address Add Adds the entered MAC address to selected ACL list List Name Specifies a new list name MAC Entry Specifies the MAC address for the list New ACL Add Adds the New ACL to the list of Access Control Lists Figure 7 9 Configuring an Access Control List To Configure the Access Control List 1 Select Manage...

Page 240: ...ring MAC Address Authentication The MAC Authentication tab shown in Figure 7 10 enables the WLAN BSS SSID interface to be configured to use MAC authentication You can modify these parameters MAC Authentication Configures either the local or remote MAC authentication on this access point Selecting the Enabled option enables access to the Local or Remote parameters Access Control List Selects among ...

Page 241: ... apply a configured authentication list select list from the ACL drop down 6 To allow only known MAC addresses access to the network select the Allow only stations in list policy option 7 To prohibit specific MAC addresses from gaining access to the network select the Block all stations in list policy option 8 Select Update to set MAC Authentication on the access point CLI Configuring MAC Address ...

Page 242: ...how to display the current authentication configuration on the access point from the Manager Exec level ProCurve Access Point 530 configure ProCurve Access Point 530 config mac auth local mylist mac 00 11 22 33 44 55 ProCurve Access Point 530 config mac auth local mylist mac 00 aa bb cc dd ee ProCurve Access Point 530 config ProCurve Access Point 530 configure ProCurve Access Point 530 config radi...

Page 243: ...re auth Disabled WPA Key Format ascii WPA ASCII Key abcdefghijklmnop WPA Hex Key not set Web Authentication Status Disabled Retry Limit 3 Username Password Login Enabled Guest Login Enabled Redirect URL www procurve com Default Login Page Enabled Default Login Failed Page Enabled Default Welcome Page Enabled RADIUS Failover To Local Disabled Retransmit Num 3 Primary Auth local built in server Prim...

Page 244: ...ese parameters Remove Removes the selected MAC address from the MAC Lockout list Field entry Add Adds the entered MAC address to the MAC Lockout list Add Adds the entered MAC address to MAC Lockout list Figure 7 11 Configuring MAC Lockout To Configure MAC Lockout 1 Select Special Features MAC Lockout tab 2 To add a MAC address to the MAC Lockout list enter the desired MAC address and click Add 3 T...

Page 245: ...the MAC Lockout list using the no lockout mac command Displaying the MAC Lockout list The following example shows how to display the current MAC Lockout list Command Syntax CLI Reference Page no lockout mac mac_address 9 75 show lockout mac 9 76 lockout mac clear mac_address all 9 76 ProCurve Access Point 530 configure ProCurve Access Point 530 config lockout mac 00 14 C2 A5 09 8D ProCurve Access ...

Page 246: ...Unlike MAC Lockout a deauthenticated client station is not blocked from re authenticating CLI Commands Used in This Section Deauthenticating a device from the access point The following exam ple shows how to force a client device to deauthenticate from the access point ProCurve Access Point 530 configure ProCurve Access Point 530 config lockout mac clear all 2 MAC addresses removed from lockout li...

Page 247: ...e Connections in client limit mode or single host mode are not supported Guidelines for AP Authentication As with normal users the user account for the AP must be created on the RADIUS server before authentication can occur Authentication is performed using the PEAP MSCHAPv2 or EAP MD5 protocol The username and password are encrypted in the access point s configu ration file If AP Authentication i...

Page 248: ...that will take precedence over any statically defined VLAN tagging on the port If this occurs management traffic will not be sent from the port after authenti cation Web Configuring AP Authentication The AP Authentication screen shown in Figure 7 12 enables 802 1X AP authentication on the Access Point 530 You can modify the following parameters AP Authentication Enables 802 1X AP authentication fo...

Page 249: ...Authentication on the access point by selecting the Disabled button AP Authentication is disabled and any previously used username and pass word are cleared from the access point configuration file CLI Configuring AP Authentication CLI Commands Used in This Section Enabling AP Authentication on the access point The following exam ple enables AP Authentication with username AP2167 password 21B83j0k...

Page 250: ...s of the access point Disabling AP Authentication on the access point To remove AP Authentication on the access point use the no ap authentication command ProCurve Access Point 530 config show ap authentication AP Authentication Settings for the Access Point Status Enabled EAP Type peap ProCurve Access Point 530 config ProCurve Access Point 530 config no ap authentication ProCurve Access Point 530...

Page 251: ...er against the AP 530 s local RADIUS server or against a specified remote RADIUS server The Web Auth Process The AP 530 controls the Web Authentication process restricting connectivity to only the access point until the user has been authenticated by the desig nated RADIUS server The main steps in the Web Auth process are 1 Associating with the AP 530 2 URL Intercept 3 Logging In 4 Authenticating ...

Page 252: ...rough the network The AP 530 intercepts this request and redirects the user s Web browser to the Web Auth login page to initiate the authentication process Logging In Figure 7 13 Web Auth Login Screen On the Web Auth Login page the user either enters a valid username and password to authenticate against the RADIUS server or clicks the Guest button to authenticate using Guest credentials see figure...

Page 253: ...which he or she has rights Failed Authentication If the user enters an invalid username and pass word the RADIUS server denies access and the AP 530 displays the Web Auth Invalid Credentials or Failed page figure 7 15 In this case the user s station remains in the unauthenticated Web Auth state Figure 7 15 Web Auth Failed Authentication The number of attempted logins is configurable After the maxi...

Page 254: ... and Registered users For authentication you can specify both a primary RADIUS server and a secondary RADIUS server to ensure high availability the local RADIUS server may also be used Optional Encryption Users connecting thorough Web Auth may associate with the AP 530 s VLAN interface using No security Static WEP or WPA 2 PSK Other Security Features PAP authentication is supported Web Auth is com...

Page 255: ...th if the IP address and subnet mask are correctly configured for connecting to the AP 530 Customizing the Authentication Screens The fields in three of the informational pages displayed during the Web Authentication process may be customized Login page Welcome page Failed page Each of the customizable pages has four text areas that may be customized by the administrator Title Text The text displa...

Page 256: ...ed users Only guest users Both registered and guest users Login Screen Default Values Table 7 5 Login Screen Default Values Title Text Descr Text Footer Text Header Text Registered User Only Guest User Only Registered Guest User Title Text Login Page Login Page Login Page Header Text Login Page Login Page Login Page Footer Text Contact the network administrator if you do not have an account Submit...

Page 257: ...ration is enabled see Managing Group Configuration on page 5 63 Registered User Only Guest User Only Registered Guest User Title Text Authentication Success Success Authentication Success Header Text Authentication Success Success Authentication Success Footer Text You now have access to the network You now have access to the network You now have access to the network Descriptive Text Please wait ...

Page 258: ...te registered users and the global guest user account as described in Configuring RADIUS Client Authenti cation on page 7 32 4 Configure the Web Auth guest credentials if you are using Guest Login 5 Configure the Web Auth temporary IP address pool 6 Configure Web Auth for the WLAN a Select a login type User Login Guest Login or both b Specify the redirect URL and retry limit c Accept the default s...

Page 259: ...ool 1 Select Web Authentication Address Pool tab 2 Enter the starting IP address in the Starting IP Address field 3 Enter the desired subnet mask in the Subnet Mask field 4 Enter the desired lease time for temporary addresses that are assigned to Web Auth users from the pool 5 Click Update CLI Configuring the Global Address Pool CLI Commands Used in This Section Command Syntax CLI Reference Page n...

Page 260: ... for all Guest users Password Specifies the password used for all Guest users Update Updates the global Guest Account credentials Figure 7 18 Configuring Guest Account Credentials To Configure the global Guest User credentials 1 Select Web Authentication Guest Account tab 2 Enter the username to be assigned to all Guest users in the Username field ProCurve Access Point 530 config web auth starting...

Page 261: ... global Guest user credentials that will be assigned to Web Auth Guest users Note The username and password for the global Guest User account must be registered on the selected Web Auth RADIUS server before guest users can be authenticated using Web Auth Command Syntax CLI Reference Page no web auth guest username username 9 81 no web auth guest password password 9 81 ProCurve Access Point 530 con...

Page 262: ...uthentication screen shown in Figure 7 19 configures Web Authen tication on the selected WLAN BSS SSID interface You can modify these parameters Web Authentication Enables disables web authentication on the selected WLAN Guest Login Enables guests clients to authenticate using the username and password of the preconfigured Guest account User Login Enables registered clients to authenticate using t...

Page 263: ... WLAN Configuration Security pop up window opens 3 Select the Web Authentication tab 4 Click Web Authentication Enabled 5 To enable Guest logins click the Guest Login box 6 To enable registered User logins click the User Login box 7 Enter the destination URL to which the user will be redirected after web authentication is successful 8 Enter the maximum number of log in attempts permitted in the Re...

Page 264: ...LI Configuring the Global Address Pool on page 7 65 Before enabling the optional Guest Login option the Guest User creden tials must be defined as described in CLI Configuring Global Guest Account Settings on page 7 67 CLI Commands Used in This Section Command Syntax CLI Reference Page no web auth 9 82 no web auth guest login 9 82 no web auth username login 9 82 no web auth redirect url 9 82 web a...

Page 265: ...lan 1 WLAN 1 on Radio 1 Description Radio 1 WLAN 1 Status Enabled SSID PR3_WLAN VLAN 1 Untagged BSSID 00 14 C2 A7 11 A0 DTIM Period 2 Security Type wpa psk WPA PSK Closed System Disabled MAC Auth Mode local accept list only MAC Auth List ACL 1 Authentication open system only WEP Key Type hex WEP Key 1 not set WEP Key Size 128bit WEP Key 2 not set Default Key WEP Key 1 WEP Key 3 not set WEP Key 4 n...

Page 266: ... three tabs you can modify these same parameters Default Text When this box is checked the custom fields are disabled on the tab and the default values for all fields will be displayed on the selected screen When this box is unchecked the custom fields are enabled and their values replace the default values on the selected screen Title Text Specifies the custom Title text Header Text Specifies the...

Page 267: ...guration Security pop up window opens 3 Select the Web Authentication tab 4 Select the Login sub tab 5 Click the Default Text box to uncheck it and to enable the fields below 6 Enter your customized Title text in the Title Text field 7 Enter your customized Header text in the Header Text field 8 Enter your customized Footer text in the Footer Text field 9 Enter your customized Descriptive text in ...

Page 268: ...ox to check it and to clear and disable the fields below 4 Click Update CLI Customizing the Login Welcome and Failed Screens CLI Commands Used in This Section Command Syntax CLI Reference Page no web auth default login page 9 83 no web auth custom login text title title text header header text footer footer text descriptive descriptive text 9 83 no web auth default welcome page 9 83 no web auth cu...

Page 269: ...its default values The following example customizes the resets the text fields on the Login screen to their default values The same procedure applies to the Welcome screen and the Failed screen as well using their respective commands ProCurve Access Point 530 radio1 wlan1 web auth custom login text title GS User Login ProCurve Access Point 530 radio1 wlan1 web auth custom login text header GS User...

Page 270: ...7 76 Wireless Security Configuration Web Authentication for Mobile Users This page is intentionally unused ...

Page 271: ...8 1 8 Special Features ...

Page 272: ...ribution System WDS and Spanning Tree Protocol STP 8 15 Web Configuring WDS Parameters 8 19 CLI Configuring WDS Links 8 23 Web Configuring STP Parameters 8 26 CLI Establishing STP Settings 8 27 AP Detection Commands 8 30 Web Configuring AP Detection Parameters 8 30 CLI Configuring AP Detection 8 33 Probe Table 8 35 Probe Table Description 8 35 Guidelines for Configuring the Probe Table 8 35 Identi...

Page 273: ...ods for config uring special features such as QoS upgrading software WDS AP detection and STP This chapter describes how to Configure QoS parameters Maintain configuration and upgrade files Modify WDS parameters Enable AP detection Enable and configure Probe Table settings Configure STP from the CLI ...

Page 274: ...ss to the channel is called WSM IEEE 802 11e specifications for wireless QoS enhancements include packet prioritization scheduled access and call admission control Eager to spur interoperability among multi vendor wireless gear the Wi Fi Alliance created a certification process on a subset of 802 11e called Wi Fi Multi media WMM WMM provides four categories of relative QoS voice video best effort ...

Page 275: ...activates QoS control of station EDCA parameters on upstream traffic flowing from the station to the access point however you can still set some parameters on the downstream traffic flowing from the access point to the client station AP EDCA parameters The default is Enabled Advanced Settings Edit Opens the WMM Settings pop up window to configure specific queue QoS parameters Update Updates the ac...

Page 276: ...is queue Data 1 Video High priority queue minimum delay Time sensitive video data is automatically sent to this queue Data 2 Best Effort Medium priority queue medium throughput and delay Most traditional IP data is sent to this queue Data 3 Background Lowest priority queue high throughput Bulk data that requires maximum throughput and is not time sensitive is sent to this queue FTP data for exampl...

Page 277: ...om AP to station to configure Data 0 Voice High priority queue minimum delay Time sensitive data such as VoIP and streaming media are automati cally sent to this queue Data 1 Video High priority queue minimum delay Time sensitive video data is automatically sent to this queue Data 2 Best Effort Medium priority queue medium throughput and delay Most traditional IP data is sent to this queue Data 3 ...

Page 278: ... button 3 Click the Advanced Settings Edit button to set queue QoS parameters in the WMM Settings pop up window 4 To affect the flow from the access point to the client station down stream update the AP EDCA parameter options 5 To affect the flow from the client station to the client station upstream update the Station EDCA parameter options 6 Select Update to save the settings CLI Configuring QoS...

Page 279: ... parameter on the AP EDCA medium priority queue ProCurve Access Point 530 radio1 qos ap params voice aifs 10 ProCurve Access Point 530 radio1 ProCurve Access Point 530 radio1 qos ap params video cwmin 1 ProCurve Access Point 530 radio1 qos ap params video cwmax 7 ProCurve Access Point 530 radio1 ProCurve Access Point 530 radio1 qos ap params background burst 1 ProCurve Access Point 530 radio1 ...

Page 280: ...d EDCA high priority queue Using the CLI to Enable WME This example enables Wireless Multimedia Extensions as the preferred priority method ProCurve Access Point 530 radio1 qos sta params voice aifs 10 ProCurve Access Point 530 radio1 ProCurve Access Point 530 radio1 qos sta params video cwmin 1 ProCurve Access Point 530 radio1 qos sta params video cwmax 15 ProCurve Access Point 530 radio1 ProCurv...

Page 281: ...ive Inter Contention Contention Maximum Burst Queue Frame Space Min Window Max Window Length Voice 1 3 7 1 5 Video 1 7 15 3 0 Best Effort 3 15 63 0 Background 7 15 1023 0 ProCurve Access Point 530 radio1 show qos sta params Transmission queue QoS settings for wireless stations Radio 1 Adaptive Inter Contention Contention Transmission Queue Frame Space Min Window Max Window Opportunity Limit Voice ...

Page 282: ...nology instead of requiring the agent to inspect every packet that passes through as some other flow sampling methods do uses sample based profiling That is the agent inspects approximately every nth packet from each data source available to sFlow The sampling algorithm is designed to give a high certainty that the total traffic within a small margin of error On the Access Point 530 data sources a...

Page 283: ...number of inbound packets outbound packets and retransmitted frames The sFlow agent obtains the counters by polling the interfaces periodically as needed to fill datagrams most efficiently However you can configure the maximum time that can elapse before an interface must be polled sFlow Collector The sFlow collector which receives samples from agents all over the network combines and analyzes the...

Page 284: ...sage before the timeout expires the agent erases the sFlow receiver s owner string and allows another sFlow receiver to claim the instance When the collector reserves a receiver instance it also configures one or both of two types of sFlow instances One type allows the collector to receive flow samples and the other allows the collector to receive counters from polled radios When the sFlow receive...

Page 285: ...rvicing the WDS link It is not recommended that the same WDS radio be configured to support wireless stations although it is possible to do so When a radio is configured to support both WDS and wireless stations the data handling capacity of the radio must be split between these two separate activities Thus any wireless station activity on the WDS radio reduces the data handling capacity of the WD...

Page 286: ...Point 530 can then provide wireless WDS links for up to six other Access Point 530 units In this configuration the connected Access Point 530 the one with the Ethernet connection serves as a central access point to pass traffic to and from the other remote access points This configuration is illustrated in Figure 8 3 Figure 8 3 Wired Access Point Provides Wireless WDS Links to Wireless Access Poin...

Page 287: ...buildings across the street from one another by attaching an Access Point 530 to each separate network and configuring with a WDS link between them This process is illustrated in Figure 8 4 In this configuration it is recommended that one radio on each access point be dedicated to the WDS link to maximize WDS link throughput the other radio can either be disabled or used to service wireless statio...

Page 288: ... 5 In this configuration the intermediate access point serves as a repeater to bridge wireless traffic between an access point with an Ethernet connection and a more remote access point on the other side All three access points in this configuration can support wireless stations in addition to bridging network traffic between one another Figure 8 5 WDS Links with AP Repeater to Remote Access Point...

Page 289: ... modify the following wireless parameters Spanning Tree Protocol Status Enables disables STP capabilities on the access point The default is Enabled Link 1 6 Enables disables WDS link 1 6 capabilities on the access point You can set up to six links on the access point The default is Disabled When a link is enabled the following parameters are enabled for that link Radio Selects a radio for the WDS...

Page 290: ...WEP key for security WDS WPA Security see Figure 8 8 SSID Establishes an alphanumeric string of up to 32 characters that uniquely identifies a wireless local area network It is also referred to as the network name Note When using WPA over WDS an SSID is required and must match the SSID on the WDS partner access point for successful opera tion Key Configures WPA key for security Update Updates the ...

Page 291: ... radio to establish the WDS link use the Radio drop down 4 Enter the remote MAC Address or if AP detection is enabled select the remote MAC Address from the drop down of the access point to which you are trying to establish the WDS link The Security mode is preconfigured when the WLAN Security is config ured See Table 7 4 WLAN 1 and WDS Security Configuration on page 7 17 5 Modify defaulted SSID i...

Page 292: ...establish the WDS link use the Radio drop down 4 Enter the remote MAC Address or if AP detection is enabled select the remote MAC Address from the drop down of the access point to which you are trying to establish the WDS link The Security mode is preconfigured to WPA PSK when WLAN 1 Security is configured with either WPA 802 1X security or WPA PSK See Table 7 4 WLAN 1 and WDS Security Configurati...

Page 293: ...ce Page enable 9 158 radio used 1 2 9 159 remote mac mac 9 160 wds ssid ssid required when using WPA over WDS 9 159 wep key ascii 9 162 wep key key 9 161 wep key length 64 128 9 162 wpa pre shared key key 9 163 show wds show wds wds_name 9 160 ProCurve Access Point 530 config interface wds1 ProCurve Access Point 530 wds1 enable ProCurve Access Point 530 configure ProCurve Access Point 530 config i...

Page 294: ... key type to hexadecimal This example sets the WDS WEP key length when using static wep security The options are 64 and 128 This example defines the wep key used for data encryption on a WDS inter face Using the CLI to View WDS Parameters These examples use the show wds command to display the status of the WDS links ProCurve Access Point 530 wds1 radio used 1 ProCurve Access Point 530 wds1 remote ...

Page 295: ...et Disabled no security ProCurve Access Point 530 wds1 ProCurve Access Point 530 wds1 show wds 1 WDS 1 Description WDSLINK Status Enabled Use Radio 1 Local MAC 00 14 C2 A4 14 BO Remote MAC 00 0D 9D C6 98 7E STP State forwarding WDS SSID marge Security Type no security from WLAN 1 WEP Key Type hex WEP Key not set WEP Key Size 128bit WPA Key goodsecret Bytes Rx 3562 Bytes Tx 7234 Packets Rx 0 Packet...

Page 296: ...time between any two network devices this prevents the loops but establishes the redundant links as a backup in case the initial link fails If STP costs change or if one network segment in the STP becomes unreach able the spanning tree algorithm reconfigures the spanning tree topology and reestablishes the link by activating the standby path Without STP in place it is possible that both connection...

Page 297: ...ree Protocol settings for the device The no version of the command disables STP on the device The hello time range is 1 10 the forward delay range is 4 30 and the bridge priority range is 0 65535 Command CLI Reference Page no stp hello time value forward delay value priority value 9 164 show interface ethernet 9 97 ProCurve Access Point 530 configure ProCurve Access Point 530 config stp hello time...

Page 298: ... MAC address 00 14 C2 A5 08 CB Speed duplex auto Administrative status Enabled Management VLAN ID 1 U Untagged VLAN ID 1 Spanning Tree STP Enabled STP Port State forwarding STP Hello Interval 10 0 STP Forward Delay 10 STP Bridge Priority 255 Bytes Rx 22911 Bytes Tx 46107 Packets Rx 240 Packets Tx 299 Compressed Rx 0 Compressed Tx 0 Mcast packets Rx 0 Carrier errors Tx 0 Dropped Rx packets 0 Droppe...

Page 299: ...ed Use Radio 1 Local MAC 00 14 C2 A5 22 61 Remote MAC 00 14 C2 A4 14 A0 STP State blocking WDS SSID WDS SSID 1 Security Type no security from WLAN 1 WEP Key Type hex WEP Key not set WEP Key Size 128bit WPA Key not set Bytes Rx 7140 Bytes Tx 76 Packets Rx 66 Packets Tx 1 Compressed Rx 0 Compressed Tx 0 Mcast packets Rx 0 Carrier errors Tx 0 Dropped Rx packets 0 Dropped Tx packets 0 FIFO overflows R...

Page 300: ...performed without losing wireless traffic Web Configuring AP Detection Parameters The AP Detection screen provides configuration for access point detection The AP List tab shown in Figure 8 10 enables you to display and refresh the list of neighboring access points that have been detected during previous scans For each detected access point the following parameters are displayed BSSID Displays the...

Page 301: ...n each radio This setting applies to background scanning only Range 10 3600 seconds The default is 10 Scan Duration Sets the amount of time spent scanning other channels when background scanning is being performed This setting applies to background scanning only Range 5 30 milliseconds The default is 30 Entry Expiration Time Sets expiration value for the listed detected AP entries Range 1 604800 s...

Page 302: ...n and click the Settings tab 2 To enable scanning select Enable from the AP Detection drop down for the radio you are configuring 3 To specify the beacon transmission interval enter the interval value in the Scan Interval field 4 To specify the duration of scanning enter the duration value in the Scan Duration field 5 Select Update to save the settings ...

Page 303: ... establishes the interval between scans Using the CLI to Set AP List Parameters This example sets the time that a detected AP remains on the AP list and sets the maximum number of AP entries displayed on the list Command CLI Reference Page no ap detection dedicated 9 136 ap detection duration value 9 137 ap detection interval value 9 138 ap detection expire time value 9 137 ap detection max entrie...

Page 304: ...detection results ProCurve Access Point 530 radio1 ap detection expire time 55 ProCurve Access Point 530 radio1 ap detection max entries 100 ProCurve Access Point 530 radio1 show detected ap Neighboring APs BSSID SSID Sec Chan Type 00 14 02 A0 4F BC SSID1 none 3 AP 00 14 03 A2 4F DE SSID2 wpa 3 AP ProCurve Access Point 530 ...

Page 305: ...ved PROBE request timestamp Data rate at which the PROBE was received When existing entries are updated with new PROBE requests the following attributes are modified RSSI PROBE request SSID Number of PROBE requests for this client Last received PROBE request timestamp Data rate at which the PROBE was received Guidelines for Configuring the Probe Table The Probe Table feature is disabled by default...

Page 306: ...ist ACL Rate Limiting IDM on the Access Point 530 can be accomplished using either 802 1X authen tication or MAC authentication The 802 1X authentication is more secure while MAC authentication can be used with stations that don t have 802 1X supplicant Although it is possible to use MAC authentication along with 802 1X there are known user and ACL assignment overrides that occur Essentially both ...

Page 307: ...s section provides general guidelines for configuring a RADIUS server to specify RADIUS based ACLs refer to the RADIUS server documentation for details A RADIUS based ACL configuration has the following Vendor and ACL identifiers ProCurve HP Vendor Specific ID 11 Vendor Specific Attribute for ACLs 61 string HP IP FILTER RAW Setting HP IP FILTER RAW permit or deny Access Control Entry ACE Note Perm...

Page 308: ...8 38 Special Features Identity Driven Management This page is intentionally unused ...

Page 309: ...9 1 9 Command Line Reference ...

Page 310: ...9 16 System Management Commands 9 16 country 9 17 hostname 9 19 domain 9 20 password manager 9 21 buttons 9 21 cli confirmation 9 22 console 9 23 telnet 9 23 ssh 9 24 web management 9 24 show buttons 9 25 show console 9 26 show ssh 9 26 show system information 9 27 show version 9 29 System Logging Commands 9 30 log 9 30 logging 9 31 show debug 9 32 show logging 9 32 ...

Page 311: ...er trap 9 43 show snmp server 9 45 snmpv3 enable 9 46 snmpv3 user name 9 47 show snmpv3 9 48 lldp 9 48 show lldp 9 49 Flash File Commands 9 50 copy 9 51 copy custom default startup config 9 51 copy startup config 9 52 copy factory default 9 53 copy running config 9 53 erase 9 54 write 9 55 show config 9 56 show copy 9 57 show tech 9 57 show custom default 9 58 show running config 9 60 Group Config...

Page 312: ...5 show lockout mac 9 76 lockout mac clear 9 76 Client Station Deauthentication 9 78 deauth mac 9 78 Web Authentication Commands 9 79 web auth Global Address Pool 9 80 web auth Global Guest User 9 81 web auth WLAN Configuration 9 82 web auth WLAN Screen Customization 9 83 show web auth 9 85 AP Authentication Commands 9 86 ap authentication 9 86 show ap authentication 9 87 Filtering Commands 9 87 in...

Page 313: ... 102 description 9 103 closed system 9 103 mode 9 104 antenna 9 105 antenna mode 9 105 basic rate 9 106 supported rate 9 107 channel policy 9 107 beacon interval 9 108 dtim period 9 109 max stations 9 110 preamble 9 110 protected mode 9 111 fragmentation thresh 9 111 inactivity timeout 9 112 slot time 9 113 rts threshold 9 113 tx power reduction 9 114 enable wireless 9 115 disable wireless 9 116 s...

Page 314: ...9 132 wpa cipher tkip 9 133 wpa cipher aes 9 133 wpa psk ascii 9 134 wpa psk hex 9 134 rsn preauthentication 9 135 Neighbor AP Detection Commands 9 136 ap detection 9 136 ap detection duration 9 137 ap detection expire time 9 137 ap detection interval 9 138 ap detection max entries 9 138 show detected ap 9 139 Adaptive Tx Power Control Commands 9 140 atpc 9 140 atpc avoid other aps 9 141 atpc rf g...

Page 315: ...show qos 9 154 rate limit 9 156 Wireless Distribution System WDS 9 157 description wds 9 157 disable wds 9 158 enable wds 9 158 wds ssid 9 159 radio used 9 159 remote mac wds 9 160 show wds 9 160 wep key wds 9 161 wep key ascii wds 9 162 wep key length wds 9 162 wpa pre shared key wds 9 163 Spanning Tree Protocol STP 9 164 stp 9 164 ...

Page 316: ...h File Commands Configures relating to resetting configuration and factory files 9 50 RADIUS Accounting Authentication Commands Configures RADIUS accounting and authentication parameters 9 65 Radius Users Configures RADIUS users 9 69 MAC Address Authentication Configures MAC parameters 9 72 Filtering Commands Configures filtering settings 9 87 Ethernet Interface Commands Configures Ethernet interf...

Page 317: ...ng tables is indicated by these abbrevi ations GC Global Configuration MC Manager Executive Configuration IC E Ethernet Interface Configuration IC WDS WDS Interface Configuration IC R Radio Wireless Interface Configuration and IC R WLAN WLAN Wireless Interface Configuration ...

Page 318: ...the user Command Function Mode Page configure Set the current context level to the Global Configuration level MC 9 10 copy See Flash File Commands on page 9 50 9 51 end Sets the current context level to the Manager Exec level MC 9 11 erase See Flash File Commands on page 9 50 9 54 exit Sets the current command level to the previous command level MC 9 11 log See System Logging Commands on page 9 30...

Page 319: ...nager Exec Example This example shows how to return to the Manager Exec level from the Ethernet Interface Configuration mode exit Thiscommandsetsthecurrentcommandleveltothepreviouscommandlevel At the Manager Exec level this command acts the same as logout Syntax exit Default Setting N A ProCurve Access Point 530 configure ProCurve Access Point 530 config ProCurve Access Point 530 ethernet end ProC...

Page 320: ...mand terminates the CLI session Syntax logout Default Setting N A Command Mode Manager Exec Example ping This command sends ICMP echo request packets to another node on the network Syntax ping hostname ip hostname Alias of the host ip IP address of the host ProCurve Access Point 530 ethernet exit ProCurve Access Point 530 config exit ProCurve Access Point 530 exit Connection to host lost ProCurve ...

Page 321: ...d If the host does not respond a timeout appears in ten seconds Destination unreachable The gateway for this destination indi cates that the destination is unreachable Network or host unreachable The gateway found no corre sponding entry in the route table Example reload This command performs a warm reboot on the access point This command causes all Telnet and SSH connections to loose connectivity...

Page 322: ... configuration status on this device See show console on page 9 26 copy Shows status of the last copy operation ftp scp tftp See show copy on page 9 57 custom default Shows custom default configuration file of device See show custom default on page 9 58 debug Shows debug related information on this device See show debug on page 9 32 detected ap Showsdetectedneighboringwirelessnetworkdetails See sh...

Page 323: ... servers on this device See show sntp on page 9 35 ssh Shows SSH configuration and the status of active connections See show ssh on page 9 26 ssid Shows SSID information on this device or radio context See show ssid on page 9 117 stations Show associated wireless station details See show stations on page 9 122 supported rate Show information about supported transmission rates on this device See sh...

Page 324: ...e used to configure the user name password system details and a variety of other system information ProCurve Access Point 530 terminal length 1000 ProCurve Access Point 530 ProCurve Access Point 530 terminal width 1900 ProCurve Access Point 530 Command Function Mode Page country country code Set the country code for the access point GC 9 17 hostname hostname Specifies the hostname for the access p...

Page 325: ... MC 9 23 no telnet Enables the access point to managed through a Telnet connection MC 9 23 no ssh Enables remote Secure Shell access to the device MC 9 24 no web management plaintext ssl Enables remote Web access to the device MC 9 24 show buttons Displays button status MC 9 25 show console Displays console status MC 9 26 show ssh Displays ssh status MC 9 26 show system Displays system information...

Page 326: ... Morocco MA Taiwan Province of China TW Bermuda BM Hong Kong HK Mozambique MZ Tajikstan TJ Bolivia BO Hungary HU Myanmar MM Thailand TH Bosnia and Herzegovina BA Iceland IS Nambia NA Trinidad and Tobago TT Botswana BW India IN Netherlands NL Tunisia TN Brazil BR Indonesia ID New Zealand NZ Turkey TR Brunei Darussalam BN Iran Islamic Repubic Of IR Nicaragua NI Turkmenistan TM Bulgaria BG Iraq IQ Ni...

Page 327: ...p config command or by pressing the reset button and clear buttons simulta neously see Appendix A Resets the configuration back to factory defaults on page A 17 Example hostname This command sets the system hostname Syntax hostname hostname Cuba CU Korea Democratic People Republic Of KP Philippines PH Yemen YE Cyprus CY Korea Republic Of KR Poland PL Zambia ZM Czech Republic CZ Kuwait KW Portugal ...

Page 328: ...name lookups when the suffix is not obtained through DHCP The no version of this command clears the statically configured domain suffix Syntax domain domain no domain domain domain A text string to set the domain name Maximum length 50 characters Default Setting None Command Mode Global Configuration Example ProCurve Access Point 530 configure ProCurve Access Point 530 config hostname Gary ProCurv...

Page 329: ...e buttons on the device The no command disables this ability Syntax buttons custom reset factory reset password reset system reset custom reset Enables the ability to reset this device to the custom default configuration via the buttons The no version of the command disables this devices ability to reset this device to the custom default configuration via the buttons factory reset Enables the abil...

Page 330: ...Enabled Command Mode Global Configuration Example This example shows how to disable all the push button capabilities cli confirmation This command enables all CLI confirmation dialog prompts on the device The no command disables this ability Syntax cli confirmation no cli confirmation Default Setting Enabled Command Mode Global Configuration ProCurve Access Point 530 configure ProCurve Access Poin...

Page 331: ... reset has been executed Syntax console no console Default Setting Enabled Command Mode Global Configuration Example telnet This command enables remote Telnet access The no version disables remote Telnet access to this device Syntax telnet no telnet Default Setting Enabled ProCurve Access Point 530 configure ProCurve Access Point 530 config cli confirmation ProCurve Access Point 530 config ProCurv...

Page 332: ...anagement This command enables remote Web access to this device The no version disables the remote Web access to this device Syntax web management plaintext ssl no web management plaintext Enables remote HTTP insecure access to the device The no version of the command disables remote HTTP access ProCurve Access Point 530 configure ProCurve Access Point 530 config telnet ProCurve Access Point 530 c...

Page 333: ...f the push button capabilities Syntax show buttons Default Setting N A Command Mode Manager Exec General Configuration Context Example This example displays the status of the push buttons on the access point ProCurve Access Point 530 configure ProCurve Access Point 530 config web management ssl ProCurve Access Point 530 config ProCurve Access Point 530 show buttons Custom Reset Enabled Factory Res...

Page 334: ...sh This command displays the current SSH configuration and the status of the active SSH connections on this device Syntax show ssh Default Setting N A Command Mode Manager Exec ProCurve Access Point 530 config show console CLI Access Serial Interface Enabled Telnet Interface Enabled SSH Interface Enabled CLI Confirmation Dialogs Enabled Web Access HTTP Interface Enabled SSL Interface Enabled ProCu...

Page 335: ... information about the device and the hostname DNS information This command is the same as the show system command Syntax show system information Default Setting N A Command Mode Manager Exec Global Configuration ProCurve Access Point 530 config show ssh SSH Status Enabled ProCurve Access Point 530 config ...

Page 336: ...WA 01 00 Ethernet MAC Address 00 14 C2 A5 08 CB IP Address 192 168 15 100 Subnet Mask 255 255 255 0 Default Gateway 192 168 15 1 DHCP Client Enabled Management VLAN ID 1 Untagged VLAN ID 1 Radio 1 MAC Address 00 14 C2 A5 22 E0 Radio 1 Status Disabled 802 11g Radio 2 MAC Address 00 14 C2 A5 22 F0 Radio 2 Status Disabled 802 11a HTTP Interface Enabled SSL Interface Enabled SSH Interface Enabled Teln...

Page 337: ...splays the version of the software running on the device Syntax show version Default Setting N A Command Mode Manager Exec Global Configuration Example ProCurve Access Point 530 show version Image Software Version WA 02 00 0412 Boot Software Version WAB 01 00 ProCurve Access Point 530 ...

Page 338: ...s functionally the same as the show logging command Syntax log Default Setting N A Command Mode Manager Exec Command Function Mode Page log Displays all log entries in access point memory MC 9 30 no logging syslog_host syslog_port Adds a syslog server host IP address and assign a port number that will receive logging messages GC 9 31 show debug Displays the debugging results MC 9 32 show logging D...

Page 339: ...ceiving syslog server Default Setting Disabled Command Mode Global Configuration ProCurve Access Point 530 log Keys M eMergency C Critical W Warning I Information A Alert E Error N Notice D Debug Event Log Listing Most Recent Events First I 01 03 00 03 57 15 login 29765 root login on ttyp0 I 01 03 00 02 28 56 login 24466 root login on ttyp0 I 01 02 00 04 00 49 login 7445 root login on ttyp0 I 01 0...

Page 340: ...n this device Syntax show debug Default Setting N A Command Mode Manager Exec Global Configuration Example show logging This command displays all the entries in the event log on the device This command is functionally the same as the log command ProCurve Access Point 530 configure ProCurve Access Point 530 config logging 10 1 0 3 514 ProCurve Access Point 530 config ProCurve Access Point 530 show ...

Page 341: ...bug Event Log Listing Most Recent Events First I 01 03 00 03 57 15 login 29765 root login on ttyp0 I 01 03 00 02 28 56 login 24466 root login on ttyp0 I 01 02 00 04 00 49 login 7445 root login on ttyp0 I 01 02 00 02 23 30 login 1248 root login on ttyp0 I 01 01 00 07 10 33 login 28706 root login on ttyp0 I 01 01 00 05 59 52 login 24293 root login on ttyp0 I 01 01 00 03 00 16 login 13449 root login ...

Page 342: ...e Global Configuration Command Usage The time acquired from time servers is used to record accurate dates and times for log events Without SNTP the access point only records the time starting from the factory default set at the last bootup i e 00 14 00 January 1 1970 When SNTP client mode is enabled the sntp server command specifies the time servers from which the access point polls for time updat...

Page 343: ...ting N A Command Mode Manager Exec Example show time This command displays the current date and time Syntax show time Default Setting N A Command Mode Manager Exec ProCurve Access Point 530 configure ProCurve Access Point 530 config sntp 10 1 0 19 time zone 480 ProCurve Access Point 530 show sntp SNTP Status Enabled SNTP Server 10 1 0 19 SNTP Time Zone 480 ProCurve Access Point 530 ...

Page 344: ...9 36 Command Line Reference System Clock Commands Example ProCurve Access Point 530 show time Sat Jan 3 16 35 14 2008 ProCurve Access Point 530 ...

Page 345: ... no snmp server contact contact Sets the contact string GC 9 40 snmp server port port Sets the SNMP server port number GC 9 42 no snmp server trap trap Enables and disables SNMP traps GC 9 43 show snmp server Displays the status of SNMP communications MC 9 45 SNMPv3 no snmpv3 enable Enables and disables SNMPv3 functions on the access point GC 9 46 no snmpv3user name name auth md5 sha password priv...

Page 346: ...ecifies read only access Authorized management stations are only able to retrieve MIB objects The no version of the command clears the read only community value unrestricted Specifies read write access Authorized management stations are only able to retrieve MIB objects The no version of the command clears the read write community value Default Setting Restricted community with a public access def...

Page 347: ...the SNMP contact name Use the no form to remove the specified contact name Syntax snmp server contact contact no snmp server contact contact Name of the contact Default Setting Command Mode Global Configuration Example ProCurve Access Point 530 config snmp server contact J Wilson ProCurve Access Point 530 config ...

Page 348: ...gh you can set this string using the snmp server host command by itself we recommend that you define this string using the snmp server community command prior to using the snmp server host command Maximum length 32 characters Default Setting Host Address None Community String public Command Mode Global Configuration Command Usage The snmp server host command is used in conjunction with the snmp se...

Page 349: ...location description Use the no form to remove the specified location description Syntax snmp server location location no snmp server location location Name of the contact Default Setting Command Mode Global Configuration Example ProCurve Access Point 530 config snmp server location BHall6 ProCurve Access Point 530 config ...

Page 350: ...ill use on this device Syntax snmp server port port port The number specifying the port to which the SNMP server will listen This must be an unused port on the AP Default Setting 161 Command Mode Global Configuration Example ProCurve Access Point 530 configure ProCurve Access Point 530 config snmp server port 161 ProCurve Access Point 530 config ...

Page 351: ...buttonUpdate clientAssociation clientAuthentication clientDeAuthenticate clientReAssociation clientRequestFailure dot1XAuthFailure dot1XAuthNotInitiated dot1XAuthSuccess localMacAuthFailure localMacAuthSuccess mgmtAccessUpdate mgmtVlanIdUpdate possibleNeighborAp radioAntennaUpdate radiusAcctUpdate radiusServerFailover remoteMacAddrAuthFail remoteMacAddrAuthSucc sysConfigFileTransfer systemDown sys...

Page 352: ...Command Line Reference Network Management Application Commands Example ProCurve Access Point 530 configure ProCurve Access Point 530 config snmp server trap radiusAcctUpdate ProCurve Access Point 530 config ...

Page 353: ...onUpdate Enabled hpWlanClientAssociation Enabled hpWlanApInterfaceUpdate Enabled hpWlanClientDeAuthentication Enabled hpWlanClientAuthentication Enabled hpWlanClientRequestFailure Enabled hpWlanClientReAssociation Enabled hpWlanDot1XAuthNotInitiated Enabled hpWlanDot1XAuthFailure Enabled hpWlanLocalMacAuthClientFailure Enabled hpWlanDot1XAuthSuccess Enabled hpWlanLocalMacAuthClientSuccess Enabled ...

Page 354: ... Access Point 530 config ProCurve Access Point 530 config snmpv3 enable ProCurve Access Point 530 config show snmpv3 SNMPv3 Enabled SNMP engine ID 00 00 00 0b 00 00 00 14 c2 a5 6a b3 SNMPv3 user accounts Username Auth Protocol Privacy Protocol tjameson MD5 AES ProCurve Access Point 530 config no snmpv3 enable ProCurve Access Point 530 config show snmpv3 SNMPv3 Disabled SNMP engine ID 00 00 00 0b 0...

Page 355: ...ettings md5 Uses MD5 authentication sha Uses SHA authentication auth pass The password for the selected authentication method priv Adds a privacy method to the user settings des Uses DES encryption aes Uses AES encryption priv pass The password for the selected privacy method Default Setting None Command Mode Global Configuration Example Related Commands snmpv3 enable page 9 46 show snmpv3 page 9 ...

Page 356: ...ble page 9 46 snmpv3 user name page 9 47 lldp This command enables Link Layer Discovery Protocol LLDP service on the device The no version of the command disables LLDP on the device Syntax lldp no lldp Default Enabled ProCurve Access Point 530 show snmpv3 SNMPv3 Enabled SNMP engine ID 00 00 00 0b 00 00 00 14 c2 a5 09 8c SNMPv3 user accounts Username Auth Protocol Privacy Protocol ltulina MD5 AES a...

Page 357: ...nk Layer Discovery Protocol LLDP service on the device Syntax show lldp Default N A Command Mode Global Configuration Example ProCurve Access Point 530 configure ProCurve Access Point 530 config lldp ProCurve Access Point 530 config ProCurve Access Point 530 configure ProCurve Access Point 530 config show lldp LLDP Status Enabled ProCurve Access Point 530 config ...

Page 358: ... default Reset a configuration file to the factory default configuration on the device MC 9 53 copy running config startup config custom default Reset a configuration file to the running configuration on the device MC 9 53 erase Reset the specified configuration file stored on the device MC 9 54 write View or save the running configuration of the device MC 9 55 show config Display the startup conf...

Page 359: ...guration file This operation will replace the existing startup configuration file on the device ip The IP address of the remote server file The filename of the file on the remote server user name user password pass Specifies the username and password for the FTP and SCP remote servers Default Setting N A Command Mode Manager Exec Example copy custom default startup config This command sets the sta...

Page 360: ...p tftp flash startup config ip file user name user password pass startup config Specifies that the type of file to copy is the startup configuration file ftp scp tftp Specifies the type of remote server where the file will be placed Possible servers are File Transfer Protocol FTP Secure Copy Protocol SCP and the Trivial File Transfer Protocol TFTP ip The IP address of the remote server file The fi...

Page 361: ...efault Reset the default configuration file to contain the same settings as the factory default configuration file Default Setting N A Command Mode Manager Exec Example copy running config This command saves the running default to a configuration file on the device Syntax copy running default startup config custom default ProCurve Access Point 530 copy startup config ftp 192 168 1 52 copystart use...

Page 362: ...le Default Setting N A Command Mode Manager Exec Example Related Commands write page 9 55 erase This command resets the specified configuration file stored on the device Syntax erase custom default startup config custom default Resets the customer modified version of the factory default configuration startup config Resets the startup configuration to the custom default configuration and reloads th...

Page 363: ... of the device Syntax write memory terminal memory Copies the running configuration to the startup configuration file This is the same as the copy running default startup config command terminal Displays the running configuration of the device on the terminal Default Setting N A Command Mode Manager Exec Example Related Commands copy running config page 9 53 ProCurve Access Point 530 erase startup...

Page 364: ...cy wep key length 104 wep key length radio wlan1 radio wds ssid WDS SSID 2 wds ssid wep key ascii no wep key ascii wds wpa psk format ascii wds wpa psk format description Wireless Distribution System Link 2 description interface interface name wlan0wds4 type wds type status down status wds security policy no security wds security policy wep key length 104 wep key length radio wlan1 radio wds ssid ...

Page 365: ...nfiguration Example show tech This command displays the output of a predefined command sequence used by technical support Syntax show tech Default Setting N A Command Mode Manager Exec Global Configuration ProCurve Access Point 530 show copy Copy Operation Status FTP SCP TFTP Last software image flash copy result not initiated Last configuration file copy result not initiated ProCurve Access Point...

Page 366: ...0 show tech Description Radio 1 WLAN 10 Status Disabled SSID SSID 10 VLAN None BSSID not assigned yet DTIM Period 2 Security Type no security No Sec Closed System Disabled MAC Auth Mode local deny list only MAC Auth List not set Authentication open system only WEP Key Type hex WEP Key 1 WEP Key Size 128bit WEP Key 2 Default Key WEP Key 1 WEP Key 3 WEP Key 4 WPA or WPA2 WPA and WPA2 WPA Cipher TKIP...

Page 367: ...ds security policy wep key length 104 wep key length radio wlan1 radio wds ssid WDS SSID 2 wds ssid wep key ascii no wep key ascii wds wpa psk format ascii wds wpa psk format description Wireless Distribution System Link 2 description interface interface name wlan0wds0 type wds type status down status wds security policy wpa psk wds security policy wep key length 104 wep key length remote mac remo...

Page 368: ...key length radio wlan1 radio wds ssid WDS SSID 2 wds ssid wep key ascii no wep key ascii wds wpa psk format ascii wds wpa psk format description Wireless Distribution System Link 2 description interface interface name wlan0wds4 type wds type status down status wds security policy no security wds security policy wep key length 104 wep key length radio wlan1 radio wds ssid WDS SSID 5 wds ssid wep ke...

Page 369: ...enables or disables the group configuration feature on the access point Syntax no group config group config Enables the group configuration feature no group config Disables the group configuration feature Default Setting N A Command Mode Global Configuration Example Command Function Mode Page no group config Enables and disables the group configuration feature on the access point GC 9 61 group con...

Page 370: ...wing example specifies that the access point will belong to group WHBldg22 group config member id The command sets an optional string that identifies the access point within the group The member id identifies the access point in the member list Syntax group config member id member id ProCurve Access Point 530 configure ProCurve Access Point 530 config group config ProCurve Access Point 530 config ...

Page 371: ... access point in the member list as AP1 show group config The command displays the current group configuration settings for the access point Syntax show group config show group config Displays the current group configuration settings Default Setting None Command Mode Manager Exec ProCurve Access Point 530 configure ProCurve Access Point 530 config group config member id AP1 ProCurve Access Point 5...

Page 372: ...eference Group Configuration Example ProCurve Access Point 530 show group config Status Enabled Group name WHBldg22 Member ID AP1 mac ip 00 14 C2 A5 09 8C 10 0 1 101 00 14 C2 A5 6A B3 10 0 1 102 ProCurve Access Point 530 ...

Page 373: ...mand disables use of the primary RADIUS accounting server by clearing the IP address setting secondary Configure settings IP port key for the secondary RADIUS accounting server The no version of the command disables use of the secondary RADIUS accounting server by clearing the IP address setting ip ip The IP address of the RADIUS server port port The port of the RADIUS server key key The shared se...

Page 374: ...mmand disables use of the local built in RADIUS authentication server as an additional server retransmit limit Set the number of retry attempts that are made to a RADIUS authentication accounting server until switching to the next server on the list The no version of the command is not available for this parameter Valid values 1 30 Default Setting Disabled Retransmit value set to 3 Command Mode WL...

Page 375: ...condary RADIUS authentication server by clearing the IP address setting ip ip The IP address of the RADIUS server Default is 192 168 1 10 local Use the local built in radius server port port The port of the RADIUS server key key The shared secret string for the RADIUS server mac auth password password Set the password that will be used by wireless stations for remote MAC authentication with the pr...

Page 376: ...ace Configuration Example ProCurve Access Point 530 configure ProCurve Access Point 530 config radio 1 ProCurve Access Point 530 radio1 wlan 1 ProCurve Access Point 530 radio1 wlan1 radius primary key open ProCurve Access Point 530 radio1 wlan1 radius primary ip 192 168 1 53 ProCurve Access Point 530 radio1 wlan1 radius primary mac format multi colon ProCurve Access Point 530 radio1 wlan1 ...

Page 377: ... the command removes the user account with the specified username Maximum characters 50 disabled Set the user account to be disabled The no version of the command re enables the user account password Specifies the password to be used with the user account Range 1 32 alphanumeric characters realname Specifies the real name for the account holder on the user account No spaces Maximum characters 50 D...

Page 378: ...displays user account information for the internal RADIUS server on this device Syntax show radius local Default Setting N A Command Mode Manager Exec ProCurve Access Point 530 configure ProCurve Access Point 530 config radius local chris ProCurve Access Point 530 config radius local chris password chrisopen ProCurve Access Point 530 config ProCurve Access Point 530 configure ProCurve Access Point...

Page 379: ...eference RADIUS Users Example ProCurve Access Point 530 configure ProCurve Access Point 530 config show radius local Username Real Name Status MSmith Mr Smith Enabled Chris CSmith Enabled ProCurve Access Point 530 config ...

Page 380: ... and all entries in the entire list macaddress Specifies an entry in the authentication control list by MAC address The no version of the command removes the specific MAC address entry from the specific MAC address authentication control list Valid format is 00 00 00 00 00 00 FF FF FF FF FF FF accept list The wireless stations whose MAC address is on the list will be allowed access to the device d...

Page 381: ...x mac auth remote no mac auth remote Default None Command Mode WLAN Interface Configuration Example ProCurve Access Point 530 configure ProCurve Access Point 530 config radio 1 ProCurve Access Point 530 radio1 wlan 1 ProCurve Access Point 530 radio1 wlan1 mac auth local Bob accept list ProCurve Access Point 530 radio1 wlan1 ProCurve Access Point 530 configure ProCurve Access Point 530 config radio...

Page 382: ...ice Syntax show mac auth local name name Displays only MAC address entries for the specified list Default N A Command Mode WLAN Radio Interface Configuration Example ProCurve Access Point 530 show mac auth local mylist MAC address entries for authentication control list mylist MAC Addresses 00 11 22 33 44 55 00 aa bb cc dd ee ProCurve Access Point 530 ProCurve Access Point 530 ...

Page 383: ...address entry from the MAC Lockout list Valid format is 00 00 00 00 00 00 FF FF FF FF FF FF Default None Command Mode Global Configuration Example Command Function Mode Page no lockout mac mac address Adds or removes the selected MAC address to the MAC Lockout list GC 9 75 show lockout mac Shows all entries in the MAC Lockout list MC 9 76 lockout macclear mac address all ClearsaselectedMACaddresso...

Page 384: ...ries in the MAC Lockout list on the device Syntax lockout mac clear mac address all mac address Specifies an entry in the MAC Lockout list Valid format is 00 00 00 00 00 00 FF FF FF FF FF FF all Clears all addresses from the MAC Lockout list Default None Command Mode Global Configuration ProCurve Access Point 530 show lockout mac Locked out addresses 00 14 C2 A5 09 8D 0A 16 D2 5A 23 78 Number of l...

Page 385: ... ProCurve Access Point 530 configure ProCurve Access Point 530 config lockout mac clear all 2 MAC addresses removed from lockout list ProCurve Access Point 530 config show lockout mac No MAC addresses in lockout list ProCurve Access Point 530 config ...

Page 386: ...ess point Syntax deauth mac mac address mac address Specifies the MAC Address to deauthenticate Valid format is 00 00 00 00 00 00 FF FF FF FF FF FF Default None Command Mode Global Configuration Example Command Function Mode Page deauth mac mac address Deauthenticates the specified MAC address from the device GC 9 78 ProCurve Access Point 530 deauth mac 00 d0 59 c8 62 dd ProCurve Access Point 530 ...

Page 387: ...username Specifies the username that will be used for Guest user logins using Web Auth GC 9 81 no web auth guest password password Specifies the password that will be used for Guest user logins using Web Auth GC 9 81 show web auth DisplaysthecurrentWeb Authsettings MC 9 85 Per WLAN no web auth guest login EnablesordisablesWeb AuthforGuest users on the selected WLAN IC R WLAN 9 82 no web auth usern...

Page 388: ...title title text header header text footer footer text descriptive descriptive text Specifies the custom text field values on the Web Auth Login screen IC R WLAN 9 83 no web auth default welcome page Enables or disables the default field values for the Welcome screen IC R WLAN 9 83 web auth custom welcome text title title text header header text footer footer text descriptive descriptive text Spec...

Page 389: ... 530 config web auth starting ip address 192 168 0 1 255 255 240 0 ProCurve Access Point 530 config web auth lease time 60 ProCurve Access Point 530 config show web auth Temporary Address Pool Start 192 168 0 1 Subnet 255 255 240 0 Lease time secs 60 Guest Username lbg_guest Guest Password lbgpassword ProCurve Access Point 530 config ProCurve Access Point 530 config web auth guest username lbg_gue...

Page 390: ... redirect url web auth retry limit retries guest login Enables or disables Web Auth for Guest users on the selected WLAN username login Enables or disables Web Auth for Registered users on the selected WLAN redirect url Specifies the URL the user is redirected to following successful Web Authentication retries Specifies the number of failed login attempts from 1 to 9 a user may make before logins ...

Page 391: ...th redirect url www procurve com ProCurve Access Point 530 radio1 wlan1 show wlan 1 WLAN 1 on Radio 1 Description Radio 1 WLAN 1 Status Enabled SSID PR3_WLAN VLAN 1 Untagged BSSID 00 14 C2 A7 11 A0 DTIM Period 2 Security Type wpa psk WPA PSK Closed System Disabled MAC Auth Mode local accept list only MAC Auth List ACL 1 Authentication open system only WEP Key Type hex WEP Key 1 not set WEP Key Siz...

Page 392: ...ustom login text Specifies that the following custom text is for the Login screen default welcome page Enables or disables the default field values for the Welcome screen custom welcome text Specifies that the following custom text is for the Welcome screen default failed page Enables or disables the default field values for the Failed screen custom failed text Specifies that the following custom ...

Page 393: ... Access Point 530 radio1 wlan1 web auth custom login text header GS User Login ProCurve Access Point 530 radio1 wlan1 web auth custom login text descriptive Enter your General Services Department username and password ProCurve Access Point 530 radio1 wlan1 show wlan 1 ProCurve Access Point 530 config show web auth Temporary Address Pool Start 192 168 0 1 Subnet 255 255 240 0 Lease time secs 60 Gue...

Page 394: ...oint password Specifies the password for the access point user no ap authentication eap type eap type eap type Specifies the EAP authentication type for the access point user either MD5 or PEAP Default Disabled Command Mode Global Configuration Example Command Function Mode Page no ap authentication Enables and disables AP authentication on the access point GC 9 86 show ap authentication Displays ...

Page 395: ...munications between wireless stations control access to the management interface from wireless stations and filter traffic using specific Ethernet protocol types ProCurve Access Point 530 config show ap authentication Status Enabled EAP Type peap ProCurve Access Point 530 config Command Function Mode Page no inter station blocking Enables communication between wireless stations GC 9 88 no wireless...

Page 396: ...mand Mode Global Configuration Example wireless mgmt block This command enables access to the management interfaces http telnet etc from the wireless side on the device The no version of the command disables this ability on the device Syntax wireless mgmt block no wireless mgmt block Default Disabled Command Mode Global Configuration Manager Exec Example ProCurve Access Point 530 configure ProCurv...

Page 397: ...filters Default N A Command Mode Global Configuration Manager Exec Example ProCurve Access Point 530 configure ProCurve Access Point 530 config wireless mgmt block ProCurve Access Point 530 config ProCurve Access Point 530 show filters Traffic Security Filters Wireless Management Blocking Enabled Inter Station Blocking Disabled ProCurve Access Point 530 ...

Page 398: ...terface IC E 9 91 disable Disables the interface IC E 9 91 description Specifies a human readable description of this interface IC E 9 92 dns primary server_1 Specifies the primary name server GC 9 92 dns secondary server_2 Specifies the secondary name server GC 9 93 no ip address ip mask ip bits dhcp Sets the IP address for the Ethernet interface IC E 9 94 no ip default gateway ip Sets the static...

Page 399: ...ode Ethernet Interface Configuration Example disable ethernet This command disables the specified interface Syntax disable Default Setting N A Command Mode Ethernet Interface Configuration ProCurve Access Point 530 config interface ethernet ProCurve Access Point 530 ethernet ProCurve Access Point 530 config interface ethernet ProCurve Access Point 530 ethernet enable ProCurve Access Point 530 ethe...

Page 400: ...e alphabetical description of the interface Maximum characters 1 255 Default Setting None Command Mode Ethernet Interface Configuration Example dns primary This command establishes the primary DNS server address The no version of the command clears the primary IP address if one is set and does not require for the IP to be specified ProCurve Access Point 530 config interface ethernet ProCurve Acces...

Page 401: ... made with a DHCP server then the DHCP client must be disabled in order to implement a static ip address Example dns secondary This command establishes the secondary DNS server address The no version of the command clears the secondary IP address if one is set and does not require for the IP to be specified Syntax dns secondary server_2 server_2 A static ip address set to the secondary DNS server ...

Page 402: ...dress and network mask bits Specifies the static network mask in CIDR notation to be used when DHCP is not used The no version of the command clears the statically assigned IP address and network mask dhcp Enables the DHCP client on this interface The no version of the command disables the DHCP client on this interface Default Setting IP address 192 168 1 1 Netmask 255 255 255 0 Command Mode Inter...

Page 403: ...p command Valid IP addresses consist of four numbers 0 to 255 separated by periods Anything other than this format will not be accepted by the configuration program Example ip default gateway This command sets the static default gateway router for the device The no version of the command does not require parameters and resets the address of the default gateway router if any Syntax ip default gatew...

Page 404: ...x 100 half 100 Mbps half duplex 10 full 10 Mbps full duplex 100 full 100 Mbps full duplex Default Setting auto Command Mode Interface Configuration Ethernet Example show ip This command displays the IP address information static default gateway router configuration and the DHCP client configuration status on the device Syntax show ip ProCurve Access Point 530 config interface ethernet ProCurve Acc...

Page 405: ...ion about the specified interface i e ethernet Default Setting N A Command Mode Manager Exec ProCurve Access Point 530 show ip IP Address Information System Host Name ProCurve AP 530 IP Address 192 168 1 2 Subnet Mask 255 255 255 0 Default Gateway 192 168 1 253 DHCP Client Enabled DNS Information Obtained from DHCP Domain Name Suffix example ca example net Primary DNS Server 204 127 202 0 Secondar...

Page 406: ...s 00 14 C2 A5 08 CB Speed duplex auto Administrative status Enabled Link status add in future Management VLAN ID 1 U Untagged VLAN ID 1 Spanning Tree STP Enabled STP Port State forwarding STP Hello Interval 10 0 STP Forward Delay 10 STP Bridge Priority 255 Bytes Rx 70912184 Bytes Tx 30955292 Packets Rx 194926 Packets Tx 286333 Compressed Rx 0 Compressed Tx 0 Mcast packets Rx 0 Carrier errors Tx 0 ...

Page 407: ...ss Information System Host Name ProCurve AP 530 IP Address 192 168 1 2 Subnet Mask 255 255 255 0 Default Gateway 192 168 1 253 DHCP Client Enabled DNS Information Obtained from DHCP Domain Name Suffix example net Primary DNS Server 204 127 202 0 Secondary DNS Server 216 148 227 00 ProCurve Access Point 530 ...

Page 408: ...e access point can transmit traffic IC R 9 106 supported rate value Configures the maximum data rate at which the access point can transmit traffic IC R 9 107 channel policy static auto Sets the policy on the channel to static or automatic IC R 9 107 beacon interval interval Configures the rate at which beacon frames are transmitted from the access point IC R 9 108 dtim period Configures the rate ...

Page 409: ...tarting communications IC R 9 113 tx power reduction Adjusts the power of theradiosignalstransmittedfrom the access point IC R 9 114 enable Enables the radio or SSID wireless interfaces IC R IC R WLAN 9 115 disable Disables the radio or SSID wireless interfaces IC R IC R WLAN 9 116 show radio radio Shows the status for the wireless interface MC 9 116 show wlan ssid_index Displays parameters for th...

Page 410: ...y index number in the range 1 to 16 can be selected for an SSID interface per radio Each SSID interface name must be unique stations that want to connect to the network via the access point must set their SSIDs to match one of the access point s SSID interfaces Example ProCurve Access Point 530 configure ProCurve Access Point 530 config radio 1 ProCurve Access Point 530 radio1 ProCurve Access Poin...

Page 411: ...aracters Default Setting Radio Radio 1 WLAN 1 SSID SSID 1 Command Mode Radio Interface Configuration WDS Radio Interface Configuration WLAN Interface Configuration Example closed system This command closes access to stations without a pre configured SSID Use the no form to disable this feature Syntax closed system no closed system Default Setting Disabled ProCurve Access Point 530 configure ProCur...

Page 412: ...d spectrum DSSS or frequency hopping spread spectrum FHSS in the 2 4 GHz ISM band as well as comple mentary code keying CCK to provide the higher data rates It supports data rates ranging from 1 to 11 Mbps Supported on both the access point s radios 1 and 2 g 802 11g stations operate at a higher speed extension up to 54 Mbps to the 802 11b PHY while operating in the 2 4 GHz band It uses orthogonal...

Page 413: ...iguration Example antenna mode This command sets the antenna diversity mode on this radio These settings only have an effect if the external antenna configuration is used Syntax antenna mode diversity single diversity Diversity 2 connections elements antenna system ProCurve Access Point 530 configure ProCurve Access Point 530 config radio 1 ProCurve Access Point 530 radio1 mode g ProCurve Access P...

Page 414: ...tax basic rate value no basic rate value The transmit data rate value set Options 1 2 5 5 6 9 11 Mbps for a and b modes 1 2 5 5 6 9 11 12 18 24 36 54 Mbps for g mode Default Setting Radio 1 1 2 5 5 11 Mbps for g mode Radio 2 6 12 24 for a mode Command Mode Radio Interface Configuration Example ProCurve Access Point 530 configure ProCurve Access Point 530 config radio 1 ProCurve Access Point 530 ra...

Page 415: ...6 54 Mbps Default Setting Options 1 2 5 5 6 9 11 12 18 24 36 54 Mbps Command Mode Interface Configuration Wireless Example channel policy This command sets the channel utilization policy on this radio Syntax channel policy auto static channel auto Automatically detect and use the least congested channel static Use the statically configured channel channel The specific channel Default Setting auto ...

Page 416: ...fault behavior is to send a beacon frame once every 100 microseconds or 10 per second Command Mode Radio Interface Configuration Command Usage The beacon frames allow wireless stations to maintain contact with the access point They may also carry power management information Example Related Commands rate limit page 9 156 ProCurve Access Point 530 configure ProCurve Access Point 530 config radio 1 ...

Page 417: ...necessary to wake up stations that are using Power Save mode The DTIM is the interval between two synchronous frames with broadcast multicast information The default value of 2 indicates that the access point will save all broadcast multicast frames for the Basic Service Set BSS and forward them after every second beacon Using smaller DTIM intervals delivers broadcast multicast frames in a more ti...

Page 418: ...t Setting 256 Command Mode Radio Interface Configuration Example preamble This command sets the length of the signal preamble for this radio Syntax preamble long short long Uses a long preamble only short Uses a short or long preamble Default Setting long Command Mode Radio Interface Configuration ProCurve Access Point 530 configure ProCurve Access Point 530 config radio 1 ProCurve Access Point 53...

Page 419: ...imum packet frame size that can be fragmented when passing through the access point Syntax fragmentation thresh value value Minimum packet frame size for which fragmentation is allowed Range 256 2346 bytes Default Setting 2346 This effectively disables fragmentation ProCurve Access Point 530 configure ProCurve Access Point 530 config radio 1 ProCurve Access Point 530 radio1 preamble short ProCurve...

Page 420: ...setting the fragment size to send smaller fragments This will speed up the retransmission of smaller frames However it is more efficient to set the fragment size larger if very little or no interference is present because it requires overhead to send multiple frames Example inactivity timeout This command configures the length of time after which a wireless station is considered inactive if no tra...

Page 421: ... RequesttoSend RTS signal must be sent to the receiving station prior to the sending station starting communications Syntax rts threshold threshold threshold Threshold packet size for which to send an RTS Range 0 2347 bytes Default Setting 2347 ProCurve Access Point 530 configure ProCurve Access Point 530 config radio 1 ProCurve Access Point 530 radio1 inactivity timeout 10 ProCurve Access Point 5...

Page 422: ...tation sends a CTS frame to notify the sending station that it can start sending data Access points contending for the wireless medium may not be aware of each other The RTS CTS mechanism can solve this Hidden Node problem Example tx power reduction This command adjusts the power value of the radio signals transmitted from the access point Syntax trx power reduction value value Set the value which...

Page 423: ... access point coverage area Default is 0 Example enable wireless This command enables either the radio ssid or wds interfaces Syntax enable Default Setting N A Command Mode Radio Interface Configuration WDS Interface Configuration WLAN Interface Configuration Example ProCurve Access Point 530 configure ProCurve Access Point 530 config radio 1 ProCurve Access Point 530 radio1 tx power reduction 5 P...

Page 424: ...WDS Interface Configuration WLAN Interface Configuration Example show radio This command displays detailed information about the radio Syntax show radio radio radio Display detailed information about the specified radio Default Setting N A Command Mode Manager Exec ProCurve Access Point 530 configure ProCurve Access Point 530 config radio 1 ProCurve Access Point 530 radio1 disable ProCurve Access ...

Page 425: ...nnel TX Power 1 Disabled 00 14 C2 A5 22 E0 802 11g 1 Auto 0 dBm 2 Disabled 00 14 C2 A5 22 F0 802 11a 36 Auto 0 dBm ProCurve Access Point 530 show radio 1 Description Radio 1 802 11g Base MAC 00 14 C2 A7 11 A0 Status Enabled Mode 802 11g Channel Policy Auto Channel 1 WLANs Supported 16 Preamble long CTS Protection Enabled Slot time short Beacon Interval K us 100 Max Power dBm 16 0 Power Reduction d...

Page 426: ...security No Sec Closed System Disabled MAC Auth Mode local deny list only MAC Auth List not set Authentication open system only WEP Key Type ascii WEP Key 1 akshjsnensitk WEP Key Size 128bit WEP Key 2 not set Default Key WEP Key 1 WEP Key 3 not set WEP Key 4 not set WPA or WPA2 WPA and WPA2 WPA Cipher TKIP only WPA Pre auth Disabled WPA Key Format ascii WPA ASCII Key abcdefghijklmnop WPA Hex Key n...

Page 427: ...o in context This is functionally equivalent to the show ssid command Syntax show wlans name statistics all name Displays detailed information about the specified WLAN SSID BSS statistics Display traffic counters in addition to information about the WLAN SSID BSS all Display information about the WLAN SSID BSS on both radios only has an effect when in a radio or WLAN context Default N A Command Mo...

Page 428: ... Sec Disabled 7 SSID 7 not assigned yet none No Sec Disabled 8 SSID 8 not assigned yet none No Sec Disabled 9 SSID 9 not assigned yet none No Sec Disabled 10 SSID 10 not assigned yet none No Sec Disabled 11 SSID 11 not assigned yet none No Sec Disabled 12 SSID 12 not assigned yet none No Sec Disabled 13 SSID 13 not assigned yet none No Sec Disabled 14 SSID 14 not assigned yet none No Sec Disabled ...

Page 429: ...riod 2 Security Type no security No Sec Closed System Disabled MAC Auth Mode local deny list only MAC Auth List not set Authentication open system only WEP Key Type ascii WEP Key 1 akshjsnensitk WEP Key Size 128bit WEP Key 2 not set Default Key WEP Key 1 WEP Key 3 not set WEP Key 4 not set WPA or WPA2 WPA and WPA2 WPA Cipher TKIP only WPA Pre auth Disabled WPA Key Format ascii WPA ASCII Key abcdef...

Page 430: ...ormation about wireless stations Syntax show stations detail detail Display detailed information about associated wireless stations Default N A Command Mode Global Configuration ProCurve Access Point 530 show basic rate Basic advertised data rates Mbps Radio 1 802 11g 1 2 5 5 11 Radio 2 802 11a 6 12 24 54 ProCurve Access Point 530 ...

Page 431: ...ion 00 11 50 55 50 11 Authenticated Yes Radio WLAN work1 2 1 Associated Yes Last RSSI 66 Forwarding n a Rate Mbps 54 Listen Interval 10 Transmitted to station packets 0 bytes 0 Received from station packets 13 bytes 1374 Station 00 15 00 47 5f 6a Authenticated Yes Radio WLAN SSID 10 1 10 Associated Yes Last RSSI Forwarding Yes Rate Mbps 54 Listen Interval 10 Transmitted to station packets 1 bytes ...

Page 432: ...ey Defines the up to four security keys if using the static wep security IC W S 9 129 no open system authentication Enables or disables open system authentication for SSID association IC W S 9 130 no shared key authentication Enablesordisablesshared keyauthentication for SSID association IC W S 9 131 no wpa allowed no wpa2 allowed Enables or disables wireless stations to use the original WPA and W...

Page 433: ... 8021x Use the Wi Fi Protected Access WPA and or WPA2 with a RADIUS server This is the recommended security mode Default Setting No security Command Mode WLAN Interface Configuration Command Usage When using this command to configure WPA or 802 1X for authenti cation and dynamic keying you must use the open system argument Shared key authentication can only be used when a static WEP key has been d...

Page 434: ...on After successful 802 11 association each client is allowed to access the network When 802 1X is supported the access point supports 802 1X authen tication only for stations initiating the 802 1X authentication process The access point does NOT initiate 802 1X authentication For stations initiating 802 1X only those stations successfully authenti cated are allowed to access the network For those...

Page 435: ... command When WEP is enabled all wireless stations must be configured with the same shared key to communicate with the access point s SSID interface When using IEEE 802 1X the access point uses a dynamic WEP keys to encrypt data sent to 802 1X enabledstations However because the access point sends the WEP keys during the 802 1X authentication process these keys do not have to appear in the client ...

Page 436: ...rity The no version of the command sets the key type to hexadecimal Syntax wep key ascii no wep key ascii Default Setting Enabled Command Mode WLAN Interface Configuration Example ProCurve Access Point 530 configure ProCurve Access Point 530 config radio 1 ProCurve Access Point 530 radio1 wlan 1 ProCurve Access Point 530 radio1 wlan1 security static wep ProCurve Access Point 530 radio1 wlan1 wep k...

Page 437: ...st second third and fourth wep keys used with static wep security 1 4 key Sets the character string for security The number of characters depend on the number of characters required for each WEP key depends on the Key Length and Key Type settings If Key Length is 40 bits and the Key Type is ASCII then each WEP key must be five 5 characters long If Key Length is 40 bits and Key Type is Hex then eac...

Page 438: ...WLAN Interface Configuration Command Usage Supported authentications are open system shared key or both Example ProCurve Access Point 530 radio1 wlan1 wep key ascii ProCurve Access Point 530 radio1 wlan1 wep key length 64 ProCurve Access Point 530 radio1 wlan1 wep key 1 abcde ProCurve Access Point 530 radio1 wlan1 wep key 2 fghi ProCurve Access Point 530 radio1 wlan1 wep key 3 klmn ProCurve Access...

Page 439: ...ion Command Usage Supported authentications are open system shared key or both Example wpa allowed wpa2 allowed Enables wireless stations to use the original WPA or WPA2 on this WLAN The no version of these commands disables stations from being able to use the original WPA or WPA2 on this WLAN Syntax wpa allowed wpa2 allowed no wpa allowed no wpa2 allowed Default Setting Both enabled Command Mode ...

Page 440: ... key to communicate with the access point Shared secret keys can include spaces and special characters if the key is placed inside quotation marks goodsecret If the key is a string of characters with no spaces or special characters in it the quotation marks are not necessary Example ProCurve Access Point 530 radio1 wlan1 wpa allowed ProCurve Access Point 530 radio1 wlan1 wpa2 allowed ProCurve Acce...

Page 441: ...red to establish proper WPA PSK or WPA 802 1X security When both TKIP and AES authentication methods are set both TKIP and AES stations can associate with the access point WPA stations must have either a valid TKIP or AES Key to communicate Example wpa cipher aes This command enables Advanced Encryption Standard AES for WPA on this WLAN The no version of the command disables AES for WPA on this WL...

Page 442: ...icate Example wpa psk ascii This command enables the use of an ASCII key for WPA PSK The key must be between 8 and 63 characters Syntax wpa psk ascii Default Setting None Command Mode WLAN Interface Configuration Example wpa psk hex This command enables the use of a hex key for WPA PSK The key must be exactly 64 hex characters Syntax wpa psk hex Default Setting None ProCurve Access Point 530 radio...

Page 443: ...o version of the command disables WPA2 stations from being able to pre authenticate Syntax rsn preauthentication no rsn preauthentication Default Setting Disabled Command Mode WLAN Interface Configuration Example ProCurve Access Point 530 radio1 wlan1 wpa psk hex ProCurve Access Point 530 radio1 wlan1 ProCurve Access Point 530 radio1 wlan1 rsn preauthentication ProCurve Access Point 530 radio1 wla...

Page 444: ...ble to service wireless stations or WDS links if it is dedicated to AP detection The no version of this command is not available for this parameter Default Setting Disabled Command Mode Radio Interface Configuration Command Function Mode Page no ap detection dedicated Enables the periodic or dedicated detection of nearby access points IC R 9 136 ap detection duration value Sets the duration of the...

Page 445: ...the background scanning detection of nearby access points Syntax ap detection duration value value The length of time in milliseconds Range 5 30 Default Setting 30 ms Command Mode Radio Interface Configuration Example ap detection expire time This command sets the amount of time that a dedicated AP will remain on the detected AP list after its last beacon is received Syntax ap detection expire tim...

Page 446: ...econds between scans Range 10 3600 Default Setting 10 s Command Mode Radio Interface Configuration Example ap detection max entries This command sets the maximum amount of AP entries to be saved to the detected AP list Syntax ap detection max entries value value The maximum size of the AP list Range 1 255 Default Setting ProCurve Access Point 530 radio1 ap detection expire time 15 ProCurve Access ...

Page 447: ...ommand Mode Manager Exec Radio Interface Configuration Example ProCurve Access Point 530 radio1 ap detection max entries 30 ProCurve Access Point 530 radio1 ProCurve Access Point 530 radio1 show detected ap Neighboring AP detection status Radio 1 AP detection Enabled 802 11g Radio 2 AP detection Disabled Neighboring APs BSSID SSID Sec Chan Type 00 14 02 a0 4F bc SSID1 none 3 AP 00 14 03 a2 4F de S...

Page 448: ...and Function Mode Page no atpc Enables and disables Adaptive Tx Power Control on the selected radio The default is Disabled IC R 9 140 no atpc avoid other aps EnablesanddisablestheAvoidOtherAPs function The default is Disabled IC R 9 141 no atpc rf group name name ThenameusedtogroupAPsforAdaptive Transmit Power Control The default is blank IC R 9 141 atpc adapt ap ap clients Chooses between AP mod...

Page 449: ...eighboring APs RF Group Names and SSIDs are ignored When this setting is disabled uses RF Group Name or SSIDs to determine which APs to accommodate Example atpc rf group name This command sets the name used to group APs for Adaptive Transmit Power Control Syntax no atpc rf group name group name no Clears the RF Group Name on the selected radio group name Specifies the name of the group to which th...

Page 450: ...mand chooses between AP and AP Clients adaptive modes Syntax atpc adapt ap ap clients ap Specifies AP adaptive mode on the selected radio ap clients Specifies AP Clients adaptive mode on the selected radio Default Setting AP mode Command Mode Interface Configuration Radio Command Usage When ap mode is selected beacons and data transmissions are given the same adaptive transmit power levels When ap...

Page 451: ... 18 in decibels that the radio s Tx Power may be attenuated when adapting to other APs on the same channel Default Setting Disabled Command Mode Interface Configuration Radio Example show atpc This command enables and disables on the selected radio Syntax show atpc Default Setting none Command Mode Global Configuration ProCurve Access Point 530 radio1 atpc adapt ap ProCurve Access Point 530 radio1...

Page 452: ...up name AirportNet Avoid Other WLANs disabled Max Power Reduction 18 Adaptive Mode AP Current Beacon Backoff 4 dB Current Data Backoff 4 dB Radio 2 atpc disabled RF Group name not configured Avoid Other WLANs disabled Max Power Reduction 18 Adaptive Mode AP Current Beacon Backoff 0 dB Current Data Backoff 0 dB ProCurve Access Point 530 ...

Page 453: ...using IEEE 802 1X and a central RADIUS server If a user does not have a configured VLAN ID the access point assigns the user to the default VLAN ID a number between 1 and 4094 of the associated SSID interface Example Command Function Mode Page vlan vid Configures the default VLAN for an SSID interface IC R WLAN 9 145 no untagged vlan vid Configure the global untagged VLAN ID for the AP The no vers...

Page 454: ...e wide globally The no version of the command sets any untagged VLAN to become tagged Syntax untagged vlan vid no untagged vlan vid The identifier must be a number between 1 and 4094 Default Setting vlan 1 untagged Command Mode Ethernet Interface Configuration Example management vlan This command configures the VLAN ID for the management interfaces Web UI SNMP Telnet etc The management vlan is for...

Page 455: ...red by a RADIUS server policy If you dynam ically assign a VLAN that has already been statically assigned to a VLAN or to the management VLAN or untagged VLAN the dynamic authentication will fail and will continue trying to authenticate ProCurve Access Point 530 configure ProCurve Access Point 530 config interface ethernet ProCurve Access Point 530 ethernet management vlan 9 ProCurve Access Point ...

Page 456: ...e qos ap params voice video best effort background aifs aifs cwmin swmin cwmax cwmax burst burst Configure QoS related parameters on the device for this radio IC R 9 149 qos sta params voice video best effort background aifs aifs cwmin swmin cwmax cwmax txop limit txop limit Configure QoS related parameters on the wireless stations IC R 9 151 no qos wmm Enables using Wireless Multimedia Extensions...

Page 457: ...me in milliseconds for data frames Valid values are 1 255 cwmin cwmin Specifies the Minimum Contention Window QoS parameter The value specified is the lower limit in milliseconds of a range from which the initial random backoff wait time is deter mined Valid values for the cwmin are 1 3 7 15 31 63 127 255 511 or 1024 The value for cwmin must be lower than the value for cwmax cwmax cwmax Specifies ...

Page 458: ...ntention Maximum Burst Queue Frame Space Min Window Max Window Length Voice 1 3 7 1 5 Video 1 7 15 3 0 Best Effort 3 15 63 0 Background 7 15 1023 0 Radio 2 Adaptive Inter Contention Contention Maximum Burst Queue Frame Space Min Window Max Window Length Voice 1 3 7 1 5 Video 1 7 15 3 0 Best Effort 3 15 63 0 Background 7 15 1023 0 ProCurve Access Point 530 radio1 qos ap params voice aifs 10 ProCurv...

Page 459: ...ds for data frames Valid values are 1 255 cwmin cwmin Specifies the Minimum Contention Window QoS parameter The value specified is the lower limit in milliseconds of a range from which the initial random backoff wait time is deter mined Valid values for the cwmin are 1 3 7 15 31 63 127 255 511 or 1024 The value for cwmin must be lower than the value for cwmax cwmax cwmax Specifies the Maximum Cont...

Page 460: ...n Contention Maximum Burst Queue Frame Space Min Window Max Window Length Voice 1 3 7 47 Video 1 7 15 94 Best Effort 3 15 63 0 Background 7 15 1023 0 Radio 2 Adaptive Inter Contention Contention Maximum Burst Queue Frame Space Min Window Max Window Length Voice 1 3 7 47 Video 1 7 15 94 Best Effort 3 15 63 0 Background 7 15 1023 0 ProCurve Access Point 530 radio1 qos sta params voice aifs 10 ProCur...

Page 461: ...ss Multimedia Extensions on this WLAN The no version of this command is set at the no qos and disables the quality of service on this WLAN Syntax qos wmm no qos wmm Default Setting Disabled Command Mode Radio Interface Configuration Example ProCurve Access Point 530 radio1 qos sta params background txop limit 1 ProCurve Access Point 530 radio1 ProCurve Access Point 530 radio1 qos wmm ProCurve Acce...

Page 462: ... Interface Configuration Example tx queue ProCurve Access Point 530 radio1 show qos ap params Transmission Queue QoS Settings for the Access Point Radio 1 Adaptive Inter Contention Contention Maximum Burst Queue Frame Space Min Window Max Window Length Voice 1 3 7 1 5 Video 1 7 15 3 0 Best Effort 3 15 63 0 Background 7 15 1023 0 Radio 2 Adaptive Inter Contention Contention Maximum Burst Queue Fram...

Page 463: ...tention Contention Transmission Queue Frame Space Min Window Max Window Opportunity Limit Voice 2 3 7 47 Video 2 7 15 94 Best Effort 3 15 1023 0 Background 7 15 1023 0 Radio 2 Adaptive Inter Contention Contention Transmission Queue Frame Space Min Window Max Window Opportunity Limit Voice 2 3 7 47 Video 2 7 15 94 Best Effort 3 15 1023 0 Background 7 15 1023 0 ProCurve Access Point 530 radio1 ...

Page 464: ...ackets per second The no version is disabled for this parameter Valid values are any number greater than 0 burst The broadcast multicast rate burst value in packets per second Thisvalue specifiesthe lengthoftimeallowedfora packetburst Valid values are any number greater than 0 Default Setting Disabled Rate limit rate is 50 Rate limit burst is 75 Command Mode Radio Interface Configuration Example R...

Page 465: ...on IC WDS 9 158 disable Disables the WDS link IC WDS 9 158 enable Establishes the WDS link IC WDS 9 158 radio used Sets the radio that will be used by this WDS link IC WDS 9 159 remote mac Sets the mac address for the remote connection to the access point IC WDS 9 160 show wds Displays WDS link information IC WDS 9 160 wds ssid ssid Establishes the SSID name for this WDS link IC WDS 9 159 wep key ...

Page 466: ...and enables the WDS link Syntax enable Default Setting Disabled Command Mode WDS Interface Configuration ProCurve Access Point 530 configure ProCurve Access Point 530 config interface wds1 ProCurve Access Point 530 wds1 description WDSEXAMPLE ProCurve Access Point 530 wds1 ProCurve Access Point 530 configure ProCurve Access Point 530 config interface wds1 ProCurve Access Point 530 wds1 disable Pro...

Page 467: ...partner access point for successful operation Default Setting WDS SSID X where X is the index of the WDS interface Command Mode WDS Interface Configuration Example radio used This command sets the radio used with this WDS link Syntax radio used 1 2 1 2 Specifies the radio number ProCurve Access Point 530 configure ProCurve Access Point 530 config interface wds1 ProCurve Access Point 530 wds1 enabl...

Page 468: ...cation control list by MAC address Valid format is 00 00 00 00 00 00 FF FF FF FF FF FF Default None Command Mode WDS Interface Configuration Example show wds This command information about the Wireless Distribution System WDS settings on the device Syntax show wds wds_name wds_name Displays detailed information about the specified WDS Default Wireless Distribution System Link 1 ProCurve Access Poi...

Page 469: ...then each WEP key must be 10 characters long If Key Length is 104 bits and Key Type is ASCII then each WEP Key must be 13 characters long ProCurve Access Point 530 wds1 show wds 1 WDS 1 Description WDSLINK Status Enabled Use Radio 1 Local MAC 00 14 03 A2 4F DE Remote MAC 00 0D 9D C6 98 7E STP State forwarding WDS SSID marge Security Type no security from WLAN 1 WEP Key Type hex WEP Key not set WEP...

Page 470: ...he no version of the command sets the key type to hexadecimal Syntax wep key ascii no wep key ascii Default Setting Enabled Command Mode WDS Interface Configuration Example wep key length wds This command sets the WDS WEP key length when using static wep security Syntax wep key length 64 128 64 The 64 bit wep key length with initializing vector otherwise it is 40 bits ProCurve Access Point 530 wds...

Page 471: ...de WDS Interface Configuration Command Usage If WPA is used in pre shared key mode all wireless stations must be configured with the same pre shared key to communicate with the access point Shared secret keys can include spaces and special characters if the key is placed inside quotation marks goodsecret If the key is a string of characters with no spaces or special characters in it the quotation ...

Page 472: ...fies the STP forward delay interval Range 4 30 priority value Specifies the STP bridge priority Range 0 65535 Default Setting None Command Mode Global Configuration Command Usage Any two access points can be connected by only a single path either a WDS bridge wireless or an Ethernet connection wired but not both Do not create duplicate WDS links between the same two access points If you can trace ...

Page 473: ...le ProCurve Access Point 530 configure ProCurve Access Point 530 config stp ProCurve Access Point 530 config stp hello time 5 ProCurve Access Point 530 config stp forward delay 10 ProCurve Access Point 530 config stp priority 255 ProCurve Access Point 530 config ...

Page 474: ...9 166 Command Line Reference Spanning Tree Protocol STP This page is intentionally unused ...

Page 475: ...A 1 A File Uploads Downloads and Resets ...

Page 476: ...oad to the Access Point A 5 CLI Viewing Software Versions A 7 Transferring Configuration Files A 8 Web Configuration File Upload and Download A 8 CLI Performing Configuration File Commands A 10 Rebooting the Access Point A 14 Web Rebooting the System A 14 CLI Rebooting the System A 15 Manual Using the Reset and Clear Buttons A 15 Disabling the Access Point Push Buttons A 18 Web Disabling the Push ...

Page 477: ...and upload or download config uration files These features are useful for acquiring periodic access point software upgrades and for storing or retrieving a switch configuration This appendix includes the following information Downloading access point software Transferring access point configurations ...

Page 478: ...you save a copy of the configuration file before upgrading your access point software See Transferring Configuration Files on page A 8 for information on saving the access point s configuration file After updating the access point software be sure to clear the browser cache before attempting to manage the access point using the Web interface Assumptions for Using TFTP FTP or SCP To Download Softwa...

Page 479: ... automatically selected and if in the event the primary is corrupted the secondary image is utilized as a backup The Web interface enables you to modify these parameters Remote Upgrade Parameters and actions needed to perform a remote software upgrade Model Indicates the model identifier of the access point Platform Indicates the platform on the access point Software Version Indicates the current ...

Page 480: ...ess point Valid characters A Z a z 0 9 _ Browse Performs local system search for upgrade file Update Updates the system with the specified parameters and performs any requested actions Figure A 1 Software Tab To Upload Download A Remote Software File 1 Select Management System Maintenance Software tab 2 Select FTP TFTP or SCP for the Server Type option 3 Enter IP Address File Name Username and Pas...

Page 481: ... complete restart the access point by clicking on the Reboot button Alternatively you can reset the access point defaults and reboot the system by clicking on the Reset button on the Reset tab Resetting the access point is highly recommended CLI Viewing Software Versions CLI Commands Used in This Section Using the CLI to View Software Versions This example displays how to display the version of th...

Page 482: ...eeded to save a running configuration Save Saves the current configuration as a personalized default Transfer Configuration Parameters and actions needed to upload or download a configuration Server Type Indicates the type of server to configure FTP TFTP SCP Default is FTP Direction Indicates whether to save the file remotely or import the file Download Restore Upload Save Default is Download Serv...

Page 483: ...to Custom Default Resets the AP to the saved custom config file Figure A 2 Configuration Files Tab To Save A Running Configuration 1 Select Management System Maintenance Configuration Files tab 2 To save the current running configuration click Save to save the file as a custom default configuration file To Transfer A Configuration File 1 Select Management System Maintenance Configuration Files tab...

Page 484: ...o the custom default configuration click Reset on the Reset to Custom Default option CLI Performing Configuration File Commands CLI Commands Used in This Section Command CLI Reference Page Copy Commands copy ftp scp tftp flash startup config ip file user name user password pass 9 51 write memory 9 55 copystartup config ftp scp tftp flash startup config ip file user name user password pass 9 52 cop...

Page 485: ...onfiguration file on the device Using the CLI to Copy Config files to a Remote Server This example displays how to copy the startup configuration from the device to a remote server TFTP If using this command for a FTP or STP server you will need to include the username and password for the server ProCurve Access Point 530 copy factory default startup config ProCurve Access Point 530 ProCurve Acces...

Page 486: ...ation on the device ProCurve Access Point 530 copy ftp flash 192 168 1 52 copystart user name chris password open ProCurve Access Point 530 ProCurve Access Point 530 write terminal xml version 1 0 config interface name wlan0wds1 radio wlan0 radio type wds type status down status wep key length 104 wep key length wep key ascii no wep key ascii description Wireless Distribution System Link 2 descrip...

Page 487: ...adio wlan0 radio type wds type status down status wep key length 104 wep key length wep key ascii no wep key ascii description Wireless Distribution System Link 1 description interface interface name wlan0wds3 radio wlan0 radio type wds type status down status wep key length 104 wep key length wep key ascii no wep key ascii description Wireless Distribution System Link 4 description interface inte...

Page 488: ...he last saved configuration file The Web interface enables you to perform this action Reboot Submits a request to reboot the access point A system confir mation message appears and provides opportunity to cancel NOT E During a reboot connection to the AP is lost and the browser will not stay on the System Maintenance screen while the reboot takes place Test the connec tion to find out when the pro...

Page 489: ...s Point unit possesses two buttons that when pressed perform reset and clear operations Caut ion The Reset button is provided for your convenience but if you are concerned with the security of the access point configuration and operation you should disable it The two push buttons located on the back panel of the access point enables you to perform these actions Reset Reboots the AP Use a pointed o...

Page 490: ... and Resets Rebooting the Access Point button while the LEDs are still flashing then the AP is rebooted Please note that this function can be disabled by the CLI or Web UI See Disabling the Access Point Push Buttons on page A 18 ...

Page 491: ...then flash about once per second iii While the LEDs are still flashing release the clear button The configuration sets to the custom default settings and the AP is rebooted NOT E Please note that only the reset function can be disabled by the CLI or Web UI See Disabling the Access Point Push Buttons on page A 18 Resets the configuration back to factory defaults i Press the reset and clear buttons ...

Page 492: ...on page 5 9 The Web interface enables you to perform these actions Factory Reset Enables or disables button control access back panel of the access point to a factory default file reset Default is Disabled NOT E You can not disable the factory reset if you already have disabled the Serial Interface See Setting Management Access Controls on page 5 9 Custom Reset Enables or disables button control a...

Page 493: ...capability click Disabled for the System Reset option 5 Click Update to set the push button parameters CLI Disabling the Access Point Buttons CLI Commands Used in This Section Using the CLI to Disable the Reset and Clear Buttons On the Access Point This example displays how to disable the ability to manually use the reset and clear push buttons on the back panel of the device Command CLI Reference...

Page 494: ...sing the CLI to View the Reset and Clear Buttons Status This example displays how to view the push button status ProCurve Access Point 530 config show buttons Custom Reset Disabled Factory Reset Disabled Password Reset Disabled System Reset Disabled ProCurve Access Point 530 config ...

Page 495: ...B 1 B Defaults ...

Page 496: ...ation B 5 RADIUS Accounting Authentication B 6 RADIUS Users B 6 MAC Address Authentication B 6 Web Authentication B 6 AP Authentication B 7 Filtering B 7 Ethernet Interface B 7 Wireless Interface B 8 Wireless Security B 9 AP Detection B 9 VLAN B 10 Adaptive Tx Power Control B 10 QoS B 11 Wireless Distribution System WDS B 12 ...

Page 497: ...neral Flash File This appendix follows the syntax grouping structure in the Chapter 9 refer ence CLI section and includes the following information System Management System Logging System Clock SNMP Group Configuration RADIUS Accounting Authentication RADIUS Users MAC Address Authentication Web Authentication AP Authentication Filtering Ethernet Interface Wireless Interface Wireless Security Neigh...

Page 498: ...cli confirmation Enabled MC 9 22 no console Enabled MC 9 23 no telnet Enabled MC 9 23 no ssh Enabled MC 9 24 no web management Enabled MC 9 24 Command Default Setting Mode Page no logging _host _port Disabled GC 9 31 Command Default Setting Mode Page sntp server None GUI is disabled NOTE The GUI System Uptime parameterdisplaysthe Coordinated Universal Time or UTC formerly Greenwich Mean Time or GM...

Page 499: ...ntact GC 9 41 no snmp serverhost host comm Host Address None Community String public GC 9 40 snmp server port port BydefaultanSNMPagentonlylistenstorequestsfrom port 161 However you can configure this so the agent listens to requests on another port GC 9 42 snmp serverlocation location None GC 9 41 snmpv3 Disabled GC 9 46 no lldp Enabled GC 9 48 Command Default Settings Mode Page group config Disa...

Page 500: ...smit value is 3 GC 9 66 no radius primary secondary Disabled GC 9 67 Command Default Settings Mode Page no radius local username disabled password password realname realname Ip address is 192 168 1 10 DHCP is enabled GC 9 69 Command Default Settings Mode Page no mac auth local name mac mac None GUI MAC Authentication is disabled GC 9 72 no mac auth remote None GUI MAC Authentication is disabled GC...

Page 501: ...inter station blocking Disabled GC 9 88 no wireless mgmt block Disabled GC MC 9 88 Command Default Settings Mode Page interface interface N A GC 9 90 enable N A IC E 9 91 disable N A IC E 9 91 description None IC E 9 92 dns primary server_1 Disabled GC 9 92 dns secondary server_2 Disabled GC 9 93 no ip address ip mask ip bits dhcp IP address 192 168 1 1 Netmask 255 255 255 0 IC E 9 94 ...

Page 502: ...6 12 and 24 Mbps for a mode IC W 9 106 supported rate value Options 1 2 5 5 6 9 11 12 18 24 36 54 Mbps IC W 9 107 channel policy static CHANNEL auto Auto IC W 9 107 beacon interval interval 100 The default behavior is to send a beacon frame once every 100 milliseconds or 10 per second IC W 9 108 dtim period 2 IC W 9 109 max stations 256 IC R 9 110 preamble long IC R 9 110 protected mode Enabled IC...

Page 503: ...bled IC W S 9 130 no shared key auth Disabled IC W S 9 131 no wpa allowed no wpa2 allowed Both Enabled IC W S 9 131 wpa pre shared key key None IC W S 9 132 wpa cipher tkip Enabled This is the default CIPHER protocol IC W S 9 133 wpa cipher aes Disabled IC W S 9 133 rsn preauthentication Disabled IC W S 9 135 Command Default Settings Mode Page no ap detection Disabled IC R 9 136 ap detection durat...

Page 504: ... Page no vlan None IC W S 9 145 no untagged vlan vid 1 GC 9 146 management vlan vid tagged untagged 1 MC 9 146 Command Default Settings Mode Page atpc Disabled IC R 9 140 atpc avoid other aps Disabled IC R 9 141 atpc adapt AP mode IC R 9 142 atpc max atpc atten Disabled IC R 9 143 ...

Page 505: ... 3 0 Best Eff 3 15 63 0 Background 7 15 1023 0 IC W S 9 149 qos sta params Radio 1 Adap Inter Content Content Max Burst Queue Frame Space Min Window Max Window Length Voice 1 3 7 47 Video 1 7 15 394 Best Eff 3 15 63 0 Background 7 15 1023 0 Radio 2 Adap Inter Content Content Max Burst Queue Frame Space Min Window Max Window Length Voice 1 3 7 47 Video 1 7 15 94 Best Eff 3 15 63 0 Background 7 15 1...

Page 506: ...ds None IC W W 9 157 enable wds Disabled IC W W 9 158 wds ssid WDS SSID X where X is the index of the WDS interface IC W W 9 159 radio used 2 IC W W 9 159 remote mac None IC W W 9 160 wep key wds None IC W W 9 161 wep key ascii wds Enabled IC W W 9 162 wep key length wds 128 IC W W 9 162 wpa pre shared key wds None IC W W 9 163 ...

Page 507: ...C 1 C Adaptive Tx Power Control Use Cases ...

Page 508: ...t Case 2 With RF Group Name C 5 Settings C 5 Decisions AP 1 C 5 Decisions AP 4 C 5 Results with RF Group Name C 6 Airport Model Analysis C 6 Use Model Warehouse Deployment C 7 Warehouse Case 1 Adaptive Mode AP C 7 Settings C 8 Decisions AP 1 and AP 4 C 8 Results with Adaptive Mode AP C 8 Warehouse Case 2 Adaptive Mode AP Clients C 9 Settings C 9 Results with Adaptive Mode AP Clients C 9 Warehouse ...

Page 509: ...oncession Jimbo s also has an access point AP N which does not support In these access points the parameters that impact are configured as follows AP 1 and AP 4 operate on the same channel and as such will negotiate their power levels when is enabled AP 2 and AP 3 are not affected by as they each operate alone on their respective channels AP 1 and AP 4 are able to hear each other and both can hear...

Page 510: ... SSID configuration with AP 4 T Mobile Since AP 1 has an SSID Boingo that is not on AP 4 AP 1 will not consider reducing power for AP 4 AP 1 AP N AP 1 T Mobile Boingo compares its SSID configuration with AP N Jimbo s Since none of the AP 1 SSIDs are on AP N AP 1 will not consider reducing power for AP N Decisions AP 4 AP 4 AP 1 AP 4 T Mobile compares its SSID configuration with AP 1 T Mobile Boing...

Page 511: ...er reduction calculations Decisions AP 1 AP 1 AP 4 AP 1 AirportNet compares its RF Group Name with those of AP 1 AirportNet Since AP 1 and AP 4 are in the same RF Group AP 1 will consider reducing power for AP 4 AP 1 AP N Since AP N is not in the AirportNet RF Group AP 1 will not consider reducing power for AP N Decisions AP 4 AP 4 AP 1 AP 4 AirportNet compares its RF Group Name with AP 1 AirportN...

Page 512: ...th each other while ignoring APs outside their administrative domain Whether to model a deployment after Case 1 or Case 2 depends on the desired behavior of the network It may be desirable to have greater coverage for APs that supportSSIDs thatarenotsupportedelsewhereinthenetwork InCase 1 the absence of an RF Group Name allows the only AP supporting Boingo to operate at full power If this is desir...

Page 513: ...use Case 1 Adaptive Mode AP In this scenario there are six AP 530s in a Warehouse network AP1 AP6 The configured values in these APs for the parameters that impact Adaptive Power Control are as follows We ll look at the behavior of in AP1 and AP4 as they are on operating on the same channel and as such will be considered in each other s power control calculations Since configurations are the same ...

Page 514: ...ttenuated based on power levels of audible APs in the RF Group but not the power levels of associated clients Decisions AP 1 and AP 4 AP 1 and AP 4 compare their RF Group Name storage 1 Since AP 1 and AP 4 are in the same RF Group each will consider reducing power for the other Results with Adaptive Mode AP The transmit power levels of AP1 and AP4 are reduced for both data and beacons Power levels...

Page 515: ...ata power levels Data transmissions are attenuated to minimize co channel interference with the closest AP but attenuation will decrease further that is higher transmit power to maintain connection with the associated station with the lowest RSSI That is the AP will always attempt to maintain a connection with a client that might otherwise be out of range AP 1 AP 2 AP 3 AP 4 AP 5 AP 6 Channel 1 6 ...

Page 516: ...mount and location of material coming and going through the warehouse Additionally client stations may be mounted on moving objects like forklifts that move throughout the warehouse The combination of mobile clients and varying levels of obstructions and open space mean there is no single optimum level of RF coverage that can be set on the APs For these reasons the AP Clients adaptive mode will pr...

Page 517: ...D 1 D Open Source Licenses ...

Page 518: ... GPL2 GNU General Public License v 2 D 4 GPL Linking Exception D 9 ClearSilver D 10 Dropbear License D 12 sFlow License D 14 LGPL GNU Lesser General Public License D 18 Intel 2 D 27 MIT D 28 BSD D 29 CMU Carnegie Mellon University D 30 OpenSSL D 3 ...

Page 519: ...D 3 Open Source Licenses Overview This appendix includes the following information Open Source licenses ...

Page 520: ... and that you know you can do these things To protect your rights we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights These restrictions translate to certain responsibilities for you if you distribute copies of the software or if you modify it For example if you distribute copies of such a program whether gratis or for a fee you must give ...

Page 521: ...tice and disclaimer of warranty keep intact all the notices that refer to this License and to the absence of any warranty and give any other recipients of the Program a copy of this License along with the Program You may charge a fee for the physical act of transferring a copy and you may at your option offer warranty protection in exchange for a fee 2 You may modify your copy or copies of the Pro...

Page 522: ...e on a medium customarily used for software interchange or b Accompany it with a written offer valid for at least three years to give any third party for a charge no more than your cost of physically performing source distribution a complete machine readable copy of the corresponding source code to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software i...

Page 523: ...s of this License they do not excuse you from the conditions of this License If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations then as a consequence you may not distribute the Program at all For example if a patent license would not permit royalty free redistribution of the Program by all those who receive copies direct...

Page 524: ...ion will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally NO WARRANTY 11 BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE THERE IS NO WARRANTY FOR THE PROGRAM TO THE EXTENT PERMITTED BY APPLICABLE LAW EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND OR OTHER PARTIES PROVIDE T...

Page 525: ...D 9 Open Source Licenses GPL Linking Exception GPL2 GNU General Public License v 2 plus an exception permitting linking the library with other software ...

Page 526: ...otonic com Alternately this acknowledgment may appear in the software itself if and wherever such third party acknowledgments normally appear 4 The names Neotonic and Neotonic ClearSilver must not be used to endorse or promote products derived from this software without prior written permission For written permission please contact clearsilver neotonic com 5 Products derived from this software may...

Page 527: ...e Corporation For more information on Neotonic Software Corporation please see http www neotonic com Some of the concepts of this software are based on previous software developed by Scott Shambarger Paul Clegg and John Cwikla The current authors wish to thank them for their efforts Copyright 2005 Brandon Long All rights reserved ...

Page 528: ...NTABILITY FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM DAMAGES OR OTHER LIABILITY WHETHER IN AN ACTION OF CONTRACT TORT OR OTHERWISE ARISING FROM OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE LibTomCrypt and LibTomMath are c Tom St Denis under TDCAL Tom Doesn t Care About Lic...

Page 529: ...iction including without limitation the rights to use copy modify merge publish distribute sublicense and or sell copies of the Software and to permit persons to whom the Software is furnished to do so subject to the following conditions The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software THE SOFTWARE IS PROVIDED AS IS WITHO...

Page 530: ...uthority domestic or foreign including all applications and registrations relating to any of the foregoing Licensee Hardware means all computers routers or other equipment owned or controlled by or on behalf of Licensee Products means any and all software applications computers routers or other equipment manufactured by or on behalf of Licensee for the purpose of resale or lease to any other third...

Page 531: ... trademark laws and practice of such other country and v not alter or impair any acknowledgment of copyright or trademark rights of InMon that may appear in or on the Software the Documentation or the Specifications In the event InMon determines that Licensee is not complying with its obligations under clauses i v above InMon shall notify Licensee of such non compliance and if Licensee fails to co...

Page 532: ...n or that implement the Specifications The rights and obligations contained in Sections 1 3 5 6 7 and 8 shall survive any termination of this Agreement 8 General Provisions 8 1 Assignment This Agreement shall be binding upon and inure to the benefit of the parties hereto and their permitted successors and permitted assigns InMon will have the right to assign this Agreement without notice to Licens...

Page 533: ...h provision were so excluded and shall be enforceable in accordance with its terms The court in its discretion may substitute for the excluded provision an enforceable provision which in economic substance reasonably approximates the excluded provision 8 8 Compliance With Law Licensee shall comply with all applicable laws and regulations including privacy laws and regulations having application to...

Page 534: ...ur General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software and charge for this service if you wish that you receive source code or can get it if you want it that you can change the software and use pieces of it in new free programs and that you are informed that you can do these things To protect your rights we need to make restrictions tha...

Page 535: ...e ordinary General Public License It also provides other free software developers Less of an advantage over competing non free programs These disadvantages are the reason we use the ordinary General Public License for many libraries However the Lesser license provides advantages in certain special circumstances For example on rare occasions there may be a special need to encourage the widest possi...

Page 536: ...the scripts used to control compilation and installation of the library Activities other than copying distribution and modification are not covered by this License they are outside its scope The act of running a program using the Library is not restricted and output from such a program is covered only if its contents constitute a work based on the Library independent of the use of the Library in a...

Page 537: ...es extend to the entire whole and thus to each and every part regardless of who wrote it Thus it is not the intent of this section to claim rights or contest your rights to work written entirely by you rather the intent is to exercise the right to control the distribution of derivative or collective works based on the Library In addition mere aggregation of another work not based on the Library wi...

Page 538: ...parameters data structure layouts and accessors and small macros and small inline functions ten lines or less in length then the use of the object file is unrestricted regardless of whether it is legally a derivative work Executables containing this object code plus portions of the Library will still fall under Section 6 Otherwise if the work is a derivative of the Library you may distribute the o...

Page 539: ...e required form of the work that uses the Library must include any data and utility programs needed for reproducing the executable from it However as a special exception the materials to be distributed need not include anything that is normally distributed in either source or binary form with the major components compiler kernel and so on of the operating system on which the executable runs unless...

Page 540: ...se If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations then as a consequence you may not distribute the Library at all For example if a patent license would not permit royalty free redistribution of the Library by all those who receive copies directly or indirectly through you then the only way you could satisfy both it a...

Page 541: ...ed by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally NO WARRANTY 15 BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE THERE IS NO WARRANTY FOR THE LIBRARY TO THE EXTENT PERMITTED BY APPLICABLE LAW EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND OR OTHER PARTIES PROVIDE THE LIBRARY AS IS...

Page 542: ... Public License as published by the Free Software Foundation either version 2 of the License or at your option any later version This library is distributed in the hope that it will be useful but WITHOUT ANY WARRANTY without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE See the GNU Lesser General Public License for more details You should have received a copy of ...

Page 543: ... may be used to endorse or promote products derived from this software without specific prior written permission THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS AS IS AND ANY EXPRESS OR IMPLIED WARRANTIES INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED IN NO EVENT SHALL INTEL OR CONTRIBUTORS BE LIABLE FO...

Page 544: ... subject to the following conditions The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software THE SOFTWARE IS PROVIDED AS IS WITHOUT WARRANTY OF ANY KIND EXPRESS OR IMPLIED INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT...

Page 545: ...oped by the Computer Systems Engineering Group at Lawrence Berkeley Laboratory Neither the name of the University nor of the Laboratory may be used to endorse or promote products derived from this software without specific prior written permission THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS AS IS AND ANY EXPRESS OR IMPLIED WARRANTIES INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIE...

Page 546: ...ithout prior written permission For permission or any legal details please contact Office of Technology Transfer Carnegie Mellon University 5000 Forbes Avenue Pittsburgh PA 15213 3890 412 268 4387 fax 412 268 7395 tech transfer andrew cmu edu 4 Redistributions of any form whatsoever must retain the following acknowledgment This product includes software developed by Computing Services at Carnegie ...

Page 547: ...use of this software must display the following acknowledgment This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit http www openssl org 4 The names OpenSSL Toolkit and OpenSSL Project must not be used to endorse or promote products derived from this software without prior written permission For written permission please contact openssl core openssl org 5 ...

Page 548: ... cryptsoft com Copyright remains Eric Young s and as such any Copyright notices in the code are not to be removed If this package is used in a product Eric Young should be given attribution as the author of the parts of the library used This can be in the form of a textual message at program startup or in documentation online or textual provided with the package Redistribution and use in source an...

Page 549: ...RY OR CONSEQUENTIAL DAMAGES INCLUDING BUT NOT LIMITED TO PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES LOSS OF USE DATA OR PROFITS OR BUSINESS INTERRUPTION HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY WHETHER IN CONTRACT STRICT LIABILITY OR TORT INCLUDING NEGLIGENCE OR OTHERWISE ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE The licence and dist...

Page 550: ...D 34 Open Source Licenses This page is intentionally unused ...

Page 551: ... 86 B 7 AP detection B 9 configuring parameters CLI 8 33 configuring parameters Web 8 26 8 32 AP Enhanced Distribution Channel Access EDCA 8 6 ATPC B 10 ATPC use cases C 3 B burst AP EDCA 8 7 C Clear button 4 26 CLI configuration levels 3 8 keystroke shortcuts 3 15 client station deauthentication 9 78 clock system B 4 closed system 4 31 9 103 community name 5 27 community string 9 38 Country Code ...

Page 552: ...9 69 B 6 lost password 4 26 M MAC Address Authentication AP configuration guidelines 7 44 configuring accept list CLI 7 48 7 51 configuring parameters CLI 7 48 MAC address authentication B 6 configuring parameters Web 7 45 7 46 7 50 7 64 7 66 7 68 7 72 MAC address authentication CLI 9 72 9 75 9 78 MAC Authentication 7 15 MAC lockout 9 75 maintenance configuration file commands CLI A 10 configurati...

Page 553: ...ode CLI 6 11 mode Web 6 10 parameter configuration table 6 6 parameters CLI 6 21 pure G mode Web 6 20 transmit power Web 6 23 Wifi G only mode Web 6 19 RADIUS Accounting Server setting parameters CLI 5 54 RADIUS accounting server setting parameters Web 5 52 RADIUS Authentication setting RADIUS parameters CLI 7 41 RADIUS authentication setting AP RADIUS servers Web 7 33 RADIUS logon authentication ...

Page 554: ...b 5 45 system logging B 4 system management B 4 T telnet access 3 5 time zone 5 48 5 49 5 50 9 34 TXOP Limit Station EDCA 8 8 U untagged VLAN 5 19 use cases ATPC C 3 user name using for browser or console access 4 24 V VLAN client VLAN 5 57 enabling untagged VLAN Web 5 59 enabling VLAN support CLI 5 61 management VLAN 5 58 setting a management VLAN Web 5 58 tagged and untagged VLANs 5 58 VLAN tag ...

Page 555: ......

Page 556: ...ange without notice Copyright 2008 Hewlett Packard Development Company L P Reproduction adaptation or translation without prior written permission is prohibited except as allowed under the copyright laws December 2008 Manual Part Number 5991 2193 5991 2193 ...

Reviews:

No comments

Related manuals for ProCurve 530 NA

UNICOM WEP-72104G-1 Specifications preview
WEP-72104G-1
Brand: UNICOM Pages: 1
Ubiquiti Bullet M5 HP Quick Start Manual preview
Bullet M5 HP
Brand: Ubiquiti Pages: 32
H3C AR 18-3XE/18-21X Series Installation Manual preview
AR 18-3XE/18-21X Series
Brand: H3C Pages: 79
ZyXEL Communications NWA1000 Series User Manual preview
NWA1000 Series
Brand: ZyXEL Communications Pages: 263
WoMaster WA512G Series User Manual preview
WA512G Series
Brand: WoMaster Pages: 115
Obihai OBi100 Quick Start Manual preview
OBi100
Brand: Obihai Pages: 4
HP Aruba AP-375 Product End-Of-Life Disassembly Instructions preview
Aruba AP-375
Brand: HP Pages: 5
HP Aruba AP-587 Disassembly Instructions preview
Aruba AP-587
Brand: HP Pages: 5
HP MSM310-R Installation Manual preview
MSM310-R
Brand: HP Pages: 24
HP Aruba AP-577 Product End-Of-Life Disassembly Instructions preview
Aruba AP-577
Brand: HP Pages: 4
HP Aruba AP-374 Product End-Of-Life Disassembly Instructions preview
Aruba AP-374
Brand: HP Pages: 4
HP M330 Quick Start Manual preview
M330
Brand: HP Pages: 8
HP Aruba AP-63 Series Disassembly Instructions preview
Aruba AP-63 Series
Brand: HP Pages: 4
HP Vectra 525 Installation Manual preview
Vectra 525
Brand: HP Pages: 26
HP MSM310-R Quick Start Manual preview
MSM310-R
Brand: HP Pages: 6
HP M210 802.11n Quick Start Manual preview
M210 802.11n
Brand: HP Pages: 6
HP MSM310 Quick Start Manual preview
MSM310
Brand: HP Pages: 6
HP MSM410 Datasheet preview
MSM410
Brand: HP Pages: 9

Brands by name

Popular brands

Load more brands