manualshive.com logo in svg

HP ProCurve 530 NA, Руководство по управлению и настройке

Поделиться
Скачать
HP ProCurve 530 NA Скачать руководство пользователя страница 200

7-6

Wireless Security Configuration

Wireless Security Overview

Wireless Security Overview

The access point is configured by default as an “open system,” with no security. 
This means that the access point broadcasts a beacon frame advertising each 
configured WLAN. If a wireless client has a configured WLAN of “any”, it can 
read the SSID from the beacon and use it to allow immediate connection to 
the access point. Client stations are permitted to connect with the access point 
without first verifying that users are authorized to access the network. In 
addition, user data is transmitted over the air without being encrypted, and is 
subject to being intercepted by client stations anywhere within range that 
want to eavesdrop on the wireless network.

Wireless network security requires attention to three main areas:

Authentication:

 Verifying that stations attempting to connect to the 

network are authorized users before granting access to the network.

Encryption:

 Encrypting data that passes between the access point and 

stations (to protect against interception and eavesdropping).

Key management:

 Assigning unique data encryption keys to each wire-

less station session, and periodically changing the encryption keys to 
minimize the risk of their discovery.

User Authentication

The two ways of authenticating users on the Access Point 530 are:

MAC authentication:

 Based on the user’s wireless station MAC address.

802.1X authentication:

 Based on the user’s credentials, such as user-

name/password or digital certificates.

MAC Authentication

MAC authentication of users is performed either by using a remote authenti-
cation server like a RADIUS server or by creating a local Access Control List 
on the access point itself. MAC authentication is not as secure as 802.1X 
authentication, because it is easy to decipher and spoof for unauthorized 
network access.

N OT E

If Access Point 530s are deployed along with Access Point 520s, there can be 
a compatibility issue when MAC authentication is used. An Access Point 520 
sends a shared-secret string (for the authentication server) as the MAC 
authentication password. By default, the AP 530 sends the client station MAC 

Содержание ProCurve 530 NA

Страница 1: ...Management and Configuration Guide www procurve com ProCurve Wireless Access Point 530 ...

Страница 2: ......

Страница 3: ...ProCurve Wireless Access Point 530 Management and Configuration Guide ...

Страница 4: ...uld be construed as constituting an additional warranty HP shall not be liable for technical or editorial errors or omissions contained herein Hewlett Packard assumes no responsibility for the use or reliability of its software on equipment that is not furnished by Hewlett Packard Warranty See the Customer Support Warranty booklet included with the product A copy of the specific warranty terms app...

Страница 5: ... IP Addressing 1 6 To Set Up and Install the Access Point in Your Network 1 7 2 Selecting a Management Interface Contents 2 2 Overview 2 3 Understanding Management Interfaces 2 4 Advantages of Using the CLI 2 5 Advantages of Using the ProCurve Access Point 530 Browser Interface 2 6 3 Using the Command Line Interface CLI Contents 3 2 Overview 3 3 Accessing the CLI 3 4 Direct Console Access 3 4 Teln...

Страница 6: ...iew 4 3 Starting a Web Browser Interface Session with the Access Point 4 4 Description of the Web Interface 4 6 The Home Page 4 6 Support Window 4 7 Online Help for the ProCurve Web Browser Interface 4 7 Using the Help in the Browser Interface 4 8 Web Interface Screens 4 9 Device Information Group 4 10 Device Information Summary 4 11 Wireless Stations Screen 4 12 AP LAN Statistics Screen 4 14 Wire...

Страница 7: ... 9 Web Configuring Access Controls 5 10 CLI Configuring Management Controls 5 12 Modifying System Information 5 15 Web Setting the System Name Location and Contact 5 15 CLI Setting the System Name 5 17 Configuring Ethernet Settings 5 19 Web Configuring IP Settings Statically or via DHCP 5 19 CLI Configuring IP Settings Statically or via DHCP 5 23 Configuring SNMP 5 25 MIB Support 5 26 Web Setting ...

Страница 8: ...g Up Filter Control 5 55 Web Setting Traffic Filters 5 55 CLI Setting Traffic Filters 5 56 Configuring VLAN Support 5 57 Web Setting A Management VLAN 5 58 Web Changing the Untagged VLAN ID 5 59 CLI Enabling VLAN Support 5 61 Managing Group Configuration 5 63 Guidelines for Deploying Group Configuration 5 64 The Synchronization Process 5 64 Security and Integrity Recommendations 5 65 Web Enabling ...

Страница 9: ...LI Setting the Transmit Power Reduction and Antenna Parameters 6 27 Adaptive Tx Power Control 6 29 Feature Overview 6 29 Scope of Neighboring APs 6 30 Adaptive Mode 6 30 Power Reduction Limit 6 31 Configuration Strategy 6 31 Web Configuring Adaptive Tx Power Control 6 32 CLI Configuring Adaptive Tx Power Control 6 34 Managing Multiple WLAN BSS SSID Interfaces 6 36 Web Configuring SSID Interfaces 6...

Страница 10: ...Authentication 7 32 Web Setting RADIUS Server Parameters 7 33 CLI Setting RADIUS Server Parameters 7 35 Web Establishing Local RADIUS Accounts 7 36 Managing Existing RADIUS Accounts 7 36 Adding New RADIUS Accounts 7 37 Managing the RADIUS User Database 7 39 CLI Setting Local RADIUS Server Parameters 7 41 Configuring MAC Address Authentication 7 43 Authentication Order 7 43 Access Control List and ...

Страница 11: ...for Authentication Screens 7 62 Login Screen Default Values 7 62 Welcome Screen Default Values 7 63 Failed Screen Default Values 7 63 Guidelines for Deploying Web Auth 7 63 Configuration Summary 7 64 Web Configuring the Global Address Pool 7 64 CLI Configuring the Global Address Pool 7 65 Web Configuring Global Guest Account Settings 7 66 CLI Configuring Global Guest Account Settings 7 67 Web Conf...

Страница 12: ...8 23 Web Configuring STP Parameters 8 26 CLI Establishing STP Settings 8 27 AP Detection Commands 8 30 Web Configuring AP Detection Parameters 8 30 CLI Configuring AP Detection 8 33 Probe Table 8 35 Probe Table Description 8 35 Guidelines for Configuring the Probe Table 8 35 Identity Driven Management 8 36 IDM VLAN 8 36 IDM ACL 8 37 Configuring an ACL in a RADIUS Server 8 37 IDM Rate Limiting 8 37...

Страница 13: ...show ssh 9 26 show system information 9 27 show version 9 29 System Logging Commands 9 30 log 9 30 logging 9 31 show debug 9 32 show logging 9 32 System Clock Commands 9 34 sntp 9 34 show sntp 9 35 show time 9 35 Network Management Application Commands 9 37 snmp server community restricted unrestricted 9 38 snmp server contact 9 39 snmp server host 9 40 snmp server location 9 41 snmp server port 9...

Страница 14: ...w copy 9 57 show tech 9 57 show custom default 9 58 show running config 9 60 Group Configuration 9 61 group config 9 61 group config name 9 62 group config member id 9 62 show group config 9 63 RADIUS Accounting Authentication 9 65 radius accounting 9 65 radius failover to local retransmit 9 66 radius primary secondary 9 67 RADIUS Users 9 69 radius local 9 69 show radius local 9 70 MAC Address Aut...

Страница 15: ...tion 9 83 show web auth 9 85 AP Authentication Commands 9 86 ap authentication 9 86 show ap authentication 9 87 Filtering Commands 9 87 inter station blocking 9 88 wireless mgmt block 9 88 show filters 9 89 Ethernet Interface Commands 9 90 interface 9 90 enable ethernet 9 91 disable ethernet 9 91 description 9 92 dns primary 9 92 dns secondary 9 93 ip address 9 94 ip default gateway 9 95 speed dup...

Страница 16: ...111 fragmentation thresh 9 111 inactivity timeout 9 112 slot time 9 113 rts threshold 9 113 tx power reduction 9 114 enable wireless 9 115 disable wireless 9 116 show radio 9 116 show ssid 9 117 show wlan 9 119 show basic rate 9 121 show stations 9 122 show supported rate 9 123 Wireless Security Commands 9 124 security 9 125 wep default key 9 127 wep key ascii 9 128 wep key length 9 129 wep key 9 ...

Страница 17: ...ion interval 9 138 ap detection max entries 9 138 show detected ap 9 139 Adaptive Tx Power Control Commands 9 140 atpc 9 140 atpc avoid other aps 9 141 atpc rf group name 9 141 atpc adapt 9 142 atpc max atpc atten 9 143 show atpc 9 143 VLAN Commands 9 145 vlan 9 145 untagged vlan 9 146 management vlan 9 146 QoS Commands 9 148 qos ap params 9 149 qos sta params 9 151 qos wmm 9 153 show qos 9 154 ra...

Страница 18: ...or Using TFTP FTP or SCP To Download Software from a Server A 4 Web TFTP FTP or STP Software Download to the Access Point A 5 CLI Viewing Software Versions A 7 Transferring Configuration Files A 8 Web Configuration File Upload and Download A 8 CLI Performing Configuration File Commands A 10 Rebooting the Access Point A 14 Web Rebooting the System A 14 CLI Rebooting the System A 15 Manual Using the...

Страница 19: ... 6 AP Authentication B 7 Filtering B 7 Ethernet Interface B 7 Wireless Interface B 8 Wireless Security B 9 AP Detection B 9 VLAN B 10 Adaptive Tx Power Control B 10 QoS B 11 Wireless Distribution System WDS B 12 C Adaptive Tx Power Control Use Cases Contents C 2 Use Model Airport Deployment C 3 Airport Case 1 No RF Group Name C 3 Settings C 4 Decisions AP 1 C 4 Decisions AP 4 C 4 Results with No R...

Страница 20: ...C 8 Results with Adaptive Mode AP C 8 Warehouse Case 2 Adaptive Mode AP Clients C 9 Settings C 9 Results with Adaptive Mode AP Clients C 9 Warehouse Model Analysis C 10 D Open Source Licenses Contents D 2 Overview D 3 GPL2 GNU General Public License v 2 D 4 GPL Linking Exception D 9 ClearSilver D 10 Dropbear License D 12 sFlow License D 14 LGPL GNU Lesser General Public License D 18 Intel 2 D 27 M...

Страница 21: ...1 1 1 Getting Started ...

Страница 22: ...d Syntax Statements 1 3 Command Prompts 1 4 Screen Examples 1 4 Related Publications 1 4 Getting Documentation from the Web 1 5 Sources for More Information 1 5 Need Just a Quick Start 1 6 IP Addressing 1 6 To Set Up and Install the Access Point in Your Network 1 7 ...

Страница 23: ... This section describes the conventions used for command syntax and displayed information Command Syntax Statements Syntax radius local username disabled password password realname real name Vertical bars separate alternative mutually exclusive elements Square brackets indicate optional elements Braces indicate a required choice Curly brackets surrounding several sets of square brackets indicate t...

Страница 24: ...to prepare for and perform the physical installation That guide also steps you through the process of connecting the access point to your network and assigning IP addressing as well as describes the LED indications for correct operation and trouble analysis The Installation and Getting Started Guide and the Management and Configuration Guide canbedownloadedfromtheProCurveNetworkingWeb site See Get...

Страница 25: ...ve com manuals 2 Click on the name of the product for which you want documentation 3 On the resulting web page double click on a document you want 4 Save the document to your hard disk Sources for More Information The AP530 Web browser interface provides online help as described in Online Help for the ProCurve Web Browser Interface on page 4 7 For more information on ProCurve technology visit the ...

Страница 26: ...evel prompt ProCurve Access Point 530 config 3 Enter interface ethernet for global configuration at the CLI level prompt ProCurve Access Point 530 config interface ethernet 4 Enter ip address followed by the address and the subnet mask at the CLI Ethernet Configuration level prompt ProCurve Access Point 530 ethernet ip address address subnet_mask 5 Optional Enter an address for the default IP gate...

Страница 27: ...s point in your network Quickly assigning an IP address subnet mask and gateway setting a Manager password and optionally configuring other basic features Interpreting LED behavior Notes cautions and warnings related to installing and using the access point For the latest version of the Installation and Getting Started Guide and other documentation for your access point visit the ProCurve Networki...

Страница 28: ...1 8 Getting Started Need Just a Quick Start This page is intentionally unused ...

Страница 29: ...2 1 2 Selecting a Management Interface ...

Страница 30: ...electing a Management Interface Contents Contents Overview 2 3 Understanding Management Interfaces 2 4 Advantages of Using the CLI 2 5 Advantages of Using the ProCurve Access Point 530 Browser Interface 2 6 ...

Страница 31: ...2 3 Selecting a Management Interface Overview Overview This chapter describes the following Access Point management interfaces Advantages of using each interface type ...

Страница 32: ...e offering status infor mation and access point configuration see Advantages of Using the ProCurve Access Point 530 Browser Interface on page 2 6 SNMP a network management application such as the ProCurve Manager to manage the access point via the Simple Network Management Protocol SNMP from a network management station This manual describes how to use the CLI and the Web browser interface and how...

Страница 33: ...for determining available options and vari ables CLI Usage For information on how to use the CLI refer to Chapter 3 UsingtheCommand Line Interface CLI To perform specific procedures such as configuring IP addressing use the Table of Contents at the front of this manual to locate the information you need For information on individual CLI commands refer to Chapter 9 Command Line Reference or use the...

Страница 34: ...point from anywhere on the network Familiar browser interface locations of window objects consistent with commonly used browsers uses mouse clicking for navigation no terminal setup Many features have all their fields in one screen so you can view all values at once More visual cues using colors status bars device icons and other graphical objects instead of relying solely on alphanumeric values D...

Страница 35: ...3 1 3 Using the Command Line Interface CLI ...

Страница 36: ...curity 3 6 Logging In 3 7 Command Levels 3 8 Manager Exec Level 3 8 Global Configuration Level 3 8 Context Specific Configuration Levels 3 9 Moving Between Command Levels 3 10 When Changes are Applied 3 10 Options for Getting Help in the CLI 3 11 Displaying All Available Commands 3 11 Completing the Current Command 3 13 Displaying Available Command Options 3 14 CLI Control and Editing 3 15 ...

Страница 37: ... Command Line Interface CLI is a text based command interface for configuring and monitoring the access point The CLI gives you access to the access point s full set of commands while providing the same password protection that is used in the Web browser interface ...

Страница 38: ...e access point use a null modem cable or an HP serial cable part number 5184 1894 shipped with many HP ProCurve switches Connecttheserial cable betweena VT 100 terminal or a PC terminal emulator and the access point s Console port Configure either one to operate with these settings If using a PC terminal emulator configure it as a DEC VT 100 ANSI terminal Port is COM1 COM1 is the standard port how...

Страница 39: ...PC using the access point s IP address or DNS name telnet 10 11 12 195 Enter Example of an IP address telnet AP530 Enter Example of a DNS type name Secure Shell Access Configuring the access point through an SSH client provides a secured connec tion as traffic is encrypted To configure the access point through an SSH session make sure the access point is configured with an IP address and that it i...

Страница 40: ... the configuration to retain the changes upon rebooting the access point Password Security By default the access point defaults the Manager user name to admin for CLI access with the password defaulted to admin To secure management access to the access point you must set the Manager password Without a Manager password configured anyone having serial port or Telnet access to the access point can re...

Страница 41: ...user name the default is admin After entry of the user name you will be prompted for the password The default password is admin For example Figure 3 1 Example of CLI Log On Screen with Password When you successfully log onto the CLI you will see the following command prompt ProCurve Access Point 530 ProCurve AP 530 admin Password Password Prompt ...

Страница 42: ...name and the delimiter For example ProCurve Acess Point 530 Global Configuration Level Global Configuration level gives access to commands for configuring the access point s software features plus all the commands available at the lower Manager Exec level except for the configure terminal command To enter this level enter the configure command at the Exec prompt The prompt for this level adds the ...

Страница 43: ...2 ProCurve Acess Point 530 wds2 Radio Configuration To enter the Radio context for radio 1 for example enter radio 1 at the Global Config prompt ProCurve Acess Point 530 config radio 1 ProCurve Acess Point 530 radio1 WLAN Configuration To enter the WLAN context for WLAN 1 on radio 1 enter wlan 1 at the radio 1 prompt ProCurve Acess Point 530 radio1 wlan 1 ProCurve Acess Point 530 radio1 wlan1 Tabl...

Страница 44: ...erface are only made to the running configuration and must be saved using the copy or write memory command if they are to persist following a reboot To save the running configuration changes to the startup configuration using the CLI Interface ProCurve Acess Point 530 ethernet write memory Change in Levels Example of Prompt Command and Result Manager Exec to Global configuration ProCurve Acess Poi...

Страница 45: ...r Manager Exec level For example typing at the Manager Exec level produces this listing Figure 3 3 Example of the Manager Exec Level Command Listing ProCurve Access Point 530 configure Enter the Configuration context copy Copy data and configuration files to from this device deauth mac Enter MAC address to de authenticate from this device end Return to the Manager level context erase Erase stored ...

Страница 46: ...DHCP end Return to the Manager level context erase Erase stored files exit Return to the previous context or terminate current cons ole telnet session if you are in the Manager context lev el group config Add to a group remove from a group or re configure gro up config settings hostname Set the system hostname inter station blockingEnable disable blocking of direct communication between wireless s...

Страница 47: ... have typed enough of the word for the CLI to distinguish it from other options the CLI completes the current word otherwise it displays the available completions For example at the Global Configuration level if you press Tab immediately after typing s the CLI displays the command that begins with s For example ProCurve Acess Point 530 config s Tab show snmp server snmpv3 sntp ssh stp Use Shorthan...

Страница 48: ... How To List the Options for a Specific Command ProCurve Access Point 530 config snmp server community Add remove an SNMP community contact Specify a text string that identifies the main contact f or this device host Add remove an SNMP trap destination host community location Specify a text string that identifies the location of th is device port Specify the port to use for the SNMP server on this...

Страница 49: ...rl K Deletes from the cursor to the end of the command line Ctrl L or Ctrl R Repeats current command line on a new line Ctrl N or v Enters the next command line in the history buffer Ctrl P or Enters the previous command line in the history buffer Ctrl R Repeats current command line on a new line Ctrl U or Ctrl X Deletes from the cursor to the beginning of the command line Ctrl W Deletes the last ...

Страница 50: ...3 16 Using the Command Line Interface CLI CLI Control and Editing This page is intentionally unused ...

Страница 51: ...4 1 4 Using the ProCurve Web Browser Interface ...

Страница 52: ...11 Wireless Stations Screen 4 12 AP LAN Statistics Screen 4 14 Wireless Statistics Screen 4 15 Event Log Screen 4 17 Network Setup Group 4 18 Network Setup Summary 4 19 Management Group 4 20 Management Summary 4 21 Special Features Group 4 22 Special Features Summary 4 23 Tasks for Your First ProCurve Web Browser Interface Session 4 24 Changing the Management Password 4 24 If You Lose the Password...

Страница 53: ...rface lets you easily access the access point from a browser based PC on your network This chapter covers the following Starting a Web browser interface session Description of the Web browser interface An overview of the Web browser interface screens Tasks for your first Web browser interface session ...

Страница 54: ...hat you can type in the Location or Address field instead of the IP address Using DNS names typically improvesbrowserperformance Seeyournetworkadministratorforanyname associated with the access point For more information on assigning an IP address refer to Configuring IP Parameters on page 4 29 Web browser support recommended to manage the access point include Microsoft Internet Explorer version 5...

Страница 55: ...ely the access point also supports a secure Web HTTPS browser connection In this case type https followed by the IP address or DNS name in the browser Location or Address field and press Enter https 10 11 12 195 Enter Example of an IP address https AP530 Enter Example of a DNS type name Note Internet Explorer on Windows XP To ensure proper screen refresh be sure that the browser options are config...

Страница 56: ... the Web Interface Subjects covered in this section include The Home Page The Support Page Online Help The Home Page The home page is the entry point for the Web browser interface The following figure identifies the various parts of the screen Figure 4 1 The Home Page Active Screen Menu Sashes ...

Страница 57: ...aying links to online support options The support page provides key information regarding your access point including links to white papers software updates and more Online Help for the ProCurve Web Browser Interface Online Help is available for the Web browser interface The help is context sensitive and maps topics to the Web page you have accessed Figure 4 2 The Help and Support Options The Help...

Страница 58: ...terface screens displays a pop up window displaying details about the page you are viewing Figure 4 3 Viewing Online Help At the top left of the Online Help page is a Topic and Menu bar display for easy access to further information Options include Contents Index and Search as shown in Figure 4 4 Figure 4 4 Example of the Online Help Panel Click Help and open context sensitive help page ...

Страница 59: ...ace contain the four main screen groups Device Information Network Setup Management Special Features Clicking on the group sash reveals a list of the screens in the group and displays the summary screen for the group Clicking on the name of a screen below the group sash displays the corre sponding screen Figure 4 5 The Main Web Interface Screen ...

Страница 60: ...ion Access Point 530 Home Page Wireless Stations AP LAN Statistics Wireless Statistics Event log These screens are primarily informational screens and are described in the following pages Table 4 1 Index of Device Information Group Screens Screen Name Page Device Information summary screen 4 11 Wireless Stations screen 4 12 AP LAN Statistics screen 4 14 Wireless Statistics screen 4 15 Event Log sc...

Страница 61: ... access point Modifiable field Location The access point s assigned location Modifiable field Max length of 255 characters Contact Administrator responsible for the system Modifiable field Max length of 255 characters IP Address IP address of the management interface for this device MAC Address The physical layer address for the Ethernet port interface Software Version The version number for the r...

Страница 62: ...hentication supported for 802 11 wireless networks are open system and shared key Open system authentication accepts any client attempting to connect to the access point without verifying its identity The shared key approach uses Wired Equivalent Privacy WEP to verify client identity by distributing a shared key to stations before attempting authentication Assoc Shows if the station has been succe...

Страница 63: ...o security this parameter displays n a as it does not apply Received Packets Indicates total packets received by this access point Received Bytes Indicates total bytes received by this access point Sent Packets Indicates total packets sent by this access point Sent Bytes Indicates total bytes sent by this access point Refresh Refreshes the Wireless station results ...

Страница 64: ...ess for the Ethernet port interface Spanning Tree State Indicates the spanning tree state if used Possible states include disabled listening learning forwarding or blocking Transmit Total Packets Indicates total packets transmitted by this access point Receive Total Packets Indicates total packets received by this access point Transmit Total Bytes Indicates total bytes sent by this access point Re...

Страница 65: ...en displays dual radio information Radio One Two SSID Indicates the Service Set Identifier SSID for Radio 1 or Radio 2 MAC Address Indicates the physical layer address for the Ethernet port interface WDS LINK Indicates the configured WDS link Local MAC Indicates the remote MAC address of the WDS link Remote MAC Indicates the remote MAC address of the WDS link Spanning Tree Status Indicates the spa...

Страница 66: ...r WDS link Transmit Total Bytes Indicates total bytes sent over the radio or WDS link Receive Total Bytes Indicates total bytes received over the radio or WDS link Transmit Errors Indicates total errors related to sending data Receive Errors Indicates total errors related to receiving data Refresh Refreshes the Wireless Statistics results ...

Страница 67: ...ssage was generated Type Indicates the logging type level associated with this message Service Indicates the service type associated with this message Description Indicates the content of the log message Refresh Refreshes the Event log results Note The Web user interface has a limited amount of memory for containing and displaying the event log When the size of the event log has grown larger than ...

Страница 68: ...ens belonging to the Network Setup group are described in their respective configuration sections Table 4 2 Index of Network Setup Group Screens Screen Name Page Network Setup summary screen 4 19 Ethernet screen 5 19 Radio screen 6 9 6 12 Advanced Settings sub screen 6 14 WLANs screen 6 37 Security sub screen Security tab 7 18 Security sub screen RADIUS Servers tab 7 33 Security sub screen Account...

Страница 69: ...net mask of this device Gateway Gateway address of this device Radio One Two details basic Radio One Two parameters Status Indicates if the radio is up or down MAC Address The physical layer address Mode Displays the radio mode for Radio One IEEE 802 11b or IEEE 802 11g Channel Displays the channel on which the access point is currently broadcasting Max Tx Power Displays the maximum radio power le...

Страница 70: ...ir respec tive configuration sections Table 4 3 Index of Management Group Screens Screen Name Page Management summary screen 4 21 Local MAC Authentication screen 7 45 Web Authentication screen Address Pool tab 7 64 Web Authentication screen Guest Account tab 7 66 SNMP screen Settings tab 5 26 SNMP screen Traps tab 5 32 SNMP screen Trap Hosts tab 5 32 SNMP screen SNMPv3 Users tab 5 40 Group Configu...

Страница 71: ...v3 Indicates if SNMPv3 is enabled or disabled SNMPv3 Users Indicates the number of SNMPv3 users registered CLI Access Indicates the status enable or disable of CLI access inter faces through the serial port using Telnet or using SSH Button Access Indicates the status enable or disable for password factory custom and system resetting using the buttons on the back of the access point Web Access Indi...

Страница 72: ... to the following screens QoS WDS Local RADIUS MAC Lockout AP Detection Filters Time The screens belonging to the Special Features group are described in their respective configuration sections Screen Name Page Special Features summary screen 4 23 QoS screen 8 5 WDS screen 8 19 Local RADIUS screen 7 36 User Database screen 7 39 MAC Lockout screen 7 50 AP Detection screen Settings tab 8 30 AP Detec...

Страница 73: ...f Service packet prioritization also referred to as WiFi Multimedia or WMM is enabled or disabled AP Detection Indicates if AP Detection is enabled or disabled SNTP Server Indicates if the SNTP Server is enabled or disabled Group Configuration Indicates whether Group Configuration is enabled or disabled for the access point Local RADIUS The number of accounts registered on the local RADIUS server ...

Страница 74: ...e access point country code which if needed can only be done using the CLI Optionally enabling one of the radios which allows inband access to the Web browser interface from the wireless network After performing the initial out of band configuration it is usually more convenient to continue the configuration process inband using the Web browser interface Some of important tasks that you may wish t...

Страница 75: ...AP Access and select the Password tab 2 In the New Password field enter a new password 3 In the Confirm Password field re enter the new password 4 Click Update to activate the new password Note s The password is case sensitive and must be at least 1 character and at most 32 characters long However only the first 8 characters of the password are used character number 9 and above are ignored at log ...

Страница 76: ... the Reset to Factory Default Reset button in the Reset Configuration area Reboot the AP Click Management System Maintenance and select the Reboot tab Then click the Reboot the Access Point Reboot button NOT E For details on manual reset of the access point reference the Installation and Configuration Guide and see File Uploads Downloads and Resets on page A 1 Setting SNMP Community Names You can ...

Страница 77: ...on the access point click SNMPv1 v2cEnabled 3 To establish a public read only SNMP community type a name text string to replace the default community name public in the Community Name RO field 4 To establish a private read write SNMP community type a name text string to replace the default community name private in the Community Name R W field 5 To activate SNMPv3 functions on the access point cli...

Страница 78: ...nsure adequate separation between the two radios operating in the same frequency See Radio Configuration Summary Table on page 6 6 If using the worldwide product before configuring radio settings on the access point you must first use the CLI to set the Country Code so that the radio channels used conform to your local regulations It is your responsibility to select a correct country setting other...

Страница 79: ...worldwide product the Radio screen is not available for configuration until the Country Code is set using the CLI Configuring TCP IP Settings You can use the Web browser interface to manage the access point only if it already has an IP address that is reachable through your network You can set an initial IP address for the access point by using the CLI interface After you have network access to th...

Страница 80: ...tatic IP Address and Subnet Mask fields The defaults automatically populate 5 Ifamanagementstationexistsonanothernetworksegment intheDefault Gateway field enter the IPaddressofagatewaythat can route traffic between these segments 6 Enter the IP address for the primary and secondary DNS servers to be used for host name to IP address resolution 7 Optionally enter the domain suffix for hostname domai...

Страница 81: ...at are distributed to all stations Wired Equivalent Privacy WEP is implemented to provide a basic level of security preventing unauthorized access to the network and encrypting data transmitted between wireless stations and the access point The access point allows configuration of up to 16 SSIDs The Web interface provideseasyscreenstoconfigureSSIDparameters including enabling SSID names closed sys...

Страница 82: ...4 32 Using the ProCurve Web Browser Interface Tasks for Your First ProCurve Web Browser Interface Session Figure 4 18 The WLANs Screen ...

Страница 83: ...vent broadcasting of the SSID 4 Click Update to save these IP settings 5 Click the Edit button to open the Security pop up window see Figure 4 19 6 Select Static WEP in the Security Mode drop down 7 Check Shared for the Authentication option 8 Select 1 in the Transfer Key Index drop down to be used for the SSID interface 9 Select the key length to be used by all stations either 64 or 128 default b...

Страница 84: ...e use where highly sensitive data is transmitted For more robust wireless security you should consider implementing other features supported by the access point Wi Fi Protected Access WPA and IEEE 802 1X 2004 Port based network access control using the physical access characteristics of IEEE 802 Local Area Networks LAN infrastruc tures to provide a means of authenticating and authorizing devices a...

Страница 85: ...5 1 5 General System Configuration ...

Страница 86: ...ings 5 19 Web Configuring IP Settings Statically or via DHCP 5 19 CLI Configuring IP Settings Statically or via DHCP 5 23 Configuring SNMP 5 25 MIB Support 5 26 Web Setting Basic SNMP Parameters 5 26 CLI Setting Basic SNMP Parameters 5 28 Web Configuring SNMP v1 and v2c Traps 5 32 SNMP Traps 5 32 SNMP Trap Hosts 5 35 CLI Configuring SNMP v1 and v2c Traps 5 36 CLI Configuring SNMP v1 and v2c Trap D...

Страница 87: ... Parameters 5 54 Setting Up Filter Control 5 55 Web Setting Traffic Filters 5 55 CLI Setting Traffic Filters 5 56 Configuring VLAN Support 5 57 Web Setting A Management VLAN 5 58 Web Changing the Untagged VLAN ID 5 59 CLI Enabling VLAN Support 5 61 Managing Group Configuration 5 63 Guidelines for Deploying Group Configuration 5 64 The Synchronization Process 5 64 Security and Integrity Recommendat...

Страница 88: ...odify system management passwords Set management access controls View and modify access point system information Configure IP SNMP SNTP RADIUS Accounting and VLAN parameters Set up filter control between wireless stations between wireless stations and the management interface or for specified protocol types ...

Страница 89: ...ace page 5 9 Management Interfaces Changing the default settings for password page 5 6 Limiting management access to the Ethernet side of the AP disabling wireless access to remote management interfaces page 5 9 Disabling unused remote management interfaces Web Telnet SSH SNMP page 5 9 Changing the default settings for SNMP read and read write community names page 5 25 Changing the default setting...

Страница 90: ...having in band or out of band access to the access point may be able to compromise access point and network security Pressing the Clear button on the back of the access point for more than two seconds removes password protection Web Setting the Management Password The Password screen enables the access point s password to be set The Web interface enables you to modify these parameters New Password...

Страница 91: ...er and at most 32 characters long However only the first 8 characters of the password are used character number 9 and above are ignored at log in 4 In the Confirm Password field re enter the new password 5 Select Update Note The password you assign in the Web browser interface will overwrite the previous settings assigned in either the Web browser interface or the access point console That is the ...

Страница 92: ...ou also modify the Web password Note The password is case sensitive and must be at least 1 character and at most 32 characters long However only the first 8 characters of the password are used character number 9 and above are ignored at log in Command Syntax CLI Reference Page password manager password 9 21 ProCurve Access Point 530 configure ProCurve Access Point 530 config password manager 9gY2d...

Страница 93: ...independently Note The HTTP and HTTPs services do not allow modification of the configured port numbers Secure Shell SSH Telnet is a remote management tool that can be used to configure the access point from anywhere in the network However Telnet is not secure from hostile attacks SSH can act as a secure replacement for Telnet The SSH protocol uses generated public keys to encrypt all data transfe...

Страница 94: ...nagement access through a Secure Shell version 2 0 client The default is Enabled Web Access HTTP Interface Enables or disables management access through and HTTP interface The default is Enabled SSL Interface Enables or disables management access through an SSL interface The default is Enabled Button Access For managing button access see Disabling the Access Point Push Buttons on page A 18 Factory...

Страница 95: ... disable the serial Telnet or SSH interfaces Note If using SSH for secure access to the CLI over a network connection you may want to disable the Telnet server 3 As required enable or disable the HTTP or SSL interfaces 4 As required enable or disable the manual push button options on the access point Note The access point does not allow you to disable Factory Reset and the Serial Interface at the ...

Страница 96: ...lay the current status of the access routes using the show console command Note Enter management commands one per line Command Syntax CLI Reference Page no console 9 23 no ssh 9 24 no telnet 9 23 show console 9 27 show system 9 27 ProCurve Access Point 530 configure ProCurve Access Point 530 config no console ProCurve Access Point 530 config show console CLI Access Serial Interface Disabled Telnet...

Страница 97: ... Telnet connection to this device Caut ion You should use the no telnet command only when you are connected to the access point through another method Once you disable Telnet the Telnet connection is immediately lost ProCurve Access Point 530 configure ProCurve Access Point 530 config no ssh ProCurve Access Point 530 config show ssh SSH Status Disabled ProCurve Access Point 530 config ProCurve Acc...

Страница 98: ...m Country Code us Software Version WA 02 00 0412 Ethernet MAC Address 00 14 C2 A5 6A B3 IP Address 192 168 15 200 Subnet Mask 255 255 255 0 Default Gateway 192 168 15 254 DHCP Client Disabled Management VLAN ID 1 Untagged VLAN ID 1 Radio 1 MAC Address 00 14 C2 A7 11 A0 Radio 1 Status Enabled 802 11g Radio 2 MAC Address 00 14 C2 A7 E1 20 Radio 2 Status Enabled 802 11g HTTP Interface Enabled SSL Int...

Страница 99: ... 6 6 Web Setting the System Name Location and Contact To modify the access point s system parameters use the Device Information screen the Home page or default screen The Web interface enables you to modify these parameters System Name An alias for the access point only enabling the device to be uniquely identified on the network Setting must be at least 1 character and a maximum of 63 characters ...

Страница 100: ...m Information 1 Select Device Information in the navigation bar 2 Type a name to uniquely identify the access point in the System Name field 3 Type alocationtoidentify wheretheaccess pointitlocatedintheLocation field 4 Type a name to identify the contact in the Contact field 5 Select Update to modify the system information ...

Страница 101: ...tname syntax to set the name of the system Note Enter management commands one per line To display the configured system name use the show system information command Command Syntax CLI Reference Page hostname hostname 9 19 show system information 9 27 ProCurve Access Point 530 configure ProCurve Access Point 530 config hostname ProCurve AP530 ProCurve Access Point 530 config ...

Страница 102: ...0 0412 Ethernet MAC Address 00 14 C2 A5 6A B3 IP Address 192 168 15 200 Subnet Mask 255 255 255 0 Default Gateway 192 168 15 254 DHCP Client Disabled Management VLAN ID 1 Untagged VLAN ID 1 Radio 1 MAC Address 00 14 C2 A7 11 A0 Radio 1 Status Enabled 802 11g Radio 2 MAC Address 00 14 C2 A7 E1 20 Radio 2 Status Enabled 802 11g HTTP Interface Enabled SSL Interface Enabled SSH Interface Enabled Telne...

Страница 103: ...e is no DHCP server on your network or DHCP fails the access point will automatically start up with a default IP address of 192 168 1 10 Web Configuring IP Settings Statically or via DHCP The Ethernet screen under Network Setup allows the DHCP client to be enabled or the Transmission Control Protocol Internet Protocol TCP IP settings to be manually specified The Web interface enables you to modify...

Страница 104: ...parated by periods The default is 192 168 1 10 Required field Subnet Mask Themaskthatidentifiesthehostaddressbitsused for routing to specific subnets The default is 255 255 255 0 Required field Default Gateway The default gateway is the IP address of the next hop gateway router for the access point which is used if the requesteddestinationaddressisnotonthelocalsubnet Required field DNS Nameservers...

Страница 105: ...e drop down 5 Select Update to save the DHCP settings To Configure IP Settings Manually 1 Select Ethernet 2 To configure the VLAN untagged enter a value in the VLAN field 3 To set the mode and speed of data transmission select the Speed Duplex setting in the drop down 4 To set a manual connection select Static IP in the Connection Type drop down 5 If you choose StaticIP the IP address and subnet m...

Страница 106: ...ork segment enter the IP address of a gateway in the that can route traffic between these segments in the Default Gateway field This is a required field 7 Enter the IP address for the primary and secondary DNS Nameservers to be used for host name to IP address resolution 8 Select Update to save these IP settings ...

Страница 107: ...s how to disable the DHCP client and then specify an IP address subnet mask default gateway and DNS server addresses Caut ion In order to disable the DHCP and assign a Static IP address you must have a serial port connection to the access point Otherwise you will lose connec tivity during the process of assigning a new static IP address Command Syntax CLI Reference Page interface interface 9 90 no...

Страница 108: ...cess Point 530 ethernet ip default gateway 192 168 1 1 ProCurve Access Point 530 ethernet exit ProCurve Access Point 530 config dns primary 204 127 202 0 ProCurve Access Point 530 config dns secondary 216 148 227 00 ProCurve Access Point 530 config ProCurve Access Point 530 show ip IP Address Information System Host Name HP AP 200 IP Address 192 168 15 200 Subnet Mask 255 255 255 0 Default Gateway...

Страница 109: ... SNMP traps When SNMP management stations send GET or SET requests to the access point the SNMP responds with the requested data and or the status of the get or set operation The access point can also be configured to send information to SNMP managers through trap messages Note The access point is shipped with a default read only community name Please change the community name or disable SNMP to p...

Страница 110: ...ment stations using SNMP Read Only Support Read Write Support IEEE802dot11 MIB RFC1155 SMI MIB II RFC 1213 RFC 1215 SNMPv2 SMI RFC2578 SNMPv2 TC RFC2579 SNMPv2 CONF RFC2580 SNMPv2 MIB RFC3418 IANAifType MIB RFC2864 IF MIB RFC2863 BRIDGE MIB RFC1493 SNMP COMMUNITY MIB SNMP FRAMEWORK MIB SNMP MPD MIB SNMP USER BASED SM MIB SNMP VIEW BASED ACM MIB HP PROCURVE WLAN SMI HP PROCURVE WLAN TC HP PROCURVE ...

Страница 111: ...d write access Authorized management stations are able to both retrieve and modify MIB objects Range 0 32 characters The default is private SNMPv3 Enables or disables SNMPv3 security functions The default is Enabled Engine ID The Engine ID is a system assigned identifier which uniquely identifies the access point in the agent s administrative domain Location Text string defining the physical locat...

Страница 112: ... 4 To establish a private read write SNMP community enter a name text string to replace the default community name private in the Community Name R W field 5 To activate SNMPv3 security features on the access point click the SNMPv3 Enabled button 6 Enter a port value in the Port field 7 Select Update CLI Setting Basic SNMP Parameters CLI Commands Used in This Section Command Syntax CLI Reference Pa...

Страница 113: ...settings to restricted and public To disable SNMP communities type the following commands ProCurve Access Point 530 configure ProCurve Access Point 530 config no snmp server community public restricted ProCurve Access Point 530 config no snmp server community system unrestricted ProCurve Access Point 530 config ...

Страница 114: ...ty command prior to using the snmp server host command To display the current SNMP settings use the show snmp server command as shown in the following example ProCurve Access Point 530 configure ProCurve Access Point 530 config snmp server community alpha unrestricted ProCurve Access Point 530 config snmp server community beta restricted ProCurve Access Point 530 config snmp server host 192 16 8 1...

Страница 115: ... Enabled hpWlanClientAuthentication Enabled hpWlanClientRequestFailure Enabled hpWlanClientReAssociation Enabled hpWlanDot1XAuthNotInitiated Enabled hpWlanDot1XAuthFailure Enabled hpWlanLocalMacAuthClientFailure Enabled hpWlanDot1XAuthSuccess Enabled hpWlanLocalMacAuthClientSuccess Enabled hpWlanMgmtAccessUpdate Enabled hpWlanPossibleNeighborApDetected Enabled hpWlanMgmtVlanIdUpdate Enabled hpWlan...

Страница 116: ... tion about the file name server address and directionof configuration file The IP address is the file server s IP address AP Traps pertaining to the access point hpWlanApInterfaceUpdate This notification is sent out when the Ethernet or 802 11 wireless radio interface is enabled or disabled hpWlanApSSIDUpdate This notification is sent out when an SSID is enabled or disabled hpWlanClientAssociatio...

Страница 117: ...ed locally within the access point The notification value includes the MAC address of the authenticated station hpWlanLocalMacAuthClientFailure This notification is sent when a station fails to authenticate the MAC address with the data base stored locally within the access point The notification value includes the MAC address of the authenticated station Radio Traps pertaining to maintaining the ...

Страница 118: ...ion value includes the MAC address of the authenticated station hpWlanDot1XAuthFailure This notification is sent when a station fails to authenticate with the RADIUS server The notification value includes the MAC address of the station that failed to authenticate hpWlanMacLockoutStaLockedOut This notification is sent when the station with the specified MAC address has been added to the global MAC ...

Страница 119: ...f SNMP notifications For each destination enter the IP address or the host name and the community name IP Address Specifies the IP address or the host name from 1 to 20 characters for the recipient of SNMP notifications Community Name The community string sent with the notification operation Maximum length 32 characters Update Updates the Trap settings Figure 5 7 Configuring SNMP Trap Destinations...

Страница 120: ...s Used in This Section To send SNMP v1 and v2c traps to a management station specify the host IP address using the snmp server host command and enable specific traps using the snmp server trap command Command Syntax CLI Reference Page no snmp server trap trap 9 43 show snmp server 9 45 ProCurve Access Point 530 configure ProCurve Access Point 530 config snmp server trap radiusAcctUpdate ProCurve A...

Страница 121: ... hpWlanApInterfaceUpdate Enabled hpWlanClientDeAuthentication Enabled hpWlanClientAuthentication Enabled hpWlanClientRequestFailure Enabled hpWlanClientReAssociation Enabled hpWlanDot1XAuthNotInitiated Enabled hpWlanDot1XAuthFailure Enabled hpWlanLocalMacAuthClientFailure Enabled hpWlanDot1XAuthSuccess Enabled hpWlanLocalMacAuthClientSuccess Enabled hpWlanMgmtAccessUpdate Enabled hpWlanPossibleNei...

Страница 122: ...ng SNMPv1 2c it will be necessary to log into the AP 530 using the CLI interface and add an SNMPv3 user manually See CLI Managing SNMPv3 Users on page 5 42 New SNMPv3 users will have read only access to MIBs This restriction remains inplace until either a privacy or authentication mode or typically both is assigned to the user If Privacy Type is specified for an SNMPv3 user then Authentication Typ...

Страница 123: ... SNMP and select the Settings tab 2 Click the SNMPv3 Enabled button 3 Click Update To Disable SNMPv3 1 Click Management SNMP and select the Settings tab 2 Click the SNMPv3 Disabled button 3 Click Update CLI Enabling Disabling SNMPv3 CLI Commands Used in This Section Command Syntax CLI Reference Page no snmpv3 enable 9 46 ...

Страница 124: ... Defines the username of the SNMPv3 user Authentication Type Password Specifies the type of Authentication to be applied to the SNMPv3 user and the authentication password The default is None Privacy Type Password Specifies the type of Privacy to be applied to the SNMPv3 user and the privacy password The default is None Update Updates the SNMPv3 user settings ProCurve Access Point 530 config ProCu...

Страница 125: ...n 4 If you have selected an authentication method for the user you must enter a valid password in the Password field 5 Optionally select a privacy method from the Privacy Type drop down Adding a privacy method for the user requires that you also select an authentication method 6 If you have selected a privacy method for the user you must enter a valid password in the Password field 7 Click Update ...

Страница 126: ... list of SNMPv3 users click the box next to the username you want to remove 3 Click Remove to remove the user from the list 4 Click Update CLI Managing SNMPv3 Users CLI Commands Used in This Section To create an SNMPv3 user enter the snmpv3 user name command To remove an SNMPv3 user enter the no snmpv3 user name command Command Syntax CLI Reference Page no snmpv3 user name user_name auth md5 sha a...

Страница 127: ...ettings from the Manager Exec level use the show snmpv3 command ProCurve Access Point 530 config snmpv3 user name tjames auth md5 12345678 ProCurve Access Point 530 config ProCurve Access Point 530 config snmpv3 user name ltulina auth md5 12345678 priv aes 87654321 ProCurve Access Point 530 config Command Syntax CLI Reference Page show snmpv3 9 48 ProCurve Access Point 530 show snmpv3 SNMPv3 Enabl...

Страница 128: ...e newest to the oldest Since the Web interface has a limited amount of memory for containing and displaying the event log you should use the CLI log command to view the complete list of logged events Log messages are only generated since the last reboot Rebooting the access point erases all previous log messages Consider configuring the access point to log messages to a server see CLI Setting Logg...

Страница 129: ...he IP address of a server Port The UDP port used by a server The default is 514 Update Updates the logging settings Note To view log messages generated by the access point click Device Information Event Log and select the Log tab Figure 5 10 Setting Logging Parameters To Enable Logging 1 Click Device Information Event Log and select the Settings tab 2 Click the Primary Syslog Host box to enable th...

Страница 130: ... The following example shows the settings Command Syntax CLI Reference Page log 9 30 no logging host port 9 31 show debug 9 32 show logging 9 32 ProCurve Access Point 530 configure ProCurve Access Point 530 config logging 10 1 0 3 ProCurve Access Point 530 config ProCurve Access Point 530 configure ProCurve Access Point 530 config show debug Debug Logging Syslog Relay 10 1 0 3 port 514 ProCurve Ac...

Страница 131: ...ot login on ttyp0 I 01 05 00 05 35 48 wlan1 RADIUS Authentication server 127 0 0 1 1812 I 01 05 00 05 35 41 wlan1 RADIUS Authentication server 127 0 0 1 1812 I 01 05 00 05 34 04 wlan1 RADIUS Authentication server 127 0 0 1 1812 I 01 05 00 05 30 45 login 8495 root login on ttyp0 I 01 05 00 01 29 27 login 6498 root login on ttyp0 I 01 05 00 01 25 45 login 6491 root login on ttyp0 I 01 05 00 00 08 06...

Страница 132: ...server in the configured sequence SNTP is disabled by default Universal Time SNTP uses Coordinated Universal Time or UTC formerly Greenwich Mean Time or GMT based on the time at the Earth s prime meridian zero degrees longitude Web Setting SNTP Parameters The Special Features Time screen enables the SNTP server and time zone details to be configured for the access point The Web interface enables y...

Страница 133: ...ring SNTP Settings To Set SNTP Parameters 1 Select Special Features Time 2 For SNTP click Enabled 3 For the SNTP Server enter the IP address or the hostname in the SNTP Server field 4 Select the appropriate time zone for the SNTP server from the Time Zone drop down 5 Click Update ...

Страница 134: ... 8 hours To display the current SNTP status use the show sntp command as shown in the following example Command Syntax CLI Reference Page sntp server time zone 9 34 no sntp 9 34 show sntp 9 35 ProCurve Access Point 530 configure ProCurve Access Point 530 config sntp 10 1 0 19 time zone 480 ProCurve Access Point 530 config ProCurve Access Point 530 configure ProCurve Access Point 530 config show sn...

Страница 135: ...ing software The user session information provided by the access point is sent to the server using standard RADIUS Accounting attributes refer to RFC 2866 The following describes the RADIUS attributes supported by the access point RADIUS Accounting Attribute Description Acct Status Type Contains the RADIUS Accounting message type Start Stop Interim Update Accounting On Accounting Off Acct Delay Ty...

Страница 136: ...sed by the RADIUS Accounting server for accounting messages Setting the port number to zero disables RADIUS Accounting The default is 1813 Key A shared text string used to encrypt messages between the access point and the RADIUS Accounting server Be sure that the same text string is specified on the RADIUS server Note The only characters allowed in the shared key are A Z a z 0 9 comma hyphen tab b...

Страница 137: ...mary RADIUS Accounting server enter the IP address in the IP Address field The default is 0 0 0 0 which indicates disabled 5 In the Port field specify the UDP port number used by the RADIUS Accounting server The default is 1813 6 In the Key field specify the shared text string that is also used by the RADIUS server 7 Optional If you need to configure a secondary RADIUS Accounting server in the net...

Страница 138: ...et key on the access point Note Enter radius commands one per line Command Syntax CLI Reference Page no radius accounting primary secondary ip ip port port key key 9 65 ProCurve Access Point 530 configure ProCurve Access Point 530 config radius accounting primary ip 192 168 1 52 ProCurve Access Point 530 config radius accounting primary port 161 ProCurve Access Point 530 config radius accounting p...

Страница 139: ... Special Features Filters screen configures traffic filters The Web interface enables you to modify these parameters Inter Station Blocking Enables Disables the blocking of communica tions between wireless stations The default is Disabled Wireless Management Blocking Enables Disables the blocking of a wireless station s access to the access point The default is Disabled Update Updates the Filter s...

Страница 140: ...hows the enabled filters Command Syntax CLI Reference Page no inter station blocking 9 88 no wireless mgmt block 9 88 show filters 9 89 ProCurve Access Point 530 configure ProCurve Access Point 530 config inter station blocking ProCurve Access Point 530 config ProCurve Access Point 530 configure ProCurve Access Point 530 config wireless mgmt block ProCurve Access Point 530 config ProCurve Access P...

Страница 141: ... environ ment VLANs inherently provide a high level of network security since traffic must pass through a configured Layer 3 link to reach a different VLAN The access point can enable the support of VLAN tagged traffic passing between wireless stations and the wired network This VLAN tagging extends the wired network s VLANs to wireless stations Associated stations are assigned to a VLAN and can o...

Страница 142: ...ement VLAN ID Received traffic that has no tag is passed to the access point s untagged VLAN if configured otherwise it is dropped Received traffic that has an unknown VLAN ID or is tagged with the VLAN ID of the configured untagged VLAN is dropped As part of ensuring appropriate VLAN support configure the attached network switch port to support IEEE 802 1Q tagged VLAN frames from the accesspoint ...

Страница 143: ...the Untagged VLAN ID The Network Setup Ethernet screen configures the untagged VLAN ID The Web interface enables you to modify these parameters Untagged VLAN Allows setting of a VLAN ID to which all untagged packets will be assumed to belong The range is 1 4094 The default is 1 Connection Type Allows selection of a static or DHCP setting See Web Configuring IP Settings Statically or via DHCP on pa...

Страница 144: ...al System Configuration Configuring VLAN Support Figure 5 15 Changing Untagged VLAN ID To Set Untagged VLAN ID 1 Click Ethernet 2 Enter a valid number between 1 and 4094 in the Untagged VLAN field 3 Select Update ...

Страница 145: ... vid 9 146 management vlan vid 9 146 show wlans 9 117 ProCurve Access Point 530 configure ProCurve Access Point 530 config interface ethernet ProCurve Access Point 530 ethernet management vlan 9 ProCurve Access Point 530 ethernet ProCurve Access Point 530 configure ProCurve Access Point 530 config interface ethernet ProCurve Access Point 530 ethernet untagged vlan 9 ProCurve Access Point 530 ether...

Страница 146: ...ne Disabled 13 SSID 13 not assigned yet none None Disabled 14 SSID 14 not assigned yet none None Disabled 15 SSID 15 not assigned yet none None Disabled 16 SSID 16 not assigned yet none None Disabled All WLANs on Radio 2 WLAN BSSID VLAN Security Status 1 PR3_WLAN 00 14 C2 A5 22 F0 9 U No Sec Enabled 2 SSID 2 not assigned yet none No Sec Disabled 3 SSID 3 not assigned yet none No Sec Disabled 4 SSI...

Страница 147: ...are versions cannot be shared between all APs Note Group Configuration must not be enabled on an access point that participates in a WDS link Group Configuration will configure the WLAN 1 security profile as a group setting If this profile is changed the WDS link may break The Group Configuration Parameter Block The parameters that are shared by the members of a configuration group are called the ...

Страница 148: ...rs in the GCPB require a reboot of the access point to take effect Guidelines for Deploying Group Configuration The Group Configuration feature creates a peer to peer system where no single access point controls or contains the Group Configuration Parameter Block and the entire group can be managed through the user interface of any member AP in the group The Synchronization Process Each member acc...

Страница 149: ...onized inconsistently Similarly applying incompatible values to parameters with cross dependen cies could also produce unpredictable results The recommended method for ensuring integrity of a group configuration is to enforce a single administration point in the group This ensures that conflicting changes to the group configuration cannot be applied to the group Depending on administrative require...

Страница 150: ...ng formed there may be a delay of up to 2 seconds before all members are listed Figure 5 16 Configuring Group Configuration To add Group Configuration to the current access point 1 Click Management Group Configuration 2 Click Enabled to allow this access point to share configuration parameters with others in the same group 3 In Group Name enter the name of the group the access point should belong ...

Страница 151: ...config member id 9 62 show group config 9 63 ProCurve Access Point 530 configuration ProCurve Access Point 530 config group config name HBldg22 ProCurve Access Point 530 config group config member id AP 2 ProCurve Access Point 530 config group config ProCurve Access Point 530 config show group config Status Enabled Group name HBldg22 Member ID AP 2 mac ip 00 14 C2 A5 09 8C 10 0 1 101 00 14 C2 A5 6...

Страница 152: ...5 68 General System Configuration Managing Group Configuration This page is intentionally unused ...

Страница 153: ... 6 14 Configuring Advanced Radio Settings 6 16 Configuring B G Mode 6 17 Configuring G Only Mode 6 19 Configuring Pure G Mode 6 20 CLI Configuring Radio Settings 6 21 Modifying Antenna Settings 6 23 Web Setting the Tx Power Reduction 6 23 Web Setting the Antenna Type and Antenna Mode 6 25 CLI Setting the Transmit Power Reduction and Antenna Parameters 6 27 Adaptive Tx Power Control 6 29 Feature Ov...

Страница 154: ... Wireless Interface Configuration Managing Multiple WLAN BSS SSID Interfaces 6 36 Web Configuring SSID Interfaces 6 37 CLI Naming an SSID Interface 6 40 CLI Modifying WLAN BSS SSID Interface Settings 6 41 ...

Страница 155: ...es Most radio parameters apply globally to all configured SSID interfaces For each SSID interface different security settings VLAN assignments and other parameters can be applied This chapter describes how to Set the access point country code Configure the radio working mode Modify global radio parameters Configure SSID interfaces ...

Страница 156: ...fore configuring other radio settings The country code setting affects the radio channels that are available Note The country code is preset to US in the Access Point 530 NA unit and can be changed from the U S to only the Canada Mexico or Taiwan country code When it is set to Canada Mexico or Taiwan and you want to reset it to the U S you must reset the unit back to its factory defaults The radio...

Страница 157: ...ss Point 530 config show system information Serial Number TW633VV01D System Name HP AP 200 System Up Time 13 mins 17 secs System Location 2FS17 System Country Code us Software Version WA 02 00 0412 Ethernet MAC Address 00 14 C2 A5 6A B3 IP Address 192 168 15 200 Subnet Mask 255 255 255 0 Default Gateway 192 168 15 254 DHCP Client Disabled Management VLAN ID 1 Untagged VLAN ID 1 Radio 1 MAC Address...

Страница 158: ...re available for use on the 530 access point 802 11a 802 11b and 802 11g Two separate wireless LAN radios are available for use on the 530 access point Radio 1 and Radio 2 Radio 1 configuration allows only two modes 802 11b and 802 11g Radio 2 configuration allows all three modes 802 11a 802 11b and 802 11g If both Radio 1 and Radio 2 are configured to 802 11 b g mode then Radio 2 must be connecte...

Страница 159: ...erfere with each other No channel interference in 802 11a mode If your environment does not contain legacy 802 11b stations or legacy access points you can obtain maximum throughput by configuring pure G Mode s See Web Configuring Advanced Radio Settings on page 6 14 B G stations to the access points only and protected mode enabled Wifi G stations only and protected mode enabled Pure G stations on...

Страница 160: ...ision multi plexing OFDM the modulation scheme used in 802 11a toobtainhigherdata speed Computers or terminals set up for 802 11g can fall back to speeds of 11 Mbps so that 802 11b and 802 11g devices can be compatible within a single network To simultaneously support both 802 11g and 802 11b stations the access point uses a special protected mode operation as required for compliance with the IEEE...

Страница 161: ...87A you must set the country code using the CLI before you can configure the radio settings See Setting the Country Code on page 6 4 Use the write memcommand to save the setting The Web interface enables you to modify these parameters Radio Allows toggling to either Radio 1 or Radio 2 parameter sets The default is Radio 1 Status Allows enabling disabling of the respective radio If the radio is ena...

Страница 162: ...orthogonal frequency division multiplexing OFDM Radio 2 only Update Updates the radio parameters Figure 6 1 Setting the Radio Working Mode To Set the Radio Working Mode 1 Select Network Setup Radio 2 Select the appropriate radio 1 or 2 from the Radio drop down 3 To enable the radio click the Status On button 4 Select the radio mode using the Mode drop down 5 Select Update to save the settings ...

Страница 163: ...ured on the access point Command Syntax CLI Reference Page radio radio_name 9 101 mode mode 9 104 show radios radio 9 116 Use the parameter radio to display detailed information about the specified radio ProCurve Access Point 530 configure ProCurve Access Point 530 config radio 1 ProCurve Access Point 530 radio1 mode g ProCurve Access Point 530 radio1 ProCurve Access Point 530 configure ProCurve A...

Страница 164: ...figuring Basic Radio Settings The Network Setup Radio screen shown in Figure 6 2 configures basic settings for the access point s radio operation For the Advanced Settings see Web Configuring Advanced Radio Settings on page 6 14 The Web interface enables you to modify these parameters Max Tx Power The maximum power in dBm that the current radio mode supports The default is 0 Tx Power Reduction Adj...

Страница 165: ... applicable radio at any one time The default is 256 Update Updates the radio parameters Figure 6 2 Configuring Basic Radio Settings To Modify Basic Radio Settings 1 Select Network Setup Radio 2 Select the radio channel from the drop down If you are deploying access points inthe same area see the keypointssummarizedinsection Overview on page 6 3 3 To set a limit on the number of stations accessing...

Страница 166: ... is Enabled Antenna Mode The mode of radio antenna utilized by this access point The default is Diversity For the configuration details see Web Setting the Antenna Type and Antenna Mode on page 6 25 Preamble Sets the length of the signal preamble used at the start of a data transmission Using a short preamble can increase data throughput on the access point but requires that all associated station...

Страница 167: ...erhead to send multiple frames If set to 2346 this feature is disabled Range 256 2346 even numbers The default is 2346 Beacon Interval The rate at which beacon frames are transmitted from the access point The beacon frames allow wireless stations to maintain contact with the access point They may also carry power management information Range 20 2000 K us The default is 100 Rate Sets Rates are expr...

Страница 168: ...Setup Radio 2 Click Status On to enable the radio 3 Click the Edit button for Advanced Settings A pop up window for Advanced Settings opens see Figure 6 3 4 To enable rate limiting click the Broadcast Multicast Rate Limiting Enabled button 5 If you enabled Broadcast Multicast Rate Limiting enter the Rate Limit and the Rate Limit Burst amounts 6 To enable Protected Mode click the Enable button ...

Страница 169: ...o configure the communication periods and packet size transmissions enter values within the appropriate range for the Fragmentation Threshold and RTS Threshold fields 9 Enter the desired value for Beacon Interval 10 Select values for the Supported and Basic Rate Sets 11 Select Update Configuring B G Mode Figure 6 4 Configuring B G Modes Radio Settings ...

Страница 170: ...lows both b stations and g stations to associate with the AP 1 Select Network Setup Radio 2 Click Status On to enable the radio 3 Select IEEE 802 11g Mode 4 Click the Edit button for Advanced Settings A pop up window for Advanced Settings opens see Figure 6 5 5 Select Enable for Protected Mode to set this radio parameter 6 Select Update to set the advanced radio parameters ...

Страница 171: ...ith the AP This is Wi Fi standard based g only mode 1 Select Network Setup Radio 2 Click Status On to enable the radio 3 Select IEEE 802 11g Mode 4 Click the Edit button for Advanced Settings A pop up window for Advanced Settings opens see Figure 6 6 5 Select Enable for Protected Mode to set this radio parameter 6 Select rate set values 24 12 and 6 using the Basic options 7 Select Update to set th...

Страница 172: ...is mode is not a standard based configuration mode If this mode is used with legacy b stations and b access points this mode creates a detrimental effect leading to low throughput especially with Protected Mode being disabled 1 Select Network Setup Radio 2 Click Status On to enable the radio 3 Select IEEE 802 11g Mode 4 Click the Edit button for Advanced Settings A pop up window for Advanced Setti...

Страница 173: ...nd to save the setting Configuring One Radio The following example details how to enable one radio and configure specific radio parameters on the access point Note Enter radio commands one line at a time Command Syntax CLI Reference Page description string 9 116 no basic rate value 9 106 beacon interval value 9 108 fragmentation thresh value 9 111 rts threshold value 9 113 show stations 9 122 show...

Страница 174: ... Beacon Interval K us 100 Max Power dBm 0 0 Power Reduction dB 0 Antenna Mode diversity Antenna s In Use internal RTS Threshold 2347 Fragment Threshold 2346 WMM QoS Disabled Inactivity Timeout 1800 Max Stations 256 Rate Limiting Disabled Rate Limit packets second 50 Burst Limit packets second 75 AP Detection Enabled Periodic Scan Duration ms 30 Periodic Scan Interval sec 10 List Max Entries 255 Li...

Страница 175: ...e Installation and Getting Started Guide and the specific product antenna manuals Web Setting the Tx Power Reduction The Radio screen shown in Figure 6 8 enables you to configure the following settings for adjusting the transmit power reduction values Max Tx Power The maximum power that the current radio mode supports The default is maximum power Tx Power Reduction Adjusts the amount of attenuatio...

Страница 176: ... Antenna Settings Figure 6 8 Setting Transmit Power Reduction To Modify the Transmit Power Reduction 1 Select Network Setup Radio 2 Use the Tx Power Reduction drop down to select a dBm value 3 Select Update to set the radio transmit power reduction ...

Страница 177: ...mode parameters Note Radio 2 must be configured to an external antenna if Radio 2 is configured to either the IEEE 802 11b or 802 11g mode The Radio 2 internal antenna must be configured to the IEEE 802 11a mode See Radio Configuration Summary Table on page 6 6 Figure 6 9 Setting Antenna Parameters To Modify the Antenna Parameters 1 Select Network Setup Radio 2 Click Status On to enable the radio ...

Страница 178: ...6 26 Wireless Interface Configuration Modifying Antenna Settings 6 Select Update to set the antenna parameters ...

Страница 179: ...xternal antenna and set the mode to Single on the access point The default mode is set to Diversity Command Syntax CLI Reference Page tx power reduction value 9 114 antenna external internal 9 105 antenna mode diversity single 9 105 show radio 9 116 ProCurve Access Point 530 config radio 1 ProCurve Access Point 530 radio1 tx power reduction 5 ProCurve Access Point 530 radio1 antenna external ProCu...

Страница 180: ...nnel 11 WLANs Supported 16 Preamble long CTS Protection Enabled Slot time short Beacon Interval K us 100 Max Power dBm 0 0 Power Reduction dB 0 Antenna Mode diversity Antenna s In Use internal RTS Threshold 2347 Fragment Threshold 2346 WMM QoS Disabled Inactivity Timeout 1800 Max Stations 256 Rate Limiting Disabled Rate Limit packets second 50 Burst Limit packets second 75 AP Detection Enabled Per...

Страница 181: ... they all must be operating on the same channel and all must have ATPC enabled Once it is enabled ATPC is controlled by setting four parameters Adaptive Mode Avoid Neighbor APs RF Group Name Tx Power Reduction Limit How the ATPC feature responds to the presence of other APs depends on how these parameters are combined Scope Power levels can be configured to Adapt to selected APs and ignore others ...

Страница 182: ...D configurations within the group are ignored and all APs in the group will mutually adapt their transmit power to adapt to their neighbors in the group APs outside the group are not accommodated There is no limit to the number of APs in an RF Group Adapting to All Neighboring APs To apply ATPC to all neighboring APs regardless of RF Groups or SSID configurations enable the Avoid Neighbor APs sett...

Страница 183: ... of APs Power Reduction Limit Setting the Transmit Power Reduction Limit determines the minimum power level of the radio This value combined with the radio s Tx Power Reduction setting establishes the range of Transmit Power adjustments in ATPC How this setting is tuned depends on the ATPC scope and adaptive mode selected The radio s Tx Power Reduction setting not the radio s Max Tx Power determin...

Страница 184: ...llowing settings to configure ATPC characteristics Adaptive Tx Power Control Enables and disables Adaptive Tx Power Control on the selected radio The default is Disabled Avoid Neighbor APs When this setting is enabled ATPC adapts to all neighboring APs RF Group Names and SSIDs are ignored When this setting is disabled ATPC uses RF Group Name or SSIDs to determine which APs to accommodate The defau...

Страница 185: ...e in the ATPC calculations do one of the following a To adapt transmit power to all neighboring APs on the same channel click the Avoid Neighbor APs Enabled button b To adapt transmit power to a group of specific neighboring APs enter the RF Group Name that identifies the group c To adapt transmit power to neighboring APs according to their respective SSID lists click the Avoid Neighbor APs Disabl...

Страница 186: ...Configuring Adaptive Tx Power Control CLI Commands Used in This Section Command Syntax CLI Reference Page no atpc 9 140 no atpc avoid other aps 9 141 no atpc rf group name name 9 141 atpc adapt ap ap clients 9 142 atpc max atpc atten max reduction 9 143 show atpc 9 143 ...

Страница 187: ...530 radio1 atpc max reduction 18 ProCurve Access Point 530 radio1 atpc rf group name AirportNet ProCurve Access Point 530 radio1 ProCurve Access Point 530 radio1 show atpc Radio 1 atpc enabled RF Group name AirportNet Avoid Other WLANs disabled Max Power Reduction 18 Adaptive Mode AP Current Beacon Backoff 4 dB Current Data Backoff 4 dB Radio 2 atpc disabled RF Group name not configured Avoid Othe...

Страница 188: ...ns that want to connect to a network through an access point must set their SSIDs to match that of the access point Multiple SSID interfaces enable wireless traffic to be separated for different user groups using a single access point that services one area For each SSID interface differentsecuritysettings VLANassignments andotherparameters can be applied Wireless stations within the service area ...

Страница 189: ... tab shown inFigure 6 11 enables you to configure SSIDs VLANS and closed system settings You can modify these parameters WLAN Displays the WLAN index number 1 through 16 Radio 1 Radio 2 Configures the access point to enable WLAN access using either or both radios when the appropriate box is checked SSID Lists the access point s SSID interfaces with their basic settings The Enabled option auto fill...

Страница 190: ...urity Modedrop downwiththeoptions for this WLAN This is the default tab For security mode configura tion see Web Setting Security Options on page 7 18 RADIUS Servers tab Configures the primary secondary and internal server for RADIUS authentication For RADIUS server settings see Web Setting RADIUS Server Parameters on page 7 33 Accounting Servers tab Configures the primary and secondary server for...

Страница 191: ...tablish security click Edit button and configure Security tab param eters 7 To configure Radius servers for RADIUS authentication click Edit and configure RADIUS Server tab parameters 8 To configure Accounting servers for RADIUS authentication click Edit and configure Accounting Servers tab parameters 9 To configure MAC filtering click Edit and configure MAC Authentication tab parameters 10 Click ...

Страница 192: ...AN BSS SSID context are displayed in the parentheses The WLAN index uses the format wlan x where x is a number between 1 and 16 To display a list of configured WLAN interface settings use the showwlan x command as shown in the following example Command Syntax CLI Reference Page ssid SSID 9 102 show wlans name all 9 117 ProCurve Access Point 530 configure ProCurve Access Point 530 config radio 1 Pr...

Страница 193: ... 102 description description 9 102 disable enable 9 102 vlan vid 9 102 closed system 9 102 show wlan index 9 102 ProCurve Access Point 530 configure ProCurve Access Point 530 config radio 1 ProCurve Access Point 530 radio1 wlan 1 ProCurve Access Point 530 radio1 wlan1 disable ProCurve Access Point 530 radio1 wlan1 description unsecure ProCurve Access Point 530 radio1 wlan1 vlan 9 ProCurve Access P...

Страница 194: ...d yet none No Sec Disabled 5 SSID 5 not assigned yet none No Sec Disabled 6 SSID 6 not assigned yet none No Sec Disabled 7 SSID 7 not assigned yet none No Sec Disabled 8 SSID 8 not assigned yet none No Sec Disabled 9 SSID 9 not assigned yet none No Sec Disabled 10 SSID 10 not assigned yet none No Sec Disabled 11 SSID 11 not assigned yet none No Sec Disabled 12 SSID 12 not assigned yet none No Sec ...

Страница 195: ...7 1 7 Wireless Security Configuration ...

Страница 196: ...KIP with Preshared Key 7 10 AES with Preshared Key 7 10 TKIP with 802 1X 7 11 AES with 802 1X 7 11 Other Security Features 7 12 Establishing Security 7 16 Web Setting Security Options 7 18 Manual Configuration Using the CLI 7 24 CLI Configuring Security Settings 7 24 Configuring RADIUS Client Authentication 7 32 Web Setting RADIUS Server Parameters 7 33 CLI Setting RADIUS Server Parameters 7 35 We...

Страница 197: ...eb Auth Process 7 57 Associating with the AP 530 7 57 URL Intercept 7 58 Logging In 7 58 Authenticating 7 58 Redirecting to the Destination URL 7 60 Web Auth Security 7 60 User Credentials 7 60 Optional Encryption 7 60 Other Security Features 7 60 The Web Auth Address Pool 7 61 Customizing the Authentication Screens 7 61 Default Text Values for Authentication Screens 7 62 Login Screen Default Valu...

Страница 198: ...Wireless Security Configuration CLI Configuring Web Auth on a WLAN 7 70 Prerequisites 7 70 Web Customizing the Login Welcome and Failed Screens 7 72 CLI Customizing the Login Welcome and Failed Screens 7 74 ...

Страница 199: ...his chapter describes how to Configure wireless security Configure encryption Configure key management Configure MAC and 802 1X authentication Configure MAC Lockout and Client Station Deauthentication Configure AP Authentication Configure Web Authentication ...

Страница 200: ...asses between the access point and stations to protect against interception and eavesdropping Key management Assigning unique data encryption keys to each wire less station session and periodically changing the encryption keys to minimize the risk of their discovery User Authentication The two ways of authenticating users on the Access Point 530 are MAC authentication Based on the user s wireless ...

Страница 201: ... a user requests connection to a WLAN through an access point which then requests the identity of the user and transmits that identity to an authentication server such as RADIUS The server asks the access point for proof of identity which the access point gets from the user and sends back to the server to complete the authentication The local built in RADIUS server supports only one EAP type PEAP ...

Страница 202: ... secure method of encryption Wired Equivalent Privacy WEP WEP provides a basic level of security preventing unauthorized access to the network and encrypting data transmitted between wireless stations and the access point WEP is the security protocol initially specified in the IEEE 802 11 standard for wireless communications Unfortunately static WEP has been found to be seriously flawed and cannot...

Страница 203: ...ng the data can be managed either dynamically using 802 1X authentication or statically using preshared keys between the access point and station Dynamic key management provides significantly better security than static keys Security Profiles Based on authentication encryption and key management the following is a list of security profiles in order of increasing robustness No Security Static WEP D...

Страница 204: ...t recommended because it sends encryption keys that are viewable in plain text Dynamic Wired Equivalent Privacy WEP Dynamic WEP uses WEP as the encryption cipher and 802 1X as the authen tication mechanism In this way each client station is assigned a unique encryption key for each session from the authentication server The length of the cipher can be 64 bits or 128 bits and the encryption keys ca...

Страница 205: ...er key to derive the encryption between the access point and the station AES with 802 1X The AES with 802 1X security profile uses AES as the encryption cipher and 802 1X as the authentication mechanism In this way each station is assigned a unique master key to derive the encryption between the access point and the station and the encryption keys can be automatically and periodically changed to f...

Страница 206: ...etwork card driver native support provided in Windows XP and Windows Vista Provides dynamically generated keys that are periodically refreshed Provides similar shared key user authentication Provides robust security in small networks WPA PSK WPA2 Only Requires WPA enabled system and network card driver native support provided in Windows XP and Windows Vista Provides robust security in small networ...

Страница 207: ...y 2 Set the Authentication Server and Protocol 3 Set RADIUS Key security dynamic wep radius accounting primary secondary ip ip port port key key radius primary secondary Theradius keyvalueisusedwithanexternalRADIUS serveronlyandisignoredfortheinternalradiusserver It should be set to the shared secret key that is configured on the external RADIUS server RADIUS server required 802 1X supplicant requ...

Страница 208: ...ions can associate with the access point WPA stationsmusthaveeither a valid TKIP or an AES key to communicate For WPA2 wireless stations to send pre authentication packets enable Pre authentication The AP 530 supports the following Extensible Authentication Protocol EAP methods TLS TTLS MD5 and PEAP MS CHAP v2 when configured to use an external RADIUS server for authentication The AP 530 supports ...

Страница 209: ...ntries set to active in the MAC AuthenticationTable Can be combined with other methods for improved security Local MAC authentication Local MAC Allow xx xx xx xx xx xx Not needed AllMACaddressesdenied except for entries set to active in MAC AuthenticationTable Can be combined with other methods for improved security Remote MAC authentication RADIUS MAC MAC address permission policy based on RADIUS...

Страница 210: ...figuration for the WLAN Figure 7 1 Security Access Via the WLANs Screen Basic parameters required for a security option configuration are provided in the WLANs Security pop up window all other access point settings are made automatically Some options require a RADIUS server to be configured A link to the RADIUS Servers tab is provided where you can configure the RADIUS server parameters ...

Страница 211: ...ee Protocol STP on page 8 15 CAUT I O N When access point configuration parameters are changed wireless stations may be temporarily disconnected until the new configuration parameter is enabled This includes any changes to a WLAN or radio parameter The recommended security option for WDS operation is WPA2 using the AES cipher because this setting provides the maximum security for data sent over th...

Страница 212: ...r keys ASCII Enter keys as 5 alphanumeric characters for 64 bit keys or 13 alphanumeric characters for 128 bit keys Hex Enter keys as 10 hexadecimal digits for 64 bit keys or 26 hexadecimal digits for 128 bit keys The default is Hex WEP Keys Enter up to four strings of character keys If you selected ASCII enter any combination of ASCII characters If you selected Hex enter hexadecimal digits any co...

Страница 213: ...ption Standard AES It uses a CCM Combined Block Chaining Counter mode CBC CTR and Cipher Block Chaining Message Authentication Code CBC MAC for encryption and message integrity Both If you select both TKIP and AES Pairwise cipher is AES and Groupwise cipher is TKIP Pairwise cipher is used for unicast traffic and Groupwise cipher is used for multicast broadcast traffic Both TKIP and AES stations ca...

Страница 214: ...RC4 to perform the encryption and changes temporal keys every 10 000 packets and distributes them thereby greatly improving the security of the network Default AES An IEEE 802 1X encryption method that uses the Advanced Encryption Standard AES It uses a CCM Combined Block Chaining Counter mode CBC CTR and Cipher Block Chaining Message Authentication Code CBC MAC for encryption and message integrit...

Страница 215: ... Select Static WEP from the Security Mode drop down 4 To allow system authentication select Shared from the Authentication option 5 Select a key index from the Transfer Key Index to be used for encryption for the WLAN interface 6 Select the key length to be used by all stations 64 bits or 128 bits 7 Select the Hex or ASCII for Key Type 8 Enter the key value conforming to the length and type alread...

Страница 216: ...y tab 3 Select WPA PSK from the Security Mode drop down 4 Select WPA WPA2 or Both for WPA support as required 5 Select Enable pre authentication if you selected WPA2 or Both for the WPA version 6 Select TPIK recommended AES or Both to enable the type of Cipher encryption 7 For the key enter between 8 and 63 alphanumeric characters Be sure that all wireless stations use the same key 8 Select Update...

Страница 217: ... Security tab 3 Select WPA 802 1X from the Security Mode drop down 4 Select WPA WPA2 or Both for WPA support as required 5 Select Enable pre authentication if you selected WPA2 or Both for the WPA version 6 Select TPIK AES recommended if you selected WPA2 or Both to enable the type of Cipher encryption 7 Select RADIUS Servers to configure the RADIUS server to enhance secu rity 8 Select Update to s...

Страница 218: ...ontext of Radio 2 is to enable or disable the entire WLAN on Radio 2 CLI Configuring Security Settings CLI Commands Used in This Section Command Syntax CLI Reference Page security no security static wep dynamic wep wpa psk wpa 802 1x 9 125 wep default key 1 2 3 4 9 127 no wep key ascii 9 128 wep key length 64 128 9 129 wep key 1 2 3 4 string 9 129 no open system authentication 9 130 no shared key ...

Страница 219: ...rity The following example shows how to configure an WLAN interface to have no security set ProCurve Access Point 530 configure ProCurve Access Point 530 config radio 1 ProCurve Access Point 530 radio1 wlan 1 ProCurve Access Point 530 radio1 wlan1 security no security ProCurve Access Point 530 radio1 wlan1 ...

Страница 220: ...ot set WPA or WPA2 WPA and WPA2 WPA Cipher TKIP only WPA Pre auth Disabled WPA Key Format ascii WPA ASCII Key abcdefghijklmnop WPA Hex Key not set Web Authentication Status Disabled Retry Limit 3 Username Password Login Enabled Guest Login Enabled Redirect URL www procurve com Default Login Page Enabled Default Login Failed Page Enabled Default Welcome Page Enabled RADIUS Failover To Local Disable...

Страница 221: ...th and Key Type settings If Key Length is 64 bits and the Key Type is ASCII then each WEP key must be 5 characters long If Key Length is 40 bits and Key Type is Hex then each WEP key must be 10 characters long If Key Length is 128 bits and Key Type is ASCII then each WEP key must be 13 characters long If Key Length is 128 bits and Key Type is Hex then each WEP key must be 26 characters long ProCur...

Страница 222: ...y mode configure an external authentication server and set the RADIUS key the RADIUS key is automatically provided if you are using the built in authentication server Note Supported authentication servers are the built in authentication server on the access point or an external RADIUS server The RADIUS key value is used with an external RADIUS server only and is ignored for the internal RADIUS ser...

Страница 223: ...ommunicate ProCurve Access Point 530 configure ProCurve Access Point 530 config radio 1 ProCurve Access Point 530 radio1 wlan 1 ProCurve Access Point 530 radio1 wlan1 security dynamic wep ProCurve Access Point 530 radio1 wlan1 radius primary ip 192 168 1 52 ProCurve Access Point 530 radio1 wlan1 radius primary port 161 ProCurve Access Point 530 radio1 wlan1 radius primary key secret ProCurve Acces...

Страница 224: ... CLI to Configure WPA 802 1X The following commands configure the access point to use the WPA 802 1X security mode to accept both the WPA and WPA2 stations and to allow pre authentication Note WPA 802 1X is the recommended security mode The incorporation of the RADIUS server makes it superior to the WPA PSK security mode ProCurve Access Point 530 radio1 wlan1 wpa pre shared key goodsecret ProCurve...

Страница 225: ... in authentication server on the access point or an external RADIUS server Use of the built in server automat ically establishes the RADIUS key ProCurve Access Point 530 configure ProCurve Access Point 530 config radio 1 ProCurve Access Point 530 radio1 wlan 1 ProCurve Access Point 530 radio1 wlan1 radius primary ip 192 168 1 52 ProCurve Access Point 530 radio1 wlan1 radius primary port 161 ProCur...

Страница 226: ...stations If required the access point can support both MAC address and 802 1X authentication using a RADIUS server For more informa tion see Configuring MAC Address Authentication on page 7 43 Note This configuration guide assumes that you have already configured the RADIUS server to support the access point The configuration of RADIUS server software is beyond the scope of this guide refer to the...

Страница 227: ...wing settings to send user session information from the access point to a RADIUS accounting server Internal Server Enables the access point to use the internal server for authentication The default is Enable IP Address Specifies the IP address of the RADIUS server The default is 0 0 0 0 which indicates Disabled Port The User Datagram Protocol UDP port number used by the RADIUS server for accountin...

Страница 228: ...ts to establish communication again with the primary server If communication with the primary server is reestablished the secondary server reverts to a backup role The default is Disable Internal Server as Failover Enables the internal server to begin authenticating in the event that the primary server is disconnected The default is Disabled Figure 7 5 Configuring RADIUS Servers on the Access Poin...

Страница 229: ...IP address and other parameters in the appropriate fields Otherwise leave the IP address as all zeros 0 0 0 0 10 Select Internal Server as failover to ensure that RADIUS authentication remains uninterrupted if the primary server disconnects 11 Select Update to set the RADIUS servers for RADIUS authentication CLI Setting RADIUS Server Parameters CLI Commands Used in This Section The following examp...

Страница 230: ...he account Real Name Displays the real name assigned to the account Status Displays the status of the account Enabled or Disabled Enable Enables the selected account Disable Disables the selected account Remove Removes the selected account ProCurve Access Point 530 configure ProCurve Access Point 530 config radio 1 ProCurve Access Point 530 radio1 wlan 1 ProCurve Access Point 530 radio1 wlan1 radi...

Страница 231: ...t select Disable To remove the account from the system select Remove Adding New RADIUS Accounts The Local Radius screen shown in Figure 7 7 enables you to modify the RADIUS account details to use RADIUS authentication on the access point Add User Account Configure the following account details The access point limits the local radius account users to 100 Username Provides an alphanumeric text stri...

Страница 232: ...nfiguring a Local Radius User To Add Local RADIUS User Accounts 1 Select Special Features Local Radius Users tab 2 In the User Name field specify the User Name used by the RADIUS server for authentication 3 In the Real Name field specify the full name of the user that is used by the RADIUS server only for informational purposes 4 In the Password field specify the password to be associated with the...

Страница 233: ... selected file is displayed in the Restore User Database field Restore Restores selected file Return to Local Radius Return Returns to the Local Radius screen Figure 7 8 Backing Up a User Database To Create a Backup File of Local RADIUS User Accounts Information 1 Select Special Features Local Radius to display the Local RADIUS screen and user account information 2 Click backup or restore user dat...

Страница 234: ...al Features Local Radius to display the Local RADIUS screen and user account information 2 Click backup or restore user database link to display the User Database screen 3 Use Browse to select the user database file ubk file you want to restore The selected file pathname filename ubk displays in the Restore User Database field 4 Click Restore to complete the process 5 Click Return to close the Use...

Страница 235: ...nmentofVLANIDsbasedonuserauthentication An external RADIUS server is required to support assignment of VLAN IDs based on authentication of an individual user If you are using the local built in RADIUS server the RADIUS accounting feature must be disabled and or set to use an external RADIUS accounting server Command Syntax CLI Reference Page no radius local username Disabled password password real...

Страница 236: ...se the show radius local command as shown in the following example ProCurve Access Point 530 configure ProCurve Access Point 530 config radius local chris realname csmith ProCurve Access Point 530 config radius local chris password chrisopen ProCurve Access Point 530 config ProCurve Access Point 530 config ProCurve Access Point 530 config show radius local Local Radius User Accounts wireless clien...

Страница 237: ... first configure the server in the RADIUS servers screen For details on config uring RADIUS servers see Web Setting RADIUS Server Parameters on page 7 33 Authentication Order Connection requests are authenticated in the following order First against the MAC Lockout list Then against the local Access Control List Last against the RADIUS server Access Control List and RADIUS Server Client station MA...

Страница 238: ...managed If you choose to configure RADIUS MAC authentication and 802 1X AP Authentication together the RADIUS MAC address authentication occurs before 802 1X AP Authentication If RADIUS MAC authentication is successful AP Authentication is performed If RADIUS MAC authentication fails AP Authentication is not performed MAC Lockout and Client Station Deauthentication When a MAC address is added to t...

Страница 239: ...s the WLAN BSS SSID interface by removing prohib iting the selected MAC configuration MAC Address Add Adds the entered MAC address to selected ACL list List Name Specifies a new list name MAC Entry Specifies the MAC address for the list New ACL Add Adds the New ACL to the list of Access Control Lists Figure 7 9 Configuring an Access Control List To Configure the Access Control List 1 Select Manage...

Страница 240: ...ring MAC Address Authentication The MAC Authentication tab shown in Figure 7 10 enables the WLAN BSS SSID interface to be configured to use MAC authentication You can modify these parameters MAC Authentication Configures either the local or remote MAC authentication on this access point Selecting the Enabled option enables access to the Local or Remote parameters Access Control List Selects among ...

Страница 241: ... apply a configured authentication list select list from the ACL drop down 6 To allow only known MAC addresses access to the network select the Allow only stations in list policy option 7 To prohibit specific MAC addresses from gaining access to the network select the Block all stations in list policy option 8 Select Update to set MAC Authentication on the access point CLI Configuring MAC Address ...

Страница 242: ...how to display the current authentication configuration on the access point from the Manager Exec level ProCurve Access Point 530 configure ProCurve Access Point 530 config mac auth local mylist mac 00 11 22 33 44 55 ProCurve Access Point 530 config mac auth local mylist mac 00 aa bb cc dd ee ProCurve Access Point 530 config ProCurve Access Point 530 configure ProCurve Access Point 530 config radi...

Страница 243: ...re auth Disabled WPA Key Format ascii WPA ASCII Key abcdefghijklmnop WPA Hex Key not set Web Authentication Status Disabled Retry Limit 3 Username Password Login Enabled Guest Login Enabled Redirect URL www procurve com Default Login Page Enabled Default Login Failed Page Enabled Default Welcome Page Enabled RADIUS Failover To Local Disabled Retransmit Num 3 Primary Auth local built in server Prim...

Страница 244: ...ese parameters Remove Removes the selected MAC address from the MAC Lockout list Field entry Add Adds the entered MAC address to the MAC Lockout list Add Adds the entered MAC address to MAC Lockout list Figure 7 11 Configuring MAC Lockout To Configure MAC Lockout 1 Select Special Features MAC Lockout tab 2 To add a MAC address to the MAC Lockout list enter the desired MAC address and click Add 3 T...

Страница 245: ...the MAC Lockout list using the no lockout mac command Displaying the MAC Lockout list The following example shows how to display the current MAC Lockout list Command Syntax CLI Reference Page no lockout mac mac_address 9 75 show lockout mac 9 76 lockout mac clear mac_address all 9 76 ProCurve Access Point 530 configure ProCurve Access Point 530 config lockout mac 00 14 C2 A5 09 8D ProCurve Access ...

Страница 246: ...Unlike MAC Lockout a deauthenticated client station is not blocked from re authenticating CLI Commands Used in This Section Deauthenticating a device from the access point The following exam ple shows how to force a client device to deauthenticate from the access point ProCurve Access Point 530 configure ProCurve Access Point 530 config lockout mac clear all 2 MAC addresses removed from lockout li...

Страница 247: ...e Connections in client limit mode or single host mode are not supported Guidelines for AP Authentication As with normal users the user account for the AP must be created on the RADIUS server before authentication can occur Authentication is performed using the PEAP MSCHAPv2 or EAP MD5 protocol The username and password are encrypted in the access point s configu ration file If AP Authentication i...

Страница 248: ...that will take precedence over any statically defined VLAN tagging on the port If this occurs management traffic will not be sent from the port after authenti cation Web Configuring AP Authentication The AP Authentication screen shown in Figure 7 12 enables 802 1X AP authentication on the Access Point 530 You can modify the following parameters AP Authentication Enables 802 1X AP authentication fo...

Страница 249: ...Authentication on the access point by selecting the Disabled button AP Authentication is disabled and any previously used username and pass word are cleared from the access point configuration file CLI Configuring AP Authentication CLI Commands Used in This Section Enabling AP Authentication on the access point The following exam ple enables AP Authentication with username AP2167 password 21B83j0k...

Страница 250: ...s of the access point Disabling AP Authentication on the access point To remove AP Authentication on the access point use the no ap authentication command ProCurve Access Point 530 config show ap authentication AP Authentication Settings for the Access Point Status Enabled EAP Type peap ProCurve Access Point 530 config ProCurve Access Point 530 config no ap authentication ProCurve Access Point 530...

Страница 251: ...er against the AP 530 s local RADIUS server or against a specified remote RADIUS server The Web Auth Process The AP 530 controls the Web Authentication process restricting connectivity to only the access point until the user has been authenticated by the desig nated RADIUS server The main steps in the Web Auth process are 1 Associating with the AP 530 2 URL Intercept 3 Logging In 4 Authenticating ...

Страница 252: ...rough the network The AP 530 intercepts this request and redirects the user s Web browser to the Web Auth login page to initiate the authentication process Logging In Figure 7 13 Web Auth Login Screen On the Web Auth Login page the user either enters a valid username and password to authenticate against the RADIUS server or clicks the Guest button to authenticate using Guest credentials see figure...

Страница 253: ...which he or she has rights Failed Authentication If the user enters an invalid username and pass word the RADIUS server denies access and the AP 530 displays the Web Auth Invalid Credentials or Failed page figure 7 15 In this case the user s station remains in the unauthenticated Web Auth state Figure 7 15 Web Auth Failed Authentication The number of attempted logins is configurable After the maxi...

Страница 254: ... and Registered users For authentication you can specify both a primary RADIUS server and a secondary RADIUS server to ensure high availability the local RADIUS server may also be used Optional Encryption Users connecting thorough Web Auth may associate with the AP 530 s VLAN interface using No security Static WEP or WPA 2 PSK Other Security Features PAP authentication is supported Web Auth is com...

Страница 255: ...th if the IP address and subnet mask are correctly configured for connecting to the AP 530 Customizing the Authentication Screens The fields in three of the informational pages displayed during the Web Authentication process may be customized Login page Welcome page Failed page Each of the customizable pages has four text areas that may be customized by the administrator Title Text The text displa...

Страница 256: ...ed users Only guest users Both registered and guest users Login Screen Default Values Table 7 5 Login Screen Default Values Title Text Descr Text Footer Text Header Text Registered User Only Guest User Only Registered Guest User Title Text Login Page Login Page Login Page Header Text Login Page Login Page Login Page Footer Text Contact the network administrator if you do not have an account Submit...

Страница 257: ...ration is enabled see Managing Group Configuration on page 5 63 Registered User Only Guest User Only Registered Guest User Title Text Authentication Success Success Authentication Success Header Text Authentication Success Success Authentication Success Footer Text You now have access to the network You now have access to the network You now have access to the network Descriptive Text Please wait ...

Страница 258: ...te registered users and the global guest user account as described in Configuring RADIUS Client Authenti cation on page 7 32 4 Configure the Web Auth guest credentials if you are using Guest Login 5 Configure the Web Auth temporary IP address pool 6 Configure Web Auth for the WLAN a Select a login type User Login Guest Login or both b Specify the redirect URL and retry limit c Accept the default s...

Страница 259: ...ool 1 Select Web Authentication Address Pool tab 2 Enter the starting IP address in the Starting IP Address field 3 Enter the desired subnet mask in the Subnet Mask field 4 Enter the desired lease time for temporary addresses that are assigned to Web Auth users from the pool 5 Click Update CLI Configuring the Global Address Pool CLI Commands Used in This Section Command Syntax CLI Reference Page n...

Страница 260: ... for all Guest users Password Specifies the password used for all Guest users Update Updates the global Guest Account credentials Figure 7 18 Configuring Guest Account Credentials To Configure the global Guest User credentials 1 Select Web Authentication Guest Account tab 2 Enter the username to be assigned to all Guest users in the Username field ProCurve Access Point 530 config web auth starting...

Страница 261: ... global Guest user credentials that will be assigned to Web Auth Guest users Note The username and password for the global Guest User account must be registered on the selected Web Auth RADIUS server before guest users can be authenticated using Web Auth Command Syntax CLI Reference Page no web auth guest username username 9 81 no web auth guest password password 9 81 ProCurve Access Point 530 con...

Страница 262: ...uthentication screen shown in Figure 7 19 configures Web Authen tication on the selected WLAN BSS SSID interface You can modify these parameters Web Authentication Enables disables web authentication on the selected WLAN Guest Login Enables guests clients to authenticate using the username and password of the preconfigured Guest account User Login Enables registered clients to authenticate using t...

Страница 263: ... WLAN Configuration Security pop up window opens 3 Select the Web Authentication tab 4 Click Web Authentication Enabled 5 To enable Guest logins click the Guest Login box 6 To enable registered User logins click the User Login box 7 Enter the destination URL to which the user will be redirected after web authentication is successful 8 Enter the maximum number of log in attempts permitted in the Re...

Страница 264: ...LI Configuring the Global Address Pool on page 7 65 Before enabling the optional Guest Login option the Guest User creden tials must be defined as described in CLI Configuring Global Guest Account Settings on page 7 67 CLI Commands Used in This Section Command Syntax CLI Reference Page no web auth 9 82 no web auth guest login 9 82 no web auth username login 9 82 no web auth redirect url 9 82 web a...

Страница 265: ...lan 1 WLAN 1 on Radio 1 Description Radio 1 WLAN 1 Status Enabled SSID PR3_WLAN VLAN 1 Untagged BSSID 00 14 C2 A7 11 A0 DTIM Period 2 Security Type wpa psk WPA PSK Closed System Disabled MAC Auth Mode local accept list only MAC Auth List ACL 1 Authentication open system only WEP Key Type hex WEP Key 1 not set WEP Key Size 128bit WEP Key 2 not set Default Key WEP Key 1 WEP Key 3 not set WEP Key 4 n...

Страница 266: ... three tabs you can modify these same parameters Default Text When this box is checked the custom fields are disabled on the tab and the default values for all fields will be displayed on the selected screen When this box is unchecked the custom fields are enabled and their values replace the default values on the selected screen Title Text Specifies the custom Title text Header Text Specifies the...

Страница 267: ...guration Security pop up window opens 3 Select the Web Authentication tab 4 Select the Login sub tab 5 Click the Default Text box to uncheck it and to enable the fields below 6 Enter your customized Title text in the Title Text field 7 Enter your customized Header text in the Header Text field 8 Enter your customized Footer text in the Footer Text field 9 Enter your customized Descriptive text in ...

Страница 268: ...ox to check it and to clear and disable the fields below 4 Click Update CLI Customizing the Login Welcome and Failed Screens CLI Commands Used in This Section Command Syntax CLI Reference Page no web auth default login page 9 83 no web auth custom login text title title text header header text footer footer text descriptive descriptive text 9 83 no web auth default welcome page 9 83 no web auth cu...

Страница 269: ...its default values The following example customizes the resets the text fields on the Login screen to their default values The same procedure applies to the Welcome screen and the Failed screen as well using their respective commands ProCurve Access Point 530 radio1 wlan1 web auth custom login text title GS User Login ProCurve Access Point 530 radio1 wlan1 web auth custom login text header GS User...

Страница 270: ...7 76 Wireless Security Configuration Web Authentication for Mobile Users This page is intentionally unused ...

Страница 271: ...8 1 8 Special Features ...

Страница 272: ...ribution System WDS and Spanning Tree Protocol STP 8 15 Web Configuring WDS Parameters 8 19 CLI Configuring WDS Links 8 23 Web Configuring STP Parameters 8 26 CLI Establishing STP Settings 8 27 AP Detection Commands 8 30 Web Configuring AP Detection Parameters 8 30 CLI Configuring AP Detection 8 33 Probe Table 8 35 Probe Table Description 8 35 Guidelines for Configuring the Probe Table 8 35 Identi...

Страница 273: ...ods for config uring special features such as QoS upgrading software WDS AP detection and STP This chapter describes how to Configure QoS parameters Maintain configuration and upgrade files Modify WDS parameters Enable AP detection Enable and configure Probe Table settings Configure STP from the CLI ...

Страница 274: ...ss to the channel is called WSM IEEE 802 11e specifications for wireless QoS enhancements include packet prioritization scheduled access and call admission control Eager to spur interoperability among multi vendor wireless gear the Wi Fi Alliance created a certification process on a subset of 802 11e called Wi Fi Multi media WMM WMM provides four categories of relative QoS voice video best effort ...

Страница 275: ...activates QoS control of station EDCA parameters on upstream traffic flowing from the station to the access point however you can still set some parameters on the downstream traffic flowing from the access point to the client station AP EDCA parameters The default is Enabled Advanced Settings Edit Opens the WMM Settings pop up window to configure specific queue QoS parameters Update Updates the ac...

Страница 276: ...is queue Data 1 Video High priority queue minimum delay Time sensitive video data is automatically sent to this queue Data 2 Best Effort Medium priority queue medium throughput and delay Most traditional IP data is sent to this queue Data 3 Background Lowest priority queue high throughput Bulk data that requires maximum throughput and is not time sensitive is sent to this queue FTP data for exampl...

Страница 277: ...om AP to station to configure Data 0 Voice High priority queue minimum delay Time sensitive data such as VoIP and streaming media are automati cally sent to this queue Data 1 Video High priority queue minimum delay Time sensitive video data is automatically sent to this queue Data 2 Best Effort Medium priority queue medium throughput and delay Most traditional IP data is sent to this queue Data 3 ...

Страница 278: ... button 3 Click the Advanced Settings Edit button to set queue QoS parameters in the WMM Settings pop up window 4 To affect the flow from the access point to the client station down stream update the AP EDCA parameter options 5 To affect the flow from the client station to the client station upstream update the Station EDCA parameter options 6 Select Update to save the settings CLI Configuring QoS...

Страница 279: ... parameter on the AP EDCA medium priority queue ProCurve Access Point 530 radio1 qos ap params voice aifs 10 ProCurve Access Point 530 radio1 ProCurve Access Point 530 radio1 qos ap params video cwmin 1 ProCurve Access Point 530 radio1 qos ap params video cwmax 7 ProCurve Access Point 530 radio1 ProCurve Access Point 530 radio1 qos ap params background burst 1 ProCurve Access Point 530 radio1 ...

Страница 280: ...d EDCA high priority queue Using the CLI to Enable WME This example enables Wireless Multimedia Extensions as the preferred priority method ProCurve Access Point 530 radio1 qos sta params voice aifs 10 ProCurve Access Point 530 radio1 ProCurve Access Point 530 radio1 qos sta params video cwmin 1 ProCurve Access Point 530 radio1 qos sta params video cwmax 15 ProCurve Access Point 530 radio1 ProCurv...

Страница 281: ...ive Inter Contention Contention Maximum Burst Queue Frame Space Min Window Max Window Length Voice 1 3 7 1 5 Video 1 7 15 3 0 Best Effort 3 15 63 0 Background 7 15 1023 0 ProCurve Access Point 530 radio1 show qos sta params Transmission queue QoS settings for wireless stations Radio 1 Adaptive Inter Contention Contention Transmission Queue Frame Space Min Window Max Window Opportunity Limit Voice ...

Страница 282: ...nology instead of requiring the agent to inspect every packet that passes through as some other flow sampling methods do uses sample based profiling That is the agent inspects approximately every nth packet from each data source available to sFlow The sampling algorithm is designed to give a high certainty that the total traffic within a small margin of error On the Access Point 530 data sources a...

Страница 283: ...number of inbound packets outbound packets and retransmitted frames The sFlow agent obtains the counters by polling the interfaces periodically as needed to fill datagrams most efficiently However you can configure the maximum time that can elapse before an interface must be polled sFlow Collector The sFlow collector which receives samples from agents all over the network combines and analyzes the...

Страница 284: ...sage before the timeout expires the agent erases the sFlow receiver s owner string and allows another sFlow receiver to claim the instance When the collector reserves a receiver instance it also configures one or both of two types of sFlow instances One type allows the collector to receive flow samples and the other allows the collector to receive counters from polled radios When the sFlow receive...

Страница 285: ...rvicing the WDS link It is not recommended that the same WDS radio be configured to support wireless stations although it is possible to do so When a radio is configured to support both WDS and wireless stations the data handling capacity of the radio must be split between these two separate activities Thus any wireless station activity on the WDS radio reduces the data handling capacity of the WD...

Страница 286: ...Point 530 can then provide wireless WDS links for up to six other Access Point 530 units In this configuration the connected Access Point 530 the one with the Ethernet connection serves as a central access point to pass traffic to and from the other remote access points This configuration is illustrated in Figure 8 3 Figure 8 3 Wired Access Point Provides Wireless WDS Links to Wireless Access Poin...

Страница 287: ...buildings across the street from one another by attaching an Access Point 530 to each separate network and configuring with a WDS link between them This process is illustrated in Figure 8 4 In this configuration it is recommended that one radio on each access point be dedicated to the WDS link to maximize WDS link throughput the other radio can either be disabled or used to service wireless statio...

Страница 288: ... 5 In this configuration the intermediate access point serves as a repeater to bridge wireless traffic between an access point with an Ethernet connection and a more remote access point on the other side All three access points in this configuration can support wireless stations in addition to bridging network traffic between one another Figure 8 5 WDS Links with AP Repeater to Remote Access Point...

Страница 289: ... modify the following wireless parameters Spanning Tree Protocol Status Enables disables STP capabilities on the access point The default is Enabled Link 1 6 Enables disables WDS link 1 6 capabilities on the access point You can set up to six links on the access point The default is Disabled When a link is enabled the following parameters are enabled for that link Radio Selects a radio for the WDS...

Страница 290: ...WEP key for security WDS WPA Security see Figure 8 8 SSID Establishes an alphanumeric string of up to 32 characters that uniquely identifies a wireless local area network It is also referred to as the network name Note When using WPA over WDS an SSID is required and must match the SSID on the WDS partner access point for successful opera tion Key Configures WPA key for security Update Updates the ...

Страница 291: ... radio to establish the WDS link use the Radio drop down 4 Enter the remote MAC Address or if AP detection is enabled select the remote MAC Address from the drop down of the access point to which you are trying to establish the WDS link The Security mode is preconfigured when the WLAN Security is config ured See Table 7 4 WLAN 1 and WDS Security Configuration on page 7 17 5 Modify defaulted SSID i...

Страница 292: ...establish the WDS link use the Radio drop down 4 Enter the remote MAC Address or if AP detection is enabled select the remote MAC Address from the drop down of the access point to which you are trying to establish the WDS link The Security mode is preconfigured to WPA PSK when WLAN 1 Security is configured with either WPA 802 1X security or WPA PSK See Table 7 4 WLAN 1 and WDS Security Configurati...

Страница 293: ...ce Page enable 9 158 radio used 1 2 9 159 remote mac mac 9 160 wds ssid ssid required when using WPA over WDS 9 159 wep key ascii 9 162 wep key key 9 161 wep key length 64 128 9 162 wpa pre shared key key 9 163 show wds show wds wds_name 9 160 ProCurve Access Point 530 config interface wds1 ProCurve Access Point 530 wds1 enable ProCurve Access Point 530 configure ProCurve Access Point 530 config i...

Страница 294: ... key type to hexadecimal This example sets the WDS WEP key length when using static wep security The options are 64 and 128 This example defines the wep key used for data encryption on a WDS inter face Using the CLI to View WDS Parameters These examples use the show wds command to display the status of the WDS links ProCurve Access Point 530 wds1 radio used 1 ProCurve Access Point 530 wds1 remote ...

Страница 295: ...et Disabled no security ProCurve Access Point 530 wds1 ProCurve Access Point 530 wds1 show wds 1 WDS 1 Description WDSLINK Status Enabled Use Radio 1 Local MAC 00 14 C2 A4 14 BO Remote MAC 00 0D 9D C6 98 7E STP State forwarding WDS SSID marge Security Type no security from WLAN 1 WEP Key Type hex WEP Key not set WEP Key Size 128bit WPA Key goodsecret Bytes Rx 3562 Bytes Tx 7234 Packets Rx 0 Packet...

Страница 296: ...time between any two network devices this prevents the loops but establishes the redundant links as a backup in case the initial link fails If STP costs change or if one network segment in the STP becomes unreach able the spanning tree algorithm reconfigures the spanning tree topology and reestablishes the link by activating the standby path Without STP in place it is possible that both connection...

Страница 297: ...ree Protocol settings for the device The no version of the command disables STP on the device The hello time range is 1 10 the forward delay range is 4 30 and the bridge priority range is 0 65535 Command CLI Reference Page no stp hello time value forward delay value priority value 9 164 show interface ethernet 9 97 ProCurve Access Point 530 configure ProCurve Access Point 530 config stp hello time...

Страница 298: ... MAC address 00 14 C2 A5 08 CB Speed duplex auto Administrative status Enabled Management VLAN ID 1 U Untagged VLAN ID 1 Spanning Tree STP Enabled STP Port State forwarding STP Hello Interval 10 0 STP Forward Delay 10 STP Bridge Priority 255 Bytes Rx 22911 Bytes Tx 46107 Packets Rx 240 Packets Tx 299 Compressed Rx 0 Compressed Tx 0 Mcast packets Rx 0 Carrier errors Tx 0 Dropped Rx packets 0 Droppe...

Страница 299: ...ed Use Radio 1 Local MAC 00 14 C2 A5 22 61 Remote MAC 00 14 C2 A4 14 A0 STP State blocking WDS SSID WDS SSID 1 Security Type no security from WLAN 1 WEP Key Type hex WEP Key not set WEP Key Size 128bit WPA Key not set Bytes Rx 7140 Bytes Tx 76 Packets Rx 66 Packets Tx 1 Compressed Rx 0 Compressed Tx 0 Mcast packets Rx 0 Carrier errors Tx 0 Dropped Rx packets 0 Dropped Tx packets 0 FIFO overflows R...

Страница 300: ...performed without losing wireless traffic Web Configuring AP Detection Parameters The AP Detection screen provides configuration for access point detection The AP List tab shown in Figure 8 10 enables you to display and refresh the list of neighboring access points that have been detected during previous scans For each detected access point the following parameters are displayed BSSID Displays the...

Страница 301: ...n each radio This setting applies to background scanning only Range 10 3600 seconds The default is 10 Scan Duration Sets the amount of time spent scanning other channels when background scanning is being performed This setting applies to background scanning only Range 5 30 milliseconds The default is 30 Entry Expiration Time Sets expiration value for the listed detected AP entries Range 1 604800 s...

Страница 302: ...n and click the Settings tab 2 To enable scanning select Enable from the AP Detection drop down for the radio you are configuring 3 To specify the beacon transmission interval enter the interval value in the Scan Interval field 4 To specify the duration of scanning enter the duration value in the Scan Duration field 5 Select Update to save the settings ...

Страница 303: ... establishes the interval between scans Using the CLI to Set AP List Parameters This example sets the time that a detected AP remains on the AP list and sets the maximum number of AP entries displayed on the list Command CLI Reference Page no ap detection dedicated 9 136 ap detection duration value 9 137 ap detection interval value 9 138 ap detection expire time value 9 137 ap detection max entrie...

Страница 304: ...detection results ProCurve Access Point 530 radio1 ap detection expire time 55 ProCurve Access Point 530 radio1 ap detection max entries 100 ProCurve Access Point 530 radio1 show detected ap Neighboring APs BSSID SSID Sec Chan Type 00 14 02 A0 4F BC SSID1 none 3 AP 00 14 03 A2 4F DE SSID2 wpa 3 AP ProCurve Access Point 530 ...

Страница 305: ...ved PROBE request timestamp Data rate at which the PROBE was received When existing entries are updated with new PROBE requests the following attributes are modified RSSI PROBE request SSID Number of PROBE requests for this client Last received PROBE request timestamp Data rate at which the PROBE was received Guidelines for Configuring the Probe Table The Probe Table feature is disabled by default...

Страница 306: ...ist ACL Rate Limiting IDM on the Access Point 530 can be accomplished using either 802 1X authen tication or MAC authentication The 802 1X authentication is more secure while MAC authentication can be used with stations that don t have 802 1X supplicant Although it is possible to use MAC authentication along with 802 1X there are known user and ACL assignment overrides that occur Essentially both ...

Страница 307: ...s section provides general guidelines for configuring a RADIUS server to specify RADIUS based ACLs refer to the RADIUS server documentation for details A RADIUS based ACL configuration has the following Vendor and ACL identifiers ProCurve HP Vendor Specific ID 11 Vendor Specific Attribute for ACLs 61 string HP IP FILTER RAW Setting HP IP FILTER RAW permit or deny Access Control Entry ACE Note Perm...

Страница 308: ...8 38 Special Features Identity Driven Management This page is intentionally unused ...

Страница 309: ...9 1 9 Command Line Reference ...

Страница 310: ...9 16 System Management Commands 9 16 country 9 17 hostname 9 19 domain 9 20 password manager 9 21 buttons 9 21 cli confirmation 9 22 console 9 23 telnet 9 23 ssh 9 24 web management 9 24 show buttons 9 25 show console 9 26 show ssh 9 26 show system information 9 27 show version 9 29 System Logging Commands 9 30 log 9 30 logging 9 31 show debug 9 32 show logging 9 32 ...

Страница 311: ...er trap 9 43 show snmp server 9 45 snmpv3 enable 9 46 snmpv3 user name 9 47 show snmpv3 9 48 lldp 9 48 show lldp 9 49 Flash File Commands 9 50 copy 9 51 copy custom default startup config 9 51 copy startup config 9 52 copy factory default 9 53 copy running config 9 53 erase 9 54 write 9 55 show config 9 56 show copy 9 57 show tech 9 57 show custom default 9 58 show running config 9 60 Group Config...

Страница 312: ...5 show lockout mac 9 76 lockout mac clear 9 76 Client Station Deauthentication 9 78 deauth mac 9 78 Web Authentication Commands 9 79 web auth Global Address Pool 9 80 web auth Global Guest User 9 81 web auth WLAN Configuration 9 82 web auth WLAN Screen Customization 9 83 show web auth 9 85 AP Authentication Commands 9 86 ap authentication 9 86 show ap authentication 9 87 Filtering Commands 9 87 in...

Страница 313: ... 102 description 9 103 closed system 9 103 mode 9 104 antenna 9 105 antenna mode 9 105 basic rate 9 106 supported rate 9 107 channel policy 9 107 beacon interval 9 108 dtim period 9 109 max stations 9 110 preamble 9 110 protected mode 9 111 fragmentation thresh 9 111 inactivity timeout 9 112 slot time 9 113 rts threshold 9 113 tx power reduction 9 114 enable wireless 9 115 disable wireless 9 116 s...

Страница 314: ...9 132 wpa cipher tkip 9 133 wpa cipher aes 9 133 wpa psk ascii 9 134 wpa psk hex 9 134 rsn preauthentication 9 135 Neighbor AP Detection Commands 9 136 ap detection 9 136 ap detection duration 9 137 ap detection expire time 9 137 ap detection interval 9 138 ap detection max entries 9 138 show detected ap 9 139 Adaptive Tx Power Control Commands 9 140 atpc 9 140 atpc avoid other aps 9 141 atpc rf g...

Страница 315: ...show qos 9 154 rate limit 9 156 Wireless Distribution System WDS 9 157 description wds 9 157 disable wds 9 158 enable wds 9 158 wds ssid 9 159 radio used 9 159 remote mac wds 9 160 show wds 9 160 wep key wds 9 161 wep key ascii wds 9 162 wep key length wds 9 162 wpa pre shared key wds 9 163 Spanning Tree Protocol STP 9 164 stp 9 164 ...

Страница 316: ...h File Commands Configures relating to resetting configuration and factory files 9 50 RADIUS Accounting Authentication Commands Configures RADIUS accounting and authentication parameters 9 65 Radius Users Configures RADIUS users 9 69 MAC Address Authentication Configures MAC parameters 9 72 Filtering Commands Configures filtering settings 9 87 Ethernet Interface Commands Configures Ethernet interf...

Страница 317: ...ng tables is indicated by these abbrevi ations GC Global Configuration MC Manager Executive Configuration IC E Ethernet Interface Configuration IC WDS WDS Interface Configuration IC R Radio Wireless Interface Configuration and IC R WLAN WLAN Wireless Interface Configuration ...

Страница 318: ...the user Command Function Mode Page configure Set the current context level to the Global Configuration level MC 9 10 copy See Flash File Commands on page 9 50 9 51 end Sets the current context level to the Manager Exec level MC 9 11 erase See Flash File Commands on page 9 50 9 54 exit Sets the current command level to the previous command level MC 9 11 log See System Logging Commands on page 9 30...

Страница 319: ...nager Exec Example This example shows how to return to the Manager Exec level from the Ethernet Interface Configuration mode exit Thiscommandsetsthecurrentcommandleveltothepreviouscommandlevel At the Manager Exec level this command acts the same as logout Syntax exit Default Setting N A ProCurve Access Point 530 configure ProCurve Access Point 530 config ProCurve Access Point 530 ethernet end ProC...

Страница 320: ...mand terminates the CLI session Syntax logout Default Setting N A Command Mode Manager Exec Example ping This command sends ICMP echo request packets to another node on the network Syntax ping hostname ip hostname Alias of the host ip IP address of the host ProCurve Access Point 530 ethernet exit ProCurve Access Point 530 config exit ProCurve Access Point 530 exit Connection to host lost ProCurve ...

Страница 321: ...d If the host does not respond a timeout appears in ten seconds Destination unreachable The gateway for this destination indi cates that the destination is unreachable Network or host unreachable The gateway found no corre sponding entry in the route table Example reload This command performs a warm reboot on the access point This command causes all Telnet and SSH connections to loose connectivity...

Страница 322: ... configuration status on this device See show console on page 9 26 copy Shows status of the last copy operation ftp scp tftp See show copy on page 9 57 custom default Shows custom default configuration file of device See show custom default on page 9 58 debug Shows debug related information on this device See show debug on page 9 32 detected ap Showsdetectedneighboringwirelessnetworkdetails See sh...

Страница 323: ... servers on this device See show sntp on page 9 35 ssh Shows SSH configuration and the status of active connections See show ssh on page 9 26 ssid Shows SSID information on this device or radio context See show ssid on page 9 117 stations Show associated wireless station details See show stations on page 9 122 supported rate Show information about supported transmission rates on this device See sh...

Страница 324: ...e used to configure the user name password system details and a variety of other system information ProCurve Access Point 530 terminal length 1000 ProCurve Access Point 530 ProCurve Access Point 530 terminal width 1900 ProCurve Access Point 530 Command Function Mode Page country country code Set the country code for the access point GC 9 17 hostname hostname Specifies the hostname for the access p...

Страница 325: ... MC 9 23 no telnet Enables the access point to managed through a Telnet connection MC 9 23 no ssh Enables remote Secure Shell access to the device MC 9 24 no web management plaintext ssl Enables remote Web access to the device MC 9 24 show buttons Displays button status MC 9 25 show console Displays console status MC 9 26 show ssh Displays ssh status MC 9 26 show system Displays system information...

Страница 326: ... Morocco MA Taiwan Province of China TW Bermuda BM Hong Kong HK Mozambique MZ Tajikstan TJ Bolivia BO Hungary HU Myanmar MM Thailand TH Bosnia and Herzegovina BA Iceland IS Nambia NA Trinidad and Tobago TT Botswana BW India IN Netherlands NL Tunisia TN Brazil BR Indonesia ID New Zealand NZ Turkey TR Brunei Darussalam BN Iran Islamic Repubic Of IR Nicaragua NI Turkmenistan TM Bulgaria BG Iraq IQ Ni...

Страница 327: ...p config command or by pressing the reset button and clear buttons simulta neously see Appendix A Resets the configuration back to factory defaults on page A 17 Example hostname This command sets the system hostname Syntax hostname hostname Cuba CU Korea Democratic People Republic Of KP Philippines PH Yemen YE Cyprus CY Korea Republic Of KR Poland PL Zambia ZM Czech Republic CZ Kuwait KW Portugal ...

Страница 328: ...name lookups when the suffix is not obtained through DHCP The no version of this command clears the statically configured domain suffix Syntax domain domain no domain domain domain A text string to set the domain name Maximum length 50 characters Default Setting None Command Mode Global Configuration Example ProCurve Access Point 530 configure ProCurve Access Point 530 config hostname Gary ProCurv...

Страница 329: ...e buttons on the device The no command disables this ability Syntax buttons custom reset factory reset password reset system reset custom reset Enables the ability to reset this device to the custom default configuration via the buttons The no version of the command disables this devices ability to reset this device to the custom default configuration via the buttons factory reset Enables the abil...

Страница 330: ...Enabled Command Mode Global Configuration Example This example shows how to disable all the push button capabilities cli confirmation This command enables all CLI confirmation dialog prompts on the device The no command disables this ability Syntax cli confirmation no cli confirmation Default Setting Enabled Command Mode Global Configuration ProCurve Access Point 530 configure ProCurve Access Poin...

Страница 331: ... reset has been executed Syntax console no console Default Setting Enabled Command Mode Global Configuration Example telnet This command enables remote Telnet access The no version disables remote Telnet access to this device Syntax telnet no telnet Default Setting Enabled ProCurve Access Point 530 configure ProCurve Access Point 530 config cli confirmation ProCurve Access Point 530 config ProCurv...

Страница 332: ...anagement This command enables remote Web access to this device The no version disables the remote Web access to this device Syntax web management plaintext ssl no web management plaintext Enables remote HTTP insecure access to the device The no version of the command disables remote HTTP access ProCurve Access Point 530 configure ProCurve Access Point 530 config telnet ProCurve Access Point 530 c...

Страница 333: ...f the push button capabilities Syntax show buttons Default Setting N A Command Mode Manager Exec General Configuration Context Example This example displays the status of the push buttons on the access point ProCurve Access Point 530 configure ProCurve Access Point 530 config web management ssl ProCurve Access Point 530 config ProCurve Access Point 530 show buttons Custom Reset Enabled Factory Res...

Страница 334: ...sh This command displays the current SSH configuration and the status of the active SSH connections on this device Syntax show ssh Default Setting N A Command Mode Manager Exec ProCurve Access Point 530 config show console CLI Access Serial Interface Enabled Telnet Interface Enabled SSH Interface Enabled CLI Confirmation Dialogs Enabled Web Access HTTP Interface Enabled SSL Interface Enabled ProCu...

Страница 335: ... information about the device and the hostname DNS information This command is the same as the show system command Syntax show system information Default Setting N A Command Mode Manager Exec Global Configuration ProCurve Access Point 530 config show ssh SSH Status Enabled ProCurve Access Point 530 config ...

Страница 336: ...WA 01 00 Ethernet MAC Address 00 14 C2 A5 08 CB IP Address 192 168 15 100 Subnet Mask 255 255 255 0 Default Gateway 192 168 15 1 DHCP Client Enabled Management VLAN ID 1 Untagged VLAN ID 1 Radio 1 MAC Address 00 14 C2 A5 22 E0 Radio 1 Status Disabled 802 11g Radio 2 MAC Address 00 14 C2 A5 22 F0 Radio 2 Status Disabled 802 11a HTTP Interface Enabled SSL Interface Enabled SSH Interface Enabled Teln...

Страница 337: ...splays the version of the software running on the device Syntax show version Default Setting N A Command Mode Manager Exec Global Configuration Example ProCurve Access Point 530 show version Image Software Version WA 02 00 0412 Boot Software Version WAB 01 00 ProCurve Access Point 530 ...

Страница 338: ...s functionally the same as the show logging command Syntax log Default Setting N A Command Mode Manager Exec Command Function Mode Page log Displays all log entries in access point memory MC 9 30 no logging syslog_host syslog_port Adds a syslog server host IP address and assign a port number that will receive logging messages GC 9 31 show debug Displays the debugging results MC 9 32 show logging D...

Страница 339: ...ceiving syslog server Default Setting Disabled Command Mode Global Configuration ProCurve Access Point 530 log Keys M eMergency C Critical W Warning I Information A Alert E Error N Notice D Debug Event Log Listing Most Recent Events First I 01 03 00 03 57 15 login 29765 root login on ttyp0 I 01 03 00 02 28 56 login 24466 root login on ttyp0 I 01 02 00 04 00 49 login 7445 root login on ttyp0 I 01 0...

Страница 340: ...n this device Syntax show debug Default Setting N A Command Mode Manager Exec Global Configuration Example show logging This command displays all the entries in the event log on the device This command is functionally the same as the log command ProCurve Access Point 530 configure ProCurve Access Point 530 config logging 10 1 0 3 514 ProCurve Access Point 530 config ProCurve Access Point 530 show ...

Страница 341: ...bug Event Log Listing Most Recent Events First I 01 03 00 03 57 15 login 29765 root login on ttyp0 I 01 03 00 02 28 56 login 24466 root login on ttyp0 I 01 02 00 04 00 49 login 7445 root login on ttyp0 I 01 02 00 02 23 30 login 1248 root login on ttyp0 I 01 01 00 07 10 33 login 28706 root login on ttyp0 I 01 01 00 05 59 52 login 24293 root login on ttyp0 I 01 01 00 03 00 16 login 13449 root login ...

Страница 342: ...e Global Configuration Command Usage The time acquired from time servers is used to record accurate dates and times for log events Without SNTP the access point only records the time starting from the factory default set at the last bootup i e 00 14 00 January 1 1970 When SNTP client mode is enabled the sntp server command specifies the time servers from which the access point polls for time updat...

Страница 343: ...ting N A Command Mode Manager Exec Example show time This command displays the current date and time Syntax show time Default Setting N A Command Mode Manager Exec ProCurve Access Point 530 configure ProCurve Access Point 530 config sntp 10 1 0 19 time zone 480 ProCurve Access Point 530 show sntp SNTP Status Enabled SNTP Server 10 1 0 19 SNTP Time Zone 480 ProCurve Access Point 530 ...

Страница 344: ...9 36 Command Line Reference System Clock Commands Example ProCurve Access Point 530 show time Sat Jan 3 16 35 14 2008 ProCurve Access Point 530 ...

Страница 345: ... no snmp server contact contact Sets the contact string GC 9 40 snmp server port port Sets the SNMP server port number GC 9 42 no snmp server trap trap Enables and disables SNMP traps GC 9 43 show snmp server Displays the status of SNMP communications MC 9 45 SNMPv3 no snmpv3 enable Enables and disables SNMPv3 functions on the access point GC 9 46 no snmpv3user name name auth md5 sha password priv...

Страница 346: ...ecifies read only access Authorized management stations are only able to retrieve MIB objects The no version of the command clears the read only community value unrestricted Specifies read write access Authorized management stations are only able to retrieve MIB objects The no version of the command clears the read write community value Default Setting Restricted community with a public access def...

Страница 347: ...the SNMP contact name Use the no form to remove the specified contact name Syntax snmp server contact contact no snmp server contact contact Name of the contact Default Setting Command Mode Global Configuration Example ProCurve Access Point 530 config snmp server contact J Wilson ProCurve Access Point 530 config ...

Страница 348: ...gh you can set this string using the snmp server host command by itself we recommend that you define this string using the snmp server community command prior to using the snmp server host command Maximum length 32 characters Default Setting Host Address None Community String public Command Mode Global Configuration Command Usage The snmp server host command is used in conjunction with the snmp se...

Страница 349: ...location description Use the no form to remove the specified location description Syntax snmp server location location no snmp server location location Name of the contact Default Setting Command Mode Global Configuration Example ProCurve Access Point 530 config snmp server location BHall6 ProCurve Access Point 530 config ...

Страница 350: ...ill use on this device Syntax snmp server port port port The number specifying the port to which the SNMP server will listen This must be an unused port on the AP Default Setting 161 Command Mode Global Configuration Example ProCurve Access Point 530 configure ProCurve Access Point 530 config snmp server port 161 ProCurve Access Point 530 config ...

Страница 351: ...buttonUpdate clientAssociation clientAuthentication clientDeAuthenticate clientReAssociation clientRequestFailure dot1XAuthFailure dot1XAuthNotInitiated dot1XAuthSuccess localMacAuthFailure localMacAuthSuccess mgmtAccessUpdate mgmtVlanIdUpdate possibleNeighborAp radioAntennaUpdate radiusAcctUpdate radiusServerFailover remoteMacAddrAuthFail remoteMacAddrAuthSucc sysConfigFileTransfer systemDown sys...

Страница 352: ...Command Line Reference Network Management Application Commands Example ProCurve Access Point 530 configure ProCurve Access Point 530 config snmp server trap radiusAcctUpdate ProCurve Access Point 530 config ...

Страница 353: ...onUpdate Enabled hpWlanClientAssociation Enabled hpWlanApInterfaceUpdate Enabled hpWlanClientDeAuthentication Enabled hpWlanClientAuthentication Enabled hpWlanClientRequestFailure Enabled hpWlanClientReAssociation Enabled hpWlanDot1XAuthNotInitiated Enabled hpWlanDot1XAuthFailure Enabled hpWlanLocalMacAuthClientFailure Enabled hpWlanDot1XAuthSuccess Enabled hpWlanLocalMacAuthClientSuccess Enabled ...

Страница 354: ... Access Point 530 config ProCurve Access Point 530 config snmpv3 enable ProCurve Access Point 530 config show snmpv3 SNMPv3 Enabled SNMP engine ID 00 00 00 0b 00 00 00 14 c2 a5 6a b3 SNMPv3 user accounts Username Auth Protocol Privacy Protocol tjameson MD5 AES ProCurve Access Point 530 config no snmpv3 enable ProCurve Access Point 530 config show snmpv3 SNMPv3 Disabled SNMP engine ID 00 00 00 0b 0...

Страница 355: ...ettings md5 Uses MD5 authentication sha Uses SHA authentication auth pass The password for the selected authentication method priv Adds a privacy method to the user settings des Uses DES encryption aes Uses AES encryption priv pass The password for the selected privacy method Default Setting None Command Mode Global Configuration Example Related Commands snmpv3 enable page 9 46 show snmpv3 page 9 ...

Страница 356: ...ble page 9 46 snmpv3 user name page 9 47 lldp This command enables Link Layer Discovery Protocol LLDP service on the device The no version of the command disables LLDP on the device Syntax lldp no lldp Default Enabled ProCurve Access Point 530 show snmpv3 SNMPv3 Enabled SNMP engine ID 00 00 00 0b 00 00 00 14 c2 a5 09 8c SNMPv3 user accounts Username Auth Protocol Privacy Protocol ltulina MD5 AES a...

Страница 357: ...nk Layer Discovery Protocol LLDP service on the device Syntax show lldp Default N A Command Mode Global Configuration Example ProCurve Access Point 530 configure ProCurve Access Point 530 config lldp ProCurve Access Point 530 config ProCurve Access Point 530 configure ProCurve Access Point 530 config show lldp LLDP Status Enabled ProCurve Access Point 530 config ...

Страница 358: ... default Reset a configuration file to the factory default configuration on the device MC 9 53 copy running config startup config custom default Reset a configuration file to the running configuration on the device MC 9 53 erase Reset the specified configuration file stored on the device MC 9 54 write View or save the running configuration of the device MC 9 55 show config Display the startup conf...

Страница 359: ...guration file This operation will replace the existing startup configuration file on the device ip The IP address of the remote server file The filename of the file on the remote server user name user password pass Specifies the username and password for the FTP and SCP remote servers Default Setting N A Command Mode Manager Exec Example copy custom default startup config This command sets the sta...

Страница 360: ...p tftp flash startup config ip file user name user password pass startup config Specifies that the type of file to copy is the startup configuration file ftp scp tftp Specifies the type of remote server where the file will be placed Possible servers are File Transfer Protocol FTP Secure Copy Protocol SCP and the Trivial File Transfer Protocol TFTP ip The IP address of the remote server file The fi...

Страница 361: ...efault Reset the default configuration file to contain the same settings as the factory default configuration file Default Setting N A Command Mode Manager Exec Example copy running config This command saves the running default to a configuration file on the device Syntax copy running default startup config custom default ProCurve Access Point 530 copy startup config ftp 192 168 1 52 copystart use...

Страница 362: ...le Default Setting N A Command Mode Manager Exec Example Related Commands write page 9 55 erase This command resets the specified configuration file stored on the device Syntax erase custom default startup config custom default Resets the customer modified version of the factory default configuration startup config Resets the startup configuration to the custom default configuration and reloads th...

Страница 363: ... of the device Syntax write memory terminal memory Copies the running configuration to the startup configuration file This is the same as the copy running default startup config command terminal Displays the running configuration of the device on the terminal Default Setting N A Command Mode Manager Exec Example Related Commands copy running config page 9 53 ProCurve Access Point 530 erase startup...

Страница 364: ...cy wep key length 104 wep key length radio wlan1 radio wds ssid WDS SSID 2 wds ssid wep key ascii no wep key ascii wds wpa psk format ascii wds wpa psk format description Wireless Distribution System Link 2 description interface interface name wlan0wds4 type wds type status down status wds security policy no security wds security policy wep key length 104 wep key length radio wlan1 radio wds ssid ...

Страница 365: ...nfiguration Example show tech This command displays the output of a predefined command sequence used by technical support Syntax show tech Default Setting N A Command Mode Manager Exec Global Configuration ProCurve Access Point 530 show copy Copy Operation Status FTP SCP TFTP Last software image flash copy result not initiated Last configuration file copy result not initiated ProCurve Access Point...

Страница 366: ...0 show tech Description Radio 1 WLAN 10 Status Disabled SSID SSID 10 VLAN None BSSID not assigned yet DTIM Period 2 Security Type no security No Sec Closed System Disabled MAC Auth Mode local deny list only MAC Auth List not set Authentication open system only WEP Key Type hex WEP Key 1 WEP Key Size 128bit WEP Key 2 Default Key WEP Key 1 WEP Key 3 WEP Key 4 WPA or WPA2 WPA and WPA2 WPA Cipher TKIP...

Страница 367: ...ds security policy wep key length 104 wep key length radio wlan1 radio wds ssid WDS SSID 2 wds ssid wep key ascii no wep key ascii wds wpa psk format ascii wds wpa psk format description Wireless Distribution System Link 2 description interface interface name wlan0wds0 type wds type status down status wds security policy wpa psk wds security policy wep key length 104 wep key length remote mac remo...

Страница 368: ...key length radio wlan1 radio wds ssid WDS SSID 2 wds ssid wep key ascii no wep key ascii wds wpa psk format ascii wds wpa psk format description Wireless Distribution System Link 2 description interface interface name wlan0wds4 type wds type status down status wds security policy no security wds security policy wep key length 104 wep key length radio wlan1 radio wds ssid WDS SSID 5 wds ssid wep ke...

Страница 369: ...enables or disables the group configuration feature on the access point Syntax no group config group config Enables the group configuration feature no group config Disables the group configuration feature Default Setting N A Command Mode Global Configuration Example Command Function Mode Page no group config Enables and disables the group configuration feature on the access point GC 9 61 group con...

Страница 370: ...wing example specifies that the access point will belong to group WHBldg22 group config member id The command sets an optional string that identifies the access point within the group The member id identifies the access point in the member list Syntax group config member id member id ProCurve Access Point 530 configure ProCurve Access Point 530 config group config ProCurve Access Point 530 config ...

Страница 371: ... access point in the member list as AP1 show group config The command displays the current group configuration settings for the access point Syntax show group config show group config Displays the current group configuration settings Default Setting None Command Mode Manager Exec ProCurve Access Point 530 configure ProCurve Access Point 530 config group config member id AP1 ProCurve Access Point 5...

Страница 372: ...eference Group Configuration Example ProCurve Access Point 530 show group config Status Enabled Group name WHBldg22 Member ID AP1 mac ip 00 14 C2 A5 09 8C 10 0 1 101 00 14 C2 A5 6A B3 10 0 1 102 ProCurve Access Point 530 ...

Страница 373: ...mand disables use of the primary RADIUS accounting server by clearing the IP address setting secondary Configure settings IP port key for the secondary RADIUS accounting server The no version of the command disables use of the secondary RADIUS accounting server by clearing the IP address setting ip ip The IP address of the RADIUS server port port The port of the RADIUS server key key The shared se...

Страница 374: ...mmand disables use of the local built in RADIUS authentication server as an additional server retransmit limit Set the number of retry attempts that are made to a RADIUS authentication accounting server until switching to the next server on the list The no version of the command is not available for this parameter Valid values 1 30 Default Setting Disabled Retransmit value set to 3 Command Mode WL...

Страница 375: ...condary RADIUS authentication server by clearing the IP address setting ip ip The IP address of the RADIUS server Default is 192 168 1 10 local Use the local built in radius server port port The port of the RADIUS server key key The shared secret string for the RADIUS server mac auth password password Set the password that will be used by wireless stations for remote MAC authentication with the pr...

Страница 376: ...ace Configuration Example ProCurve Access Point 530 configure ProCurve Access Point 530 config radio 1 ProCurve Access Point 530 radio1 wlan 1 ProCurve Access Point 530 radio1 wlan1 radius primary key open ProCurve Access Point 530 radio1 wlan1 radius primary ip 192 168 1 53 ProCurve Access Point 530 radio1 wlan1 radius primary mac format multi colon ProCurve Access Point 530 radio1 wlan1 ...

Страница 377: ... the command removes the user account with the specified username Maximum characters 50 disabled Set the user account to be disabled The no version of the command re enables the user account password Specifies the password to be used with the user account Range 1 32 alphanumeric characters realname Specifies the real name for the account holder on the user account No spaces Maximum characters 50 D...

Страница 378: ...displays user account information for the internal RADIUS server on this device Syntax show radius local Default Setting N A Command Mode Manager Exec ProCurve Access Point 530 configure ProCurve Access Point 530 config radius local chris ProCurve Access Point 530 config radius local chris password chrisopen ProCurve Access Point 530 config ProCurve Access Point 530 configure ProCurve Access Point...

Страница 379: ...eference RADIUS Users Example ProCurve Access Point 530 configure ProCurve Access Point 530 config show radius local Username Real Name Status MSmith Mr Smith Enabled Chris CSmith Enabled ProCurve Access Point 530 config ...

Страница 380: ... and all entries in the entire list macaddress Specifies an entry in the authentication control list by MAC address The no version of the command removes the specific MAC address entry from the specific MAC address authentication control list Valid format is 00 00 00 00 00 00 FF FF FF FF FF FF accept list The wireless stations whose MAC address is on the list will be allowed access to the device d...

Страница 381: ...x mac auth remote no mac auth remote Default None Command Mode WLAN Interface Configuration Example ProCurve Access Point 530 configure ProCurve Access Point 530 config radio 1 ProCurve Access Point 530 radio1 wlan 1 ProCurve Access Point 530 radio1 wlan1 mac auth local Bob accept list ProCurve Access Point 530 radio1 wlan1 ProCurve Access Point 530 configure ProCurve Access Point 530 config radio...

Страница 382: ...ice Syntax show mac auth local name name Displays only MAC address entries for the specified list Default N A Command Mode WLAN Radio Interface Configuration Example ProCurve Access Point 530 show mac auth local mylist MAC address entries for authentication control list mylist MAC Addresses 00 11 22 33 44 55 00 aa bb cc dd ee ProCurve Access Point 530 ProCurve Access Point 530 ...

Страница 383: ...address entry from the MAC Lockout list Valid format is 00 00 00 00 00 00 FF FF FF FF FF FF Default None Command Mode Global Configuration Example Command Function Mode Page no lockout mac mac address Adds or removes the selected MAC address to the MAC Lockout list GC 9 75 show lockout mac Shows all entries in the MAC Lockout list MC 9 76 lockout macclear mac address all ClearsaselectedMACaddresso...

Страница 384: ...ries in the MAC Lockout list on the device Syntax lockout mac clear mac address all mac address Specifies an entry in the MAC Lockout list Valid format is 00 00 00 00 00 00 FF FF FF FF FF FF all Clears all addresses from the MAC Lockout list Default None Command Mode Global Configuration ProCurve Access Point 530 show lockout mac Locked out addresses 00 14 C2 A5 09 8D 0A 16 D2 5A 23 78 Number of l...

Страница 385: ... ProCurve Access Point 530 configure ProCurve Access Point 530 config lockout mac clear all 2 MAC addresses removed from lockout list ProCurve Access Point 530 config show lockout mac No MAC addresses in lockout list ProCurve Access Point 530 config ...

Страница 386: ...ess point Syntax deauth mac mac address mac address Specifies the MAC Address to deauthenticate Valid format is 00 00 00 00 00 00 FF FF FF FF FF FF Default None Command Mode Global Configuration Example Command Function Mode Page deauth mac mac address Deauthenticates the specified MAC address from the device GC 9 78 ProCurve Access Point 530 deauth mac 00 d0 59 c8 62 dd ProCurve Access Point 530 ...

Страница 387: ...username Specifies the username that will be used for Guest user logins using Web Auth GC 9 81 no web auth guest password password Specifies the password that will be used for Guest user logins using Web Auth GC 9 81 show web auth DisplaysthecurrentWeb Authsettings MC 9 85 Per WLAN no web auth guest login EnablesordisablesWeb AuthforGuest users on the selected WLAN IC R WLAN 9 82 no web auth usern...

Страница 388: ...title title text header header text footer footer text descriptive descriptive text Specifies the custom text field values on the Web Auth Login screen IC R WLAN 9 83 no web auth default welcome page Enables or disables the default field values for the Welcome screen IC R WLAN 9 83 web auth custom welcome text title title text header header text footer footer text descriptive descriptive text Spec...

Страница 389: ... 530 config web auth starting ip address 192 168 0 1 255 255 240 0 ProCurve Access Point 530 config web auth lease time 60 ProCurve Access Point 530 config show web auth Temporary Address Pool Start 192 168 0 1 Subnet 255 255 240 0 Lease time secs 60 Guest Username lbg_guest Guest Password lbgpassword ProCurve Access Point 530 config ProCurve Access Point 530 config web auth guest username lbg_gue...

Страница 390: ... redirect url web auth retry limit retries guest login Enables or disables Web Auth for Guest users on the selected WLAN username login Enables or disables Web Auth for Registered users on the selected WLAN redirect url Specifies the URL the user is redirected to following successful Web Authentication retries Specifies the number of failed login attempts from 1 to 9 a user may make before logins ...

Страница 391: ...th redirect url www procurve com ProCurve Access Point 530 radio1 wlan1 show wlan 1 WLAN 1 on Radio 1 Description Radio 1 WLAN 1 Status Enabled SSID PR3_WLAN VLAN 1 Untagged BSSID 00 14 C2 A7 11 A0 DTIM Period 2 Security Type wpa psk WPA PSK Closed System Disabled MAC Auth Mode local accept list only MAC Auth List ACL 1 Authentication open system only WEP Key Type hex WEP Key 1 not set WEP Key Siz...

Страница 392: ...ustom login text Specifies that the following custom text is for the Login screen default welcome page Enables or disables the default field values for the Welcome screen custom welcome text Specifies that the following custom text is for the Welcome screen default failed page Enables or disables the default field values for the Failed screen custom failed text Specifies that the following custom ...

Страница 393: ... Access Point 530 radio1 wlan1 web auth custom login text header GS User Login ProCurve Access Point 530 radio1 wlan1 web auth custom login text descriptive Enter your General Services Department username and password ProCurve Access Point 530 radio1 wlan1 show wlan 1 ProCurve Access Point 530 config show web auth Temporary Address Pool Start 192 168 0 1 Subnet 255 255 240 0 Lease time secs 60 Gue...

Страница 394: ...oint password Specifies the password for the access point user no ap authentication eap type eap type eap type Specifies the EAP authentication type for the access point user either MD5 or PEAP Default Disabled Command Mode Global Configuration Example Command Function Mode Page no ap authentication Enables and disables AP authentication on the access point GC 9 86 show ap authentication Displays ...

Страница 395: ...munications between wireless stations control access to the management interface from wireless stations and filter traffic using specific Ethernet protocol types ProCurve Access Point 530 config show ap authentication Status Enabled EAP Type peap ProCurve Access Point 530 config Command Function Mode Page no inter station blocking Enables communication between wireless stations GC 9 88 no wireless...

Страница 396: ...mand Mode Global Configuration Example wireless mgmt block This command enables access to the management interfaces http telnet etc from the wireless side on the device The no version of the command disables this ability on the device Syntax wireless mgmt block no wireless mgmt block Default Disabled Command Mode Global Configuration Manager Exec Example ProCurve Access Point 530 configure ProCurv...

Страница 397: ...filters Default N A Command Mode Global Configuration Manager Exec Example ProCurve Access Point 530 configure ProCurve Access Point 530 config wireless mgmt block ProCurve Access Point 530 config ProCurve Access Point 530 show filters Traffic Security Filters Wireless Management Blocking Enabled Inter Station Blocking Disabled ProCurve Access Point 530 ...

Страница 398: ...terface IC E 9 91 disable Disables the interface IC E 9 91 description Specifies a human readable description of this interface IC E 9 92 dns primary server_1 Specifies the primary name server GC 9 92 dns secondary server_2 Specifies the secondary name server GC 9 93 no ip address ip mask ip bits dhcp Sets the IP address for the Ethernet interface IC E 9 94 no ip default gateway ip Sets the static...

Страница 399: ...ode Ethernet Interface Configuration Example disable ethernet This command disables the specified interface Syntax disable Default Setting N A Command Mode Ethernet Interface Configuration ProCurve Access Point 530 config interface ethernet ProCurve Access Point 530 ethernet ProCurve Access Point 530 config interface ethernet ProCurve Access Point 530 ethernet enable ProCurve Access Point 530 ethe...

Страница 400: ...e alphabetical description of the interface Maximum characters 1 255 Default Setting None Command Mode Ethernet Interface Configuration Example dns primary This command establishes the primary DNS server address The no version of the command clears the primary IP address if one is set and does not require for the IP to be specified ProCurve Access Point 530 config interface ethernet ProCurve Acces...

Страница 401: ... made with a DHCP server then the DHCP client must be disabled in order to implement a static ip address Example dns secondary This command establishes the secondary DNS server address The no version of the command clears the secondary IP address if one is set and does not require for the IP to be specified Syntax dns secondary server_2 server_2 A static ip address set to the secondary DNS server ...

Страница 402: ...dress and network mask bits Specifies the static network mask in CIDR notation to be used when DHCP is not used The no version of the command clears the statically assigned IP address and network mask dhcp Enables the DHCP client on this interface The no version of the command disables the DHCP client on this interface Default Setting IP address 192 168 1 1 Netmask 255 255 255 0 Command Mode Inter...

Страница 403: ...p command Valid IP addresses consist of four numbers 0 to 255 separated by periods Anything other than this format will not be accepted by the configuration program Example ip default gateway This command sets the static default gateway router for the device The no version of the command does not require parameters and resets the address of the default gateway router if any Syntax ip default gatew...

Страница 404: ...x 100 half 100 Mbps half duplex 10 full 10 Mbps full duplex 100 full 100 Mbps full duplex Default Setting auto Command Mode Interface Configuration Ethernet Example show ip This command displays the IP address information static default gateway router configuration and the DHCP client configuration status on the device Syntax show ip ProCurve Access Point 530 config interface ethernet ProCurve Acc...

Страница 405: ...ion about the specified interface i e ethernet Default Setting N A Command Mode Manager Exec ProCurve Access Point 530 show ip IP Address Information System Host Name ProCurve AP 530 IP Address 192 168 1 2 Subnet Mask 255 255 255 0 Default Gateway 192 168 1 253 DHCP Client Enabled DNS Information Obtained from DHCP Domain Name Suffix example ca example net Primary DNS Server 204 127 202 0 Secondar...

Страница 406: ...s 00 14 C2 A5 08 CB Speed duplex auto Administrative status Enabled Link status add in future Management VLAN ID 1 U Untagged VLAN ID 1 Spanning Tree STP Enabled STP Port State forwarding STP Hello Interval 10 0 STP Forward Delay 10 STP Bridge Priority 255 Bytes Rx 70912184 Bytes Tx 30955292 Packets Rx 194926 Packets Tx 286333 Compressed Rx 0 Compressed Tx 0 Mcast packets Rx 0 Carrier errors Tx 0 ...

Страница 407: ...ss Information System Host Name ProCurve AP 530 IP Address 192 168 1 2 Subnet Mask 255 255 255 0 Default Gateway 192 168 1 253 DHCP Client Enabled DNS Information Obtained from DHCP Domain Name Suffix example net Primary DNS Server 204 127 202 0 Secondary DNS Server 216 148 227 00 ProCurve Access Point 530 ...

Страница 408: ...e access point can transmit traffic IC R 9 106 supported rate value Configures the maximum data rate at which the access point can transmit traffic IC R 9 107 channel policy static auto Sets the policy on the channel to static or automatic IC R 9 107 beacon interval interval Configures the rate at which beacon frames are transmitted from the access point IC R 9 108 dtim period Configures the rate ...

Страница 409: ...tarting communications IC R 9 113 tx power reduction Adjusts the power of theradiosignalstransmittedfrom the access point IC R 9 114 enable Enables the radio or SSID wireless interfaces IC R IC R WLAN 9 115 disable Disables the radio or SSID wireless interfaces IC R IC R WLAN 9 116 show radio radio Shows the status for the wireless interface MC 9 116 show wlan ssid_index Displays parameters for th...

Страница 410: ...y index number in the range 1 to 16 can be selected for an SSID interface per radio Each SSID interface name must be unique stations that want to connect to the network via the access point must set their SSIDs to match one of the access point s SSID interfaces Example ProCurve Access Point 530 configure ProCurve Access Point 530 config radio 1 ProCurve Access Point 530 radio1 ProCurve Access Poin...

Страница 411: ...aracters Default Setting Radio Radio 1 WLAN 1 SSID SSID 1 Command Mode Radio Interface Configuration WDS Radio Interface Configuration WLAN Interface Configuration Example closed system This command closes access to stations without a pre configured SSID Use the no form to disable this feature Syntax closed system no closed system Default Setting Disabled ProCurve Access Point 530 configure ProCur...

Страница 412: ...d spectrum DSSS or frequency hopping spread spectrum FHSS in the 2 4 GHz ISM band as well as comple mentary code keying CCK to provide the higher data rates It supports data rates ranging from 1 to 11 Mbps Supported on both the access point s radios 1 and 2 g 802 11g stations operate at a higher speed extension up to 54 Mbps to the 802 11b PHY while operating in the 2 4 GHz band It uses orthogonal...

Страница 413: ...iguration Example antenna mode This command sets the antenna diversity mode on this radio These settings only have an effect if the external antenna configuration is used Syntax antenna mode diversity single diversity Diversity 2 connections elements antenna system ProCurve Access Point 530 configure ProCurve Access Point 530 config radio 1 ProCurve Access Point 530 radio1 mode g ProCurve Access P...

Страница 414: ...tax basic rate value no basic rate value The transmit data rate value set Options 1 2 5 5 6 9 11 Mbps for a and b modes 1 2 5 5 6 9 11 12 18 24 36 54 Mbps for g mode Default Setting Radio 1 1 2 5 5 11 Mbps for g mode Radio 2 6 12 24 for a mode Command Mode Radio Interface Configuration Example ProCurve Access Point 530 configure ProCurve Access Point 530 config radio 1 ProCurve Access Point 530 ra...

Страница 415: ...6 54 Mbps Default Setting Options 1 2 5 5 6 9 11 12 18 24 36 54 Mbps Command Mode Interface Configuration Wireless Example channel policy This command sets the channel utilization policy on this radio Syntax channel policy auto static channel auto Automatically detect and use the least congested channel static Use the statically configured channel channel The specific channel Default Setting auto ...

Страница 416: ...fault behavior is to send a beacon frame once every 100 microseconds or 10 per second Command Mode Radio Interface Configuration Command Usage The beacon frames allow wireless stations to maintain contact with the access point They may also carry power management information Example Related Commands rate limit page 9 156 ProCurve Access Point 530 configure ProCurve Access Point 530 config radio 1 ...

Страница 417: ...necessary to wake up stations that are using Power Save mode The DTIM is the interval between two synchronous frames with broadcast multicast information The default value of 2 indicates that the access point will save all broadcast multicast frames for the Basic Service Set BSS and forward them after every second beacon Using smaller DTIM intervals delivers broadcast multicast frames in a more ti...

Страница 418: ...t Setting 256 Command Mode Radio Interface Configuration Example preamble This command sets the length of the signal preamble for this radio Syntax preamble long short long Uses a long preamble only short Uses a short or long preamble Default Setting long Command Mode Radio Interface Configuration ProCurve Access Point 530 configure ProCurve Access Point 530 config radio 1 ProCurve Access Point 53...

Страница 419: ...imum packet frame size that can be fragmented when passing through the access point Syntax fragmentation thresh value value Minimum packet frame size for which fragmentation is allowed Range 256 2346 bytes Default Setting 2346 This effectively disables fragmentation ProCurve Access Point 530 configure ProCurve Access Point 530 config radio 1 ProCurve Access Point 530 radio1 preamble short ProCurve...

Страница 420: ...setting the fragment size to send smaller fragments This will speed up the retransmission of smaller frames However it is more efficient to set the fragment size larger if very little or no interference is present because it requires overhead to send multiple frames Example inactivity timeout This command configures the length of time after which a wireless station is considered inactive if no tra...

Страница 421: ... RequesttoSend RTS signal must be sent to the receiving station prior to the sending station starting communications Syntax rts threshold threshold threshold Threshold packet size for which to send an RTS Range 0 2347 bytes Default Setting 2347 ProCurve Access Point 530 configure ProCurve Access Point 530 config radio 1 ProCurve Access Point 530 radio1 inactivity timeout 10 ProCurve Access Point 5...

Страница 422: ...tation sends a CTS frame to notify the sending station that it can start sending data Access points contending for the wireless medium may not be aware of each other The RTS CTS mechanism can solve this Hidden Node problem Example tx power reduction This command adjusts the power value of the radio signals transmitted from the access point Syntax trx power reduction value value Set the value which...

Страница 423: ... access point coverage area Default is 0 Example enable wireless This command enables either the radio ssid or wds interfaces Syntax enable Default Setting N A Command Mode Radio Interface Configuration WDS Interface Configuration WLAN Interface Configuration Example ProCurve Access Point 530 configure ProCurve Access Point 530 config radio 1 ProCurve Access Point 530 radio1 tx power reduction 5 P...

Страница 424: ...WDS Interface Configuration WLAN Interface Configuration Example show radio This command displays detailed information about the radio Syntax show radio radio radio Display detailed information about the specified radio Default Setting N A Command Mode Manager Exec ProCurve Access Point 530 configure ProCurve Access Point 530 config radio 1 ProCurve Access Point 530 radio1 disable ProCurve Access ...

Страница 425: ...nnel TX Power 1 Disabled 00 14 C2 A5 22 E0 802 11g 1 Auto 0 dBm 2 Disabled 00 14 C2 A5 22 F0 802 11a 36 Auto 0 dBm ProCurve Access Point 530 show radio 1 Description Radio 1 802 11g Base MAC 00 14 C2 A7 11 A0 Status Enabled Mode 802 11g Channel Policy Auto Channel 1 WLANs Supported 16 Preamble long CTS Protection Enabled Slot time short Beacon Interval K us 100 Max Power dBm 16 0 Power Reduction d...

Страница 426: ...security No Sec Closed System Disabled MAC Auth Mode local deny list only MAC Auth List not set Authentication open system only WEP Key Type ascii WEP Key 1 akshjsnensitk WEP Key Size 128bit WEP Key 2 not set Default Key WEP Key 1 WEP Key 3 not set WEP Key 4 not set WPA or WPA2 WPA and WPA2 WPA Cipher TKIP only WPA Pre auth Disabled WPA Key Format ascii WPA ASCII Key abcdefghijklmnop WPA Hex Key n...

Страница 427: ...o in context This is functionally equivalent to the show ssid command Syntax show wlans name statistics all name Displays detailed information about the specified WLAN SSID BSS statistics Display traffic counters in addition to information about the WLAN SSID BSS all Display information about the WLAN SSID BSS on both radios only has an effect when in a radio or WLAN context Default N A Command Mo...

Страница 428: ... Sec Disabled 7 SSID 7 not assigned yet none No Sec Disabled 8 SSID 8 not assigned yet none No Sec Disabled 9 SSID 9 not assigned yet none No Sec Disabled 10 SSID 10 not assigned yet none No Sec Disabled 11 SSID 11 not assigned yet none No Sec Disabled 12 SSID 12 not assigned yet none No Sec Disabled 13 SSID 13 not assigned yet none No Sec Disabled 14 SSID 14 not assigned yet none No Sec Disabled ...

Страница 429: ...riod 2 Security Type no security No Sec Closed System Disabled MAC Auth Mode local deny list only MAC Auth List not set Authentication open system only WEP Key Type ascii WEP Key 1 akshjsnensitk WEP Key Size 128bit WEP Key 2 not set Default Key WEP Key 1 WEP Key 3 not set WEP Key 4 not set WPA or WPA2 WPA and WPA2 WPA Cipher TKIP only WPA Pre auth Disabled WPA Key Format ascii WPA ASCII Key abcdef...

Страница 430: ...ormation about wireless stations Syntax show stations detail detail Display detailed information about associated wireless stations Default N A Command Mode Global Configuration ProCurve Access Point 530 show basic rate Basic advertised data rates Mbps Radio 1 802 11g 1 2 5 5 11 Radio 2 802 11a 6 12 24 54 ProCurve Access Point 530 ...

Страница 431: ...ion 00 11 50 55 50 11 Authenticated Yes Radio WLAN work1 2 1 Associated Yes Last RSSI 66 Forwarding n a Rate Mbps 54 Listen Interval 10 Transmitted to station packets 0 bytes 0 Received from station packets 13 bytes 1374 Station 00 15 00 47 5f 6a Authenticated Yes Radio WLAN SSID 10 1 10 Associated Yes Last RSSI Forwarding Yes Rate Mbps 54 Listen Interval 10 Transmitted to station packets 1 bytes ...

Страница 432: ...ey Defines the up to four security keys if using the static wep security IC W S 9 129 no open system authentication Enables or disables open system authentication for SSID association IC W S 9 130 no shared key authentication Enablesordisablesshared keyauthentication for SSID association IC W S 9 131 no wpa allowed no wpa2 allowed Enables or disables wireless stations to use the original WPA and W...

Страница 433: ... 8021x Use the Wi Fi Protected Access WPA and or WPA2 with a RADIUS server This is the recommended security mode Default Setting No security Command Mode WLAN Interface Configuration Command Usage When using this command to configure WPA or 802 1X for authenti cation and dynamic keying you must use the open system argument Shared key authentication can only be used when a static WEP key has been d...

Страница 434: ...on After successful 802 11 association each client is allowed to access the network When 802 1X is supported the access point supports 802 1X authen tication only for stations initiating the 802 1X authentication process The access point does NOT initiate 802 1X authentication For stations initiating 802 1X only those stations successfully authenti cated are allowed to access the network For those...

Страница 435: ... command When WEP is enabled all wireless stations must be configured with the same shared key to communicate with the access point s SSID interface When using IEEE 802 1X the access point uses a dynamic WEP keys to encrypt data sent to 802 1X enabledstations However because the access point sends the WEP keys during the 802 1X authentication process these keys do not have to appear in the client ...

Страница 436: ...rity The no version of the command sets the key type to hexadecimal Syntax wep key ascii no wep key ascii Default Setting Enabled Command Mode WLAN Interface Configuration Example ProCurve Access Point 530 configure ProCurve Access Point 530 config radio 1 ProCurve Access Point 530 radio1 wlan 1 ProCurve Access Point 530 radio1 wlan1 security static wep ProCurve Access Point 530 radio1 wlan1 wep k...

Страница 437: ...st second third and fourth wep keys used with static wep security 1 4 key Sets the character string for security The number of characters depend on the number of characters required for each WEP key depends on the Key Length and Key Type settings If Key Length is 40 bits and the Key Type is ASCII then each WEP key must be five 5 characters long If Key Length is 40 bits and Key Type is Hex then eac...

Страница 438: ...WLAN Interface Configuration Command Usage Supported authentications are open system shared key or both Example ProCurve Access Point 530 radio1 wlan1 wep key ascii ProCurve Access Point 530 radio1 wlan1 wep key length 64 ProCurve Access Point 530 radio1 wlan1 wep key 1 abcde ProCurve Access Point 530 radio1 wlan1 wep key 2 fghi ProCurve Access Point 530 radio1 wlan1 wep key 3 klmn ProCurve Access...

Страница 439: ...ion Command Usage Supported authentications are open system shared key or both Example wpa allowed wpa2 allowed Enables wireless stations to use the original WPA or WPA2 on this WLAN The no version of these commands disables stations from being able to use the original WPA or WPA2 on this WLAN Syntax wpa allowed wpa2 allowed no wpa allowed no wpa2 allowed Default Setting Both enabled Command Mode ...

Страница 440: ... key to communicate with the access point Shared secret keys can include spaces and special characters if the key is placed inside quotation marks goodsecret If the key is a string of characters with no spaces or special characters in it the quotation marks are not necessary Example ProCurve Access Point 530 radio1 wlan1 wpa allowed ProCurve Access Point 530 radio1 wlan1 wpa2 allowed ProCurve Acce...

Страница 441: ...red to establish proper WPA PSK or WPA 802 1X security When both TKIP and AES authentication methods are set both TKIP and AES stations can associate with the access point WPA stations must have either a valid TKIP or AES Key to communicate Example wpa cipher aes This command enables Advanced Encryption Standard AES for WPA on this WLAN The no version of the command disables AES for WPA on this WL...

Страница 442: ...icate Example wpa psk ascii This command enables the use of an ASCII key for WPA PSK The key must be between 8 and 63 characters Syntax wpa psk ascii Default Setting None Command Mode WLAN Interface Configuration Example wpa psk hex This command enables the use of a hex key for WPA PSK The key must be exactly 64 hex characters Syntax wpa psk hex Default Setting None ProCurve Access Point 530 radio...

Страница 443: ...o version of the command disables WPA2 stations from being able to pre authenticate Syntax rsn preauthentication no rsn preauthentication Default Setting Disabled Command Mode WLAN Interface Configuration Example ProCurve Access Point 530 radio1 wlan1 wpa psk hex ProCurve Access Point 530 radio1 wlan1 ProCurve Access Point 530 radio1 wlan1 rsn preauthentication ProCurve Access Point 530 radio1 wla...

Страница 444: ...ble to service wireless stations or WDS links if it is dedicated to AP detection The no version of this command is not available for this parameter Default Setting Disabled Command Mode Radio Interface Configuration Command Function Mode Page no ap detection dedicated Enables the periodic or dedicated detection of nearby access points IC R 9 136 ap detection duration value Sets the duration of the...

Страница 445: ...the background scanning detection of nearby access points Syntax ap detection duration value value The length of time in milliseconds Range 5 30 Default Setting 30 ms Command Mode Radio Interface Configuration Example ap detection expire time This command sets the amount of time that a dedicated AP will remain on the detected AP list after its last beacon is received Syntax ap detection expire tim...

Страница 446: ...econds between scans Range 10 3600 Default Setting 10 s Command Mode Radio Interface Configuration Example ap detection max entries This command sets the maximum amount of AP entries to be saved to the detected AP list Syntax ap detection max entries value value The maximum size of the AP list Range 1 255 Default Setting ProCurve Access Point 530 radio1 ap detection expire time 15 ProCurve Access ...

Страница 447: ...ommand Mode Manager Exec Radio Interface Configuration Example ProCurve Access Point 530 radio1 ap detection max entries 30 ProCurve Access Point 530 radio1 ProCurve Access Point 530 radio1 show detected ap Neighboring AP detection status Radio 1 AP detection Enabled 802 11g Radio 2 AP detection Disabled Neighboring APs BSSID SSID Sec Chan Type 00 14 02 a0 4F bc SSID1 none 3 AP 00 14 03 a2 4F de S...

Страница 448: ...and Function Mode Page no atpc Enables and disables Adaptive Tx Power Control on the selected radio The default is Disabled IC R 9 140 no atpc avoid other aps EnablesanddisablestheAvoidOtherAPs function The default is Disabled IC R 9 141 no atpc rf group name name ThenameusedtogroupAPsforAdaptive Transmit Power Control The default is blank IC R 9 141 atpc adapt ap ap clients Chooses between AP mod...

Страница 449: ...eighboring APs RF Group Names and SSIDs are ignored When this setting is disabled uses RF Group Name or SSIDs to determine which APs to accommodate Example atpc rf group name This command sets the name used to group APs for Adaptive Transmit Power Control Syntax no atpc rf group name group name no Clears the RF Group Name on the selected radio group name Specifies the name of the group to which th...

Страница 450: ...mand chooses between AP and AP Clients adaptive modes Syntax atpc adapt ap ap clients ap Specifies AP adaptive mode on the selected radio ap clients Specifies AP Clients adaptive mode on the selected radio Default Setting AP mode Command Mode Interface Configuration Radio Command Usage When ap mode is selected beacons and data transmissions are given the same adaptive transmit power levels When ap...

Страница 451: ... 18 in decibels that the radio s Tx Power may be attenuated when adapting to other APs on the same channel Default Setting Disabled Command Mode Interface Configuration Radio Example show atpc This command enables and disables on the selected radio Syntax show atpc Default Setting none Command Mode Global Configuration ProCurve Access Point 530 radio1 atpc adapt ap ProCurve Access Point 530 radio1...

Страница 452: ...up name AirportNet Avoid Other WLANs disabled Max Power Reduction 18 Adaptive Mode AP Current Beacon Backoff 4 dB Current Data Backoff 4 dB Radio 2 atpc disabled RF Group name not configured Avoid Other WLANs disabled Max Power Reduction 18 Adaptive Mode AP Current Beacon Backoff 0 dB Current Data Backoff 0 dB ProCurve Access Point 530 ...

Страница 453: ...using IEEE 802 1X and a central RADIUS server If a user does not have a configured VLAN ID the access point assigns the user to the default VLAN ID a number between 1 and 4094 of the associated SSID interface Example Command Function Mode Page vlan vid Configures the default VLAN for an SSID interface IC R WLAN 9 145 no untagged vlan vid Configure the global untagged VLAN ID for the AP The no vers...

Страница 454: ...e wide globally The no version of the command sets any untagged VLAN to become tagged Syntax untagged vlan vid no untagged vlan vid The identifier must be a number between 1 and 4094 Default Setting vlan 1 untagged Command Mode Ethernet Interface Configuration Example management vlan This command configures the VLAN ID for the management interfaces Web UI SNMP Telnet etc The management vlan is for...

Страница 455: ...red by a RADIUS server policy If you dynam ically assign a VLAN that has already been statically assigned to a VLAN or to the management VLAN or untagged VLAN the dynamic authentication will fail and will continue trying to authenticate ProCurve Access Point 530 configure ProCurve Access Point 530 config interface ethernet ProCurve Access Point 530 ethernet management vlan 9 ProCurve Access Point ...

Страница 456: ...e qos ap params voice video best effort background aifs aifs cwmin swmin cwmax cwmax burst burst Configure QoS related parameters on the device for this radio IC R 9 149 qos sta params voice video best effort background aifs aifs cwmin swmin cwmax cwmax txop limit txop limit Configure QoS related parameters on the wireless stations IC R 9 151 no qos wmm Enables using Wireless Multimedia Extensions...

Страница 457: ...me in milliseconds for data frames Valid values are 1 255 cwmin cwmin Specifies the Minimum Contention Window QoS parameter The value specified is the lower limit in milliseconds of a range from which the initial random backoff wait time is deter mined Valid values for the cwmin are 1 3 7 15 31 63 127 255 511 or 1024 The value for cwmin must be lower than the value for cwmax cwmax cwmax Specifies ...

Страница 458: ...ntention Maximum Burst Queue Frame Space Min Window Max Window Length Voice 1 3 7 1 5 Video 1 7 15 3 0 Best Effort 3 15 63 0 Background 7 15 1023 0 Radio 2 Adaptive Inter Contention Contention Maximum Burst Queue Frame Space Min Window Max Window Length Voice 1 3 7 1 5 Video 1 7 15 3 0 Best Effort 3 15 63 0 Background 7 15 1023 0 ProCurve Access Point 530 radio1 qos ap params voice aifs 10 ProCurv...

Страница 459: ...ds for data frames Valid values are 1 255 cwmin cwmin Specifies the Minimum Contention Window QoS parameter The value specified is the lower limit in milliseconds of a range from which the initial random backoff wait time is deter mined Valid values for the cwmin are 1 3 7 15 31 63 127 255 511 or 1024 The value for cwmin must be lower than the value for cwmax cwmax cwmax Specifies the Maximum Cont...

Страница 460: ...n Contention Maximum Burst Queue Frame Space Min Window Max Window Length Voice 1 3 7 47 Video 1 7 15 94 Best Effort 3 15 63 0 Background 7 15 1023 0 Radio 2 Adaptive Inter Contention Contention Maximum Burst Queue Frame Space Min Window Max Window Length Voice 1 3 7 47 Video 1 7 15 94 Best Effort 3 15 63 0 Background 7 15 1023 0 ProCurve Access Point 530 radio1 qos sta params voice aifs 10 ProCur...

Страница 461: ...ss Multimedia Extensions on this WLAN The no version of this command is set at the no qos and disables the quality of service on this WLAN Syntax qos wmm no qos wmm Default Setting Disabled Command Mode Radio Interface Configuration Example ProCurve Access Point 530 radio1 qos sta params background txop limit 1 ProCurve Access Point 530 radio1 ProCurve Access Point 530 radio1 qos wmm ProCurve Acce...

Страница 462: ... Interface Configuration Example tx queue ProCurve Access Point 530 radio1 show qos ap params Transmission Queue QoS Settings for the Access Point Radio 1 Adaptive Inter Contention Contention Maximum Burst Queue Frame Space Min Window Max Window Length Voice 1 3 7 1 5 Video 1 7 15 3 0 Best Effort 3 15 63 0 Background 7 15 1023 0 Radio 2 Adaptive Inter Contention Contention Maximum Burst Queue Fram...

Страница 463: ...tention Contention Transmission Queue Frame Space Min Window Max Window Opportunity Limit Voice 2 3 7 47 Video 2 7 15 94 Best Effort 3 15 1023 0 Background 7 15 1023 0 Radio 2 Adaptive Inter Contention Contention Transmission Queue Frame Space Min Window Max Window Opportunity Limit Voice 2 3 7 47 Video 2 7 15 94 Best Effort 3 15 1023 0 Background 7 15 1023 0 ProCurve Access Point 530 radio1 ...

Страница 464: ...ackets per second The no version is disabled for this parameter Valid values are any number greater than 0 burst The broadcast multicast rate burst value in packets per second Thisvalue specifiesthe lengthoftimeallowedfora packetburst Valid values are any number greater than 0 Default Setting Disabled Rate limit rate is 50 Rate limit burst is 75 Command Mode Radio Interface Configuration Example R...

Страница 465: ...on IC WDS 9 158 disable Disables the WDS link IC WDS 9 158 enable Establishes the WDS link IC WDS 9 158 radio used Sets the radio that will be used by this WDS link IC WDS 9 159 remote mac Sets the mac address for the remote connection to the access point IC WDS 9 160 show wds Displays WDS link information IC WDS 9 160 wds ssid ssid Establishes the SSID name for this WDS link IC WDS 9 159 wep key ...

Страница 466: ...and enables the WDS link Syntax enable Default Setting Disabled Command Mode WDS Interface Configuration ProCurve Access Point 530 configure ProCurve Access Point 530 config interface wds1 ProCurve Access Point 530 wds1 description WDSEXAMPLE ProCurve Access Point 530 wds1 ProCurve Access Point 530 configure ProCurve Access Point 530 config interface wds1 ProCurve Access Point 530 wds1 disable Pro...

Страница 467: ...partner access point for successful operation Default Setting WDS SSID X where X is the index of the WDS interface Command Mode WDS Interface Configuration Example radio used This command sets the radio used with this WDS link Syntax radio used 1 2 1 2 Specifies the radio number ProCurve Access Point 530 configure ProCurve Access Point 530 config interface wds1 ProCurve Access Point 530 wds1 enabl...

Страница 468: ...cation control list by MAC address Valid format is 00 00 00 00 00 00 FF FF FF FF FF FF Default None Command Mode WDS Interface Configuration Example show wds This command information about the Wireless Distribution System WDS settings on the device Syntax show wds wds_name wds_name Displays detailed information about the specified WDS Default Wireless Distribution System Link 1 ProCurve Access Poi...

Страница 469: ...then each WEP key must be 10 characters long If Key Length is 104 bits and Key Type is ASCII then each WEP Key must be 13 characters long ProCurve Access Point 530 wds1 show wds 1 WDS 1 Description WDSLINK Status Enabled Use Radio 1 Local MAC 00 14 03 A2 4F DE Remote MAC 00 0D 9D C6 98 7E STP State forwarding WDS SSID marge Security Type no security from WLAN 1 WEP Key Type hex WEP Key not set WEP...

Страница 470: ...he no version of the command sets the key type to hexadecimal Syntax wep key ascii no wep key ascii Default Setting Enabled Command Mode WDS Interface Configuration Example wep key length wds This command sets the WDS WEP key length when using static wep security Syntax wep key length 64 128 64 The 64 bit wep key length with initializing vector otherwise it is 40 bits ProCurve Access Point 530 wds...

Страница 471: ...de WDS Interface Configuration Command Usage If WPA is used in pre shared key mode all wireless stations must be configured with the same pre shared key to communicate with the access point Shared secret keys can include spaces and special characters if the key is placed inside quotation marks goodsecret If the key is a string of characters with no spaces or special characters in it the quotation ...

Страница 472: ...fies the STP forward delay interval Range 4 30 priority value Specifies the STP bridge priority Range 0 65535 Default Setting None Command Mode Global Configuration Command Usage Any two access points can be connected by only a single path either a WDS bridge wireless or an Ethernet connection wired but not both Do not create duplicate WDS links between the same two access points If you can trace ...

Страница 473: ...le ProCurve Access Point 530 configure ProCurve Access Point 530 config stp ProCurve Access Point 530 config stp hello time 5 ProCurve Access Point 530 config stp forward delay 10 ProCurve Access Point 530 config stp priority 255 ProCurve Access Point 530 config ...

Страница 474: ...9 166 Command Line Reference Spanning Tree Protocol STP This page is intentionally unused ...

Страница 475: ...A 1 A File Uploads Downloads and Resets ...

Страница 476: ...oad to the Access Point A 5 CLI Viewing Software Versions A 7 Transferring Configuration Files A 8 Web Configuration File Upload and Download A 8 CLI Performing Configuration File Commands A 10 Rebooting the Access Point A 14 Web Rebooting the System A 14 CLI Rebooting the System A 15 Manual Using the Reset and Clear Buttons A 15 Disabling the Access Point Push Buttons A 18 Web Disabling the Push ...

Страница 477: ...and upload or download config uration files These features are useful for acquiring periodic access point software upgrades and for storing or retrieving a switch configuration This appendix includes the following information Downloading access point software Transferring access point configurations ...

Страница 478: ...you save a copy of the configuration file before upgrading your access point software See Transferring Configuration Files on page A 8 for information on saving the access point s configuration file After updating the access point software be sure to clear the browser cache before attempting to manage the access point using the Web interface Assumptions for Using TFTP FTP or SCP To Download Softwa...

Страница 479: ... automatically selected and if in the event the primary is corrupted the secondary image is utilized as a backup The Web interface enables you to modify these parameters Remote Upgrade Parameters and actions needed to perform a remote software upgrade Model Indicates the model identifier of the access point Platform Indicates the platform on the access point Software Version Indicates the current ...

Страница 480: ...ess point Valid characters A Z a z 0 9 _ Browse Performs local system search for upgrade file Update Updates the system with the specified parameters and performs any requested actions Figure A 1 Software Tab To Upload Download A Remote Software File 1 Select Management System Maintenance Software tab 2 Select FTP TFTP or SCP for the Server Type option 3 Enter IP Address File Name Username and Pas...

Страница 481: ... complete restart the access point by clicking on the Reboot button Alternatively you can reset the access point defaults and reboot the system by clicking on the Reset button on the Reset tab Resetting the access point is highly recommended CLI Viewing Software Versions CLI Commands Used in This Section Using the CLI to View Software Versions This example displays how to display the version of th...

Страница 482: ...eeded to save a running configuration Save Saves the current configuration as a personalized default Transfer Configuration Parameters and actions needed to upload or download a configuration Server Type Indicates the type of server to configure FTP TFTP SCP Default is FTP Direction Indicates whether to save the file remotely or import the file Download Restore Upload Save Default is Download Serv...

Страница 483: ...to Custom Default Resets the AP to the saved custom config file Figure A 2 Configuration Files Tab To Save A Running Configuration 1 Select Management System Maintenance Configuration Files tab 2 To save the current running configuration click Save to save the file as a custom default configuration file To Transfer A Configuration File 1 Select Management System Maintenance Configuration Files tab...

Страница 484: ...o the custom default configuration click Reset on the Reset to Custom Default option CLI Performing Configuration File Commands CLI Commands Used in This Section Command CLI Reference Page Copy Commands copy ftp scp tftp flash startup config ip file user name user password pass 9 51 write memory 9 55 copystartup config ftp scp tftp flash startup config ip file user name user password pass 9 52 cop...

Страница 485: ...onfiguration file on the device Using the CLI to Copy Config files to a Remote Server This example displays how to copy the startup configuration from the device to a remote server TFTP If using this command for a FTP or STP server you will need to include the username and password for the server ProCurve Access Point 530 copy factory default startup config ProCurve Access Point 530 ProCurve Acces...

Страница 486: ...ation on the device ProCurve Access Point 530 copy ftp flash 192 168 1 52 copystart user name chris password open ProCurve Access Point 530 ProCurve Access Point 530 write terminal xml version 1 0 config interface name wlan0wds1 radio wlan0 radio type wds type status down status wep key length 104 wep key length wep key ascii no wep key ascii description Wireless Distribution System Link 2 descrip...

Страница 487: ...adio wlan0 radio type wds type status down status wep key length 104 wep key length wep key ascii no wep key ascii description Wireless Distribution System Link 1 description interface interface name wlan0wds3 radio wlan0 radio type wds type status down status wep key length 104 wep key length wep key ascii no wep key ascii description Wireless Distribution System Link 4 description interface inte...

Страница 488: ...he last saved configuration file The Web interface enables you to perform this action Reboot Submits a request to reboot the access point A system confir mation message appears and provides opportunity to cancel NOT E During a reboot connection to the AP is lost and the browser will not stay on the System Maintenance screen while the reboot takes place Test the connec tion to find out when the pro...

Страница 489: ...s Point unit possesses two buttons that when pressed perform reset and clear operations Caut ion The Reset button is provided for your convenience but if you are concerned with the security of the access point configuration and operation you should disable it The two push buttons located on the back panel of the access point enables you to perform these actions Reset Reboots the AP Use a pointed o...

Страница 490: ... and Resets Rebooting the Access Point button while the LEDs are still flashing then the AP is rebooted Please note that this function can be disabled by the CLI or Web UI See Disabling the Access Point Push Buttons on page A 18 ...

Страница 491: ...then flash about once per second iii While the LEDs are still flashing release the clear button The configuration sets to the custom default settings and the AP is rebooted NOT E Please note that only the reset function can be disabled by the CLI or Web UI See Disabling the Access Point Push Buttons on page A 18 Resets the configuration back to factory defaults i Press the reset and clear buttons ...

Страница 492: ...on page 5 9 The Web interface enables you to perform these actions Factory Reset Enables or disables button control access back panel of the access point to a factory default file reset Default is Disabled NOT E You can not disable the factory reset if you already have disabled the Serial Interface See Setting Management Access Controls on page 5 9 Custom Reset Enables or disables button control a...

Страница 493: ...capability click Disabled for the System Reset option 5 Click Update to set the push button parameters CLI Disabling the Access Point Buttons CLI Commands Used in This Section Using the CLI to Disable the Reset and Clear Buttons On the Access Point This example displays how to disable the ability to manually use the reset and clear push buttons on the back panel of the device Command CLI Reference...

Страница 494: ...sing the CLI to View the Reset and Clear Buttons Status This example displays how to view the push button status ProCurve Access Point 530 config show buttons Custom Reset Disabled Factory Reset Disabled Password Reset Disabled System Reset Disabled ProCurve Access Point 530 config ...

Страница 495: ...B 1 B Defaults ...

Страница 496: ...ation B 5 RADIUS Accounting Authentication B 6 RADIUS Users B 6 MAC Address Authentication B 6 Web Authentication B 6 AP Authentication B 7 Filtering B 7 Ethernet Interface B 7 Wireless Interface B 8 Wireless Security B 9 AP Detection B 9 VLAN B 10 Adaptive Tx Power Control B 10 QoS B 11 Wireless Distribution System WDS B 12 ...

Страница 497: ...neral Flash File This appendix follows the syntax grouping structure in the Chapter 9 refer ence CLI section and includes the following information System Management System Logging System Clock SNMP Group Configuration RADIUS Accounting Authentication RADIUS Users MAC Address Authentication Web Authentication AP Authentication Filtering Ethernet Interface Wireless Interface Wireless Security Neigh...

Страница 498: ...cli confirmation Enabled MC 9 22 no console Enabled MC 9 23 no telnet Enabled MC 9 23 no ssh Enabled MC 9 24 no web management Enabled MC 9 24 Command Default Setting Mode Page no logging _host _port Disabled GC 9 31 Command Default Setting Mode Page sntp server None GUI is disabled NOTE The GUI System Uptime parameterdisplaysthe Coordinated Universal Time or UTC formerly Greenwich Mean Time or GM...

Страница 499: ...ntact GC 9 41 no snmp serverhost host comm Host Address None Community String public GC 9 40 snmp server port port BydefaultanSNMPagentonlylistenstorequestsfrom port 161 However you can configure this so the agent listens to requests on another port GC 9 42 snmp serverlocation location None GC 9 41 snmpv3 Disabled GC 9 46 no lldp Enabled GC 9 48 Command Default Settings Mode Page group config Disa...

Страница 500: ...smit value is 3 GC 9 66 no radius primary secondary Disabled GC 9 67 Command Default Settings Mode Page no radius local username disabled password password realname realname Ip address is 192 168 1 10 DHCP is enabled GC 9 69 Command Default Settings Mode Page no mac auth local name mac mac None GUI MAC Authentication is disabled GC 9 72 no mac auth remote None GUI MAC Authentication is disabled GC...

Страница 501: ...inter station blocking Disabled GC 9 88 no wireless mgmt block Disabled GC MC 9 88 Command Default Settings Mode Page interface interface N A GC 9 90 enable N A IC E 9 91 disable N A IC E 9 91 description None IC E 9 92 dns primary server_1 Disabled GC 9 92 dns secondary server_2 Disabled GC 9 93 no ip address ip mask ip bits dhcp IP address 192 168 1 1 Netmask 255 255 255 0 IC E 9 94 ...

Страница 502: ...6 12 and 24 Mbps for a mode IC W 9 106 supported rate value Options 1 2 5 5 6 9 11 12 18 24 36 54 Mbps IC W 9 107 channel policy static CHANNEL auto Auto IC W 9 107 beacon interval interval 100 The default behavior is to send a beacon frame once every 100 milliseconds or 10 per second IC W 9 108 dtim period 2 IC W 9 109 max stations 256 IC R 9 110 preamble long IC R 9 110 protected mode Enabled IC...

Страница 503: ...bled IC W S 9 130 no shared key auth Disabled IC W S 9 131 no wpa allowed no wpa2 allowed Both Enabled IC W S 9 131 wpa pre shared key key None IC W S 9 132 wpa cipher tkip Enabled This is the default CIPHER protocol IC W S 9 133 wpa cipher aes Disabled IC W S 9 133 rsn preauthentication Disabled IC W S 9 135 Command Default Settings Mode Page no ap detection Disabled IC R 9 136 ap detection durat...

Страница 504: ... Page no vlan None IC W S 9 145 no untagged vlan vid 1 GC 9 146 management vlan vid tagged untagged 1 MC 9 146 Command Default Settings Mode Page atpc Disabled IC R 9 140 atpc avoid other aps Disabled IC R 9 141 atpc adapt AP mode IC R 9 142 atpc max atpc atten Disabled IC R 9 143 ...

Страница 505: ... 3 0 Best Eff 3 15 63 0 Background 7 15 1023 0 IC W S 9 149 qos sta params Radio 1 Adap Inter Content Content Max Burst Queue Frame Space Min Window Max Window Length Voice 1 3 7 47 Video 1 7 15 394 Best Eff 3 15 63 0 Background 7 15 1023 0 Radio 2 Adap Inter Content Content Max Burst Queue Frame Space Min Window Max Window Length Voice 1 3 7 47 Video 1 7 15 94 Best Eff 3 15 63 0 Background 7 15 1...

Страница 506: ...ds None IC W W 9 157 enable wds Disabled IC W W 9 158 wds ssid WDS SSID X where X is the index of the WDS interface IC W W 9 159 radio used 2 IC W W 9 159 remote mac None IC W W 9 160 wep key wds None IC W W 9 161 wep key ascii wds Enabled IC W W 9 162 wep key length wds 128 IC W W 9 162 wpa pre shared key wds None IC W W 9 163 ...

Страница 507: ...C 1 C Adaptive Tx Power Control Use Cases ...

Страница 508: ...t Case 2 With RF Group Name C 5 Settings C 5 Decisions AP 1 C 5 Decisions AP 4 C 5 Results with RF Group Name C 6 Airport Model Analysis C 6 Use Model Warehouse Deployment C 7 Warehouse Case 1 Adaptive Mode AP C 7 Settings C 8 Decisions AP 1 and AP 4 C 8 Results with Adaptive Mode AP C 8 Warehouse Case 2 Adaptive Mode AP Clients C 9 Settings C 9 Results with Adaptive Mode AP Clients C 9 Warehouse ...

Страница 509: ...oncession Jimbo s also has an access point AP N which does not support In these access points the parameters that impact are configured as follows AP 1 and AP 4 operate on the same channel and as such will negotiate their power levels when is enabled AP 2 and AP 3 are not affected by as they each operate alone on their respective channels AP 1 and AP 4 are able to hear each other and both can hear...

Страница 510: ... SSID configuration with AP 4 T Mobile Since AP 1 has an SSID Boingo that is not on AP 4 AP 1 will not consider reducing power for AP 4 AP 1 AP N AP 1 T Mobile Boingo compares its SSID configuration with AP N Jimbo s Since none of the AP 1 SSIDs are on AP N AP 1 will not consider reducing power for AP N Decisions AP 4 AP 4 AP 1 AP 4 T Mobile compares its SSID configuration with AP 1 T Mobile Boing...

Страница 511: ...er reduction calculations Decisions AP 1 AP 1 AP 4 AP 1 AirportNet compares its RF Group Name with those of AP 1 AirportNet Since AP 1 and AP 4 are in the same RF Group AP 1 will consider reducing power for AP 4 AP 1 AP N Since AP N is not in the AirportNet RF Group AP 1 will not consider reducing power for AP N Decisions AP 4 AP 4 AP 1 AP 4 AirportNet compares its RF Group Name with AP 1 AirportN...

Страница 512: ...th each other while ignoring APs outside their administrative domain Whether to model a deployment after Case 1 or Case 2 depends on the desired behavior of the network It may be desirable to have greater coverage for APs that supportSSIDs thatarenotsupportedelsewhereinthenetwork InCase 1 the absence of an RF Group Name allows the only AP supporting Boingo to operate at full power If this is desir...

Страница 513: ...use Case 1 Adaptive Mode AP In this scenario there are six AP 530s in a Warehouse network AP1 AP6 The configured values in these APs for the parameters that impact Adaptive Power Control are as follows We ll look at the behavior of in AP1 and AP4 as they are on operating on the same channel and as such will be considered in each other s power control calculations Since configurations are the same ...

Страница 514: ...ttenuated based on power levels of audible APs in the RF Group but not the power levels of associated clients Decisions AP 1 and AP 4 AP 1 and AP 4 compare their RF Group Name storage 1 Since AP 1 and AP 4 are in the same RF Group each will consider reducing power for the other Results with Adaptive Mode AP The transmit power levels of AP1 and AP4 are reduced for both data and beacons Power levels...

Страница 515: ...ata power levels Data transmissions are attenuated to minimize co channel interference with the closest AP but attenuation will decrease further that is higher transmit power to maintain connection with the associated station with the lowest RSSI That is the AP will always attempt to maintain a connection with a client that might otherwise be out of range AP 1 AP 2 AP 3 AP 4 AP 5 AP 6 Channel 1 6 ...

Страница 516: ...mount and location of material coming and going through the warehouse Additionally client stations may be mounted on moving objects like forklifts that move throughout the warehouse The combination of mobile clients and varying levels of obstructions and open space mean there is no single optimum level of RF coverage that can be set on the APs For these reasons the AP Clients adaptive mode will pr...

Страница 517: ...D 1 D Open Source Licenses ...

Страница 518: ... GPL2 GNU General Public License v 2 D 4 GPL Linking Exception D 9 ClearSilver D 10 Dropbear License D 12 sFlow License D 14 LGPL GNU Lesser General Public License D 18 Intel 2 D 27 MIT D 28 BSD D 29 CMU Carnegie Mellon University D 30 OpenSSL D 3 ...

Страница 519: ...D 3 Open Source Licenses Overview This appendix includes the following information Open Source licenses ...

Страница 520: ... and that you know you can do these things To protect your rights we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights These restrictions translate to certain responsibilities for you if you distribute copies of the software or if you modify it For example if you distribute copies of such a program whether gratis or for a fee you must give ...

Страница 521: ...tice and disclaimer of warranty keep intact all the notices that refer to this License and to the absence of any warranty and give any other recipients of the Program a copy of this License along with the Program You may charge a fee for the physical act of transferring a copy and you may at your option offer warranty protection in exchange for a fee 2 You may modify your copy or copies of the Pro...

Страница 522: ...e on a medium customarily used for software interchange or b Accompany it with a written offer valid for at least three years to give any third party for a charge no more than your cost of physically performing source distribution a complete machine readable copy of the corresponding source code to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software i...

Страница 523: ...s of this License they do not excuse you from the conditions of this License If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations then as a consequence you may not distribute the Program at all For example if a patent license would not permit royalty free redistribution of the Program by all those who receive copies direct...

Страница 524: ...ion will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally NO WARRANTY 11 BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE THERE IS NO WARRANTY FOR THE PROGRAM TO THE EXTENT PERMITTED BY APPLICABLE LAW EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND OR OTHER PARTIES PROVIDE T...

Страница 525: ...D 9 Open Source Licenses GPL Linking Exception GPL2 GNU General Public License v 2 plus an exception permitting linking the library with other software ...

Страница 526: ...otonic com Alternately this acknowledgment may appear in the software itself if and wherever such third party acknowledgments normally appear 4 The names Neotonic and Neotonic ClearSilver must not be used to endorse or promote products derived from this software without prior written permission For written permission please contact clearsilver neotonic com 5 Products derived from this software may...

Страница 527: ...e Corporation For more information on Neotonic Software Corporation please see http www neotonic com Some of the concepts of this software are based on previous software developed by Scott Shambarger Paul Clegg and John Cwikla The current authors wish to thank them for their efforts Copyright 2005 Brandon Long All rights reserved ...

Страница 528: ...NTABILITY FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM DAMAGES OR OTHER LIABILITY WHETHER IN AN ACTION OF CONTRACT TORT OR OTHERWISE ARISING FROM OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE LibTomCrypt and LibTomMath are c Tom St Denis under TDCAL Tom Doesn t Care About Lic...

Страница 529: ...iction including without limitation the rights to use copy modify merge publish distribute sublicense and or sell copies of the Software and to permit persons to whom the Software is furnished to do so subject to the following conditions The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software THE SOFTWARE IS PROVIDED AS IS WITHO...

Страница 530: ...uthority domestic or foreign including all applications and registrations relating to any of the foregoing Licensee Hardware means all computers routers or other equipment owned or controlled by or on behalf of Licensee Products means any and all software applications computers routers or other equipment manufactured by or on behalf of Licensee for the purpose of resale or lease to any other third...

Страница 531: ... trademark laws and practice of such other country and v not alter or impair any acknowledgment of copyright or trademark rights of InMon that may appear in or on the Software the Documentation or the Specifications In the event InMon determines that Licensee is not complying with its obligations under clauses i v above InMon shall notify Licensee of such non compliance and if Licensee fails to co...

Страница 532: ...n or that implement the Specifications The rights and obligations contained in Sections 1 3 5 6 7 and 8 shall survive any termination of this Agreement 8 General Provisions 8 1 Assignment This Agreement shall be binding upon and inure to the benefit of the parties hereto and their permitted successors and permitted assigns InMon will have the right to assign this Agreement without notice to Licens...

Страница 533: ...h provision were so excluded and shall be enforceable in accordance with its terms The court in its discretion may substitute for the excluded provision an enforceable provision which in economic substance reasonably approximates the excluded provision 8 8 Compliance With Law Licensee shall comply with all applicable laws and regulations including privacy laws and regulations having application to...

Страница 534: ...ur General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software and charge for this service if you wish that you receive source code or can get it if you want it that you can change the software and use pieces of it in new free programs and that you are informed that you can do these things To protect your rights we need to make restrictions tha...

Страница 535: ...e ordinary General Public License It also provides other free software developers Less of an advantage over competing non free programs These disadvantages are the reason we use the ordinary General Public License for many libraries However the Lesser license provides advantages in certain special circumstances For example on rare occasions there may be a special need to encourage the widest possi...

Страница 536: ...the scripts used to control compilation and installation of the library Activities other than copying distribution and modification are not covered by this License they are outside its scope The act of running a program using the Library is not restricted and output from such a program is covered only if its contents constitute a work based on the Library independent of the use of the Library in a...

Страница 537: ...es extend to the entire whole and thus to each and every part regardless of who wrote it Thus it is not the intent of this section to claim rights or contest your rights to work written entirely by you rather the intent is to exercise the right to control the distribution of derivative or collective works based on the Library In addition mere aggregation of another work not based on the Library wi...

Страница 538: ...parameters data structure layouts and accessors and small macros and small inline functions ten lines or less in length then the use of the object file is unrestricted regardless of whether it is legally a derivative work Executables containing this object code plus portions of the Library will still fall under Section 6 Otherwise if the work is a derivative of the Library you may distribute the o...

Страница 539: ...e required form of the work that uses the Library must include any data and utility programs needed for reproducing the executable from it However as a special exception the materials to be distributed need not include anything that is normally distributed in either source or binary form with the major components compiler kernel and so on of the operating system on which the executable runs unless...

Страница 540: ...se If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations then as a consequence you may not distribute the Library at all For example if a patent license would not permit royalty free redistribution of the Library by all those who receive copies directly or indirectly through you then the only way you could satisfy both it a...

Страница 541: ...ed by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally NO WARRANTY 15 BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE THERE IS NO WARRANTY FOR THE LIBRARY TO THE EXTENT PERMITTED BY APPLICABLE LAW EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND OR OTHER PARTIES PROVIDE THE LIBRARY AS IS...

Страница 542: ... Public License as published by the Free Software Foundation either version 2 of the License or at your option any later version This library is distributed in the hope that it will be useful but WITHOUT ANY WARRANTY without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE See the GNU Lesser General Public License for more details You should have received a copy of ...

Страница 543: ... may be used to endorse or promote products derived from this software without specific prior written permission THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS AS IS AND ANY EXPRESS OR IMPLIED WARRANTIES INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED IN NO EVENT SHALL INTEL OR CONTRIBUTORS BE LIABLE FO...

Страница 544: ... subject to the following conditions The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software THE SOFTWARE IS PROVIDED AS IS WITHOUT WARRANTY OF ANY KIND EXPRESS OR IMPLIED INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT...

Страница 545: ...oped by the Computer Systems Engineering Group at Lawrence Berkeley Laboratory Neither the name of the University nor of the Laboratory may be used to endorse or promote products derived from this software without specific prior written permission THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS AS IS AND ANY EXPRESS OR IMPLIED WARRANTIES INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIE...

Страница 546: ...ithout prior written permission For permission or any legal details please contact Office of Technology Transfer Carnegie Mellon University 5000 Forbes Avenue Pittsburgh PA 15213 3890 412 268 4387 fax 412 268 7395 tech transfer andrew cmu edu 4 Redistributions of any form whatsoever must retain the following acknowledgment This product includes software developed by Computing Services at Carnegie ...

Страница 547: ...use of this software must display the following acknowledgment This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit http www openssl org 4 The names OpenSSL Toolkit and OpenSSL Project must not be used to endorse or promote products derived from this software without prior written permission For written permission please contact openssl core openssl org 5 ...

Страница 548: ... cryptsoft com Copyright remains Eric Young s and as such any Copyright notices in the code are not to be removed If this package is used in a product Eric Young should be given attribution as the author of the parts of the library used This can be in the form of a textual message at program startup or in documentation online or textual provided with the package Redistribution and use in source an...

Страница 549: ...RY OR CONSEQUENTIAL DAMAGES INCLUDING BUT NOT LIMITED TO PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES LOSS OF USE DATA OR PROFITS OR BUSINESS INTERRUPTION HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY WHETHER IN CONTRACT STRICT LIABILITY OR TORT INCLUDING NEGLIGENCE OR OTHERWISE ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE The licence and dist...

Страница 550: ...D 34 Open Source Licenses This page is intentionally unused ...

Страница 551: ... 86 B 7 AP detection B 9 configuring parameters CLI 8 33 configuring parameters Web 8 26 8 32 AP Enhanced Distribution Channel Access EDCA 8 6 ATPC B 10 ATPC use cases C 3 B burst AP EDCA 8 7 C Clear button 4 26 CLI configuration levels 3 8 keystroke shortcuts 3 15 client station deauthentication 9 78 clock system B 4 closed system 4 31 9 103 community name 5 27 community string 9 38 Country Code ...

Страница 552: ...9 69 B 6 lost password 4 26 M MAC Address Authentication AP configuration guidelines 7 44 configuring accept list CLI 7 48 7 51 configuring parameters CLI 7 48 MAC address authentication B 6 configuring parameters Web 7 45 7 46 7 50 7 64 7 66 7 68 7 72 MAC address authentication CLI 9 72 9 75 9 78 MAC Authentication 7 15 MAC lockout 9 75 maintenance configuration file commands CLI A 10 configurati...

Страница 553: ...ode CLI 6 11 mode Web 6 10 parameter configuration table 6 6 parameters CLI 6 21 pure G mode Web 6 20 transmit power Web 6 23 Wifi G only mode Web 6 19 RADIUS Accounting Server setting parameters CLI 5 54 RADIUS accounting server setting parameters Web 5 52 RADIUS Authentication setting RADIUS parameters CLI 7 41 RADIUS authentication setting AP RADIUS servers Web 7 33 RADIUS logon authentication ...

Страница 554: ...b 5 45 system logging B 4 system management B 4 T telnet access 3 5 time zone 5 48 5 49 5 50 9 34 TXOP Limit Station EDCA 8 8 U untagged VLAN 5 19 use cases ATPC C 3 user name using for browser or console access 4 24 V VLAN client VLAN 5 57 enabling untagged VLAN Web 5 59 enabling VLAN support CLI 5 61 management VLAN 5 58 setting a management VLAN Web 5 58 tagged and untagged VLANs 5 58 VLAN tag ...

Страница 555: ......

Страница 556: ...ange without notice Copyright 2008 Hewlett Packard Development Company L P Reproduction adaptation or translation without prior written permission is prohibited except as allowed under the copyright laws December 2008 Manual Part Number 5991 2193 5991 2193 ...

Отзывы:

Нет отзывов

Бренды по названию

Популярные бренды

Загрузить еще бренды