Wireless Edge Services xl Module Release Notes WS.02.27
Table Of Contents
- Release Notes: Version WS.02.27 Software for the ProCurve Wireless Edge Services xl Module (J9001A) and the ProCurve Redundant Wireless Services xl Module (J9003A)
- Copyright and Disclaimers
- Contents
- Software Management
- Support Notes
- Release WS.02.07
- Reconfigure Management Passwords After a Software Update from Version WS.01.xx to Version WS.02.xx
- Accessing the Web Browser Interface After a Software Update from Version WS.01.xx to Version WS.02.xx
- Configuring Authentication for Web-Users
- Special Characters for the ACL ID Field
- Correction: SNMP v3 Default Password
- Correction: Stations per Radio
- Correction: Stations per Module in a Layer 3 Mobility Domain
- Correction: Disabling TKIP Countermeasures
- Clarification: Setting Intrusion Detection with TKIP Countermeasures
- Release WS.02.07
- Enhancements
- Software Fixes
- Known Software Issues and Limitations
- Back Cover
16
Support Notes
Release WS.02.07
Correction: Stations per Module in a Layer 3 Mobility Domain
The xl Module's Management and Configuration Guide (August 2007), pages 1-84 and 9-6, incor-
rectly states that a Layer 3 Mobility Domain can include up to 12 modules, each of which can support
up to 500 stations. Instead, the number of local stations per module is 4096.
Correction: Disabling TKIP Countermeasures
TKIP countermeasures are used to prevent “man-in-the-middle” TKIP attacks by disabling client
connections for a short period of time. In some cases, it may be desirable to disable TKIP Counter-
measures. The xl Module’s Management and Configuration Guide (August 2007) includes a
command that is not available for disabling TKIP Countermeasures:
no support wireless tkip-countermeasures
The following command effectively disables TKIP Countermeasures:
ProCurve(wireless-services-C)(config-wireless)#wlan 1 dot11i tkip-cntrmeas-hold-time ?
<0-65535> The hold-time in seconds. Default = 60
ProCurve(wireless-services-C)(config-wireless)#wlan 1 dot11i tkip-cntrmeas-hold-time 0
where 1 specifies the WLAN index in this example, and 0 specifies the hold-time (in seconds) in
which clients are disconnected.
Clarification: Setting Intrusion Detection with TKIP Countermeasures
Intrusion Detection System (IDS) commands can be used to filter a station that set off IDS. Setting
the following IDS parameters will blacklist the client for the amount of time set in the ageout (ageout
time can be up to one day).
ProCurve(wireless-services-C)(config-wireless)#ids anomaly-detection tkip-countermeasures enable
ProCurve(wireless-services-C)(config-wireless)#ids anomaly-detection tkip-countermeasures filter-
ageout 60
where 60 in this example is the ageout duration (seconds) in which mobile units will be filtered
out. A value of 0 - 86400 seconds can be configured.