Wireless/Redundant Edge Services xl Module Management and Configuration Guide WS.02.xx and greater
Table Of Contents
- ProCurve Wireless Edge Services xl Module and ProCurve Redundant Wireless Services xl Module
- Title Page
- Copyright and Disclaimer Notices
- Table of Contents
- 1. Introduction
- Contents
- ProCurve Wireless Edge Services xl Module
- Wireless Networks and WLANs
- The Interface Between the Wireless and Wired Networks
- Layer 2 and Layer 3 Operation
- Determining the Layer 3 Services Your Wireless Edge Services xl Module Should Provide
- IP Routing
- DHCP Services
- Security Features
- Traffic Management and QoS
- Management Capabilities and sFlow
- RP Licensing
- Radio Ports
- Redundancy Groups
- Layer 2 and Layer 3 Roaming Between RPs and Modules
- 2. Configuring the ProCurve Wireless Edge Services xl Module
- Contents
- Management Interfaces
- Radio Port Adoption
- System Maintenance
- Software Images
- Configuration Files
- Viewing Configuration Files
- Transferring, or Copying, Files
- Transferring Configuration Files from an FTP or TFTP Server to the Wireless Edge Services xl Module
- Transferring Configuration Files from the Wireless Edge Services xl Module to Another Destination
- Managing the Directory Structure and Browsing for Files
- Deleting a Configuration File
- Returning the Startup-Config File to Factory Default Settings
- Update Server
- Password Encryption
- SNMP Traps and Error Reporting
- Radio Port Licenses
- Setting System Information-Name, Time, and Country Code
- Enabling Secure Network Time Protocol (NTP)
- Digital Certificates
- 3. Radio Port Configuration
- 4. Wireless Local Area Networks (WLANs)
- Contents
- Overview
- Configuration Options: Normal Versus Advanced Mode
- Configuring a WLAN
- VLAN Assignment
- Traffic Management (QoS)
- 5. Web Authentication for Mobile Users
- 6. IP Services-IP Settings, DHCP, and DNS
- 7. Access Control Lists (ACLs)
- 8. Configuring Network Address Translation (NAT)
- 9. Fast Layer 2 Roaming and Layer 3 Mobility
- 10. Redundancy Groups
- Contents
- High Availability for Wireless Services
- Configuring a Redundancy Group
- Configuring Redundancy Group Settings
- Adding Members to the Redundancy Group
- Enabling Redundancy
- Viewing Information about the Redundancy Group
- Viewing Information about the Other Members of the Redundancy Group
- Setting up Adoption Preference IDs to Control RP Adoption
- Reverting RPs Adopted by a Standby Member to the Active Member
- 11. RADIUS Server
- Contents
- Overview
- RADIUS Authentication
- Configuring the Internal RADIUS Server
- Choosing the Authentication Type for 802.1X/EAP
- Specifying the RADIUS Server’s Digital Certificate
- Choosing the Source for User Credentials
- Configuring the Local RADIUS Database
- Using LDAP for the Data Source
- Specifying a Domain Proxy RADIUS Server
- Specifying Global RADIUS Settings
- Adding RADIUS Clients
- Starting and Stopping the RADIUS Server
- Enabling Authentication to the Internal Server on a WLAN
- Configuring the Internal RADIUS Server
- RADIUS Accounting
- 12. Configuring Tunnels with Generic Routing Encapsulation
- 13. Wireless Network Management
- Contents
- Overview
- Monitoring the Wireless Network
- AP Detection
- Configuring Station Intrusion Detection
- Logging and Alarms
- MAC Filters (Local MAC Authentication)
- Network Self Healing
- 14. sFlow Agent
- Appendix A - ProCurve Wireless Services xl Module Command Line Reference
- Contents
- Overview
- Manager Commands
- Global Commands
- Interface Commands
- Wireless Commands
- Show Commands
- Show Commands (All Contexts)
- show alarm-log
- show commands
- show crypto
- show debug
- show file
- show flash
- show history
- show hostname
- show interfaces
- show ip
- show licenses
- show logging
- show management
- show password-encryption
- show redundancy-group
- show redundancy-history
- show redundancy-member
- show running-config
- show snmp
- show sntp
- show startup-config
- show terminal
- show time
- show timezone
- show upd-server
- show upgrade-status
- show version
- show vlans
- Show Commands (Wireless)
- show wireless ap-detection-config
- show wireless approved-aps
- show wireless channel-power
- show wireless config
- show wireless ids
- show wireless mac-auth-local entries
- show wireless phrase-to-key
- show wireless radio-config
- show wireless radio-statistics
- show wireless radio-status
- show wireless regulatory
- show wireless rp-images
- show wireless rp-status
- show wireless rp-unadopted
- show wireless self-heal-config
- show wireless station
- show wireless station-statistics
- show wireless unapproved-aps
- show wireless web-auth-config
- show wireless wireless-module-statistics
- show wireless wlan-config
- show wireless wlan-statistics
- Support Commands
- Support Commands (All Contexts)
- Support Commands (Wireless)
- Index
- Back Cover
4-59
Wireless Local Area Networks (WLANs)
Configuring a WLAN
Check these boxes to enable the Wireless Edge Services xl Module’s
fast roaming capabilities:
– PMK Caching—The RP and the wireless station agree on a PMK
identifier for their session, which each stores even after the
station disassociates. If the wireless station roams back to the RP,
the two can quickly exchange the PMK identifier and renegotiate
necessary keys, instead of completing the entire authentication
process.
– Opportunistic Key Caching—This capability further speeds roam-
ing between RPs that are connected to the same module. The
wireless station can use the same PMK to associate to any RP that
connects to the module.
– Pre-Authentication—Pre-authentication speeds roaming for sta-
tions that move from an RP on a different Wireless Edge Services
to an RP on this module.
The station must also support pre-authentication. It listens for
beacons from other RPs that support its SSID and authenticates
to them before it roams. The station sends its EAP messages
through its current RP, and that RP’s module broadcasts the EAP
messages throughout the wired network. Pre-authentication
allows your module to listen for and respond to EAP messages
destined to its RPs. The module must be on the same subnetwork
as the original module to receive the EAP messages.
d. After you have configured all the advanced options that you desire,
click the OK button.
5. Click the OK button.
Configuring WPA/WPA2-PSK. As noted above, WPA/WPA2 typically
requires 802.1X authentication. However, for networks that do not have a
RADIUS server, you can set a password, or preshared key, instead of enforcing
802.1X. All users must enter this same preshared key to connect to the WLAN.
Although a preshared key is less secure than 802.1X authentication, the WPA/
WPA2 encryption is still quite strong. WPA/WPA2-PSK is a far better option
than static WEP for small to medium networks.
For more information on WPA/WPA2 encryption, see the introduction to
“Configuring WPA/WPA2 with 802.1X” on page 4-55. To configure WPA/WPA-
PSK on a WLAN complete these steps:
1. Access the Edit screen for the WLAN that is to use WPA/WPA2-PSK:
a. Select Network Setup > WLAN Setup and click the Configuration tab.
b. Select the WLAN and click the Edit button. The Edit screen is displayed.
(See Figure 4-30.)