Wireless/Redundant Edge Services xl Module Management and Configuration Guide WS.02.xx and greater
Table Of Contents
- ProCurve Wireless Edge Services xl Module and ProCurve Redundant Wireless Services xl Module
- Title Page
- Copyright and Disclaimer Notices
- Table of Contents
- 1. Introduction
- Contents
- ProCurve Wireless Edge Services xl Module
- Wireless Networks and WLANs
- The Interface Between the Wireless and Wired Networks
- Layer 2 and Layer 3 Operation
- Determining the Layer 3 Services Your Wireless Edge Services xl Module Should Provide
- IP Routing
- DHCP Services
- Security Features
- Traffic Management and QoS
- Management Capabilities and sFlow
- RP Licensing
- Radio Ports
- Redundancy Groups
- Layer 2 and Layer 3 Roaming Between RPs and Modules
- 2. Configuring the ProCurve Wireless Edge Services xl Module
- Contents
- Management Interfaces
- Radio Port Adoption
- System Maintenance
- Software Images
- Configuration Files
- Viewing Configuration Files
- Transferring, or Copying, Files
- Transferring Configuration Files from an FTP or TFTP Server to the Wireless Edge Services xl Module
- Transferring Configuration Files from the Wireless Edge Services xl Module to Another Destination
- Managing the Directory Structure and Browsing for Files
- Deleting a Configuration File
- Returning the Startup-Config File to Factory Default Settings
- Update Server
- Password Encryption
- SNMP Traps and Error Reporting
- Radio Port Licenses
- Setting System Information-Name, Time, and Country Code
- Enabling Secure Network Time Protocol (NTP)
- Digital Certificates
- 3. Radio Port Configuration
- 4. Wireless Local Area Networks (WLANs)
- Contents
- Overview
- Configuration Options: Normal Versus Advanced Mode
- Configuring a WLAN
- VLAN Assignment
- Traffic Management (QoS)
- 5. Web Authentication for Mobile Users
- Contents
- Overview
- Configuring Web-Auth
- Configuring Basic Options and Accessing the Web-Auth Screen
- Configuring Internal Web-Auth Pages
- Configuring Web-Auth to an External Web Server
- Loading Custom Pages onto the Wireless Edge Services xl Moduleās Internal Server (Advanced)
- Configuring the Allow List
- Configuring Encryption for a Web-Auth WLAN
- Copying Logo Files to the Moduleās Flash
- Configuring Custom Web-Auth Pages
- 6. IP Services-IP Settings, DHCP, and DNS
- 7. Access Control Lists (ACLs)
- 8. Configuring Network Address Translation (NAT)
- 9. Fast Layer 2 Roaming and Layer 3 Mobility
- 10. Redundancy Groups
- Contents
- High Availability for Wireless Services
- Configuring a Redundancy Group
- Configuring Redundancy Group Settings
- Adding Members to the Redundancy Group
- Enabling Redundancy
- Viewing Information about the Redundancy Group
- Viewing Information about the Other Members of the Redundancy Group
- Setting up Adoption Preference IDs to Control RP Adoption
- Reverting RPs Adopted by a Standby Member to the Active Member
- 11. RADIUS Server
- Contents
- Overview
- RADIUS Authentication
- Configuring the Internal RADIUS Server
- Choosing the Authentication Type for 802.1X/EAP
- Specifying the RADIUS Serverās Digital Certificate
- Choosing the Source for User Credentials
- Configuring the Local RADIUS Database
- Using LDAP for the Data Source
- Specifying a Domain Proxy RADIUS Server
- Specifying Global RADIUS Settings
- Adding RADIUS Clients
- Starting and Stopping the RADIUS Server
- Enabling Authentication to the Internal Server on a WLAN
- Configuring the Internal RADIUS Server
- RADIUS Accounting
- 12. Configuring Tunnels with Generic Routing Encapsulation
- 13. Wireless Network Management
- Contents
- Overview
- Monitoring the Wireless Network
- AP Detection
- Configuring Station Intrusion Detection
- Logging and Alarms
- MAC Filters (Local MAC Authentication)
- Network Self Healing
- 14. sFlow Agent
- Appendix A - ProCurve Wireless Services xl Module Command Line Reference
- Contents
- Overview
- Manager Commands
- Global Commands
- Interface Commands
- Wireless Commands
- Show Commands
- Show Commands (All Contexts)
- show alarm-log
- show commands
- show crypto
- show debug
- show file
- show flash
- show history
- show hostname
- show interfaces
- show ip
- show licenses
- show logging
- show management
- show password-encryption
- show redundancy-group
- show redundancy-history
- show redundancy-member
- show running-config
- show snmp
- show sntp
- show startup-config
- show terminal
- show time
- show timezone
- show upd-server
- show upgrade-status
- show version
- show vlans
- Show Commands (Wireless)
- show wireless ap-detection-config
- show wireless approved-aps
- show wireless channel-power
- show wireless config
- show wireless ids
- show wireless mac-auth-local entries
- show wireless phrase-to-key
- show wireless radio-config
- show wireless radio-statistics
- show wireless radio-status
- show wireless regulatory
- show wireless rp-images
- show wireless rp-status
- show wireless rp-unadopted
- show wireless self-heal-config
- show wireless station
- show wireless station-statistics
- show wireless unapproved-aps
- show wireless web-auth-config
- show wireless wireless-module-statistics
- show wireless wlan-config
- show wireless wlan-statistics
- Support Commands
- Support Commands (All Contexts)
- Support Commands (Wireless)
- Index
- Back Cover
7-7
Access Control Lists (ACLs)
Overview
Permit and Deny. These operations allow you to control usersā network
access.
Remember, the operation only affects traffic that meets all of the criteria of
the rule. Also, the operation is explicit. That is, the module performs the
operation on selected traffic, but does not perform the opposite action on
traffic that is not selected. Instead, the module attempts to match the traffic
against the next rule in order of precedence.
However, all ACLs include an implicit deny any rule at the end, which drops
all traffic not selected by other rules. In other words, traffic is permitted only
if explicitly permitted by one of the ACLās rules. Therefore, whenever you
apply an ACL to an interface, make sure that you include a rule to permit all
traffic that you want the Wireless Edge Services xl Module to forward.
Mark. Besides deny and permit, a third operation is mark, which marks
traffic for a particular type of QoS or Type of Service (TOS). Marked traffic is
also forwarded. The mark operation only takes effect for ACLs applied to
physical interfaces.
Two protocols define QoS classes:
ā 802.1pāa mechanism for implementing QoS at Layer 2
802.1p divides traffic into different classes and provides expedited service
to traffic in higher-priority classes. Eight different classes of service (0
through 7) are available. The class is indicated in three bits of an 802.1Q
VLAN tag. Table 7-1 shows the type of service typically associated with
each 802.1p class. However, the actual treatment for each class is left to
your network implementation. The Wireless Edge Service xl Module
simply marks traffic for a particular class.
Table 7-1. Standard QoS for 802.1p Classes
Priority Value Service Type
1 and 2 lowest priority (background)
0 and 3 default priority (best effort)
4 and 5 higher priority (video and voice)
6 and 7 highest priority (network control traffic)