Wireless/Redundant Edge Services xl Module Management and Configuration Guide WS.02.xx and greater
Table Of Contents
- ProCurve Wireless Edge Services xl Module and ProCurve Redundant Wireless Services xl Module
- Title Page
- Copyright and Disclaimer Notices
- Table of Contents
- 1. Introduction
- Contents
- ProCurve Wireless Edge Services xl Module
- Wireless Networks and WLANs
- The Interface Between the Wireless and Wired Networks
- Layer 2 and Layer 3 Operation
- Determining the Layer 3 Services Your Wireless Edge Services xl Module Should Provide
- IP Routing
- DHCP Services
- Security Features
- Traffic Management and QoS
- Management Capabilities and sFlow
- RP Licensing
- Radio Ports
- Redundancy Groups
- Layer 2 and Layer 3 Roaming Between RPs and Modules
- 2. Configuring the ProCurve Wireless Edge Services xl Module
- Contents
- Management Interfaces
- Radio Port Adoption
- System Maintenance
- Software Images
- Configuration Files
- Viewing Configuration Files
- Transferring, or Copying, Files
- Transferring Configuration Files from an FTP or TFTP Server to the Wireless Edge Services xl Module
- Transferring Configuration Files from the Wireless Edge Services xl Module to Another Destination
- Managing the Directory Structure and Browsing for Files
- Deleting a Configuration File
- Returning the Startup-Config File to Factory Default Settings
- Update Server
- Password Encryption
- SNMP Traps and Error Reporting
- Radio Port Licenses
- Setting System Information-Name, Time, and Country Code
- Enabling Secure Network Time Protocol (NTP)
- Digital Certificates
- 3. Radio Port Configuration
- 4. Wireless Local Area Networks (WLANs)
- Contents
- Overview
- Configuration Options: Normal Versus Advanced Mode
- Configuring a WLAN
- VLAN Assignment
- Traffic Management (QoS)
- 5. Web Authentication for Mobile Users
- Contents
- Overview
- Configuring Web-Auth
- Configuring Basic Options and Accessing the Web-Auth Screen
- Configuring Internal Web-Auth Pages
- Configuring Web-Auth to an External Web Server
- Loading Custom Pages onto the Wireless Edge Services xl Module’s Internal Server (Advanced)
- Configuring the Allow List
- Configuring Encryption for a Web-Auth WLAN
- Copying Logo Files to the Module’s Flash
- Configuring Custom Web-Auth Pages
- 6. IP Services-IP Settings, DHCP, and DNS
- 7. Access Control Lists (ACLs)
- 8. Configuring Network Address Translation (NAT)
- 9. Fast Layer 2 Roaming and Layer 3 Mobility
- 10. Redundancy Groups
- Contents
- High Availability for Wireless Services
- Configuring a Redundancy Group
- Configuring Redundancy Group Settings
- Adding Members to the Redundancy Group
- Enabling Redundancy
- Viewing Information about the Redundancy Group
- Viewing Information about the Other Members of the Redundancy Group
- Setting up Adoption Preference IDs to Control RP Adoption
- Reverting RPs Adopted by a Standby Member to the Active Member
- 11. RADIUS Server
- Contents
- Overview
- RADIUS Authentication
- Configuring the Internal RADIUS Server
- Choosing the Authentication Type for 802.1X/EAP
- Specifying the RADIUS Server’s Digital Certificate
- Choosing the Source for User Credentials
- Configuring the Local RADIUS Database
- Using LDAP for the Data Source
- Specifying a Domain Proxy RADIUS Server
- Specifying Global RADIUS Settings
- Adding RADIUS Clients
- Starting and Stopping the RADIUS Server
- Enabling Authentication to the Internal Server on a WLAN
- Configuring the Internal RADIUS Server
- RADIUS Accounting
- 12. Configuring Tunnels with Generic Routing Encapsulation
- 13. Wireless Network Management
- Contents
- Overview
- Monitoring the Wireless Network
- AP Detection
- Configuring Station Intrusion Detection
- Logging and Alarms
- MAC Filters (Local MAC Authentication)
- Network Self Healing
- 14. sFlow Agent
- Appendix A - ProCurve Wireless Services xl Module Command Line Reference
- Contents
- Overview
- Manager Commands
- Global Commands
- Interface Commands
- Wireless Commands
- Show Commands
- Show Commands (All Contexts)
- show alarm-log
- show commands
- show crypto
- show debug
- show file
- show flash
- show history
- show hostname
- show interfaces
- show ip
- show licenses
- show logging
- show management
- show password-encryption
- show redundancy-group
- show redundancy-history
- show redundancy-member
- show running-config
- show snmp
- show sntp
- show startup-config
- show terminal
- show time
- show timezone
- show upd-server
- show upgrade-status
- show version
- show vlans
- Show Commands (Wireless)
- show wireless ap-detection-config
- show wireless approved-aps
- show wireless channel-power
- show wireless config
- show wireless ids
- show wireless mac-auth-local entries
- show wireless phrase-to-key
- show wireless radio-config
- show wireless radio-statistics
- show wireless radio-status
- show wireless regulatory
- show wireless rp-images
- show wireless rp-status
- show wireless rp-unadopted
- show wireless self-heal-config
- show wireless station
- show wireless station-statistics
- show wireless unapproved-aps
- show wireless web-auth-config
- show wireless wireless-module-statistics
- show wireless wlan-config
- show wireless wlan-statistics
- Support Commands
- Support Commands (All Contexts)
- Support Commands (Wireless)
- Index
- Back Cover
9-4
Fast Layer 2 Roaming and Layer 3 Mobility
Overview
The 802.11i standard (on which WPA is modeled) includes a section on pre-
authentication, a mechanism that speeds up Layer 2 roaming. A station can
associate to only one RP and Wireless Edge Services xl Module at a time.
However, the station can detect beacons from other RPs—including RPs
connected to other modules. A station using pre-authentication listens for
such beacons and pre-authenticates to other modules while it is still con-
nected to its original module.
Because the station is still connected to its original module, its pre-authenti-
cation messages must pass through the original module, onto the wired
network, and finally to the second module. These pre-authentication mes-
sages are the Extensible Authentication Protocol (EAP) messages required by
802.1X, and the station addresses them to the Basic Service Set Identifier
(BSSID) of the WLAN on the RP to which it is pre-authenticating.
Enabling pre-authentication on a Wireless Edge Services xl Module lets the
module listen for EAP messages that arrive on its internal uplink port and
respond to those destined to its RPs. The station authenticates to the second
module, and the module and the station set in place all the encryption keys
necessary for WPA, before the station ever roams. Thus, when the station does
roam, it does so very quickly (in less than 50 milliseconds).
Note The EAP pre-authentication messages do not cross VLAN borders. Therefore,
the two Wireless Edge Services xl Modules must assign the WLAN to the same
subnetwork (VLAN). This requirements means that Layer 3 mobility,
described in the next section, is seamless, but not fast.
Layer 2 Roaming on a Web-Auth WLAN Between
Different Wireless Edge Services xl Modules
Like 802.1X authentication, Web-Auth can complicate a roam between RPs
adopted by different Wireless Edge Services xl Modules. The new module
considers the roaming station a new, unauthenticated station, so it redirects
the station’s Web browser to the login page. Because the user must reauthen-
ticate, the roam is not seamless.
The best solution for roaming with Web-Auth is to have a single Wireless Edge
Services xl Module adopt all RPs that support the WLAN in question. The RPs
can range over an extensive area: Layer 3 adoption enables them to reach the
module across subnetwork boundaries.
If necessary, however, you can enable seamless Layer 2 roaming between
different modules, even on a WLAN that enforces for Web-Auth. Place all
Wireless Edge Services xl Modules that support the Web-Auth WLAN in the