Wireless/Redundant Edge Services xl Module Management and Configuration Guide WS.02.xx and greater
Table Of Contents
- ProCurve Wireless Edge Services xl Module and ProCurve Redundant Wireless Services xl Module
- Title Page
- Copyright and Disclaimer Notices
- Table of Contents
- 1. Introduction
- Contents
- ProCurve Wireless Edge Services xl Module
- Wireless Networks and WLANs
- The Interface Between the Wireless and Wired Networks
- Layer 2 and Layer 3 Operation
- Determining the Layer 3 Services Your Wireless Edge Services xl Module Should Provide
- IP Routing
- DHCP Services
- Security Features
- Traffic Management and QoS
- Management Capabilities and sFlow
- RP Licensing
- Radio Ports
- Redundancy Groups
- Layer 2 and Layer 3 Roaming Between RPs and Modules
- 2. Configuring the ProCurve Wireless Edge Services xl Module
- Contents
- Management Interfaces
- Radio Port Adoption
- System Maintenance
- Software Images
- Configuration Files
- Viewing Configuration Files
- Transferring, or Copying, Files
- Transferring Configuration Files from an FTP or TFTP Server to the Wireless Edge Services xl Module
- Transferring Configuration Files from the Wireless Edge Services xl Module to Another Destination
- Managing the Directory Structure and Browsing for Files
- Deleting a Configuration File
- Returning the Startup-Config File to Factory Default Settings
- Update Server
- Password Encryption
- SNMP Traps and Error Reporting
- Radio Port Licenses
- Setting System Information-Name, Time, and Country Code
- Enabling Secure Network Time Protocol (NTP)
- Digital Certificates
- 3. Radio Port Configuration
- 4. Wireless Local Area Networks (WLANs)
- Contents
- Overview
- Configuration Options: Normal Versus Advanced Mode
- Configuring a WLAN
- VLAN Assignment
- Traffic Management (QoS)
- 5. Web Authentication for Mobile Users
- 6. IP Services-IP Settings, DHCP, and DNS
- 7. Access Control Lists (ACLs)
- 8. Configuring Network Address Translation (NAT)
- 9. Fast Layer 2 Roaming and Layer 3 Mobility
- 10. Redundancy Groups
- Contents
- High Availability for Wireless Services
- Configuring a Redundancy Group
- Configuring Redundancy Group Settings
- Adding Members to the Redundancy Group
- Enabling Redundancy
- Viewing Information about the Redundancy Group
- Viewing Information about the Other Members of the Redundancy Group
- Setting up Adoption Preference IDs to Control RP Adoption
- Reverting RPs Adopted by a Standby Member to the Active Member
- 11. RADIUS Server
- Contents
- Overview
- RADIUS Authentication
- Configuring the Internal RADIUS Server
- Choosing the Authentication Type for 802.1X/EAP
- Specifying the RADIUS Server’s Digital Certificate
- Choosing the Source for User Credentials
- Configuring the Local RADIUS Database
- Using LDAP for the Data Source
- Specifying a Domain Proxy RADIUS Server
- Specifying Global RADIUS Settings
- Adding RADIUS Clients
- Starting and Stopping the RADIUS Server
- Enabling Authentication to the Internal Server on a WLAN
- Configuring the Internal RADIUS Server
- RADIUS Accounting
- 12. Configuring Tunnels with Generic Routing Encapsulation
- 13. Wireless Network Management
- Contents
- Overview
- Monitoring the Wireless Network
- AP Detection
- Configuring Station Intrusion Detection
- Logging and Alarms
- MAC Filters (Local MAC Authentication)
- Network Self Healing
- 14. sFlow Agent
- Appendix A - ProCurve Wireless Services xl Module Command Line Reference
- Contents
- Overview
- Manager Commands
- Global Commands
- Interface Commands
- Wireless Commands
- Show Commands
- Show Commands (All Contexts)
- show alarm-log
- show commands
- show crypto
- show debug
- show file
- show flash
- show history
- show hostname
- show interfaces
- show ip
- show licenses
- show logging
- show management
- show password-encryption
- show redundancy-group
- show redundancy-history
- show redundancy-member
- show running-config
- show snmp
- show sntp
- show startup-config
- show terminal
- show time
- show timezone
- show upd-server
- show upgrade-status
- show version
- show vlans
- Show Commands (Wireless)
- show wireless ap-detection-config
- show wireless approved-aps
- show wireless channel-power
- show wireless config
- show wireless ids
- show wireless mac-auth-local entries
- show wireless phrase-to-key
- show wireless radio-config
- show wireless radio-statistics
- show wireless radio-status
- show wireless regulatory
- show wireless rp-images
- show wireless rp-status
- show wireless rp-unadopted
- show wireless self-heal-config
- show wireless station
- show wireless station-statistics
- show wireless unapproved-aps
- show wireless web-auth-config
- show wireless wireless-module-statistics
- show wireless wlan-config
- show wireless wlan-statistics
- Support Commands
- Support Commands (All Contexts)
- Support Commands (Wireless)
- Index
- Back Cover
1-73
Introduction
Radio Ports
The Wireless Edge Services xl Module also collects information about the
wireless network in order to improve its functioning. For example, if you
enable interference avoidance, the module has RPs change their channel when
they report excessive congestion.
Intrusion detection is one useful self-healing feature. The Wireless Edge
Services xl Module can also implement neighbor recovery and create a highly
availability, self-healing network. That is, when one RP fails, nearby RPs
automatically come to the aid of that RP’s stations by raising their transmit
power, among other actions. For more information on network self-healing
capabilities, see Chapter 13: Wireless Network Management.
802.1X Client
A secure network often enforces port authentication such as 802.1X: a device
must prove that it is legitimate before it can even connect to the network. The
danger posed by a rogue RP connecting to your network is minimized by the
fact that the RP must accept the settings configured on your Wireless Edge
Services xl Module. However, it is a good idea to enforce 802.1X authentication
on all physically accessible switch ports, and if you connect your RPs to such
ports, they must be able to authenticate themselves to the network.
The RPs 210, 220, and 230 include an 802.1X client for such authentication.
Using Message Digest 5 (MD5) authentication, the client automatically sends
the RP’s credentials when the RP connects to a network device that requires
port authentication. The switch to which the RP connects forwards the
credentials to an authentication server and, if they are correct, allows the RP
to join the network.
The authentication server may store a VLAN setting for the RP and sends this
VLAN setting to the switch after the RP authenticates. Such dynamic config-
uration of the Radio Port VLAN can replace auto-provisioning on the wireless
services-enabled switch or manual configuration on an infrastructure switch.
(For more information about configuring Radio Port VLANs, see “Communi-
cating with RPs: Radio Port VLANs” on page 1-8.)
The default username and password on all ProCurve 200 Series RPs are admin
and procurve, respectively.
ProCurve Networking suggests that you change these settings, using a Wire-
less Edge Services xl Module to load new credentials on your organization’s
RPs. You can then move these RPs to their final locations and be sure that they
can authenticate and connect to your network. (To learn how to configure
RPs’ 802.1X username and password, see Chapter 2: Configuring the
ProCurve Wireless Edge Services xl Module.)