HP ProCurve Wireless Access Point 520wl User Guide - For Software Version 2.4.
© Copyright 2004, Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. This document contains proprietary information, which is protected by copyright. No part of this document may be photocopied, reproduced, or translated into another language without the prior written consent of HewlettPackard. Publication Number 5990-6056 March 2004 Warranty See the Customer Support/Warranty booklet included with the product.
Contents Regulatory Information Safety Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . viii Grounding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . viii Servicing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . viii Accessories . . . . . . . . . . . . . . . . . . . . . . . . .
Initialization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-6 ScanTool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-6 Logging into the HTTP Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-8 Setup Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Bridge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-32 Spanning Tree . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-32 Storm Threshold . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-33 Intra BSS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Commands Logging into the HTTP Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-1 Introduction to File Transfer via TFTP or HTTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-3 TFTP File Transfer Guidelines. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-3 HTTP File Transfer Guidelines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Hardware Specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-3 Physical Specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .A-3 Ethernet Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .A-4 Serial Port Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Security Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-41 RADIUS Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-42 Rogue Access Point Detection (RAD) Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-44 VLAN/SSID Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Regulatory Information Safety Information ! Documentation reference symbol. If the product is marked with this symbol, refer to the product documentation to get more information about the product. WARNING A WARNING in the manual denotes a hazard that can cause injury or death. CAUTION A CAUTION in the manual denotes a hazard that can damage the equipment. Do not proceed beyond a WARNING or CAUTION notice until you have understood the hazardous conditions and have taken appropriate steps.
Informations concernant la sécurité ! Symbole de référence à la documentation. Si le produit est marqué de ce symbole, reportez-vous à la documentation du produit afin d'obtenir des informations plus détaillées. WARNING Dans la documentation, un WARNING indique un danger susceptible d'entraîner des dommages corporels ou la mort. CAUTION Un texte de mise en garde intitulé CAUTION indique un danger susceptible de causer des dommages à l'équipement.
Hinweise zur Sicherheit ! Symbol für Dokumentationsverweis. Wenn das Produkt mit diesem Symbol markiert ist, schlagen Sie bitte in der Produktdokumentation nach, um mehr Informationen über das Produkt zu erhalten. WARNING Eine WARNING in der Dokumentation symbolisiert eine Gefahr, die Verletzungen oder sogar Todesfälle verursachen kann. CAUTION CAUTION in der Dokumentation symbolisiert eine Gefahr, die dis Gerät beschädigen kann.
Considerazioni sulla sicurezza ! Simbolo di riferimento alla documentazione. Se il prodotto è contrassegnato da questo simbolo, fare riferimento alla documentazione sul prodotto per ulteriori informazioni su di esso. WARNING La dicitura WARNINGdenota un pericolo che può causare lesioni o morte. CAUTION La dicituraCAUTION denota un pericolo che può danneggiare le attrezzature.
Consideraciones sobre seguridad ! Símbolo de referencia a la documentación. Si el producto va marcado con este símbolo, consultar la documentación del producto a fin de obtener mayor información sobre el producto. WARNING Una WARNING en la documentación señala un riesgo que podría resultar en lesiones o la muerte. CAUTION Una CAUTION en la documentación señala un riesgo que podría resultar en averías al equipo.
Safety Information (Japan) xiv
Safety Information (China) xv
EMC Regulatory Statements Notice for U.S.A. Manufacturer’s FCC Declaration of Conformity Statement Tested to Comply with FCC Standards Product No: J8133A Manufacturer:Hewlett-Packard Company 3000 Hanover Street Palo Alto, CA 94304-1185 USA Phone:650-857-1501 For questions regarding this declaration, contact the Product Regulations Manager at the above address or phone number. This device complies with Part 15 of the FCC rules.
Notice for European Union DECLARATION OF CONFORMITY according to ISO/IEC Guide 22 and EN 45014 Manufacturer's Name: Hewlett-Packard Company Manufacturer's Address: 8000 Foothills Blvd. Roseville, CA 95747-5502 U.S.A.
Notice for Japan Notice for Korea Regulatory Model Identification Number For regulatory identification purposes, this product has been assigned a Regulatory Model Number (RMN). The RMN for your product is WA1010. The RMN should not be confused with the marketing name (Wireless Enterprise Access Point 520wl) or the Product Number (J8133A).
Introducing the 520wl 1 In This Chapter Q Q Q Q Wireless Networking Concepts Management and Monitoring Capabilities 802.11b/g compared to 802.11a Networks Installation and Initialization Wireless Networking Concepts The 520wl provides wireless access to network infrastructures. As wireless clients move from one coverage cell to another, 520wl units automatically allow client roaming within the same subnet.
Management and Monitoring Capabilities To configure the 520wl for your needs, set your specific network, wireless interface, and bridge parameters. The HTTP (web browser) Interface provides easy configuration and management. Wireless clients (computers connected to your network through wireless access) use configuration software for network access. Once connected, users can roam from one coverage cell to another while maintaining their connection.
SNMPv3 Secure Management SNMPv3 is one of two available secure management options on the AP; the other secure management option is HTTPS (HTTP connection over Secure Socket Layer). SNMPv3 is based on the existing SNMP framework, but addresses security requirements for device and network management.
802.11b/g compared to 802.11a Networks The 520wl supports 802.11 wireless connectivity through the use of 802.11a-compliant 5 GHz, 802.11b-compliant 2.4 GHz, and 802.11g-compliant 2.4 GHz radio technology. The IEEE 802.11a standard adds support for a high-speed wireless physical layer in the 5 GHz band using Orthogonal Frequency Division Multiplexing (OFDM). The standard requires support for data rates of 6, 12, 24, and 54 Mbps. The 520wl supports the following data rates: 1, 2, 5.
Feature 2.4 GHz (802.11b) 2.4 GHz (802.11g) 5 GHz (802.11a) Closed System yes yes yes Interference Robustness yes no no Load Balancing1 yes no no AP List1 yes no no SpectraLink VoIP Support yes no no Blocking Intra BSS Clients yes yes yes Packet Forwarding yes yes yes Comments No client support for 802.
The following table provides detailed information on the differences between the 802.11a and 802.11b/g feature sets. 2.4 GHz (802.11b) 2.4 GHz (802.11g) 5 GHz (802.
2.4 GHz (802.11b) Transmit Rate 1 Mbps 2 Mbps 5.5 Mbps 11 Mbps 2.4 GHz (802.11g) 6 Mbps 9 Mbps 12 Mbps 18 Mbps 24 Mbps 36 Mbps 48 Mbps 54 Mbps 5 GHz (802.
Figure 1-3 802.11a compared to 802.11b/g Coverage Area Installation and Initialization The 520wl is designed to support both 2.4 GHz (IEEE 802.11b), 2.4 GHz (IEEE 802.11g), and 5 GHz (IEEE 802.11a) AP Cards. The HP ProCurve Wireless 802.11a Access Point Kit 160wl has an antenna adapter which snaps into place on the existing wall mounting bracket. Because of the antenna adapter, only one 160wl card can be installed in the AP.
2 Getting Started In This Chapter • • • • • • • • Prerequisites Product Package System Requirements Hardware Installation Hardware Installation Initialization Download the Latest Software Additional Hardware Features Prerequisites Before installing an AP, you need to gather certain network information. The following section identifies the information you need. Network Name (SSID of the wireless cards) You must assign the Access Point a Network Name before wireless users can communicate with it.
Getting Started Product Package Each AP comes with the following: • • • • • • • • • One mounting plate Mounting hardware Metal faceplate for APs mounted in a plenum environment AP cover Processor module Power supply AC power cord One Installation CD-ROM that contains the following: – Software Installation Wizard – ScanTool – TFTP software – HTML Help – This user’s guide in PDF format One Unit Installation Quick Start Guide - foldout If any of these items are missing or damaged, contact your reseller or
Getting Started Hardware Installation Follow these steps to install your AP: 1. Clip the power supply into the mounting bracket. 2. Plug the AC power cord into the power supply. Figure 2-1 Install the power supply 3. Slide the AP module onto the mounting bracket. Ensure it is properly seated. It mounts over the power supply. 4. Plug the DC connector from the power supply into the top of the AP module.
Getting Started Figure 2-3 Slide an AP Card into the AP 5. Slide an AP Card (not included in the kit) into slot A or B of the AP. 6. Connect the unit to a power source, such as a wall outlet. 7. Wait for the power LED to turn green before proceeding. Figure 2-4 Power LED turns green when the unit is operational 8. Conduct a Site Survey to determine the best location for your device. 9.
Getting Started 10. Connect one end of an Ethernet cable to the AP's Ethernet port. The other end of the cable should not be connected to any other device until after the installation is complete. • Use a straight-through Ethernet cable to connect the AP to a hub, switch, or patch panel. • Use a cross-over Ethernet cable to connect to a single computer. 11. Configure and test the unit. See Initialization for details. 12. Download the latest software to the unit, if necessary.
Getting Started Initialization HP provides two tools to simplify the initialization and configuration of an AP: • • ScanTool Setup Wizard ScanTool is included on the Installation CD; the Setup Wizard launches automatically the first time you access the HTTP interface. NOTE These initialization instructions describe how to configure an AP over an Ethernet connection using ScanTool and the HTTP interface.
Getting Started NOTE If your computer has more than one network adapter installed, you will be prompted to select the adapter that you want ScanTool to use before the Scan List appears. If prompted, select an adapter and click OK. You can change your adapter setting at any time by clicking the Select Adapter button on the Scan List screen. Note that the ScanTool Network Adapter Selection screen will not appear if your computer only has one network adapter installed. Figure 2-6 Scan List 7.
Getting Started 3. 4. 5. 6. 7. Set IP Address Type to Static. Enter a static IP Address for the AP in the field provided. You must assign the unit a unique address that is valid on your IP subnet. Contact your network administrator if you need assistance selecting an IP address for the unit. Enter your network’s Subnet Mask in the field provided. Enter your network’s Gateway IP Address in the field provided.
Getting Started Figure 2-8 Enter Network Password Screen Setup Wizard The first time you connect to an AP’s HTTP interface, the Setup Wizard launches automatically. The Setup Wizard provides step-by-step instructions for how to configure the Access Point’s basic operating parameter, such as Network Name, IP parameters, system parameters, and management passwords. Setup Wizard Instructions The first time you logon to the AP HTTP interface, the Setup Wizard launches.
Getting Started • • ! Navigation Panel: The Setup Wizard provides a navigation panel on the left-hand side of the screen. Click the link that corresponds to the parameters you want to configure to be taken to that particular configuration screen. Note that clicking a link in the navigation panel will not submit any changes you made to the unit’s configuration on the current page. Exit: The navigation panel also includes an Exit option. Click this link to close the Setup Wizard at any time.
Getting Started — — Frequency Channel: When Auto Channel Select is enabled, this field is read-only and displays the Access Point’s current operating channel. When Auto Channel Select is disabled, you can specify the Access Point’s operating channel. If you decide to manually set the unit’s channel, ensure that nearby devices do not use the same frequency (unless you are setting up a WDS). Available Channels vary based on regulatory domain. See 802.11b Channel Frequencies.
Getting Started — Multicast Rate: Sets the rate at which Multicast messages are sent. This value is related to the Distance Between APs parameter (described previously). The table below displays the possible Multicast Rates based on the Distance between APs. See Multicast Rate for more information. Distance between APs Multicast Rate Large 1 and 2 Mbits/sec Medium 1, 2, and 5.5 Mbits/sec Small 1, 2, 5.5 and 11 Mbits/sec Minicell 1, 2, 5.5 and 11 Mbits/sec Microcell 1, 2, 5.
Getting Started 10. Review the configuration summary. If you want to make any additional changes, use the navigation panel on the left-hand side of the screen to return to an earlier screen. After making a change, click Save & Next to save the change and proceed to the next screen. 11. When finished, click Reboot on the Summary screen to restart the AP and apply your changes. Download the Latest Software HP periodically releases updated software for the AP on its Web site at http://www.hp.
Getting Started Additional Hardware Features • • Installing the AP in a Plenum LED Indicators Installing the AP in a Plenum In an office building, plenum is the space between the structural ceiling and the tile ceiling that is provided to help air circulate. Many companies also use the plenum to house communication equipment and cables.
Getting Started n/a n/a Off Off PC Card not present Related Topics The Setup Wizard helps you configure the basic AP settings required to get the unit up and running. The AP supports many other configuration and management options. The remainder of this user guide describes these options in detail. – – – – – See Advanced Configuration for information on configuration options that are available within the Access Point’s HTTP interface.
Status Information 3 System Status System Status is the first screen to appear each time you connect to the HTTP interface. You can also return to this screen by clicking the Status button. Figure 3-1 System Status Screen Each section of the System Status screen provides the following information: – – System Status: This area provides system level information, including the unit’s IP address and contact information. See System for information on these settings.
Advanced Configuration 4 In This Chapter • • • • • • • • • • • Configuring the AP Using the HTTP/HTTPS Interface. System: Configure specific system information such as system name and contact information. Network: Configure IP settings, DNS client, DHCP server, and Link Integrity. Interfaces: Configure the Access Point’s interfaces: Wireless and Ethernet. Also describes configuring a Wireless Distribution System (WDS).
Advanced Configuration Figure 4-1 Enter Network Password Screen 5. Click the Configure button located on the left-hand side of the screen. Figure 4-2 Configure Main Screen 6. Click the tab that corresponds to the parameter you want to configure. For example, click Network to configure the Access Point’s TCP/IP settings. The parameters contained in each of the configuration categories are described later in this chapter. 7. Configure the Access Point’s parameters as necessary.
Advanced Configuration System You can configure and view the following parameters within the System Configuration screen: • • • • • • • • • Name: The name assigned to the AP. Refer to the Dynamic DNS Support and Access Point System Naming Convention sections for rules on naming the AP. Location: The location where the AP is installed. Contact Name: The name of the person responsible for the AP. Contact Email: The email address of the person responsible for the AP.
Advanced Configuration Network The Network category contains three sub-categories. – – – IP Configuration DHCP Server Link Integrity IP Configuration You can configure and view the following parameters within the IP Configuration screen: NOTE You must reboot the Access Point in order for any changes to the Basic IP or DNS Client parameters take effect.
Advanced Configuration DHCP Server If your network does not have a DHCP Server, you can configure the AP as a DHCP server to assign dynamic IP addresses to Ethernet nodes and wireless clients. ! CAUTION Make sure there are no other DHCP servers on the network and do not enable the DHCP server without checking with your network administrator first, as it could bring down the whole network. Also, the AP must be configured with a static IP address before enabling this feature.
Advanced Configuration You can configure and view the following parameters within the DHCP Server Configuration screen: • Enable DHCP Server: Place a check mark in the box provided to enable DHCP Server functionality. NOTE You cannot enable the DHCP Server functionality unless there is at least one IP Pool Table Entry configured. • • • • • • Subnet Mask: This field is read-only and reports the Access Point’s current subnet mask.
Advanced Configuration Figure 4-4 Link Integrity Configuration Screen Interfaces From the Interfaces tab, you configure the Access Point’s operational mode, power control settings, wireless interface settings and Ethernet settings. You may also configure a Wireless Distribution System for AP-to-AP communications. For the wireless interface configuration, refer to the wireless parameters below that correspond to your radio type. – – – – – – Operational Mode Wireless (802.11a) Wireless (802.
Advanced Configuration Operational Mode You can configure and view the following parameters within the Operational Mode screen. • Operational Mode: the mode of communication between the wireless clients and the Access Point: • 802.11b only • 802.11g only • 802.11bg • 802.11a (default) • 802.11g-wifi (Although this is a valid option, the .11g AP Card is not Wi-Fi certified.
Advanced Configuration Wireless (802.11a) You can configure and view the following parameters within the Wireless Interface Configuration screen for an 802.11a AP: NOTE You must reboot the Access Point before any changes to these parameters take effect. • • • • • Physical Interface Type: For an 802.11a AP, this field reports: “802.11a (OFDM 5 GHz).” OFDM stands for Orthogonal Frequency Division Multiplexing; this is the name for the radio technology used by 802.11a devices.
Advanced Configuration If you are using an 802.11a AP in Europe, keep in mind the following: • • • DFS is not a configurable parameter. It is always enabled and cannot be disabled. You cannot manually select the device’s operating channel; you must let DFS select the channel. You cannot configure the Auto Channel Select option. Within the HTTP interface, this option always appears enabled. RTS/CTS Medium Reservation The 802.11 standard supports optional RTS/CTS communication based on packet size.
Advanced Configuration • • Distance Between APs: Set to Large, Medium, Small, Microcell, or Minicell depending on the site survey for your system. By default, this parameter is set to Large. The distance value is related to the Multicast Rate (described next). In general, a larger distance between APs means that your clients operate a slower data rates (on average). See Distance Between APs for more information. Multicast Rate: Sets the rate at which Multicast messages are sent.
Advanced Configuration Coverage The number of Access Points in a set area determines the network coverage for that area. A large number of Access Points covering a small area is a high-density cell. A few Access Points, or even a single unit, covering the same small area would result in a low-density cell, even though in both cases the actual area did not change — only the number of Access Points covering the area changed.
Advanced Configuration Figure 4-6 1 Mbits/s and 11 Mbits/s Multicast Rates NOTE There is an inter-dependent relationship between the Distance between APs and the Multicast Rate. In general, larger systems operate at a lower average transmit rate. The variation between Multicast Rate and Distance Between APs is presented in the following table: 1.0 Mbit/s 2.0 Mbits/s Large yes yes 5.
Advanced Configuration Wireless (802.11b/g) You can configure the following radio parameters for an 802.11b/g AP: NOTE You must reboot the Access Point before any changes to these parameters take effect. • Operational Mode: An 802.11b/g wireless interface can be configured to operate in the following modes: – 802.11b mode only: The radio uses the 802.11b standard only. – 802.11g mode only: The radio is optimized to communicate with 802.11g devices.
Advanced Configuration • Closed System: Check this box to allow only clients configured with the Access Point’s specific Network Name to associate with the Access Point. When enabled, a client configured with the Network Name "ANY” cannot connect to the AP. This option is disabled by default. Wireless Distribution System (WDS) A Wireless Distribution System (WDS) creates a link between two 802.11a, 802.11b, or 802.11b/g APs over their radio interfaces.
Advanced Configuration • If your network does not support spanning tree, be careful to avoid creating network loops between APs. For example, creating a WDS link between two Access Points connected to the same Ethernet network will create a network loop (if spanning tree is disabled). For more information, refer to the Spanning Tree section. WDS Setup Procedure NOTE You must disable Auto Channel Select to create a WDS.
Advanced Configuration Management The Management category contains three sub-categories. – – – Passwords IP Access Table Services Passwords You can configure the following passwords: • • • • • • SNMP Read Password: The password for read access to the AP using SNMP. Enter a password in both the Password field and the Confirm field. The default password is “public”. SNMP Read/Write Password: The password for read and write access to the AP using SNMP.
Advanced Configuration Services You can configure the following management services: NOTE You must reboot the Access Point if you change the HTTP Port or Telnet Port. Secure Management Secure Management allows the use of encrypted and authenticated communication protocols such as SNMPv3, and Secure Socket Link (SSL), to manage the Access Point. • Enable Secure Management: Enables the further configuration of HTTPS Access, and SNMPv3.
Advanced Configuration Figure 4-9 Management Services Configuration Screen HTTPS Access (Secure Socket Layer) The user can access the AP in a secure fashion using Secure Socket Layer (SSL) over port 443. The AP supports SSLv3 with a 128-bit encryption certificate maintained by the AP for secure communications between the AP and the HTTP client. All communications are encrypted using the server and the client-side certificate.
Advanced Configuration Telnet Configuration Settings • • • • Telnet Interface Bitmask: Select the interface (Ethernet, Wireless, All Interfaces) from which you can manage the AP by way of telnet. This parameter can also be used to Disable telnet management. Telnet Port: The default port number for Telnet applications is 23. However, you can use this field if you want to change the Telnet port for security reasons (but your Telnet application also must support the new port number you select).
Advanced Configuration Automatic Configuration The Automatic Configuration feature which allows an AP to be automatically configured by downloading a specific configuration file from a TFTP server during the boot up process. Automatic Configuration is disabled by default. The configuration process for Automatic Configuration varies depending on whether the AP is configured for dynamic or static IP.
Advanced Configuration Figure 4-10 Automatic Configuration Screen Set up Automatic Configuration for Dynamic IP Perform the following procedure to enable and set up Automatic Configuration when you have a dynamic IP address for the TFTP server by way of DHCP. The Configuration filename and the TFTP server IP address are contained in the DHCP response when the AP gets its IP address dynamically from the DHCP server.
Advanced Configuration Figure 4-11 DHCP Options: Setting the Boot Server Host Name 4. Add the Boot Server Hostname and Boot Filename parameters to the Active Options list. 5. Set the value of the Boot Server Hostname Parameter to the hostname or IP Address of the TFTP server. For example: 11.0.0.7. Figure 4-12 DHCP Options: Setting the Bootfile Name 6. Set the value of the Bootfile Name parameter to the Configuration filename. For example: AP-Config 7.
Advanced Configuration Filtering The Access Point’s Packet Filtering features help control the amount of traffic exchanged between the wired and wireless networks. There are four sub-categories under the Filtering heading. – – – – Ethernet Protocol Static MAC Advanced TCP/UDP Port Ethernet Protocol The Ethernet Protocol Filter blocks or forwards packets based on the Ethernet protocols they support. Follow these steps to configure the Ethernet Protocol Filter: 1.
Advanced Configuration the Mask at the bit level. However, for most users, you do not need to think in terms of bits. It should be sufficient to create a filter using only the hexadecimal digits 0 and F in the Mask (where 0 is any value and F is the value specified in the MAC address). A Mask of 00:00:00:00:00:00 corresponds to all MAC addresses, and a Mask of FF:FF:FF:FF:FF:FF applies only to the specified MAC Address.
Advanced Configuration Prevent Two Specific Devices from Communicating Configure the following settings to prevent the Wired Server and Wireless Client 1 from communicating: • • • • Wired MAC Address: 00:40:F4:1C:DB:6A Wired Mask: FF:FF:FF:FF:FF:FF Wireless MAC Address: 00:02:2D:51:94:E4 Wireless Mask: FF:FF:FF:FF:FF:FF Result: Traffic between the Wired Server and Wireless Client 1 is blocked. Wireless Clients 2 and 3 can still communicate with the Wired Server.
Advanced Configuration Advanced You can configure the following advanced filtering options: • • Enable Proxy ARP: Place a check mark in the box provided to allow the Access Point to respond to Address Resolution Protocol (ARP) requests for wireless clients. When enabled, the AP answers ARP requests for wireless stations without actually forwarding them to the wireless network. If disabled, the Access Point will bridge ARP requests for wireless clients to the wireless LAN.
Advanced Configuration Alarms This category has three sub-categories. – – – Groups Alarm Host Table Syslog Groups There are seven alarm groups that can be enabled or disabled by way of the Web interface. Place a check mark in the box provided to enable a specific group. Remove the check mark from the box to disable the alarms. Alarm Severity Levels vary. • Configuration Alarm Trap Name oriTrapDNSIPNotConfigured • This traps is generated when the DNS IP Address has not been configured.
Advanced Configuration • Operational Alarms Trap Name • oriTrapWatchDogTimerExpired This trap is generated when the software watch dog timer expires. This indicates that a problem has occurred with one or more software modules and the AP will reboot automatically. Trap Severity Level: Critical oriTrapRADIUSServerNotResponding This trap is generated when no response is received from the RADIUS server(s) for authentication requests sent from the RADIUS client in the AP.
Advanced Configuration • Image Alarms Trap Name Description oriTrapZeroSizeImage This trap is generated when a zero size image is loaded on the AP. Trap Severity Level: Major oriTrapInvalidImage This trap is generated when an invalid image is loaded in the Access Point. Trap Severity Level: Major oriTrapImageTooLarge This trap is generated when the image loaded in the AP exceeds the size limitation of the flash memory.
Advanced Configuration Alarm Host Table To add an entry and enable the AP to send SNMP trap messages to a Trap Host, click Add, and then specify the IP Address and Password for the Trap Host. • • • IP Address: Enter the Trap Host IP Address. Password: Enter the password in the Password field and the Confirm field. Comment: Enter an optional comment, such as the alarm (trap) host station name. To edit or delete an entry, click Edit.
Advanced Configuration Event Priority Description LOG_EMERG 0 system is unusable LOG_ALERT 1 action must be taken immediately LOG_CRIT 2 critical conditions LOG_ERR 3 error conditions LOG_WARNING 4 warning conditions LOG_NOTICE 5 normal but significant condition LOG_INFO 6 informational LOG_DEBUG 7 debug-level messages Configuring Syslog Event Notifications You can configure the following Syslog settings from the HTTP interface: • • • • Enable Syslog: Place a check mark in the b
Advanced Configuration Storm Threshold Storm Threshold is an advanced Bridge setup option that you can use to protect the network against data overload by: • • Specifying a maximum number of frames per second as received from a single network device (identified by its MAC address). Specifying an absolute maximum number of messages per port.
Advanced Configuration Security The AP provides several security features to protect your network from unauthorized access. • • • Authentication and Encryption Modes MAC Access Rogue Access Point Detection (RAD) Authentication and Encryption Modes The AP supports the following Security features: • • • WEP Encryption: The original encryption technique specified by the IEEE 802.11 standard. 802.1x Authentication: An IEEE standard for client authentication.
Advanced Configuration NOTE The AP supports the following EAP types when Authentication Mode is set to 802.1x or WPA: EAP-TLS, PEAP, and EAP-TTLS. When Authentication Mode is set to Mixed, the AP supports the following EAP types: EAP-TLS, PEAP, EAP-TLLS, and EAP-MD5 (MD5 does not support automatic key distribution; therefore, if you choose this method you need to manually configure each client with the network's encryption key).
Advanced Configuration WPA provides the following new security measures not available with WEP: • • • • Improved packet encryption using the Temporal Key Integrity Protocol (TKIP) and the Michael Message Integrity Check (MIC).
Advanced Configuration Authentication Mode Setting Authentication Method Employed Encryption Method Employed None None None or manually configured Static WEP settings (from Configure > Security > Encryption screen) 802.1x 802.1x Dynamic WEP Keying Mixed 802.1x or None (depends on a client's configuration) Dynamic WEP Keying or Static WEP (depends on client's configuration) WPA 802.
Advanced Configuration Enable Mixed Mode (802.1x and WEP Encryption) Follow these steps to use both 802.1x and WEP Encryption simultaneously (clients that do not support 802.1x use WEP Encryption for security purposes): 1. Click Configure > Security > Authentication. 2. Set Authentication Mode to Mixed. 3. Enter a Re-keying Interval. • The Re-keying Interval determines how often a client’s encryption key is changed and can be set to any value between 60 - 65535 seconds.
Advanced Configuration 1. Click Configure > Security > Authentication. 2. Set Authentication Mode to WPA-PSK. 3. Enter a Re-keying Interval. • The Re-keying Interval determines how often a client's encryption key is changed and can be set to any value between 60 and 65535 seconds. Rekeying frustrates hacking attempts without taxing system resources. Setting a fairly frequent rekey value (900 seconds=15 minutes) effectively protects against intrusion without disrupting network activities. 4.
Advanced Configuration Figure 4-16 MAC Access Configuration Screen 4-40
Advanced Configuration Rogue Access Point Detection (RAD) The Rogue AP Detection (RAD) feature provides an additional security level for wireless LAN deployments. RAD detects unauthorized Access Points in the coverage area. When enabled, the Access Point scans the coverage area and identifies all active Access Points. Support is available for all versions and operation modes of Access Points. For example, an 802.11a Access Point identifies all similar Access Points.
Advanced Configuration An example network deployment is shown. The Trusted AP has Rogue Access Detection enabled and the trap host is configured to be the management station. The Trusted AP on detecting the Rogue AP will send a trap to the management station with the Channel and BSSID of the Rogue Access Point. Configuring RAD Perform this procedure to enable RAD and define the Scan Interval and Scan Interface.
Advanced Configuration RADIUS The AP communicates with a network’s RADIUS server to provide the following features: – – – MAC Access Control by way of RADIUS Authentication RADIUS Authentication with 802.1x RADIUS Accounting The network administrator can configure multiple RADIUS Authentication Servers for different Authentication types. The current available authentication types are EAP/802.1x authentication and MAC-based authentication.
Advanced Configuration 6. Select a Server Addressing Format type (IP Address or Name). • If you want to identify RADIUS servers by name, you must configure the AP as a DNS Client. See DNS Client for details. 7. Enter the server’s IP address or name in the field provided. 8. Enter the port number which the AP and the server will use to communicate. By default, RADIUS servers communicate on port 1812. 9. Enter the Shared Secret in the Shared Secret and Confirm Shared Secret field.
Advanced Configuration 4. If you want to configure a back-up RADIUS server, place a check mark in the box labeled Enable Backup EAP/802.1x Authentication Server. 5. Select a Server Addressing Format type (IP Address or Name). • If you want to identify RADIUS servers by name, you must configure the AP as a DNS Client. See DNS Client for details. 6. Enter the server’s IP address or name in the field provided. 7. Enter the port number which the AP and the server will use to communicate.
Advanced Configuration RADIUS Accounting Using an external RADIUS server, the AP can track and record the length of client sessions on the access point by sending RADIUS accounting messages per RFC2866. When a wireless client is successfully authenticated, RADIUS accounting is initiated by sending an “Accounting Start” request to the RADIUS server. When the wireless client session ends, an “Accounting Stop” request is sent to the RADIUS server.
Advanced Configuration Figure 4-21 RADIUS Accounting Server Configuration VLAN/SSID The AP allows you to segment wireless networks into multiple sub-networks based on Network Name (SSID) and VLAN membership. A Network Name (SSID) identifies a wireless network. Clients associate with Access Points that share its SSID. During installation, the Setup Wizard prompts you to configure one Network Name for each wireless interface.
Advanced Configuration VLANs now extend as far as the reach of the access point signal. Clients can be segmented into wireless sub-networks by way of SSID and VLAN assignment. A Client can access the network by connecting to an AP configured to support its assigned SSID/VLAN. AP devices are fully VLAN-ready; however, by default VLAN support is disabled.
Advanced Configuration VLAN Workgroups and Traffic Management Access Points that are not VLAN-capable typically transmit broadcast and multicast traffic to all wireless Network Interface Cards (NICs). This process wastes wireless bandwidth and degrades throughput performance. In comparison, VLAN-capable AP is designed to efficiently manage delivery of broadcast, multicast, and unicast traffic to wireless clients. The AP assigns clients to a VLAN based on a Network Name (SSID).
Advanced Configuration Configure Multiple VLAN/SSID Pairs NOTE You must reboot the AP before any changes to these parameters take effect. 1. 2. 3. 4. Click Configure > VLAN. Place a check mark in the Enable VLAN Protocol box to enable VLAN support. Click the tab for Wireless A or Wireless B (if applicable). Add one or more new SSID/VLAN entries. Follow these steps: NOTE 16 VLAN/SSID pairs are available for APs with an HP ProCurve Wireless 802.11g AP Card 170wl only. 1. 2. 3.
Advanced Configuration ! CAUTION Once a VLAN Management ID is configured and is equivalent to one of the VLAN User IDs on the AP, all members of that User VLAN will have management access to the AP. Be careful to restrict VLAN membership to those with legitimate access to the AP. 1. Click Configure > VLAN. 2. Set the VLAN Management ID to use the same VLAN ID as one of the configured SSID/VLAN pairs. See Typical User VLAN Configurations for details. 3. Place a check mark in the Enable VLAN Protocol box.
Monitor Information 5 In This Chapter • • • • • • • • • Version: Provides version information for the Access Point’s system components. ICMP: Displays statistics for Internet Control Message Protocol packets sent and received by the AP. IP/ARP Table: Displays the AP’s IP Address Resolution table. Learn Table: Displays the list of nodes that the AP has learned are on the network. IAPP: Provides statistics for the Inter-Access Point Protocol messages sent and received by the AP.
Monitor Information Version From the HTTP interface, click the Monitor button and select the Version tab. The list displayed provides you with information that may be pertinent when calling Technical Support. With this information, your Technical Support representative can verify compatibility issues and make sure the latest software are loaded. This screen displays the following information for each Access Point component: • • • • • Serial Number: The component’s serial number, if applicable.
Monitor Information ICMP This tab provides statistical information for both received and transmitted messages directed to the AP. Not all ICMP traffic on the network is counted in the ICMP (Internet Control Message Protocol) statistics. Figure 5-3 ICMP Monitoring Screen IP/ARP Table This tab provides information based on the Address Resolution Protocol (ARP), which relates MAC Address and IP Addresses.
Monitor Information Learn Table This tab displays information relating to network bridging. It reports the MAC address for each node that the device has learned is on the network and the interface on which the node was detected. There can be up 10,000 entries in the Learn Table. Figure 5-5 Learn Table IAPP This tab displays statistics relating to client handovers and communications between Access Points.
Monitor Information RADIUS This tab provides RADIUS authentication, EAP/802.1x authentication, and accounting information for both the Primary and Backup RADIUS servers. NOTE RADIUS authentication and accounting must be enabled for this information to be valid.
Monitor Information Interfaces This tab displays statistics for the Ethernet and wireless interfaces. The Operational Status can be up, down, or testing.
Monitor Information Link Test This tab displays information on the quality of the wireless link to clients and other APs in the Wireless Distribution System. During a Link Test, the Access Point and the selected device exchange a series of packets to test the strength of the connection. The devices start by exchanging packets at the 11 Mbits/sec rate but fall back to the slower rates if necessary. NOTE This feature is only available when using an HP ProCurve Wireless 802.11b AP Card 150wl.
Monitor Information • • • • • Noise (dBm): The strength of the noise detected at the receiver reported in dBm (decibels referenced to 1 milliwatt). The displayed value is the running average since the start of the test and is reported as a negative number. Noise can interfere with the received signal so a smaller noise value corresponds to a stronger link. For example, a noise level of -95 dBm is more desirable than a noise level of -89 dBm.
Monitor Information Station Statistics This tab displays information on wireless clients attached to the AP and on Wireless Distribution System links. Enabling and Viewing Station Statistics To enable the monitoring of Stations Statistics, perform the following procedure: 1. Click on the Monitor tab on the left on the web page. 2. Click on the Station Statistics tab on the Monitor screen. 3.
Monitor Information • • • • • • • • • MAC Protocol: The MAC protocol for this wireless client (or WDS link partner). The possible values are 802.11a, 802.11b, 802.11g Signal / Noise: The Signal /Noise Level measured at the AP when frames are received from the associated wireless station (or WDS link partner) Time since Last Packet Received: The time elapsed since the last frame from the associated wireless station (or WDS link partner) was received.
Commands 6 In This Chapter • • • • • • • • • Logging into the HTTP Interface Introduction to File Transfer via TFTP or HTTP: Describes the available file transfer methods. Update AP via TFTP: Download files from a TFTP server to the AP. Update AP via HTTP: Download files to the AP from HTTP. Retrieve File via TFTP: Upload configuration files from the AP to a TFTP server. Retrieve File via HTTP: Upload configuration files from the AP via HTTP. Reboot: Reboot the AP in the specified number of seconds.
Commands Figure 6-1 Enter Network Password Screen 5. Click the Commands button located on the left-hand side of the screen. Figure 6-2 Commands Main Screen 6. Click the tab that corresponds to the command you want to issue. For example, click Reboot to restart the unit.
Commands Introduction to File Transfer via TFTP or HTTP There are two methods of transferring files to or from the AP, TFTP or HTTP (or HTTPS if enabled).
Commands Update AP via TFTP Use the Update AP via TFTP tab to download Configuration, AP Image, Bootloader files, and Certificate and Private Key files to the AP. A TFTP server must be running and configured to point to the directory containing the file. Figure 6-3 Update AP via TFTP Command Screen If you do not have a TFTP server installed on your system, install the TFTP server from the CD.
Commands Update AP via HTTP Use the Update AP via HTTP tab to download Configuration, AP Image, Bootloader files, and Certificate and Private Key files to the AP. Once on the Update AP screen, click on the via HTTP tab. Figure 6-4 Update AP via HTTP Command Screen The Update AP via HTTP tab shows version information and allows you to enter HTTP information as described below. • Select the File Type that needs to be updated from the drop-down box.
Commands Figure 6-5 Warning Message Click OK to continue with the operation or Cancel to abort the operation. NOTE An HTTP file transfer using SSL may take extra time. If the operation completes successfully the following screen appears. Figure 6-6 Update AP Successful If the operation did not complete successfully the following screen appears, and the reason for the failure is displayed.
Commands Retrieve File via TFTP Use the Retrieve File via TFTP tab to upload Configuration files from the AP to the TFTP server. The TFTP server must be running and configured to point to the directory to which you want to copy the uploaded file. We suggest you assign the file a meaningful name, which may include version or location information. If you don’t have a TFTP server installed on your system, install the TFTP server from the CD.
Commands Retrieve File via HTTP Use the Retrieve File via HTTP tab to retrieve the configuration file from the AP. Click on the Retrieve Config File button to initiate this operation. Figure 6-9 Retrieve File via HTTP Command Screen A confirmation message gets displayed that asks if the user wants to proceed with retrieving the configuration file. Click OK to continue with the operation or Cancel to abort the operation.
Commands Figure 6-11 File Download Dialog Box On clicking the Save button the following Save As window displays, where the user is prompted to choose the filename and location where the Configuration file is to be downloaded. Select an appropriate filename and location and click OK.
Commands Reboot Use the Reboot tab to save configuration changes (if any) and reset the AP. Entering a value of 0 (zero) seconds causes an immediate reboot. Note that Reset, described below, does not save configuration changes. ! CAUTION Rebooting the AP will cause all users who are currently connected to lose their connection to the network until the AP has completed the restart process and resumed operation.
Commands Reset Use the Reset tab to restore the AP to factory default conditions. The AP may also be reset from the RESET button located on the side of the unit. Since this will reset the Access Point’s current IP address, a new IP address must be assigned. Refer to Recovery Procedures for more information. ! CAUTION Resetting the AP to its factory default configuration will permanently overwrite all changes that have made to the unit. The AP will reboot automatically after this command has been issued.
Commands Help Link To open Help, click the Help button on any display screen. During initialization, the AP on-line help files are downloaded to the default location: c:/Program Files/HP/AP_520wl/Help/English/index.htm. NOTE Use the forward slash character ("/") rather than the backslash character ("\") when configuring the Help Link location. NOTE Add the AP’s management IP address into the Internet Explorer list of Trusted Sites. The AP Help information is available in English.
Troubleshooting 7 In This Chapter • • • • Troubleshooting Concepts Symptoms and Solutions Recovery Procedures Related Applications NOTE This section helps you locate problems related to the AP device setup. For details about RADIUS, TFTP, serial communication programs (such as HyperTerminal), Telnet applications, or web browsers, please refer to the documentation that came with the application for assistance.
Troubleshooting Symptoms and Solutions Connectivity Issues Connectivity issues include any problem that prevents you from powering up or connecting to the AP. AP Unit Will Not Boot - No LED Activity 1. Make sure your power source is operating. 2. Make sure all cables are connected to the AP correctly. 3. If you are using Active Ethernet, make sure you are using a Category 5, foiled, twisted pair cable to power the AP. Serial Link Does Not Work 1.
Troubleshooting 2. The AP only contacts a DHCP server during boot-up. If your network’s DHCP server is not available while the AP is booting, the device will retain the last IP Address it had. Reboot the AP once your DHCP server is on-line again or use the ScanTool to find the Access Point’s current IP address. 3. To find the unit’s current IP address if using DHCP, open the IP Client Table in the DHCP Server and match the Access Point’s IP address to its MAC address (found on the product label).
Troubleshooting Client Connection Problems Client Software Finds No Connection Make sure you have configured your client software with the proper Network Name and Security settings. Network Names and WEP Keys are typically allocated and maintained by your network administrator. Client PC Card Does Not Work 1. Make sure you are using the latest PC Card driver software. 2. Download and install the latest client software. Intermittent Loss of Connection 1. Make sure you are within range of an active AP. 2.
Troubleshooting I have just configured the Management ID and now I can't manage the AP? – Check to ensure your password is correct. If your password is incorrect or all inbound packets do NOT have the correct tag, then a manual override is necessary. ! CAUTION The manual override process disconnects all users and resets all values to factory defaults. Active Ethernet (AE) The AP Does Not Work 1. Verify that you are using a standard UTP Category 5 cable. 2.
Troubleshooting Reset to Factory Default Procedure Use this procedure to reset the network configuration values, including the Access Point’s IP address and subnet mask. The current AP Image is not deleted. Follow this procedure if you forget the Access Point’s password: 1. Press and hold the RELOAD button for 10 seconds. NOTE See RELOAD and RESET Buttons to identify the buttons. You need to use a pin or the end of a paperclip to press a button.
Troubleshooting For this procedure, you will first erase the AP Image currently installed on the unit and then use either ScanTool or the Bootloader CLI (over the serial port) to set the IP address and download a new AP Image. Follow these steps: 1. While the unit is running, press the RESET button. NOTE See RELOAD and RESET Buttons to identify the buttons. You need to use a pin or the end of a paperclip to press a button. Result: The AP reboots and the indicators begin to flash.
Troubleshooting 11. Click OK. – Result: The Access Point will reboot and the download will begin automatically. You should see downloading activity begin after a few seconds within the TFTP server’s status screen. 12. Click OK when prompted that the device has been updated successfully to return to the Scan List screen. 13. Click Cancel to close the ScanTool. 14. When the download process is complete, configure the AP as described in Getting Started and Advanced Configuration.
Troubleshooting 7.
Troubleshooting Follow these steps to assign the AP an IP address: 1. Open your terminal emulation program (like HyperTerminal) and set the following connection properties: • Com Port: • Baud rate: 9600 • Data Bits: 8 • Stop bits: 1 • Flow Control: None • Parity: None 2. Under File -> Properties -> Settings -> ASCII Setup, enable the Send line ends with line feeds option. Result: HyperTerminal sends a line return at the end of each line of code. 3.
Troubleshooting Related Applications RADIUS Authentication Server If you enabled RADIUS Authentication on the AP, make sure that your network’s RADIUS servers are operational. Otherwise, clients will not be able to log in. There are several reasons the authentication server services might be unavailable, here are two typical things to check: • • Make sure you have the proper RADIUS authentication server information setup configured in the AP.
A Specifications • • • Software Features Hardware Specifications Radio Specifications Software Features The tables below compare the software features available depending on the card type in the Access Point: • • • • • • • Number of Stations per BSS Management Functions Advanced Bridging Functions Medium Access Control (MAC) Functions Security Functions Network Functions Advanced Wireless Functions Number of Stations per BSS Feature 150wl card 160wl card 170wl card Without encryption up to 250 u
Specifications Medium Access Control (MAC) Functions 802.11b 802.11a Automatic Channel Selection (ACS) Feature yes yes 802.11b/g yes Dynamic Frequency Selection (DFS) 1 N/A yes N/A Closed System Feature yes yes yes TX Power Control N/A Available with 802.11a upgrade kit. Not available with 5Ghz upgrade kit. yes Note 1: A user cannot manually select a channel for products sold in Europe; these products require automatic channel selection using Dynamic Frequency Selection (DFS).
Specifications Advanced Wireless Functions 802.11b 802.11a 802.11b/g WEP Plus (Weak Key Avoidance)1 Feature yes no no Remote Link Test1 yes no no Load Balancing1 yes no no AP List1 yes no no Medium Density Distribution1 yes no no Distance between APs yes no no Interference Robustness yes no no SpectraLink VoIP Support yes no no 1 This feature is only available when using an HP ProCurve Wireless 802.11b AP Card 150wl.
Specifications Ethernet Interface 10/100 Base-TX, RJ-45 female socket Serial Port Interface Standard RS-232C interface with DB-9, female connector Active Ethernet Interface Category 5, foiled, twisted pair cables must be used to ensure compliance with FCC Part 15, subpart B, Class B requirements Standard 802.3af pin assignments HTTP Interface • • Microsoft Internet Explorer 6 with Service Pack 1 or later Netscape 6.1 or later Radio Specifications • • • • 802.11a Channel Frequencies 802.
Specifications Frequency Band Channel ID FCC (GHz) ETSI (GHz) MKK (GHz) Lower Band (36 = default) 34 — — 5.170 1 — — — 36 5.180 5.180 — 5.180 — — Middle Band (52 = default) H Band Upper Band (149 = default) ISM Band SG (GHz) ASIA (GHz) TW (GHz) 38 — — 5.190 — — — 40 5.200 5.200 — 5.200 — — 42 — — 5.210 — — — 44 5.220 5.220 — 5.220 — — 46 — — 5.230 — — — 48 5.240 5.240 — 5.240 — — 52 5.260 5.260 — — — 5.260 56 5.280 5.
Specifications 802.11b Channel Frequencies The available 802.11b channels vary by regulatory domain and/or country. 802.11b radio certification is available in the following regions: — — — — FCC - U.S./Canada, Mexico, and Australia ETSI - Most of Europe, including the United Kingdom and some Eastern block countries MKK - Japan IL - Israel Some countries restrict 802.11b operation to specific frequency bands.
Specifications 802.11g Channel Frequencies The available 802.11g channels vary by regulatory domain and/or country. 802.11g radio certification is available in the following regions: — — — — FCC - U.S./Canada, Mexico, and Australia ETSI - Europe, including the United Kingdom, China, and South Korea MKK - Japan IL - Israel Some countries restrict 802.11g operation to specific frequency bands. The web interface will always display the available channels depending in the cards regulatory domain.
Specifications 802.11b Range 11 Mbits/s 5.5 Mbits/s 2 Mbits/s 1 Mbits/s Open Office 142 m (466 ft.) 177 m (581 ft.) 219 m (718 ft.) 272 m (892 ft.) Semi-Open Office 98 m (322 ft.) 122 m (400 ft.) 151 m (495 ft.) 187 m (614 ft.) Closed Office 67 m (220 ft.) 84 m (276 ft.) 104 m (341 ft.) 129 m (423 ft.) Tx Power (dBm) 15 15 15 15 Receiver Sensitivity (dBm) -82 -85 -88 -91 Antenna Gain Table A-1 0 dBi (integrated diversity antenna module; 2.4-2.5 GHz) 802.
Specifications 802.11b/g Range 54 Mbits/s 48 Mbits/s 36 Mbits/s 24 Mbits/s 18 Mbits/s 12 Mbits/s 9 Mbits/s 6 Mbits/s 11 Mbits/s 5.5 Mbits/s 2 Mbits/s 1 Mbits/s Open Office 56 m (184 ft.) 69 m (226 ft.) 107 m (351 ft.) 164 m (538 ft.) 219 m (718 ft.) 272 m (892 ft.) 292 m (958 ft.) 314 m (1030 ft.) 204 m (669 ft.) 236 m (774 ft.) 253 m (830 ft.) 338 m (1109 ft.) SemiOpen Office 38 m (125 ft.) 48 m (157 ft.) 73 m (239 ft.) 113 m (371 ft.) 151 m (495 ft.) 187 m (614 ft.
B ASCII Character Chart You can configure WEP Encryption Keys in either Hexadecimal or ASCII format. Hexadecimal digits are 0-9 and A-F (not case sensitive). ASCII characters are 0-9, A-F, a-f (case sensitive), and punctuation marks. Each ASCII character corresponds to two hexadecimal digits. The table below lists the ASCII characters that you can use to configure WEP Encryption Keys. It also lists the Hexadecimal equivalent for each ASCII character.
Command Line Interface (CLI) C This section describes the AP’s Command Line (CLI) Interface. CLI commands can be used to initialize, configure, and manage the Access Point. – – CLI commands may be entered in real time through a keyboard or submitted with CLI scripts. The CLI is available through both the Serial Port interface and over the Ethernet interface using Telnet. NOTE All CLI commands and parameters are case-sensitive.
Command Line Interface (CLI) • • • • Image File - The Access Point software executed from RAM. To update an Access Point you typically download a new Image File. This file is often referred to as the “AP Image”. Parameter - A fundamental network value that can be displayed and may be changeable. For example, the Access Point must have a unique IP Address and the Wireless interface must be assigned an SSID. Change parameters with the CLI set Command, and view them with the CLI show Command.
Command Line Interface (CLI) Bootloader CLI The Bootloader CLI is a minimal subset of the normal CLI used to perform initial configuration of the AP. This interface is only accessible by way of the serial interface if the AP does not contain a software image or a download image command over TFTP has failed. The Bootloader CLI provides you with the ability to configure the initial setup parameters as well as download a software image to the device.
Command Line Interface (CLI) CLI Command Types This guide divides CLI Commands into two categories: Operational and Parameter Controls. Operational CLI Commands These commands affect Access Point behavior, such as downloading, rebooting, and so on. After entering commands (and parameters, if any) press the Enter key to execute the Command Line.
Command Line Interface (CLI) Figure C-4 Result of “s?” CLI command Example 3. Display parameters for set and show Example 3a allows you to see every possible parameter for the set (or show) commands. Notice from example 3a that the list is very long. Example 3b shows how to display a subset of the parameters based on initial parameter letters. Example 3a. Display every parameter that can be changed [Device-Name]>set ? . . . . Figure C-5 Result of “set ?” CLI command Example 3b.
Command Line Interface (CLI) Example 4. Display Prompts for Successive Parameters Enter the command, a space, and then ?. Then, when the parameter prompt appears, enter the parameter value. Result: The parameter is changed and a new CLI line is echoed with the new value (in the first part of the following example, the value is the IP Address of the TFTP server).
Command Line Interface (CLI) Figure C-8 Results of “help” CLI command 2. Complete command description and command usage can be provided by: [Device-Name]>help [Device-Name]> help history Shows content of Command History Buffer. The Command History Buffer stores command statements entered in the current session.
Command Line Interface (CLI) upload Uploads a text-based configuration file from the AP to the TFTP Server. Executing upload with the asterisk character (“*”) will make use of the previously set/stored TFTP parameters. Executing upload without parameters will display command help and usage information. 1. Syntax to upload a file: [Device-Name]>upload Example: [Device-Name]>upload 192.168.1.100 APconfig.sys config 2.
Command Line Interface (CLI) Configuring Objects that Require Reboot Certain objects supported by the Access Point require a device reboot in order for the changes to take effect. In order to inform the end-user of this behavior, the CLI provides informational messages when the user has configured an object that requires a reboot. The following messages are displayed as a result of the configuring such object or objects.
Command Line Interface (CLI) Example 3 - Modify a table entry or row Use the index to be modified and the table elements you would like to modify. For example, suppose the IP Access Table has one entry and you wanted to modify the IP address: [Device-Name]>set mgmtipaccesstbl 1 ipaddr 10.0.0.11 You can also modify several elements in the table entry. Enter the index number and specific table elements you would like to modify. (Hint: Use the search Command to see the elements that belong to the table.
Command Line Interface (CLI) Example 6 - Show Individual and Table Parameters 1. View a single parameter. Syntax: [Device-Name]>show Example: [Device-Name]> show ipaddr Result: Displays the Access Point IP address. Figure C-11 Result of “show ipaddr” CLI Command 2. View all parameters in a table. Syntax: [Device-Name]> show Example:[Device-Name]> show mgmtipaccesstbl Result: Displays the IP Access Table and its entries.Command Line Interface (CLI) Using Strings Since there are several string objects supported by the AP, a string delimiter is required for the strings to be interpreted correctly by the command line parser. For this CLI implementation, the single quote or double quote character can be used at the beginning and at the end of the string. For example: [Device-Name]> set sysname Lobby - Does not need quote marks [Device-Name]> set sysname “Front Lobby” - Requires quote marks.
Command Line Interface (CLI) NOTE We recommend changing your default passwords immediately. To perform this operation using CLI commands, refer to Change Passwords. Set Basic Configuration Parameters using CLI Commands There are a few basic configuration parameters that you may want to setup right away when you receive the AP.
Command Line Interface (CLI) [Device-Name]>set snmpv3privpasswd (SNMPv3 privacy password) [Device-Name]>reboot 0 ! CAUTION We strongly urge you to change the default passwords to restrict access to your network devices to authorized personnel. If you lose or forget your password settings, you can always perform the Reset to Factory Default Procedure.
Command Line Interface (CLI) Enable and Configure TX Power Control for the Wireless Interface(s) The TX Power Control feature lets the user configure the transmit power level of the card in the AP at one of four levels: • • • • 100% of the maximum transmit power level of the card 50% 25% 12.
Command Line Interface (CLI) Figure C-14 Result of “show wifsec” CLI Command Download an AP Configuration File from your TFTP Server Begin by starting your TFTP program. It must be running and configured to transmit and receive.
Command Line Interface (CLI) Other Network Settings There are other configuration settings that you may want to set for the AP. Some of them are listed below.
Command Line Interface (CLI) Maintain Client Connections using Link Integrity [Device-Name]>show linkinttbl (this shows the current links) [Device-Name]>set linkinttbl <1-5 (depending on what table row you wish to address)> ipaddr [Device-Name]>set linkintpollint [Device-Name]>set linkintpollretx [Device-Name]>set linkintstatus enable [Device-Name]
Command Line Interface (CLI) Set the Distance Between APs (802.11b Only) [Device-Name]>set wif distaps [Device-Name]>reboot 0 NOTE The distance between APs should not be approximated. It is calculated by means of a manual Site Survey, in which an AP is set up and clients are tested throughout the area to determine signal strength and coverage, and local limits such as physical interference are investigated.
Command Line Interface (CLI) Set Communication Ports [Device-Name]>set httpport [Device-Name]>set telport Configure Secure Socket Layer (HTTPS) Enabling SSL and configuring a passphrase allows encrypted Secure Socket Layer communications to the AP through the HTTPS interface.
Command Line Interface (CLI) Configure Intra BSS [Device-Name]>set intrabssoptype Configure MAC Access Control Setup MAC (Address) Access Control [Device-Name]>set macaclstatus enable [Device-Name]>set macacloptype [Device-Name]>reboot 0 Add an Entry to the MAC Access Control Table [Device-Name]>set macacltbl macaddr status enable [Device-Name]>show macacltbl Disable or Delete an Entry in the MAC Access Control Table [Device-Name]>set ma
Command Line Interface (CLI) Set RADIUS Parameters Configure RADIUS Authentication server [Device-Name]>set radiustbl status enable seraddrfmt ipaddr port ssecret responsetm <1 to 10 seconds> maxretx <0 to 4 times> [Device-Name]>show radiustbl Figure C-17 Results of “show radiustbl” CLI command Enable RADIUS MAC Access Control [Device-Name]>set radmacaccctrl enable [Device-Name]>reboot 0 Set MAC Address Format Type [Device
Command Line Interface (CLI) Figure C-18 Result of “show radius” CLI Command Configure RADIUS Accounting server [Device-Name]>set radacctbl status seraddrfmt ipaddr port ssecret responsetm <1 to 4 seconds> maxretx <1 to 10 times> [Device-Name]>show radacctbl Figure C-19 Results of “show radacctbl” CLI command Set Rogue Access Point Detection (RAD) Parameters The Rogue AP Detection (RAD) feature enables an additio
Command Line Interface (CLI) Set VLAN/SSID Parameters Enable VLAN Management [Device-Name]>set vlanstatus enable [Device-Name]>set vlanmgmtid <1-4094> [Device-Name]>show vlandidtbl (to review your settings) [Device-Name]>reboot 0 Disable VLAN Management [Device-Name]>set vlanstatus disable or [Device-Name]>set vlanmgmtid 0 [Device-Name]>reboot 0 Add an Entry to the VLAN ID Table [Device-Name]>set vlanidtbl id <1-4094, -1=untagged> ssid [Device-Name]>show vlan
Command Line Interface (CLI) • • • • • • • • • • – DHCP Server Parameters - Enable or disable dynamic host configuration – Link Integrity Parameters - Monitor link status Interface Parameters - Configure Wireless and Ethernet settings – Wireless Interface Parameters — Wireless Distribution System (WDS) Parameters - Configure the WDS partnerships – Ethernet Interface Parameters - Set the speed and duplex of the Ethernet port Management Parameters - Control access to the AP’s management interfaces – S
Command Line Interface (CLI) System Parameters Name Type Values System Group N/A Name DisplayString User Defined RW Location DisplayString User Defined RW sysloc Contact Name DisplayString User Defined RW sysctname Contact E-mail DisplayString User Defined RW sysctemail Contact Phone DisplayString User Defined max 254 characters RW sysctphone FLASH Backup Interval Integer 0 - 65535 seconds RW sysflashbckint 0 1 RW sysflashupdate Flash Update Access R CLI Parameter sys
Command Line Interface (CLI) Inventory Management Information Name Type Values System Inventory Management Subgroup N/A Access R sysinvmgmt CLI Parameter Component Table Subgroup N/A R sysinvmgmtcmptbl Component Interface Table Subgroup N/A R sysinvmgmtcmpiftbl NOTE� The inventory management commands display advanced information about the AP’s installed components. You may be asked to report this information to a representative if you contact customer support.
Command Line Interface (CLI) DHCP Server Parameters Name Type Values DHCP Server Group N/A DHCP Server Status Integer enable (1) (default) disable (2) delete (3) Gateway IP Address Access R RW CLI Parameter dhcp dhcpstatus IpAddress User Defined RW dhcpgw Primary DNS IP Address IpAddress User Defined RW dhcppridnsipaddr Secondary DNS IP Address User Defined RW dhcpsecdnsipaddr IpAddress Number of IP Pool Table Integer32 Entries N/A R dhcpippooltblent NOTE� The DHCP Server (dhcps
Command Line Interface (CLI) Link Integrity Parameters Name Type Values Link Integrity Group N/A Access Link Integrity Status Integer enable disable (default) RW linkintstatus Link Integrity Poll Interval Integer 500 - 15000 ms (in increments of 500ms) 500 ms (default) RW linkintpollint Link Integrity Poll Retransmissions Integer 0 - 255 5 (default) RW linkintpollretx R CLI Parameter linkint Link Integrity IP Target Table Name Type Values Link Integrity IP Target Table Table N/A
Command Line Interface (CLI) Interface Parameters Wireless Interface Parameters The wireless interface group parameter is wif. For Dual-radio APs, Slot A uses table index 3 and Slot B uses table index 4. Common Parameters to 802.11a, 802.11b, and 802.
Command Line Interface (CLI) 802.11b Only Parameters Name Type Values Distance between APs Integer large (default) medium small minicell microcell Access RW distaps CLI Parameter Interference Robustness Integer enable (default) disable RW interrobust Operating Frequency Channel Integer 1 - 14; available channels vary by regulatory domain/country; see 802.11b Channel Frequencies RW channel Multicast Rate Integer 1 Mbits/sec (1) 2 Mbits/sec (2) (default) 5.
Command Line Interface (CLI) 802.11b/g Only Parameters Name Type Values Wireless Operational Mode Integer dot11b-only dot11g-only dot11bg (default) dot11g-wifi Access RW mode Operating Frequency Channel Integer 1 - 14; available channels vary by regulatory domain/country; see 802.11g Channel Frequencies RW channel Supported Data Rates Octet String See Transmit Rate, below R Transmit Rate Integer32 For 802.11b-only mode: 0 (auto fallback - default) 1 Mbits/sec 2 Mbits/sec 5.
Command Line Interface (CLI) Ethernet Interface Parameters Name Type Values Ethernet Interface Group N/A Speed Integer 10halfduplex 10fullduplex 10autoduplex 100halfduplex 100fullduplex autohalfduplex autoautoduplex (default) MAC Address PhyAddress N/A Access R RW R CLI Parameter ethernet etherspeed ethermacaddr Management Parameters Secure Management Parameters Name Type Values Secure Management Integer Enable/Disable Access RW CLI Parameter securemgmtstatus SNMP Parameters Name Ty
Command Line Interface (CLI) HTTP (web browser) Parameters Name Type Values HTTP Group N/A HTTP Management Interface Bitmask Interface Bitmask 0 or 2 - no interfaces (disable) 1 or 3 - Ethernet 4 or 6 - Wireless A 8 or 10 - Wireless B 12 = Wireless A & B 13 or 15 - all interfaces (default is 15) HTTP Password DisplayString User Defined max 64 characters HTTP Port Integer User Defined Default = 80 Access R CLI Parameter http RW httpifbitmask W httppasswd RW httpport Help Link DisplayS
Command Line Interface (CLI) Auto Configuration Parameters These parameters relate to the Auto Configuration feature which allows an AP to be automatically configured by downloading a specific configuration file from a TFTP server during the boot up process.
Command Line Interface (CLI) Filtering Parameters Ethernet Protocol Filtering Parameters Name Type Values Ethernet Filtering Group N/A Filtering Interface Bitmask Interface Bitmask 0 or 2 - no interfaces (disable) 1 or 3 - Ethernet 4 or 6 - Wireless A 8 or 10 - Wireless B 12 = Wireless A & B 13 or 15 - all interfaces (default is 15) RW etherfltifbitmask passthru block RW etherfltoptype Access CLI Parameter Operation Type Access R CLI Parameter etherflt Ethernet Filtering Table Identify th
Command Line Interface (CLI) Proxy ARP Parameters Name Type Values Proxy ARP Group N/A Status Integer enable disable (default) Access R RW CLI Parameter parp parpstatus IP ARP Filtering Parameters Name Type Values IP ARP Filtering Group N/A Status Integer enable disable (default) Access R RW CLI Parameter iparp iparpfltstatus IP Address IpAddress User Defined RW iparpfltipaddr Subnet Mask IpAddress User Defined RW iparpfltsubmask Broadcast Filtering Table Name Type Values
Command Line Interface (CLI) Port Number Octet String User Defined (there are also 4 pre-defined protocols: Index 1: NetBios Name Service – 137, Index 2: NetBios Datagram Service – 138, Index 3: NetBios Session Service – 139, Index 4: SNMP Service – 161) RW portnum Protocol Name DisplayString User Defined (there are also 4 pre-defined protocols, see Port Number above) RW protoname Interface Bitmask Integer32 0 or 2 - no interfaces (disable) 1 or 3 - Ethernet 4 or 6 - Wireless A 8 or 10 - Wireles
Command Line Interface (CLI) Syslog Lowest Priority Logged Integer 1–7 1 = LOG_ALERT 2 = LOG_CRIT 3 = LOG_ERR 4 = LOG_WARNING 5 = LOG_NOTICE 6 = LOG_INFO (default) 7 = LOG_DEBUG RW syslogpritolog Heartbeat Status Integer enable (1) disable (2) (default) RW sysloghbstatus 1 – 604800 seconds; 900 sec. (default) RW sysloghbinterval Heartbeat Interval (seconds) Integer NOTE� The Heartbeat parameters are advanced settings not available by way of the HTTP interface.
Command Line Interface (CLI) Priority Integer 0 – 255 128 (default) RW priority Path Cost Integer 1 – 65535 100 (default) RW pathcost State Integer disable blocking listening learning forwarding broken Status Integer R state enable disable RW status Access Storm Threshold Parameters Name Type Values Storm Threshold Group N/A N/A stmthres CLI Parameter Broadcast Threshold Integer 0 – 255 packets/sec (default is 0) RW stmbrdthres Multicast Threshold Integer 0 – 255 packets
Command Line Interface (CLI) Security Parameters For Dual-radio APs: WPA is available for APs with an HP ProCurve Wireless 802.11g AP Card 170wl. Name Type Values Access CLI Parameter Security Table N/A R secconfigtbl Index Integer 3 (Single-radio APs) 3 or 4 (Dual-radio APs) R index Authentication Mode Integer none (default) 802.
Command Line Interface (CLI) Security Encryption Key Length Table The following table details how to set the Encryption Key Length for the wireless interfaces.
Command Line Interface (CLI) MAC Address Format Integer dashdelimited (default) colondelimited singledashdelimited no delimiter RW radmacaddrformat RADIUS Accounting Status Integer enable disable (default) RW radaccstatus Accounting Inactivity Timer Integer32 0 – 2147483647 minutes; default is 5 min. RW radaccinactivetmr RADIUS Authentication NOTE� Use a server name only if you have enabled the DNS Client functionality. See DNS Client for RADIUS Name Resolution.
Command Line Interface (CLI) Name Type Values Server IP Address or Name IpAddress Display String User Defined (enter an IP address if seraddrfmt is ipaddr or a name if set to name; up to 254 characters if using a name) Access RW ipaddr Port (optional) Integer User Defined 1813 (default) RW port Shared Secret DisplayString User Defined max 63 characters Response Time (sec) Integer 1 – 4 seconds 3 sec (default) RW responsetm Maximum Retransmissions (optional) Integer 1 – 10 3 (default)
Command Line Interface (CLI) Other Parameters IAPP Parameters Name Type Values IAPP Group N/A Access IAPP Status Integer enable (default) disable RW iappstatus Periodic Announce Interval (seconds) Integer 80 120 (default) 160 200 RW iappannint Announce Response Time Integer 2 seconds Handover Time-out Integer Max.
Index� Symbols� " (double quote) characters ... C-12 Numerics� 104-bit encryption ... 4-34 128-bit encryption ... 2-10, 2-12, 4-34 152-bit encryption ... 2-10, 2-12 40-bit encryption ... 4-34 520wl See HP ProCurve Wireless 64-bit encryption ... 2-10, 2-12, 4-34 802.11 wireless connectivity ... 1-4, 4-34 802.11a AP configuration options ... 2-10, 4-9 802.11b AP configuration options ... 2-10, 4-10 802.11b/g AP configuration options ... 4-14 802.11b/g configuration options ... 2-12 ? command ...
Index DNS servers ... 4-3 DTIM values ... 4-9 Deferred Traffic Indicator Map (DTIM) ... 4-9 Distance Between APs parameter ... 4-11 Distance Between Cells parameter ... 4-12 Domain Name Service (DNS) ... 4-4 Download Unsuccessful message ... C-2 Dynamic Frequency Selection (DFS) ... 4-9 Dynamic Host Configuration Protocol See DHCP E� EAP types ... 4-34, 4-35 EAP/802.1x authentication ... 5-5, C-42 Edit Management IP Access Table ... C-19 Enable DNS Client parameter ...
Index I� IAPP Parameters Table ... C-45 IAPP configurations ... C-45 IAPP screen ... 5-4 ICMP Monitoring screen ... 5-3 ICMP statistics ... 5-3 IP ARP Filtering Parameters Table ... C-37 IP Access Table ... 4-17, C-35 IP Address Assignment Type parameter ... 4-4, C-27 IP Address parameter ... 4-4 IP Configuration Parameters Table ... C-27 IP Configuration screen ... 4-4 IP Pool Table ... 4-6 IP Subnet Masks ... 1-1, 4-17, C-13 IP address pool ... 2-1, 4-5, C-17, C-28 IP addresses Telenet connections and ...
Index O� Operating Frequency Channel parameter ... C-30, C-31, C-32 Operation Type parameter ... 4-39, C-36 Operational Mode parameter ... 4-8 Operational Mode screen ... 4-8 P� PC cards ... 7-4 PSK Pass Phrase option ... 4-36 PSK Pass Phrase parameter ... C-41 Packet Filtering parameters ... 4-24 Packet Forwarding Configuration screen ... 4-33 Packet Forwarding Interface Port parameter ... 4-33 Packet Forwarding MAC Address parameter ... 4-33 Pre-Shared Key Configuration Table ...
Index Subnet Mask parameter ... 4-4 Supported Data Rates parameter ... C-30, C-31, C-32 Supported Frequency Channels parameter ... C-30, C-31 Syntax Error message ... C-2 Syslog Configuration screen ... 4-31 Syslog Host Table ... 4-32, C-39 Syslog Lowest Priority Logged parameter ... 4-32 Syslog Port Number parameter ... 4-32 Syslog configurations ... C-20 Syslog event notifications ... 4-31–4-32 Syslog messages ... 4-21, 4-31 Syslog parameters ... C-38 System Configuration screen ...
autochannel select (ACS) ... C-18, C-30 auto-duplex setting ... 4-16 automatic configurations ... 4-21–4-23, C-16 automatic key distribution ... 4-34 background scanning ... 4-41, C-23 backing up configurations ... C-16 backing up files ... 2-13 back-up servers ... 2-1, 4-43, 4-45 bandwidth ... 4-11, 4-26, 4-33, 4-49 blank space characters (strings) ... C-12 blocking access to services ... 4-27 bridge ... 4-32, 5-4 bridge parameters ... C-39 browsers See Web browsers build numbers ...
Index default IP addresses ... 2-6, 4-4 default SSL passphrase ... 4-19 default TTL value ... 4-4 default configurations ... 4-3 default passwords ... 2-1 default ports ... 2-1, 4-18, 4-20 default router ... C-27 default subnet masks ... 4-4 defaults, resetting ... 6-11, 7-1, 7-6 deleting table entries ... C-10, C-11 delimiters (CLI strings) ... C-12 deployments ... 4-41, C-23 detecting Access Points ... 4-41 diagnostics ... 5-1 digital certificates ... 6-4, 6-5 directional antennas ...
initializing AP 520wl ... 1-1, 2-6 IP addresses ... 7-9 installation ... 2-3, 2-14, 7-1 installation prerequisites ... 2-1 installed components ... C-27 interface detection ... 5-4 interface parameters ... C-30 interference ... 4-11, 5-8, A-7, C-18, C-19 interference controls ... 4-9 invalid image states ... 6-3 ipaddr parameter ... C-9 keyboard functions ... C-2, C-6 link integrity checks ... 4-6, C-18 linkDown trap ... 4-30 linkUp trap ... 4-30 links ... 4-15, 7-5 literal strings ... C-12 load balancing .
Index parameters adding to tables ... C-35 case sensitivity for ... C-1 changing ... C-6, C-8 creating filters and ... 4-25 defined ... C-2 displaying ... C-4, C-5, C-8, C-11 entering in statements ... C-9, C-11 optional table elements and ... C-9 resetting ... 7-6 searching for ... C-7 setting CLI monitoring ... C-24 setting configuration ... 4-2, C-13, C-17 setting with Bootloader CLI ... C-3 viewing groups ... C-10 viewing subset of ... C-5 viewing values of ... C-8 passphrase ...
system names ... 2-1, 4-3 system requirements ... 2-2 system status ... 4-31 table names ... C-11 tables See also parameters adding entries to ... C-9, C-35 changing elements in ... C-10, C-11 creating ... C-11 deleting elements in ... C-10, C-11 displaying all elements in ... C-10 displaying parameters in ... C-8, C-11 inserting rows ... C-9 overview ... C-11, C-24 searching for parameters in ... C-7 telnet command ... C-12 terminal emulation programs ... 7-9, C-12 testing connections ...