Management and Configuration Guide (Includes ACM xl) 2005-12
6-22 ProCurve Secure Access 700wl Series Management and Configuration Guide
Configuring the Network
allow the Access Control Server and Access Controller to automatically determine the best Subnet
Group match.
When a local network row (VLAN/subnet) on an Access Controller is associated with a predefined
Global Subnet Group and Global Subnet, this row will inherit all the associated Access Control Server
global subnet group settings. An Access Control Server Subnet Group specifies the following
information: DHCP server IP addresses, domain names and DNS and WINS servers. A Global Subnet
specifies the Subnet mask, Gateway and IP broadcast settings.
The IP address, hostname, and whether the address can be used for management of the Access
Controller is specified independently for each Access Controller. Each Access Controller may have one
and only one IP address in any upstream subnetwork (untagged or tagged VLAN) in which it
participates—there may be no duplicated untagged or tagged VLAN ID network rows on any given
Access Controller.
Global Subnets inherit DHCP server IP addresses, domain names and DNS and WINS server addresses
from their parent Global Subnet Group. For subnets defined locally on an Access Controller, a Subnet
Group is created automatically. If the new Subnet uses DHCP and the DHCP server is appropriately
configured, the settings for the Subnet Group may be provided by the DHCP server. If DHCP is not
used, then the settings for the Subnet Group must be configured under the Global Networks page.
Each Local Network configured on an Access Controller is identified by a VLAN ID. Individual VLAN
IDs may only be used for one Local Network on any given Access Controller, but may be used on
multiple Access Controllers. A default untagged Local Network is created on each Access Controller
and always allows management.
» To access the Local Network page, click the Network icon in the Navigation Toolbar, then select the
Local Networks tab. The Local Networks page appears (see Figure 6-12 on page 6-24). Then select the
Access Controller you want to congfigure.
Local Network page is divided into four tabs:
•
Basic Setup—settings that allow the 700wl Series system component to communicate with the
network.
For an Access Controller each row in the Basic Setup defines a local subnetwork and its attributes,
including VLAN tag. Multiple uplink subnets may be defined and associated with VLAN tags.
— The first entry is the default network for the Access Controller and is always an untagged
network. This was initally defined when the Access Controller was initally configured at
installation.
— Additional upstream subnets may be added and associated with VLAN IDs.
• Advanced Setup—settings that configure client communication to and from the network.
For an Access Control Server you can configure settings for the following:
— DHCP Network for NAT Clients—lets you configure the IP address range and DHCP lease time
for the internal DHCP server used to provide private IP addresses for clients that should receive
NAT’ed addresses.
— MAC Address Spoofing Detection—lets you configure the 700wl Series System to detect when the
same MAC address appears on multiple Access Controller ports a specified number of times
within a defined time period.
— Session Limits—lets you limit the maximum number of sessions per client and set the idle TCP
session timeout in minutes.