Management and Configuration Guide (Includes ACM xl) 2005-12

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

231

232

233

234

235

236

237

238

239

240

6-30 ProCurve Secure Access 700wl Series Management and Configuration Guide

Configuring the Network

For example, if you set the DHCP IP address range to be 192.168.128.0/24, then the URL for the

Administrative Interface becomes http://192.168.128.1

To specify the DHCP address and lease time, do the following:

Step 1. Type the starting IP address for the DHCP range into the DHCP IP Address Range Start field. The

default address is 42.0.0.0.

Step 2. Select the Subnet Mask from the drop-down list of possible masks.

Step 3. Type a value for the DHCP Lease Time, and choose one of the time units from the drop-down

list. You can specify the lease time in seconds, minutes, hours, or days. The default lease time is

1 day.

Step 4. Normally, you should not change the DHCP Netmask setting. It defaults to /30 and this is the

recommended setting. However, under some circumstances where you have users with

multiple interfaces (such as a laptop using a wireless connection that is plugged into a docking

station with a wired interface) you may need to change this setting. If clients are having access

problems caused by losing the route to the private address when a second interface is present,

select the

Full DCHP Subnet setting.

Note:

It can take some time for this configuration change to be propagated to each Access Controller.

Clients that associate within this time frame may still receive an IP address from the old address range.

It is recommended that you make this type of change during periods when client activity is at a minimum.

MAC Address Spoofing Detection

MAC Address spoofing occurs when someone impersonates a legitimate client by taking over their

MAC address. You can configure the 700wl Series System to detect the situation where the same MAC

address appears on multiple Access Controller ports within a defined time period. If the same client

appears on different ports a specified number of times within a specified time interval, the client is

considered to have been spoofed, and all instances of that client are logged off the system. You can

configure the number of times a client must appear, and the time interval within which this must occur

in order for a client to be assumed to be spoofed.

MAC address spoofing detection is enabled by default. To change the configuration of spoofing

detection, or to disable it, do the following:

Step 1. Specify the number of times a MAC address must appear on two or more Access Controller ports

in order to be considered a suspected spoofing event. The default is 5.

Step 2. Specify the time frame (in seconds) in which these appearances must occur. The default is 10

seconds.

Step 3. To disable MAC spoofing detection, click the check box. The default is that MAC address

spoofing is enabled.

Session Limits

Session Limits provide a way to fairly distribute an Access Controller’s session resources. Specify the

maximum lifetime allowed for TCPsessions in minutes.