Management and Configuration Guide Supplement 4.4.0.50

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

Software Version 4.4.0.50 Supplement to the

ProCurve Secure Access 700wl Series Management

and Configuration Guide

This supplement describes the new features introduced in software release 4.4.0.50.

Related 700wl Series publications include:

■ ProCurve Secure Access 700wl Series Software Version 4.4 Update Guide

■ ProCurve Secure Access 700wl Series Management and Configuration Guide

ProCurve Networking periodically updates switch software and product manuals, and posts them

on the world wide Web. For the latest software release and publications for your ProCurve

networking product, visit http://www.procurve.com. Click on Software updates to check on the latest

software releases. Click on Technical support, then Product manuals (all) to check on the latest

publications.

Summary of content (17 pages)

PAGE 1
Software Version 4.4.0.50 Supplement to the ProCurve Secure Access 700wl Series Management and Configuration Guide This supplement describes the new features introduced in software release 4.4.0.50. Related 700wl Series publications include: ■ ■ ProCurve Secure Access 700wl Series Software Version 4.4 Update Guide ProCurve Secure Access 700wl Series Management and Configuration Guide ProCurve Networking periodically updates switch software and product manuals, and posts them on the world wide Web.
PAGE 2
© Copyright 2005 Hewlett-Packard Company, LP. The information contained herein is subject to change without notice. Publication Number 5991-3829 December, 2005 Applicable Products ProCurve Access Controller 720wl ProCurve Access Controller xl Module ProCurve Access Control Server 740wl ProCurve Integrated Access Manager 760wl (J8153A) (J8162A) (J8154A) (J8155A) Trademark Credits Microsoft®, Windows®, and Windows NT® are US registered trademarks of Microsoft Corporation.
PAGE 3
Contents Contents Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . iii Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 Important Update Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 Related Publications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 Support for VLANs and Subnets . . . . . . . .
PAGE 4
PAGE 5
Introduction Introduction This documentation supplement describes the functionality and use of a set of new features introduced in the special software release version 4.4.0.50 for the ProCurve Secure Access 700wl Series. This software version provides a number of important new or enhanced features: ■ Significantly enhanced support for multiple 802.1Q VLANS.
PAGE 6
Introduction sible Authentication Protocol (LEAP) and the Protected Extensible Authentication Protocol (PEAP). As a proxy server, the built-in RADIUS server can manage multiple realms, with multiple remote RADIUS servers working in a failover capacity within each realm. The 802.1X/WPA Authentication feature also provides an interface for configuring RADIUS clients (Access Points) that will participate in the 802.1X/WPA authentication. 802.1X/WPA Authentication does not support seamless roaming.
PAGE 7
Introduction Related Publications The following two manuals provide further information on the update procedure, and the features of this software release: ■ For information on upgrading to software release 4.4.0.50, refer to the ProCurve Secure Access 700wl Series Software Version 4.4 Update Guide.
PAGE 8
Support for VLANs and Subnets Support for VLANs and Subnets Software release 4.4.0.50 has introduced some important changes and enhancements regarding how VLANs and subnets are handled. Prior to version 4.4.0.50, the only way to ensure that client traffic would be routed to a specific upstream subnet was to configure a subnet address range on a downlink port. This would cause the client to receive a real IP address within that subnet, and the client traffic could also be tagged with an appropriate 802.
PAGE 9
Support for VLANs and Subnets that was configured for the Access Controller under 4.1.3.93. This untagged subnet provides the functionality available under 4.1.3.93, and is used for communication between the Access Controller and the Access Control Server. Under the Interfaces tab, the Subnet sub-tab (where subnets could be configured for downlink ports) is no longer available. See the ProCurve Secure Access 700wl Series Software Version 4.
PAGE 10
Traffic Classification and QoS Marking Traffic Classification and QoS Marking The new QoS marking feature allows client traffic to be filtered based on a number of criteria, and classified based on the results of the filtering. Classification can be based on Differentiated Services (DiffServ), IP Precedence or Type of Service (ToS), or 802.1Q/p settings.
PAGE 11
802.1X/WPA Authentication Service For each ingress packet that matches the QoS Marking filter, you can specify a DiffServ codepoint value, or an IP precedence and ToS value to use in marking the packet. You can also specify an 802.1Q/p priority and VLAN tag. ■ Within an Access Policy, select the QoS Markings that should apply to traffic from clients for whom the Access Policy is in force. You can select multiple QoS Marking criteria/settings, and order them as you want.
PAGE 12
802.1X/WPA Authentication Service As a proxy server, the built-in RADIUS server can manage multiple authentication realms, with multiple remote RADIUS servers (acting a failover servers) within each Realm. In all cases, clients, Access Points, and RADIUS servers must all support a common EAP method for the 802.1X/WPA authentication service to function. The configuration of 802.1X/WPA Authentication functionality involves a number of steps.
PAGE 13
HTTP Proxy Configuration per Access Policy ■ Configure the Access Points to function as RADIUS clients within the 802.1X/WPA Authentication service. See “Configuring the 802.1X/WPA Authentication Service” under in Chapter 5 of the ProCurve Secure Access 700wl Series Management and Configuration Guide (December 2005), for a more detailed discussion of the steps for configuring this authentication method.
PAGE 14
Defining a Location as a MAC Address ration, and HTTP requests can be redirected to the system HTTP pages, but the weaknesses of the internal proxy server may nullify any additional capabilities of the external server. ■ When an external HTTP proxy server is configured within an Access Policy, HTTP traffic associated with that Access Policy is sent directly to the external server without being filtered internally.
PAGE 15
SSLv3 Support a unique Connection Profile can be created for the Location, and a unique Access Policy can be created for the user who matches that Connection Profile. The New Location and Edit Location pages have been modified to include a checkbox and a field where the MAC address may be entered. These pages are located under the Rights section, under the Connection Profiles tab.
PAGE 16
Clock Synchronization See “SSL Certificate—the SSL Tab” under the “Local Networks Setup” section in Chapter 6 of the ProCurve Secure Access 700wl Series Management and Configuration Guide for a description of this setting. Clock Synchronization Software version 4.4 changes how the 700wl Series manages clock synchronization between the Access Control Server 740wl and the Access Controllers. Accurate and synchronized time and dates across multiple units is especially important.
PAGE 17
© 2005 Hewlett-Packard Development Company, LP. The information contained herein is subject to change without notice.