Wireless/Redundant Edge Services xl Module Management and Configuration Guide WS.01.03 or greater

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

Management and

Configuration Guide

www.procurve.com

ProCurve Wireless Edge Services xl Module and

ProCurve Redundant Wireless Services xl Module

Summary of content (616 pages)

PAGE 1
Management and Configuration Guide ProCurve Wireless Edge Services xl Module and ProCurve Redundant Wireless Services xl Module www.procurve.
PAGE 2
PAGE 3
ProCurve Wireless Edge Services xl Module and ProCurve Redundant Wireless Services xl Module August 2006 WS.01.
PAGE 4
© Copyright 2006 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. All Rights Reserved. This document contains proprietary information, which is protected by copyright. No part of this document may be photocopied, reproduced, or translated into another language without the prior written consent of Hewlett-Packard.
PAGE 5
Contents 1 Introduction Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1 ProCurve Wireless Edge Services xl Module . . . . . . . . . . . . . . . . . . . . . . . . . 1-3 The Interface Between the Wireless and Wired Network . . . . . . . . . . 1-4 Communicating with RPs: Radio Port VLANs . . . . . . . . . . . . . . . . 1-4 Communicating with the Ethernet Network: Uplink VLANs . . . .
PAGE 6
Configuring the ProCurve RPs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-40 Radio Adoption Default Configurations . . . . . . . . . . . . . . . . . . . . 1-41 Specific Radio Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-43 Communications between an RP and the Wireless Edge Services xl Module . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-44 Power over Ethernet (PoE) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 7
IP Address Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-20 Assigning an IP Address to a VLAN . . . . . . . . . . . . . . . . . . . . . . . . 2-21 Deleting the IP Address Assigned to a VLAN . . . . . . . . . . . . . . . . 2-23 Editing the IP Address Assigned to a VLAN . . . . . . . . . . . . . . . . . 2-24 Viewing Statistics for VLANs That Are Assigned IP Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 8
Update Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-55 Checking the Software Image File . . . . . . . . . . . . . . . . . . . . . . . . . 2-55 Checking the Configuration File . . . . . . . . . . . . . . . . . . . . . . . . . . 2-56 Avoiding Problems in Using the Update Server . . . . . . . . . . . . . . 2-57 Configuring the Update Server Settings . . . . . . . . . . . . . . . . . . . . 2-59 SNMP Traps and Error Reporting . . . . . . . . . . . . . . . . .
PAGE 9
3 Wireless Local Area Networks (WLANs) Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3 Configuration Options: Normal Versus Advanced Mode . . . . . . . . . . . . . . . 3-4 Normal Mode Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-4 Why Use Normal Mode . . . . . . . . . . . . .
PAGE 10
Traffic Management (QoS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-71 SVP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-72 Wireless Multimedia (WMM) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-73 Prioritization with WMM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-74 Enabling WMM on a WLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 11
Configuring Radio Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-5 Creating a Radio Adoption Default Configuration . . . . . . . . . . . . . . . . 5-8 Viewing and Configuring Properties . . . . . . . . . . . . . . . . . . . . . . . 5-11 Configuring Radio Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-12 Setting Advanced Radio Properties . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 12
Monitoring Detected APs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-30 Managing the Unapproved APs List . . . . . . . . . . . . . . . . . . . . . . . . 6-30 Managing the Approved APs List . . . . . . . . . . . . . . . . . . . . . . . . . . 6-33 Configuring the Module to Report Unapproved APs . . . . . . . . . . 6-34 Configuring Anomaly Detection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-37 Logging and Alarms . . . . . . . . . . . . . . . . . . . . .
PAGE 13
7 Web Authentication for Mobile Users Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-2 The Web-Auth Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-2 Authentication Through a RADIUS Server . . . . . . . . . . . . . . . . . . . . . . 7-5 Web Pages for the Login Process . . . .
PAGE 14
debug upd-server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-18 debug wireless-statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-19 diff . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-19 dir . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-20 edit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 15
logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-43 password-encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-44 redundancy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-45 snmp-server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-47 sntp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 16
show history . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-87 show hostname . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-88 show interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-88 show ip . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-89 show licenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 17
show wireless rp-status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-119 show wireless rp-unadopted . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-120 show wireless self-heal-config . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-120 show wireless station . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-121 show wireless station-statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 18
14
PAGE 19
1 Introduction Contents ProCurve Wireless Edge Services xl Module . . . . . . . . . . . . . . . . . . . . . . . . 1-3 The Interface Between the Wireless and Wired Network . . . . . . . . . . 1-4 Communicating with RPs: Radio Port VLANs . . . . . . . . . . . . . . . . 1-4 Communicating with the Ethernet Network: Uplink VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-9 Forwarding Traffic Between the Wireless and Ethernet Network . . . . . . . . . . . . . . . . . .
PAGE 20
Introduction Contents Detectors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-39 Configuring the ProCurve RPs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-40 Radio Adoption Default Configurations . . . . . . . . . . . . . . . . . . . . 1-41 Specific Radio Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-43 Communications between an RP and the Wireless Edge Services xl Module . . . . . . . . . . . . . . . . . .
PAGE 21
Introduction ProCurve Wireless Edge Services xl Module ProCurve Wireless Edge Services xl Module The ProCurve Wireless Edge Services xl Module transforms a ProCurve Switch 5300xl into a wireless services-enabled switch. Together with one or more radio ports (RPs), a wireless services-enabled Switch 5300xl supports a wireless network. Each Wireless Edge Services xl Module can support up to 12 RPs with its default license and up to 36 RPs (72 radios) total. Each RP radio can support up to 64 stations.
PAGE 22
Introduction ProCurve Wireless Edge Services xl Module This chapter will give you a brief overview of these functions as well as some of the technologies on which they are based. The Interface Between the Wireless and Wired Network Each ProCurve Wireless Edge Services xl Module includes two internal ports: ■ a downlink port ■ an uplink port The downlink port sends traffic to and receives traffic from the external switch interfaces that connect, either directly or indirectly, to RPs.
PAGE 23
Introduction ProCurve Wireless Edge Services xl Module Using Auto-Provisioning to Establish a Radio Port VLAN. When you install a Wireless Edge Services xl Module in a ProCurve Switch 5300xl that uses auto-provisioning, the switch automatically establishes VLAN 2100 as the default Radio Port VLAN, or the Auto-VLAN. (If that VLAN is unavailable, the switch uses the next available VLAN number.
PAGE 24
Introduction ProCurve Wireless Edge Services xl Module Figure 1-1. Auto-Provisioned Radio Port VLANs Manually Establishing a Radio Port VLAN. If you connect an RP to another infrastructure switch instead of directly to the wireless servicesenabled switch, you establish the Radio Port VLAN manually. The wireless services-enabled switch still uses auto-provisioning to create VLAN 2100 and tag the module’s internal downlink port for this VLAN.
PAGE 25
Introduction ProCurve Wireless Edge Services xl Module Remember that the external switch interfaces that link the infrastructure and the wireless services-enabled switch must also carry traffic on the Radio Port VLAN. These interfaces are either tagged or untagged for that VLAN, depending on whether they must carry other traffic in addition to that to and from the RP. See Figure 1-2. Figure 1-2.
PAGE 26
Introduction ProCurve Wireless Edge Services xl Module this traffic does not pose a security risk. (However, using the default VLAN instead of a VLAN dedicated exclusively to Radio Ports makes it easier for an unauthorized RP to be plugged into your network and adopted by the module.) In Figure 1-3, the administrator has decided to use VLAN 300 for one of the RPs. (While nothing prevents you from placing all RPs in the same VLAN, such a design is not mandatory.) Figure 1-3.
PAGE 27
Introduction ProCurve Wireless Edge Services xl Module Note You also might need to perform some configuration tasks on the wireless services-enabled switch, such as raising the maximum number of VLANs. (See the ProCurve Series 6400cl Switches, 5300xl Switches, and 3400cl Switches Management and Configuration Guide and ProCurve Series 6400cl Switches, 5300xl Switches, and 3400cl Switches Advanced Traffic Management Guide.) Dynamically Establishing a Radio Port VLAN.
PAGE 28
Introduction ProCurve Wireless Edge Services xl Module Like the downlink port, the uplink port must tag traffic for every VLAN it carries. (The Wireless Edge Services xl Module never forwards untagged traffic to the wireless services-enabled switch.) Figure 1-4 illustrates a network in which traffic from WLAN 1 is forwarded into the Ethernet network in VLAN 10. Note that the station receives an IP address for the network’s DHCP server. Figure 1-4.
PAGE 29
Introduction ProCurve Wireless Edge Services xl Module 4. The module forwards the traffic through the uplink port. If you have not enabled the uplink port to carry tagged traffic for the uplink VLAN, then the module drops the traffic. 5. The wireless services-enabled switch forwards the traffic toward its destination. Much depends on the way in which the module tags traffic for various VLANs. For example, the module receives a VLAN assignment for a particular user from a RADIUS server.
PAGE 30
Introduction ProCurve Wireless Edge Services xl Module The module’s uplink port can acquire an IP address, which you can use to: ■ access the module’s management interface ■ test connectivity ■ configure the module to forward authentication information to a RADIUS server ■ configure the module to communicate with another member of a redundancy group As described in “Communicating with the Ethernet Network: Uplink VLANs” on page 1-9, the uplink port can carry traffic on multiple VLANs.
PAGE 31
Introduction ProCurve Wireless Edge Services xl Module For the purposes of configuring a WLAN on the Wireless Edge Services xl Module, you can think of a WLAN as a set of parameters that RPs and associated stations agree define their connections.
PAGE 32
Introduction ProCurve Wireless Edge Services xl Module A Wireless Edge Services xl Module supports three types of authentication: ■ 802.1X authentication ■ Web authentication ■ MAC authentication (filters) Alternatively, the module can allow stations to connect to a WLAN without authenticating themselves. The first two authentication types are implemented as part of a WLAN’s settings.
PAGE 33
Introduction ProCurve Wireless Edge Services xl Module Table 1-2. Options for Authentication and Encryption on the Wireless Edge Services xl Module Authentication Options Encryption Options 802.1X • WEP (dynamic WEP), 64-bit or 128-bit • WPA/WPA2 (Enterprise mode): – with TKIP – with AES – with both TKIP and AES (802.
PAGE 34
Introduction ProCurve Wireless Edge Services xl Module 3. The station and the authentication server authenticate each other (the exact process differs depending on the EAP type they use). The Wireless Edge Services xl Module receives the EAP messages from the wireless station (via the RP) and sends the appropriate RADIUS messages to the server. 4.
PAGE 35
Introduction ProCurve Wireless Edge Services xl Module Table 1-3.
PAGE 36
Introduction ProCurve Wireless Edge Services xl Module Figure 1-5. Web-Auth After authenticating, the module can control users’ network access according to rights stored in the RADIUS database, configured with software such as ProCurve IDM. The Wireless Edge Services xl Module grants users that fail to authenticate the same guest status that it grants unauthenticated users. If you so desire, you can add IP addresses to the approved list to provide limited resources to such users.
PAGE 37
Introduction ProCurve Wireless Edge Services xl Module However, Web-Auth is not as secure as 802.1X. A downside in some enterprise environments is that you cannot enable encryption for a WLAN that uses Web- Auth. MAC Authentication The Wireless Edge Services xl Module can also control which wireless stations connect to a WLAN according to their MAC, or hardware-based, addresses.
PAGE 38
Introduction ProCurve Wireless Edge Services xl Module The following sections will describe these options in more detail. Controlling Traffic with User-Based Policies As you know, a RADIUS server matches usernames with passwords in order to authenticate users that try to connect to your network. Using ProCurve IDM, you can configure the RADIUS server to associate additional settings with a user.
PAGE 39
Introduction ProCurve Wireless Edge Services xl Module Figure 1-6. Assigning Wireless Stations to User-Based VLANs It does not matter how you actually configure these attributes on the RADIUS server. However, IDM greatly simplifies this process. On IDM, you create policies to control individual users’ network access depending on the time and location from which they connect. An IDM agent automatically configures the correct attributes on the RADIUS server.
PAGE 40
Introduction ProCurve Wireless Edge Services xl Module Figure 1-7. Assigning VLANs Manually See Chapter 3: Wireless Local Area Networks (WLANs) to learn how to configure the VLAN assignment. Filtering Traffic Manually. As discussed in “MAC Authentication” on page 1-19, the Wireless Edge Services xl Module can filter traffic according to the source’s MAC address.
PAGE 41
Introduction ProCurve Wireless Edge Services xl Module Traffic Management In the past, users often treated wireless connections as a supplement to other network connections. Now, more and more users demand more and more from wireless connections, increasing congestion and decreasing QoS. Compounding the problem, users have begun to demand the same applications to which they have become accustomed on Ethernet connections.
PAGE 42
Introduction ProCurve Wireless Edge Services xl Module Figure 1-8. QoS Mechanisms Supported by the Wireless Edge Services xl Module This chapter will discuss these features at a high level; to learn how to configure them, see Chapter 3: Wireless Local Area Networks (WLANs). SVP. SVP maintains a high QoS in the wireless network, specifically for VoWLAN devices that are SVP-capable. SVP is implemented in wireless phone handsets, wireless APs, and SpectraLink servers. This IEEE 802.
PAGE 43
Introduction ProCurve Wireless Edge Services xl Module different (as the shared wireless medium is different from the switched Ethernet medium), the goal is the same: higher throughput for high priority traffic, as well as lower latency for time-sensitive traffic. The Wireless Edge Services xl Module can implement WMM on both downstream and upstream wireless traffic. To do the first, it sends settings for priority queues as part of a radio’s configuration.
PAGE 44
Introduction ProCurve Wireless Edge Services xl Module Voice Prioritization. Voice prioritization improves QoS for traffic destined to VoWLAN devices. When you enable this feature in a WLAN, RPs monitor frames received from stations in that WLAN. When a voice frame is detected, the Wireless Edge Services xl Module marks all traffic destined to the source of that frame for priority handling.
PAGE 45
Introduction ProCurve Wireless Edge Services xl Module You can purchase up to two additive licenses, each of which allows the module to adopt 12 additional RPs. In other words, a module can be authorized to adopt up to: ■ 12 RPs (default) ■ 24 RPs ■ 36 RPs Table 1-5.
PAGE 46
Introduction ProCurve Wireless Edge Services xl Module The ProCurve Wireless Edge Services xl Module comes in two models: ■ the J9001A, the primary module ■ the J9003A, the redundant module The cost-effective Redundant Wireless Services xl Module provides all the same capabilities as the primary module; however, it does not include any licenses, and you cannot add licenses to it.
PAGE 47
Introduction ProCurve Wireless Edge Services xl Module Figure 1-10. Redundancy Module Adopting RPs To minimize the danger of two modules attempting to adopt the same RP, the standby member continues to support the RPs even after the active member comes back up.
PAGE 48
Introduction ProCurve Wireless Edge Services xl Module Note It is possible to configure both the primary and the redundant module as active members of the group. Because only one module adopts any given RP, the two balance RPs between them as described in Chapter 4: Redundancy Groups. However, because stations cannot fast roam between RPs adopted by two different modules, ProCurve Networking generally recommends that the redundant module be used only to back up the primary.
PAGE 49
Introduction Radio Ports Radio Ports Because one of the Wireless Edge Services xl Module's duties is to deploy configurations to RPs, you should understand how these RPs function. The Wireless Edge Services xl Module can manage the ProCurve RPs 210, 220, and 230. The RP 210 includes one 802.11bg radio, but two omnidirectional diversity antennas. The RPs 220 and 230 include two radios, one 802.11a and one 802.11bg.
PAGE 50
Introduction Radio Ports 802.11 management frames include: ■ beacon frames, which the RP uses to announce itself to wireless stations and which will be discussed in more detail in “Beaconing” on page 1-37 ■ authentication frames, which wireless devices use to ensure that they are connecting to the correct peer ■ association frames, which stations use to negotiate the wireless connection to an RP A station cannot send or receive data until it associates to an RP. At its most fundamental level, an 802.
PAGE 51
Introduction Radio Ports Figure 1-11. BSS A BSS operates in infrastructure mode, which means that instead of communicating with each other, wireless stations communicate with an RP. This is the typical mode for a wireless network used to grant mobile users access to an Ethernet network, as well as the mode in which the ProCurve RPs operate. (See Figure 1-12.
PAGE 52
Introduction Radio Ports Figure 1-12. Infrastructure Mode BSSID The BSSID is the RP’s MAC address in a BSS. (See Figure 1-11.) Wireless stations in a BSS address all frames to the BSSID. ESS An ESS is a set of BSSs that share a common network name, or SSID. An ESS may consist of many RPs, and on the Physical Layer each of these RPs manages a different shared medium. However, logically all of the RPs and the stations they support are part of the same network, identified by the same SSID.
PAGE 53
Introduction Radio Ports Figure 1-13. ESS Similarly, when configuring the Wireless Edge Services xl Module, you are often more interested in the WLAN to which users connect than in the particular RP to which a user connects at any given moment. SSID versus BSSID As indicated above, the SSID identifies a group of BSSs that make up a single WLAN. All frames transmitted in a WLAN are marked with this SSID.
PAGE 54
Introduction Radio Ports It is important to understand the relationship between SSIDs and BSSIDs. An SSID identifies a WLAN; the two are connected with a one-to-one correspondence. As a MAC address, a BSSID identifies an RP in that WLAN— one of the perhaps many RPs that offer wireless stations a connection to that WLAN. Like switches that can carry traffic for multiple VLANs, most RPs, including the ProCurve RPs, can support multiple WLANs, each of which is identified by its own SSID.
PAGE 55
Introduction Radio Ports The two radios on a single RP generally support the same WLANs, as shown in Table 1-7. However, with advanced configuration you can enable different WLANs on an RP’s two built-in radios; in this case, a single RP with two radios can support up to 32 WLANs. Using advanced mode configuration raises several concerns that are discussed in Chapter 3: Wireless Local Area Networks (WLANs). Table 1-7.
PAGE 56
Introduction Radio Ports For example, WLAN 1 and WLAN 5 have been assigned to the same BSSID. The RP advertises the SSID for WLAN 1 in the beacon frame from that BSSID, but not the SSID for WLAN 5. However, if a wireless station sends a probe request for WLAN 5’s SSID, then the RP responds and the station can associate. In other words, WLAN 1 operates in open system and WLAN 5 in closed system.
PAGE 57
Introduction Radio Ports The Wireless Edge Services xl Module collects traffic from one or more RPs. It is this module’s role to filter this traffic, apply appropriate controls to it, and forward it in the correct uplink VLAN in the Ethernet network. The module also acts as the authenticator, managing responses to stations’ authentication requests and forwarding users’ credentials to a RADIUS server. Detectors Typically, ProCurve RPs function as masters within one or more WLANs, as described above.
PAGE 58
Introduction Radio Ports See Chapter 6: Wireless Network Management to learn about both configuring a radio as a dedicated detector and enabling a radio to listen for APs in the background of other functions. Configuring the ProCurve RPs The ProCurve RP 210, 220, and 230 do not include a management interface. You configure these devices by configuring the Wireless Edge Services xl Module, which automatically deploys configurations to adopted RPs.
PAGE 59
Introduction Radio Ports Note If you use advanced mode configuration, then you must manually specify the WLAN assignment for a radio configuration. The module deploys configurations in two ways: ■ It deploys a radio adoption default configuration to any newly adopted RP radio. ■ It deploys override configurations to targeted radios. Therefore, you can configure radio settings in two ways: for all RP radios or for particular radios.
PAGE 60
Introduction Radio Ports When a new RP is adopted, the module sends it the default configuration for its radio type. (If the RP has two radios, the module sends both configurations.) The factory default configuration for the Wireless Edge Services xl Module already includes the two radio adoption default configurations, with the settings shown in Table 1-8. Note, however, that the configurations do not yet include the country code, which you must set before the module can deploy them. Table 1-8.
PAGE 61
Introduction Radio Ports Table 1-9. Radio Adoption Default Configuration WLAN Assignment Setting 802.11a / 802.11bg BSSID 1 SSIDs for: WLAN 1 (5, 9, 13) BSSID 2 SSIDs for: WLAN 2 (6, 10, 14) BSSID 3 SSIDs for: WLAN 3 (7, 11, 15) BSSID 4 SSIDs for: WLAN 4 (8, 12, 16) You can use advanced mode configuration to change these settings. See Chapter 3: Wireless Local Area Networks (WLANs).
PAGE 62
Introduction Radio Ports Note The Wireless Edge Services xl Module associates the radio’s MAC address with the override configuration, so it persists even if the RP is powered down. Communications between an RP and the Wireless Edge Services xl Module The Wireless Edge Services xl Module must communicate with RPs in order to control the wireless network.
PAGE 63
Introduction Radio Ports Note The Radio Port VLAN must be properly established in order for the discovery messages to reach the module. (See “Communicating with RPs: Radio Port VLANs” on page 1-4 or the Getting Started Guide for the ProCurve Wireless Edge Services xl Module.) After adopting the RP, the module deploys the radio adoption default configuration to it, and the RP can begin functioning in your network, as shown in Figure 1-15. Figure 1-15.
PAGE 64
Introduction Radio Ports A module collects a variety of information from managed RPs. For example, RPs configured as detectors report information about neighboring APs. The module then processes this information into lists of authorized and unauthorized APs according to rules that you configure. The Wireless Edge Services xl Module also collects information about the wireless network in order to improve its functioning.
PAGE 65
Introduction Radio Ports The ProCurve RPs 210, 220, and 230 include an 802.1X client for such authentication. Using MD5 authentication, the client automatically sends the RP’s credentials when the RP connects to a network device that requires port authentication. The switch to which the RP connects forwards the credentials to an authentication server and, if they are correct, allows the RP to join the network.
PAGE 66
Introduction Radio Ports 1-48
PAGE 67
2 Configuring the ProCurve Wireless Services xl Module Contents Management Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-4 The Web Browser Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-4 Determine the Dynamic IP Address or Assign a Static Address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-5 Accessing the Web Browser Interface . . . . . . . . . . . . . . . . . . . . . .
PAGE 68
Configuring the ProCurve Wireless Services xl Module Contents IP Address Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-20 Assigning an IP Address to a VLAN . . . . . . . . . . . . . . . . . . . . . . . . 2-21 Deleting the IP Address Assigned to a VLAN . . . . . . . . . . . . . . . . 2-23 Editing the IP Address Assigned to a VLAN . . . . . . . . . . . . . . . . . 2-24 Viewing Statistics for VLANs That Are Assigned IP Addresses . . . . . . . . . . . . . . . . . . . .
PAGE 69
Configuring the ProCurve Wireless Services xl Module Contents Update Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-55 Checking the Software Image File . . . . . . . . . . . . . . . . . . . . . . . . . 2-55 Checking the Configuration File . . . . . . . . . . . . . . . . . . . . . . . . . . 2-56 Avoiding Problems in Using the Update Server . . . . . . . . . . . . . . 2-57 Configuring the Update Server Settings . . . . . . . . . . . . . . . . . . . .
PAGE 70
Configuring the ProCurve Wireless Services xl Module Management Interfaces Management Interfaces To configure and manage the ProCurve Wireless Edge Services xl Module, you can use one of the following management interfaces: ■ Web browser interface—Accessed through a Web browser, this intuitive interface provides comprehensive information to help you manage and monitor your company’s wireless services. The menus and online help guide you through configuration steps.
PAGE 71
Configuring the ProCurve Wireless Services xl Module Management Interfaces Determine the Dynamic IP Address or Assign a Static Address Initially, you must access the Wireless Edge Services xl Module through the CLI—either to determine the IP address that is assigned to the module through a Dynamic Host Configuration Protocol (DHCP) server or to assign the module a static IP address. By default, the module is configured to receive an IP address through a DHCP server.
PAGE 72
Configuring the ProCurve Wireless Services xl Module Management Interfaces Replace with the letter for the chassis slot in which the Wireless Edge Services xl Module is installed. For example, if the module is installed in chassis slot C, you would enter: ProCurve(config)# wireless-services c Determine the IP Address Assigned by the DHCP Server.
PAGE 73
Configuring the ProCurve Wireless Services xl Module Management Interfaces Entering the IP Address in a Web Browser. Once you know the IP address assigned to the Wireless Edge Services xl Module, enter that address as the URL in your Web browser. For example, if you assigned the Wireless Edge Services xl Module the IP address 192.168.5.20, you would enter http://192.168.5.20 as the URL in your Web browser.
PAGE 74
Configuring the ProCurve Wireless Services xl Module Management Interfaces To access the Web browser interface for the Wireless Edge Services xl Module, click the link for the module, as shown in Figure 2-1. Logging In to the Web Browser Interface Whichever way you attempt to access the Web browser interface, you are prompted to enter a username and password. (See Figure 2-2.) Figure 2-2.
PAGE 75
Configuring the ProCurve Wireless Services xl Module Management Interfaces Figure 2-3. Example of a Configuration Screen Applying or Saving Changes When you use the Web browser interface to configure the Wireless Edge Services xl Module, these changes may affect two configuration files, depending on if you apply or save changes: ■ startup-config—When you save changes, these changes become part of the startup-config file, which is stored in non-volatile RAM (NVRAM) on the module’s internal flash.
PAGE 76
Configuring the ProCurve Wireless Services xl Module Management Interfaces Applying Changes to the running-config. You can make and apply configuration changes to the running-config in different ways: ■ Apply button—On some configuration screens, you make configuration changes and then click the Apply button. ■ Enable button—In some instances, you enable functionality by clicking the Enable button. To deactivate the functionality, you click the Disable button.
PAGE 77
Configuring the ProCurve Wireless Services xl Module Management Interfaces Logging Out or Refreshing the Screen In addition to the Save button, the navigation bar includes two buttons: ■ Logout—ends this management session ■ Refresh—updates screen with current information Accessing the Online Help Both information and configuration screens include a Help button, which allows you to access the online help. (See Figure 2-5.) Figure 2-5.
PAGE 78
Configuring the ProCurve Wireless Services xl Module Management Interfaces From the Help Navigator screen, you can select one of the following tabs: ■ Content—The Content tab provides a list of available topics. You simply double click a topic to view the Help information. ■ Search—The Search tab allows you to enter keywords or boolean expressions to find all the information about a specific topic.
PAGE 79
Configuring the ProCurve Wireless Services xl Module Management Interfaces Then, enter: ProCurve(config)# wireless-services Replace with the letter for the chassis slot in which the Wireless Edge Services xl Module is installed. For example, if the module is installed in slot C, you would enter: ProCurve(config)# wireless-services c The CLI prompt shows that you are in the wireless-services context.
PAGE 80
Configuring the ProCurve Wireless Services xl Module Management Interfaces Saving Changes to the startup-config When you make configuration changes to the Wireless Edge Services xl Module, you must enter the write memory command to save these changes to the module’s startup-config.
PAGE 81
Configuring the ProCurve Wireless Services xl Module Management Interfaces HTTPS Access By default, the Wireless Edge Services xl Module supports both HTTP and HTTPS. When you use HTTPS to access the module’s Web browser interface, the connection between your management workstation and the Wireless Edge Services xl Module is secure. Communications between your workstation and the module are encrypted. Note You cannot modify the port numbers for HTTP and HTTPS.
PAGE 82
Configuring the ProCurve Wireless Services xl Module Network Services Manager A server that knows a device’s read-only community name can view, but not alter, settings and other information stored on that device. For example, you might want a particular SNMP server to only monitor traffic on the device. An SNMP server that knows a device’s read-write community name can change its configuration in addition to viewing information about it.
PAGE 83
Configuring the ProCurve Wireless Services xl Module Network Services Manager information in its route table. In the example shown in Figure 2-6, the default management interface (which is, in this case, VLAN 1) is directly connected to network 192.168.1.0 /24. Figure 2-6.
PAGE 84
Configuring the ProCurve Wireless Services xl Module Network Services Manager ■ Protocol—lists the name of the protocol through which the route was obtained. Routes can be obtained in the following ways: • DHCP—Routes can be included with the IP address that the module receives from a DHCP server. • Static—Routes can be entered manually. • Connected—Routes can be directly connected to an interface.
PAGE 85
Configuring the ProCurve Wireless Services xl Module Network Services Manager Note If you want to add a default route, enter 0.0.0.0 for both the Destination Subnet field and the Subnet Mask field. A default route is a special static route that can be applied to all traffic. Typically, when a router or a Layer 3 switch receives a packet that it does not know how to forward, it drops that packet.
PAGE 86
Configuring the ProCurve Wireless Services xl Module Network Services Manager If you want to remove an entry, select the entry and click the Clear button. IP Address Management To function as a Layer 3 device, the Wireless Edge Services xl Module requires only one IP address, which is usually assigned to the default management interface. (As mentioned earlier, the default management interface is typically VLAN 1.) For some network environments, however, you may want to assign IP addresses to other VLANs.
PAGE 87
Configuring the ProCurve Wireless Services xl Module Network Services Manager Figure 2-9. Network Setup > Ethernet > Configuration Screen The following information is listed for each VLAN: ■ Name ■ VLAN ID ■ DHCP Enabled ■ IP Address ■ Subnet Mask ■ Management Interface Only one VLAN can be selected as the management interface, and that VLAN is identified with a green check mark. All other VLANs show a red x in the Management Interface field.
PAGE 88
Configuring the ProCurve Wireless Services xl Module Network Services Manager 2. Click the Add button at the bottom of the screen. Figure 2-10. Add New VLAN Screen Note The Add New VLAN screen lists the uplink and downlink ports for: ■ the wireless services-enabled switch ■ any other Wireless Edge Services xl Module or Redundant Wireless Services xl Module installed in the switch This screen does not show uplink and downlink ports for the module you are currently managing.
PAGE 89
Configuring the ProCurve Wireless Services xl Module Network Services Manager 4. Note Configure the IP address. a. Select the Use DHCP to obtain IP Address automatically box if you want the VLAN to receive an IP address through a DHCP server. b. To configure a static address, enter the IP address and subnet mask in the fields provided. 5. If you want this VLAN to be the management interface for the Wireless Edge Services xl Module, select the Set as Management Interface box. 6.
PAGE 90
Configuring the ProCurve Wireless Services xl Module Network Services Manager Editing the IP Address Assigned to a VLAN If you need to change the IP address that is assigned to a VLAN, complete the following steps: 1. Click Network Setup > Ethernet and select the Configuration tab. 2. Select the VLAN and then click the Edit button. Figure 2-11. Configuration VLAN Screen 3. Change the settings as needed and click OK. 4.
PAGE 91
Configuring the ProCurve Wireless Services xl Module Network Services Manager Figure 2-12. Network Setup > Ethernet > Statistics Screen You can view the following information: ■ Name—VLAN ID (also referred to as the interface). ■ Bytes In—total number of bytes received on the interface. ■ Packets In—total number of packets received on the interface, including packets dropped and error packets. ■ Packets In Dropped—number of incoming packets that are dropped.
PAGE 92
Configuring the ProCurve Wireless Services xl Module Network Services Manager ■ Bytes Out—total number of bytes sent on the interface. ■ Packets Out—total number of packets sent on the interface. ■ Packets Out Dropped—number of outgoing packets dropped. Conditions that result in dropped packets include: ■ • The output queue assigned to the interface is saturated. • Collisions have occurred. Packets Out Error—number of outgoing packets with errors such as malformed packets.
PAGE 93
Configuring the ProCurve Wireless Services xl Module Network Services Manager DNS Services Domain Name System (DNS) is the Internet protocol for translating domain names or hostnames into IP addresses. The hostname is the familiar, alphanumeric name for a host on the Internet (for example, www.procurve.com), and the IP address is the 32-bit address that devices on a TCP/IP network use to reach each other. DNS allows users to enter more readily memorable and intuitive hostnames rather than IP addresses.
PAGE 94
Configuring the ProCurve Wireless Services xl Module Network Services Manager Figure 2-14. Network Setup > Internet Protocol > Domain Name System Screen 2. Click the Add button at the bottom of the screen. Figure 2-15. Add DNS Server Screen 2-28 3. In the Server IP Address field, enter the IP address of the DNS server. 4. Click OK. The DNS server is now listed on the Network Setup > Internet Protocol > Domain Name System screen. 5.
PAGE 95
Configuring the ProCurve Wireless Services xl Module Network Services Manager Deleting a DNS Server If you want to remove a DNS server that is listed on the Network Setup > Internet Protocol > Domain Name System screen, complete the following steps: 1. Click Network Setup > Internet Protocol and select the Domain Name System tab. 2. Select the DNS server you want to delete and click the Delete button at the bottom of the screen. A prompt is displayed, asking if you want to delete the item. 3.
PAGE 96
Configuring the ProCurve Wireless Services xl Module Radio Port Adoption Radio Port Adoption By default, the Wireless Edge Services xl Module automatically adopts radio ports (RPs) that it detects on the network. For more security, you can disable automatic RP adoption and configure the module to adopt only those RPs for which you manually enter the MAC address. In either case, your network must meet certain requirements in order for the module to detect the RP.
PAGE 97
Configuring the ProCurve Wireless Services xl Module Radio Port Adoption In addition to creating the default Radio Port VLAN, the wireless servicesenabled switch automatically configures the module’s downlink port as a tagged member of VLAN 2100. The downlink port handles the traffic sent to and from RPs. If you attach RPs to a PoE module that is installed in the wireless servicesenabled switch, the switch automatically configures each RP’s switch port as an untagged member of the default Radio Port VLAN.
PAGE 98
Configuring the ProCurve Wireless Services xl Module Radio Port Adoption Figure 2-17. RPs Attached to the Wireless Services-Enabled Switch Are Automatically Assigned to an Radio Port VLAN Attaching RPs to Infrastructure Switches If you connect an RP to an infrastructure switch, rather than to the wireless services-enabled switch, the VLAN memberships are not automatically created on the infrastructure switch.
PAGE 99
Configuring the ProCurve Wireless Services xl Module Radio Port Adoption management VLAN. (See Figure 2-18.) However, if the downlink ports on both switches carry only traffic from the Radio Port VLAN, you can make these ports untagged members of the Radio Port VLAN. Figure 2-18. Radio Port VLAN for an Indirectly Connected RP Instead of using the default Radio Port VLAN, you can use any VLAN in your network—even a VLAN that is used to transmit wired traffic.
PAGE 100
Configuring the ProCurve Wireless Services xl Module Radio Port Adoption to a VLAN used to transmit other types of traffic. To simplify management and troubleshooting, however, ProCurve Networking recommends that you dedicate a VLAN to RP traffic. Figure 2-19. Manually Creating Radio Port VLANs For more information about Radio Port VLANs, see Chapter 1: Introduction.
PAGE 101
Configuring the ProCurve Wireless Services xl Module Radio Port Adoption Note You might also need to perform some configuration tasks on the wireless services-enabled switch, such as raising the maximum number of VLANs.
PAGE 102
Configuring the ProCurve Wireless Services xl Module Radio Port Adoption Configuring Manual Adoption for RPs To manually adopt RPs, you must edit the global settings for RPs: 1. Click Network Setup > Radio and select the Configuration tab. 2. Click the Global Settings button. Figure 2-20. Network Setup > Radio > Global Settings Screen 2-36 3. Click the Adopt unconfigured radios automatically box to remove the check mark. 4. Click OK to apply the change to the running-config. 5.
PAGE 103
Configuring the ProCurve Wireless Services xl Module Radio Port Adoption Figure 2-21. Device Information > Radio Ports/LAN Statistics Screen 6. Click Network Setup > Radio and select the Configuration tab. 7. Click the Add button at the bottom of the screen.
PAGE 104
Configuring the ProCurve Wireless Services xl Module Radio Port Adoption Figure 2-22. Add Radio Screen 8. In the Radio Index field, enter a number to identify this RP. 9. In the MAC Address field, enter the MAC address for the RP. 10. Select the radio type—either 802.11a or 802.11bg. 11. Click OK. The RP’s radios are added to the Network Setup > Radio screen, but it takes a few seconds for the green checkmark to appear in the Adopted field. 802.
PAGE 105
Configuring the ProCurve Wireless Services xl Module Radio Port Adoption The default username and password on all ProCurve 200 Series RPs are admin and procurve. ProCurve Networking suggests that you change these settings, using a Wireless Edge Services xl Module to load new credentials on your organization’s RPs. You can then move these RPs to their final locations and be sure that only they can connect to your network. Configuring 802.1X Authentication for RPs To configure 802.
PAGE 106
Configuring the ProCurve Wireless Services xl Module Radio Port Adoption Figure 2-24. Configure Port Authentication Screen 4. 2-40 Configure a username and password. • Select the Default values box to use the default username and password: – username: admin – password: procurve • Or, in the Username and Password fields, enter the username and password you want to use. 5. Click OK. 6. Click OK again. 7. Click the Save button in the navigation bar to save the changes to the startup-config.
PAGE 107
Configuring the ProCurve Wireless Services xl Module System Maintenance System Maintenance The Web browser interface allows you to manage: ■ software images ■ configuration files ■ SNMP support Software Images The Wireless Edge Services xl Module maintains two software images: ■ primary ■ secondary Typically, the primary image loads when the Wireless Edge Services xl Module is rebooted. However, you can configure the module to reboot with either the primary or the secondary image.
PAGE 108
Configuring the ProCurve Wireless Services xl Module System Maintenance Viewing the Software Images To view the version of the primary and secondary images, access the Management > System Maint.—Software screen. (See Figure 2-25.) Figure 2-25. Management > System Maint.—Software Screen The Management > System Maint.—Software screen includes the following fields: 2-42 ■ Image—This field indicates if the image is the primary or secondary image.
PAGE 109
Configuring the ProCurve Wireless Services xl Module System Maintenance ■ Next Boot—This field determines if the software image will be used to boot the Wireless Edge Services xl Module the next time the module is reloaded. A green check mark indicates the image will be used; a red x indicates the image will not be used. ■ Built Time—This field reports the date and time that this software image was created.
PAGE 110
Configuring the ProCurve Wireless Services xl Module System Maintenance Changing the Image Failover Setting When the Wireless Edge Services xl Module reboots, it attempts to initialize the software image you have selected for the next reboot. If this attempt fails, the module tries one more time to initialize the software image. If this second consecutive attempt fails, by default the module automatically reboots using the other software image.
PAGE 111
Configuring the ProCurve Wireless Services xl Module System Maintenance Figure 2-28. Software Global Settings Screen 3. Remove the checkmark from the Enable Image Failover box. 4. Click OK. The change is applied to the running-config. 5. To save this change to the startup-config, click the Save button at the bottom of the navigation bar. Manually Updating the Software Image ProCurve Networking periodically updates the software image for the Wireless Edge Services xl Module.
PAGE 112
Configuring the ProCurve Wireless Services xl Module System Maintenance Figure 2-29. Upgrade Software Image Screen 4. In the From field, accept the default setting, Server. 5. In the File field, enter the name of the new image file. 6. In the Using field, use the drop-down menu to select FTP or TFTP, depending on the type of server you have. 7. In the IP Address field, enter the IP address of the FTP or TFTP server. 8. If you are using an FTP server, enter the login credentials for that server.
PAGE 113
Configuring the ProCurve Wireless Services xl Module System Maintenance Configuration Files The Wireless Edge Services xl Modules ships with a factory default startupconfig file. Factory default settings include: ■ support for HTTP and HTTPS ■ support for SNMP v1, v2, and v3 ■ DHCP-assigned IP address for the default management interface As you configure the Wireless Edge Services xl Module and save changes, these changes are saved to the startup-config.
PAGE 114
Configuring the ProCurve Wireless Services xl Module System Maintenance Figure 2-30. Management > System Maint.—Config Files To view the contents of a configuration file, select the file and click the View button at the bottom of the screen. For example, you might want to view the startup-config file. (See Figure 2-31.
PAGE 115
Configuring the ProCurve Wireless Services xl Module System Maintenance Figure 2-31. Viewing the Contents of the startup-config Click the Refresh button to update the information displayed in the screen. Click the Close button to return to the Management > System Maint.—Config Files screen.
PAGE 116
Configuring the ProCurve Wireless Services xl Module System Maintenance Transferring, or Copying, Files The Web browser interface allows you to transfer, or copy, configuration files. You simply specify a source and a destination for the transfer. Valid selections are listed in Table 2-2: Table 2-2.
PAGE 117
Configuring the ProCurve Wireless Services xl Module System Maintenance Figure 2-32. Management > System Maint.—Config Files > Transfer Screen 3. 4. 5. Specify the source as an FTP or TFTP server. a. In the From field under Source, use the drop-down menu to select Server. b. In the File field, enter the name of the configuration file. c. In the Using field, use the drop-down menu to select either FTP or TFTP. d. In the IP Address field, enter the IP address of the FTP or TFTP server. e.
PAGE 118
Configuring the ProCurve Wireless Services xl Module System Maintenance Transferring Configuration Files from the Wireless Edge Services xl Module to Another Destination You can copy a configuration file from the Wireless Edge Services xl Module to the module itself, an FTP server, a TFTP server, or the hard drive of your workstation. Complete the following steps: 1. Access the Management > System Maint.—Config Files screen. 2. Specify the source as the Wireless Edge Services xl Module. a.
PAGE 119
Configuring the ProCurve Wireless Services xl Module System Maintenance 3. 4. Specify the destination. a. Specify an FTP or TFTP server as the destination. i. In the To field under Target, use the drop-down menu to select Server. ii. In the File field, enter the name of the configuration file. iii. In the Using field, use the drop-down menu to select either FTP or TFTP. iv. In the IP Address field, enter the IP address of the FTP or TFTP server. v.
PAGE 120
Configuring the ProCurve Wireless Services xl Module System Maintenance Figure 2-34. Confirm File Delete Prompt 2. Note Click Yes to delete the file. If you attempt to delete the startup-config file, the Web browser interface allows you to go through the steps of deleting the file, but when you confirm that you want to delete the file, the following message is displayed at the bottom of the navigation bar: You have selected the system startup-config file. This file cannot be edited.
PAGE 121
Configuring the ProCurve Wireless Services xl Module System Maintenance 2. Click Yes if you want to revert to factory settings. A prompt is displayed, telling you that the Wireless Edge Services xl Module must be rebooted in order for the change to take effect. 3. Click Yes to reboot the module.
PAGE 122
Configuring the ProCurve Wireless Services xl Module System Maintenance Whenever the module requests the software image file from the Update Server, it also requests the configuration file. The configuration file that the Update Server sends must be exactly the same as the startup-config saved on the module. You can ensure that these files are the same by always saving the latest startup-config to the Update Server.
PAGE 123
Configuring the ProCurve Wireless Services xl Module System Maintenance Avoiding Problems in Using the Update Server To ensure that the Wireless Edge Services xl Module does not boot with the wrong software image or the factory default settings, follow these guidelines: ■ Keep the Update Server settings current.
PAGE 124
Configuring the ProCurve Wireless Services xl Module System Maintenance Table 2-3.
PAGE 125
Configuring the ProCurve Wireless Services xl Module System Maintenance Table 2-4 shows which software image and configuration file are loaded in other circumstances. Table 2-4.
PAGE 126
Configuring the ProCurve Wireless Services xl Module System Maintenance Figure 2-36. Management System Maint.—Update Server Screen 2-60 2. Check the Update Server Unreachable box if you do not want the Wireless Edge Services xl Module to use the Update Server. 3. In the IP Address field, enter the IP address of the FTP or TFTP server on which the software image is saved. 4.
PAGE 127
Configuring the ProCurve Wireless Services xl Module System Maintenance 6. Configure the version number, filename and path for the software image. a. In the Version field under Software, enter the version of the software image that is stored on the FTP or TFTP server. b. In the File Name (with Path) field, enter the name of the file that contains the software image and the path to that filename (if the path is required by the Update Server).
PAGE 128
Configuring the ProCurve Wireless Services xl Module SNMP Traps and Error Reporting SNMP Traps and Error Reporting By default, the Wireless Edge Services xl Module supports SNMP v1, v2, and v3. To view these default settings, click Management in the left navigation bar. (See Figure 2-37.) Figure 2-37. Management Screen In addition to providing support for SNMP applications, SNMP v3 is required for the Web browser interface to function.
PAGE 129
Configuring the ProCurve Wireless Services xl Module SNMP Traps and Error Reporting SNMP support also enables you to set up alarms on the Wireless Edge Services xl Module. You simply enable the SNMP traps for the alarms you want to log. (For more information, see “Enabling SNMP Traps” on page 2-69.
PAGE 130
Configuring the ProCurve Wireless Services xl Module SNMP Traps and Error Reporting Figure 2-38. Management > SNMP Access > v1/v2c Screen 2. Click the Edit button. Figure 2-39. Edit SNMP v1/v2c Screen 3. 2-64 In the Community Name field, enter the new name for the community.
PAGE 131
Configuring the ProCurve Wireless Services xl Module SNMP Traps and Error Reporting Note 4. In the Access Control field, use the pull-down menu to select the access control. 5. Click the OK button. The changes are applied to the running-config. When you edit SNMP settings and click the OK button, the changes are applied to the running-config, and you cannot revert back to previous settings.
PAGE 132
Configuring the ProCurve Wireless Services xl Module SNMP Traps and Error Reporting Figure 2-40. Management > SNMP Access > V3 Screen 2. Click the Edit button. Figure 2-41.
PAGE 133
Configuring the ProCurve Wireless Services xl Module SNMP Traps and Error Reporting 3. In the Old Password field, enter the current password. 4. In the New Password and Confirm New Password fields, enter the new password. 5. Click the OK button. If you change the password for the manager user, you are logged out of the Web browser interface and must enter the new password to log back in to the interface. SNMP Statistics You can view a number of SNMP statistics.
PAGE 134
Configuring the ProCurve Wireless Services xl Module SNMP Traps and Error Reporting Figure 2-42. Management > SNMP Access > Statistics Screen SNMP Traps To generate alarm logs, you must enable the Wireless Edge Services xl Module to generate SNMP traps, and you must enable specific SNMP traps. For example, you may want the module to generate an alarm if file system space becomes low or if a user fails to authenticate.
PAGE 135
Configuring the ProCurve Wireless Services xl Module SNMP Traps and Error Reporting Enabling SNMP Traps By default, all SNMP traps are disabled. To enable SNMP traps, complete the following steps: 1. Click Management > SNMP Trap Configuration and select the Configuration tab. The SNMP traps for the Wireless Edge Services xl Module are divided into the following categories: • Redundancy • Miscellaneous • NSM • SNMP • Wireless Figure 2-43.
PAGE 136
Configuring the ProCurve Wireless Services xl Module SNMP Traps and Error Reporting 2. Select the Allow Traps to be generated box. 3. To view the SNMP traps in a category, click the Plus sign next to the category. To view the SNMP traps in all categories, click the Expand all items button. 4. To enable all the traps, select All Traps and click the Enable all sub-items button. 5. To enable all the SNMP traps in a category, select the category and click the Enable all sub-items button. 6.
PAGE 137
Configuring the ProCurve Wireless Services xl Module SNMP Traps and Error Reporting Disabling SNMP Traps If you enable an SNMP trap and later decide that you want to disable it, complete the following steps: 1. Click Management > SNMP Trap Configuration and select the Configuration tab. 2. To disable a specific SNMP trap, expand the SNMP category. Select the SNMP trap that you want to disable and click the Disable button, or doubleclick the SNMP trap. 3.
PAGE 138
Configuring the ProCurve Wireless Services xl Module SNMP Traps and Error Reporting Figure 2-45. Management > SNMP Trap Configuration > Wireless Statistics Thresholds Screen Table 2-6 shows which thresholds you can set for stations, radios, WLANs, and the Wireless Edge Services xl Module itself. Table 2-6.
PAGE 139
Configuring the ProCurve Wireless Services xl Module SNMP Traps and Error Reporting Thresholds Set for Station, Radio, WLAN, or Module Undecrypt Received Packets Station, radio, or WLAN Total Stations Radio, WLAN, or module You can also configure the minimum number of packets required to send an SNMP trap. By default, the minimum number of packets is 1,000. Sending Traps to an SNMP Receiver SNMP agents send only one type of unsolicited message: trap messages.
PAGE 140
Configuring the ProCurve Wireless Services xl Module SNMP Traps and Error Reporting Figure 2-46. Management > SNMP Trap Receivers and Add Trap Receiver Screens 3. In the Trap Receiver IP Address, enter the IP address of the SNMP server. 4. Click OK. The configuration change is applied to the running-config. 5. To save the change to the startup-config, press the Start button at the bottom of the navigation bar. Viewing Information about SNMP Receivers.
PAGE 141
Configuring the ProCurve Wireless Services xl Module SNMP Traps and Error Reporting Figure 2-47. Management > SNMP Trap Receivers Screen Editing an SNMP Trap Receiver. If you define an SNMP trap receiver and later need to change its IP address, complete the following steps: 1. Click Management > SNMP Trap Receivers. 2. Click the Edit button. 3. Change the IP address and click the OK button. 4. Click the Save button in the navigation bar to save the change to the startup-config.
PAGE 142
Configuring the ProCurve Wireless Services xl Module Radio Port Licenses Radio Port Licenses Each Wireless Edge Services xl Module (J9001A) ships with 12 nonremovable RP licenses. When you install the Wireless Edge Services xl Module into a switch, the module can automatically adopt up to 12 RPs. If you move the Wireless Edge Services xl Module to another switch, these 12 RP licenses move with the module. They cannot be uninstalled or transferred to another Wireless Edge Services xl Module.
PAGE 143
Configuring the ProCurve Wireless Services xl Module Radio Port Licenses It is possible, however, to move additive licenses—those purchased through the Wireless Services Module 12 RP License—from one Wireless Edge Services xl Module to another. For example, suppose your company’s marketing department moved from the North building to the South building at your company’s main office.
PAGE 144
Configuring the ProCurve Wireless Services xl Module Radio Port Licenses Figure 2-48. Sample Network with Additive Licenses Installed on the Wireless Services-Enabled Switch in the North Building In situations such as this one, you can uninstall the Wireless Services Module 12 RP License from the Wireless Edge Services xl Module in the North building. You can then install the Wireless Services Module 12 RP License on the Wireless Edge Services xl Module in the South building.
PAGE 145
Configuring the ProCurve Wireless Services xl Module Radio Port Licenses Figure 2-49.
PAGE 146
Configuring the ProCurve Wireless Services xl Module Radio Port Licenses Only the Wireless Edge Services xl Module (J9001A) has RP licenses. The Redundant Wireless Services xl Module does not include radio port licenses and cannot independently adopt radio ports. When the Redundant Wireless Services xl Module is configured as part of a Redundancy Group, however, it can adopt radio ports under certain circumstances (such as the Wireless Edge Services xl Module fails).
PAGE 147
Configuring the ProCurve Wireless Services xl Module Radio Port Licenses Understanding the Numbers: IDs and Keys Installing and uninstalling the Wireless Services Module 12 RP License involves several different numbers: ■ Registration ID—The Wireless Services Module 12 RP License includes a registration ID. You do not input this number to install the license.
PAGE 148
Configuring the ProCurve Wireless Services xl Module Radio Port Licenses Figure 2-50. My ProCurve Web Portal 4. 2-82 Click ProCurve Device Software. You can now begin to generate a license key. (See Figure 2-51.
PAGE 149
Configuring the ProCurve Wireless Services xl Module Radio Port Licenses Figure 2-51. Enter the Registration ID 5. Enter the registration ID that you located in step 1 in the Registration ID field and click Next. The Hardware ID page is displayed. 6. Find out the hardware ID for the Wireless Edge Services xl Module. a. Open a second browser (if you have not already done so) and access the Web browser interface for the Wireless Edge Services xl Module. b.
PAGE 150
Configuring the ProCurve Wireless Services xl Module Radio Port Licenses Figure 2-52. The License-Install Summary Screen c. Click the Install button at the bottom of the screen. The Install License (Step 1 and Step 2) screen is displayed. (See Figure 2-53.) Figure 2-53.
PAGE 151
Configuring the ProCurve Wireless Services xl Module Radio Port Licenses d. Under Generate Hardware ID section, click the Gen-Hw-ID button. e. When a number is displayed in the System Generated Hardware ID field, copy it or write it down. You must enter this number on the My ProCurve Web portal. 7. Return to the My ProCurve Web portal. In the Enter Hardware ID# field, paste (using Ctrl-V) or enter the hardware ID. 8. Enter notes in the Customer Notes field. This field is optional.
PAGE 152
Configuring the ProCurve Wireless Services xl Module Radio Port Licenses To simplify the process of uninstalling a license, you may want to use two Web browsers as you complete the following steps: 1. Access the Web browser interface for the Wireless Edge Services xl Module. 2. Click Management > Licenses > License-Install Summary. 3. Highlight the license you want to uninstall and click the Uninstall button at the bottom of the screen. The Un-Install License screen is displayed. (See Figure 2-54.
PAGE 153
Configuring the ProCurve Wireless Services xl Module Radio Port Licenses Note If you forget or misplace the uninstall verification key, you can view it by clicking Management > Licenses> License_Uninstall Summary. Alternately, you can enter the show licenses uninstalled from the CLI. This command displays the last uninstall verification key that was generated by the Wireless Edge Services xl Module. 9. Access the My ProCurve Web portal at http://my.procurve.com and sign in. 10.
PAGE 154
Configuring the ProCurve Wireless Services xl Module Radio Port Licenses To transfer the Wireless Services Module 12 RP License to another Wireless Edges Services xl Module, complete the installation steps as described in “Installing the RP Licenses” on page 2-81. Redundancy Groups and RP Licensing To ensure high availability of your company’s wireless services, you can create a redundancy group. In addition to the Wireless Edge Services xl Module, you need a Redundant Wireless Services xl Module.
PAGE 155
Configuring the ProCurve Wireless Services xl Module System Time System Time Because the Wireless Edge Services xl Module supports the Simple Network Time Protocol (SNTP), you can configure it to take its time from an SNTP server. This ensures that the module is always using the correct time, which helps you maintain and monitor your company’s wireless services. You can define up to three SNTP servers. To define an SNTP server, complete the following steps: 1. Click Special Features > Time. Figure 2-57.
PAGE 156
Configuring the ProCurve Wireless Services xl Module Certificates 3. In the SNTP Server 1 field, enter the IP address of the SNTP server. The module uses the default SNTP port 123 to communicate with the SNTP server. 4. Define additional SNTP servers as needed. 5. View the date and time. • Date (MM/DD/YYYY)—The date is listed in the month/date/year format. • Time (HH:MM:SS)—The time is listed in hours, minutes, and seconds. 6.
PAGE 157
Configuring the ProCurve Wireless Services xl Module Certificates To fully authenticate a host, the peer must also have the CA’s certificate in its system. This certificate includes the CA’s public key, which the peer uses to verify the CA’s signature. A genuine CA signature attests that the holder of a certificate is who it says it is. Your CA should also issue you a certificate revocation list (CRL), which lists current and expired certificates of hosts that you trust.
PAGE 158
Configuring the ProCurve Wireless Services xl Module Certificates Figure 2-58. Create Self-Signed Certificate Screen 2-92 3. Create a default certificate by clicking the Automatically generate certificate with default values box. The other options on the screen are greyed out. 4. If you do not want to use the default certificate, configure a self-signed certificate. a. In the Country field, enter the two-character abbreviation for your country. b. In the State/Prov.
PAGE 159
Configuring the ProCurve Wireless Services xl Module Certificates f. In the Common Name, enter the URL you use to access the Web browser interface. As the warning in Figure 2-58 points out, the text you enter here must match the URL exactly. g. In the Email Address field, enter the email address that other network administrators can use to contact you or the person responsible for managing the Wireless Edge Services xl Module. This field is optional. 5. Click the Create and Install button.
PAGE 160
Configuring the ProCurve Wireless Services xl Module Certificates Figure 2-59. Create Certificate Request Screen 3. In the Country field, enter the two-character abbreviation for your country. 4. In the State/Prov. field, enter the state or province in which the module operates. 5. In the City field, enter the city in which the module operates. 6. In the Organization field, enter your company’s name. 7. In the Org. Unit field, enter the appropriate department name. 8.
PAGE 161
Configuring the ProCurve Wireless Services xl Module Certificates 11. Click the Create button. If you have included a special character in the certificate request, a prompt is displayed, telling you that there is a problem. Figure 2-60. Special Characters in Certificate Request Prompt 12. Click No to return to the Create Certificate Request screen and fix the problem. Click the Create button again. Figure 2-61.
PAGE 162
Configuring the ProCurve Wireless Services xl Module Certificates 13. Click the Save button to save the certificate to your workstation hard drive. You can then submit the request to a CA. Upload a Certificate to the Module After a CA issues your company a certificate, you must upload it to the Wireless Edge Services xl Module: 1. Click Management > Server Certificates. 2. Click the Upload Certificate button at the bottom of the screen. Figure 2-62. Upload Certificate Screen 2-96 3.
PAGE 163
Configuring the ProCurve Wireless Services xl Module Certificates • Organization • Organizational Unit • Common name • Distinguished name of the CA that issued the certificate • Day the certificate became valid • Day that the certificate expires 5. If the information is correct, click the Install button. (If the information is not correct, click the Back button and check to ensure you are using the correct certificate.) 6.
PAGE 164
Configuring the ProCurve Wireless Services xl Module Certificates View Information about the Module’s Certificate To view information about the module’s certificate, click Management > Server Certificates. Figure 2-64. Management > Server Certificate Screen You can view the following information: ■ 2-98 Current Trustpoint—lists the entity that issued the certificate. If a CA issued the certificate, the CA is listed.
PAGE 165
Configuring the ProCurve Wireless Services xl Module Certificates ■ Issued To—lists information about the Wireless Edge Services xl Module. • Country • State/Province • City • Organization • Organizational Unit • Common name ■ Issued By—lists the distinguished name of the CA that issued the certificate ■ Validity—lists the day the certificate became valid and the day that the certificate expires.
PAGE 166
Configuring the ProCurve Wireless Services xl Module Certificates 2-100
PAGE 167
3 Wireless Local Area Networks (WLANs) Contents Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3 Configuration Options: Normal Versus Advanced Mode . . . . . . . . . . . . . . 3-4 Normal Mode Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-4 Why Use Normal Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-4 Enabling WLANs Using Normal Mode . . . . . . . . . . . . . . . . . .
PAGE 168
Wireless Local Area Networks (WLANs) Contents VLAN Assignment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-62 WLAN-Based VLAN Assignment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-63 Considerations for WLAN-Based VLAN Assignment . . . . . . . . . . 3-66 Identity-Based, or Dynamic, VLAN Assignment . . . . . . . . . . . . . . . . . 3-69 Traffic Management (QoS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 169
Wireless Local Area Networks (WLANs) Overview Overview A wireless LAN (WLAN) is a LAN that uses a wireless medium. The WLAN might include multiple radio ports (RPs), each of which is identified by an individual basic service set identifier (BSSID), and each of which transits traffic to and from a set of wireless stations. These stations can roam between RPs, which as long as they share the same SSID, provide access to the same WLAN.
PAGE 170
Wireless Local Area Networks (WLANs) Configuration Options: Normal Versus Advanced Mode Configuration Options: Normal Versus Advanced Mode When the Wireless Edge Services xl Module deploys a WLAN’s configuration to an RP, it assigns SSID associated with that WLAN to a BSSID on the RP’s radio (or radios). You can configure the module to assign WLANs to RPs in one of two modes: normal or advanced.
PAGE 171
Wireless Local Area Networks (WLANs) Configuration Options: Normal Versus Advanced Mode Enabling WLANs Using Normal Mode In normal mode, you follow these steps to configure and activate WLANs: 1. Configure the SSID, VLAN, and other options for each WLAN that you want to include in your network. See “Configuring a WLAN” on page 3-27 for instructions on how to do so. 2. In the Network Setup > Radio Setup screen, select the WLANs and click Enable.
PAGE 172
Wireless Local Area Networks (WLANs) Configuration Options: Normal Versus Advanced Mode Figure 3-2 shows the screen in which you can verify that radios have received the WLAN assignment. Figure 3-2. Assigning WLANs to a Radio (Normal) To view the screen in Figure 3-2, select Network Setup > Radio and select the WLAN Assignment tab. Select a radio, and information displays in the area in the right of the screen, called Assigned WLANs.
PAGE 173
Wireless Local Area Networks (WLANs) Configuration Options: Normal Versus Advanced Mode Figure 3-3. Assigning WLANs to the Second Radio (Normal) You must understand that these assignments are constant: WLAN 2 is always assigned to BSSID 2, even if you have not enabled WLAN 1. Enabling More Than Four WLANs Using Normal Mode Using normal mode, you can configure and enable up to 16 WLANs, which all adopted RP radios will support.
PAGE 174
Wireless Local Area Networks (WLANs) Configuration Options: Normal Versus Advanced Mode As always, if the RP includes two radios, every WLAN is assigned to a BSSID on each. This process is illustrated in the figures below. Figure 3-4.
PAGE 175
Wireless Local Area Networks (WLANs) Configuration Options: Normal Versus Advanced Mode Figure 3-5. Viewing Six WLANs Assigned to a Radio (Normal) RP radios send beacon frames to announce the WLANs that they support. The source of a beacon frame is a BSSID, and each beacon can include only one SSID. Therefore, if you enable more than four WLANs, RPs support all, but only announce four, of them.
PAGE 176
Wireless Local Area Networks (WLANs) Configuration Options: Normal Versus Advanced Mode While you can configure WLANs 1 through 4 to operate in closed system, doing so does not enable any WLANs that may share their BSSIDs to operate in open system. The RP simply does not send the SSID for any WLAN on beacons from that BSSID. See “Enabling Closed System Operations” on page 3-54 to learn how to configure this feature. Again, note that the WLAN assignments are constant.
PAGE 177
Wireless Local Area Networks (WLANs) Configuration Options: Normal Versus Advanced Mode Table 3-1. WLAN Assignment to BSSID SSIDs for WLANs BSSID 1, 5, 9, 13 1 2, 6, 10, 14 2 3, 7, 11, 15 3 4, 8, 12, 16 4 When deciding which WLAN index number to use for a WLAN, keep in mind that this number determines on which BSSID RPs carry that WLAN’s traffic. You should generally avoid mixing bulk data and time-sensitive data such as voice on the same BSSID.
PAGE 178
Wireless Local Area Networks (WLANs) Configuration Options: Normal Versus Advanced Mode Why Use Advanced Mode Reasons that you might use advanced mode include: ■ You want to restrict access to a WLAN to a certain area. For example, if a WLAN allows wireless users to access sensitive financial information, you might not want your network to support that WLAN, even protected by encryption, in a public lobby. Advanced mode allows you to assign a WLAN to certain RPs only, so you control where the WLAN exists.
PAGE 179
Wireless Local Area Networks (WLANs) Configuration Options: Normal Versus Advanced Mode ■ You want your RPs to announce more than four SSIDs. While a single RP radio can only beacon four SSIDs, it is possible to customize WLAN assignments so that different RP radios beacon different SSIDs. That is, you can configure certain WLANs as the primary WLANs on some of your organization’s RPs, and other WLANs as primary on others.
PAGE 180
Wireless Local Area Networks (WLANs) Configuration Options: Normal Versus Advanced Mode Figure 3-8. Enabling Advanced Configuration 3. Enable the WLANs. 4. You must now manually assign the WLANs to RP radios. You can do this in two ways: • You can manually assign WLANs as a part of a default configuration to be sent to any newly adopted RP. In this case, the Wireless Edge Services xl Module deploys the WLAN configuration to all RP radios when they are adopted, as it would in normal mode.
PAGE 181
Wireless Local Area Networks (WLANs) Configuration Options: Normal Versus Advanced Mode You can use both types of advanced configuration in conjunction. For example, you can create a radio adoption default configuration, but then override that configuration for specific RP radios after they are adopted. For more security, you could leave the radio adoption default configuration empty so that newly adopted RP radios do not immediately support your network’s WLANs.
PAGE 182
Wireless Local Area Networks (WLANs) Configuration Options: Normal Versus Advanced Mode For example, to restrict WLAN 1 to one building, you will explicitly assigned that WLAN to RPs in that building, as described in “Manually Assigning WLANs to a Specific Radio” on page 3-19. All other RPs in the wireless network should support WLANs 2 through 5. You create a default configuration for both types of radios (802.11a and 802.11bg), in which you assign these WLANs.
PAGE 183
Wireless Local Area Networks (WLANs) Configuration Options: Normal Versus Advanced Mode Note Depending on whether you enable WLANs or advanced mode configuration first, the radio adoption configuration begins with either the normal WLAN assignment or an empty WLAN assignment. Leaving the WLAN assignment in the default configurations empty is not necessarily undesirable: it can increase security.
PAGE 184
Wireless Local Area Networks (WLANs) Configuration Options: Normal Versus Advanced Mode Note If your network includes radios of both types, you should remember to configure a default WLAN assignment for each. Typically, these assignments should match. 4. Check the Assign boxes to choose the WLANs that you want to assign to the radio. Click Apply. 5. If you want to assign a specific WLAN to a specific BSSID number, or if you want to choose the primary WLAN, complete steps 6 through 9. 6.
PAGE 185
Wireless Local Area Networks (WLANs) Configuration Options: Normal Versus Advanced Mode 9. Select Apply. Manually Assigning WLANs to a Specific Radio. Select this option to alter the WLAN assignment on a specific radio, whether because it should support different WLANs than other radios or because it was adopted before changes were made to a WLANs assignment in the radio adoption default configuration. Follow these steps: 1. Select Network Setup > Radio and select the radio that you want to configure.
PAGE 186
Wireless Local Area Networks (WLANs) Configuration Options: Normal Versus Advanced Mode 4. You can assign SSIDs either to the radio as a whole or to a specific BSSID. For example, you could assign SSIDs to the radio if: • you are assigning four or fewer WLANs to the radio • you are assigning more than four WLANs, but you want the radio to advertise the four with the lowest index numbers Complete step 5 to assign SSIDs to the radio as a whole. Complete step 6 to assign SSIDs to a specific BSSID. 5.
PAGE 187
Wireless Local Area Networks (WLANs) Configuration Options: Normal Versus Advanced Mode Figure 3-13. Assigning WLANs to a BSSID on a Radio 7. c. You can select which SSID RPs include in beacons by selecting a WLAN from the Primary WLAN drop-down menu. d. Repeat this step for the other BSSIDs until you have assigned all the WLANs that you want this radio to support. Generally, you should assign at least one WLAN to each BSSID before you add multiple WLANs to a BSSID.
PAGE 188
Wireless Local Area Networks (WLANs) Configuration Options: Normal Versus Advanced Mode Figure 3-14. Selected WLANs Assigned to Radio 1 (Using Advanced Mode) When you assign WLANs to the radio as a whole, as opposed to the BSSID, the Wireless Edge Services xl Module allocates SSIDs to the radio’s four BSSIDs much as it does in normal mode. However, only the SSIDs of the WLANs that you selected are part of the process.
PAGE 189
Wireless Local Area Networks (WLANs) Configuration Options: Normal Versus Advanced Mode Figure 3-15. Manually Assigning WLANs to an RP Radio Figure 3-14 shows the Network Setup > Radio screen in which you would check this configuration. If you had assigned a fifth WLAN to the radio, then two SSIDs would be assigned to BSSID 1, and beacons would advertise only one of these SSIDs.
PAGE 190
Wireless Local Area Networks (WLANs) Configuration Options: Normal Versus Advanced Mode 3. In the Network Setup > WLAN Setup screen, select the WLANs and click Enable. 4. Click Global Settings. 5. Check the box for Advanced Configuration and click OK. 6. If necessary, tailor the radio adoption default configurations: 7. a. Select Network Setup > Radio Adoption Defaults > WLAN Assignment. b.
PAGE 191
Wireless Local Area Networks (WLANs) Configuration Options: Normal Versus Advanced Mode You must check the WLAN assignment for all of the following configurations: ■ the radio adoption default configuration for 802.11a radios ■ the radio adoption default configuration for 802.11bg radios ■ the configuration for every RP radio adopted by your module To disable advanced mode configuration: 1. Select Network Setup > WLAN Setup. 2. Click Global Settings. 3.
PAGE 192
Wireless Local Area Networks (WLANs) Configuration Options: Normal Versus Advanced Mode Figure 3-17. Failing to Disable Advanced Configuration Click OK. You can now either: • check the WLAN assignments on all radios and default configurations, reassigning SSIDs to BSSIDs as described at the beginning of this section • execute a forced disable by selecting Yes Select Yes to force advanced mode to disable.
PAGE 193
Wireless Local Area Networks (WLANs) Configuring a WLAN Configuring a WLAN To configure a WLAN, you must set: ■ the SSID ■ the VLAN in which traffic will be forwarded ■ security options, which include: • authentication method • encryption standard Optionally, you can configure: ■ ■ advanced settings for individual WLANs, which include: • inter-station blocking • closed system operations • inactivity timeouts global settings for all WLANs, which include: • proxy Address Resolution Protocol
PAGE 194
Wireless Local Area Networks (WLANs) Configuring a WLAN Figure 3-18. Network Setup > WLAN Setup > Configuration Screen As you can see in Figure 3-18, this screen displays the 32 WLANs available for configuration. Remember that in normal configuration mode, you can only configure WLANs 1 through 16. On the Wireless Edge Services xl Module, you do not create WLANs as such. The module has already created them; you configure options for and enable the WLANs.
PAGE 195
Wireless Local Area Networks (WLANs) Configuring a WLAN The second column indicates whether the WLAN has been enabled. The Wireless Edge Services xl Module does not deploy a WLAN configuration to RPs until you enable the WLAN. By default, all WLANs are disabled. The third column displays the WLAN’s SSID. By default, this SSID simply indicates the WLAN’s index number. You will change this to a network name when you configure the WLAN.
PAGE 196
Wireless Local Area Networks (WLANs) Configuring a WLAN The screen illustrated in Figure 3-19 displays: this is the Edit screen for that WLAN. In this screen, you configure settings for your WLAN. Figure 3-19. Editing a WLAN In the Configuration section, you should set: ■ the SSID ■ the VLAN ID You can also enter a description, if you so desire. Configure security standards in the Authentication and Encryption sections. If you so desire, you can configure advanced options in the Advanced section.
PAGE 197
Wireless Local Area Networks (WLANs) Configuring a WLAN The following sections explain in more detail how to configure these settings. The advanced options that deal specifically with QoS are described in “Traffic Management (QoS)” on page 3-71. SSID The SSID identifies the WLAN: it is the name that users see when they search for wireless networks to which to connect (as long as the WLAN operates in open system).
PAGE 198
Wireless Local Area Networks (WLANs) Configuring a WLAN Figure 3-20. Configuring the SSID When you enable the WLAN, the Wireless Edge Services xl Module automatically configures this SSID on all adopted RP radios (as long as you are using normal mode). For more information on how the module does so, see “Normal Mode Configuration” on page 3-4. In the Description field, enter information about this WLAN to remind you and other administrators of its purpose.
PAGE 199
Wireless Local Area Networks (WLANs) Configuring a WLAN VLAN The Wireless Edge Services xl Module tags all traffic received from RPs for a VLAN so that it can forward this traffic to other devices on your private network. By default, the module places all wireless traffic in VLAN 1. If your network only uses one subnet, then this configuration is adequate. Many networks, however, include multiple subnets, of which VLAN 1 is often the management VLAN.
PAGE 200
Wireless Local Area Networks (WLANs) Configuring a WLAN For example, traffic from the WLAN shown in Figure 3-21, which uses the SSID MyWLAN, is placed in VLAN 10. You can tag wireless traffic for one of your network’s user VLANs, or you can create a separate VLAN entirely dedicated to wireless stations. The VLAN for which the Wireless Edge Services xl Module tags WLAN traffic is called an uplink VLAN.
PAGE 201
Wireless Local Area Networks (WLANs) Configuring a WLAN The Wireless Edge Services xl Module supports three types of authentication: ■ 802.1X Extensible Authentication Protocol (EAP) ■ Web authentication (Web-Auth) ■ media access control (MAC) authentication The first two types of authentication, which are configured as part of an individual WLAN’s settings, are mutually exclusive. A WLAN can require stations to authenticate using 802.1X or using Web-Auth.
PAGE 202
Wireless Local Area Networks (WLANs) Configuring a WLAN Figure 3-22. Enabling 802.1X Authentication To configure 802.1X authentication for a WLAN: 3-36 1. In the Network Setup > WLAN Setup screen, select the WLAN and click Edit. 2. Select 802.1X EAP under Authentication. 3. Click the Config button next to 802.1X EAP.
PAGE 203
Wireless Local Area Networks (WLANs) Configuring a WLAN Figure 3-23. Specifying the RADIUS Server for 802.1X 4. In the screen that displays, specify the RADIUS server that authenticates wireless users, as shown in Figure 3-23: a. Enter the RADIUS server’s address in the RADIUS Server Address field under the Primary column. b. Leave the port at the default setting (1812) unless you know that your server uses a different port. c.
PAGE 204
Wireless Local Area Networks (WLANs) Configuring a WLAN 5. You can optionally select the Re-authentication box to force stations to periodically re-authenticate to the server. The default period is 3600 seconds (one hour). You can shorten or lengthen this period by changing the value in the Re-authentication Period field. The shorter the period, the tighter the security. Valid settings are between 30 and 65535 seconds (roughly 18 hours). 6.
PAGE 205
Wireless Local Area Networks (WLANs) Configuring a WLAN To enable Web-Auth on a WLAN, complete these steps: 1. Access the Edit screen for that WLAN. 2. Select Web-Auth(open) under Authentication. Figure 3-24. Enabling Web-Auth 3. Select the Config button next to Web-Auth(open) to specify the RADIUS server that authenticates stations.
PAGE 206
Wireless Local Area Networks (WLANs) Configuring a WLAN Figure 3-25. Specifying the RADIUS Server for Web-Auth 4. 3-40 In the screen that displays, you can quickly get the WLAN running by completing these minimal steps. (Learn more about the process in Chapter 7: Web Authentication for Mobile Users.) a. Specify the IP address of your network’s RADIUS server in the Primary IP field under RADIUS Authentication. b.
PAGE 207
Wireless Local Area Networks (WLANs) Configuring a WLAN Encryption Encryption protects data sent through the wireless medium from interception. If you do not use authentication on a WLAN, then you can also use an encryption key as a rudimentary form of authentication.
PAGE 208
Wireless Local Area Networks (WLANs) Configuring a WLAN Authentication Encryption Also Called 802.1X WEP (64-bit or 128-bit) Dynamic WEP WPA/WPA2 TKIP WPA/WPA2 Enterprise mode WPA/WPA2 TKIP and AES 802.11i Mixed Mode with Enterprise mode WPA2 AES WPA2 Enterprise mode (802.11i standard) None Web Authentication Web-auth(open) Configuring WEP Encryption with No Authentication.
PAGE 209
Wireless Local Area Networks (WLANs) Configuring a WLAN Figure 3-26. Configuring WEP Encryption with No Authentication 4. Click the corresponding Config button to set the encryption key.
PAGE 210
Wireless Local Area Networks (WLANs) Configuring a WLAN Figure 3-27. Configuring a Static WEP Key The Wireless Edge Services xl Module provides several options for configuring static keys: ■ It can automatically generate HEX keys from a manually entered pass key. ■ You can manually enter a HEX key. ■ You can manually enter an ASCII key. To use the first option, enter between four and 32 characters in the Pass Key field and click Generate.
PAGE 211
Wireless Local Area Networks (WLANs) Configuring a WLAN Table 3-3. Key Length for Static WEP Keys Key Length Format Characters 64-bit HEX 10 ASCII 5 HEX 26 ASCII 13 128-bit The key next to the selected circle (Key 1 in Figure 3-27) is the one that currently encrypts and decrypts data. Remember to periodically change which key is in use for greater security. Note The more often an encryption key is used, the more vulnerable it is to hackers.
PAGE 212
Wireless Local Area Networks (WLANs) Configuring a WLAN Figure 3-28. Specifying WEP Encryption with 802.1X Authentication (Dynamic WEP) Do not select the Config button to configure the WEP key; the RADIUS server automatically generates and sends the dynamic WEP keys to successfully authenticated users. If you click the Config button, the message in Figure 3-29 displays.
PAGE 213
Wireless Local Area Networks (WLANs) Configuring a WLAN Figure 3-29. No Need to Configure WEP Keys when the WLAN uses 802.1X Configuring WPA/WPA2 Encryption. WPA and WPA 2 are similar standards, both of which provide more robust encryption than WEP and rely on 802.1X authentication. Both standards provide sets of automatically generated per-session keys; however, WPA uses TKIP to do so and WPA2 uses CCMP with AES encryption.
PAGE 214
Wireless Local Area Networks (WLANs) Configuring a WLAN Figure 3-30. Configuring WPA/WPA2 Encryption As shown in Figure 3-30, the three options for WPA/WPA2 encryption are listed as: ■ WPA/WPA2-TKIP ■ WPA2-AES ■ 802.11i Mixed Mode (WPA2/AES-TKIP) Table 3-4 displays the types of stations supported by each option. It also displays which protocol each option uses to generate multicast and broadcast keys and which to generate session keys.
PAGE 215
Wireless Local Area Networks (WLANs) Configuring a WLAN Table 3-4. Options for WPA/WPA2 Encryption Option Multicast and Broadcast Keys Per-Session Keys Supported Stations WPA/WPA2 TKIP TKIP TKIP WPA-enabled stations WPA2-enabled stations WPA2 AES AES AES WPA2-enabled stations WPA-enabled stations that support AES 802.
PAGE 216
Wireless Local Area Networks (WLANs) Configuring a WLAN With this option, the RPs advertise that they can use either TKIP or AES to generate encryption keys. Individual stations request the option they require. TKIP is used for the keys that encrypt multicast and broadcast traffic to ensure that all stations can receive this traffic. 4. The next configuration tasks depend on the type of authentication chosen. If you have selected No authentication for the WLAN, complete step 3. If you have selected 802.
PAGE 217
Wireless Local Area Networks (WLANs) Configuring a WLAN b. As always, you should select a key that fits the highest security standards. The longer the key, the more secure (it must be at least 22 characters to withstand a brute force attack). You can enter the key in one of two ways: – If you select ASCII Passphrase, enter a password of between 8 and 63 characters. Users must enter the same characters to access the WLAN. – Alternatively, you can select 256-bit key and enter the key manually in HEX.
PAGE 218
Wireless Local Area Networks (WLANs) Configuring a WLAN – d. Note Opportunistic Key Caching—This capability further speeds roaming between RPs that are connected to the same module. The wireless station can use the same PMK to associate to any RP that connects to the module. Click OK. Because stations can fast roam between all RPs on the same module, it is a good idea to ensure that neighboring RPs are adopted by the same module.
PAGE 219
Wireless Local Area Networks (WLANs) Configuring a WLAN Figure 3-32. Configuring Advanced WLAN Settings Enabling Inter-Station Blocking Often, a wireless network serves simply to connect mobile users to your Ethernet network or to the Internet. In this case, wireless stations need to communicate with RPs and other network devices; they do not need to communicate with other wireless stations.
PAGE 220
Wireless Local Area Networks (WLANs) Configuring a WLAN Follow these steps: 1. Select Network Setup > WLAN Setup > Configuration and select the WLAN. 2. Click Edit. 3. In the Advanced section, check the Enable inter-station blocking box. 4. Click OK. Remember that this setting applies to a WLAN, not to an RP as a whole, which might associate with stations in several WLANs.
PAGE 221
Wireless Local Area Networks (WLANs) Configuring a WLAN Figure 3-33. Enabling Closed System Note In a closed system, RPs still forward traffic directly between wireless stations, unless you also enable inter-station blocking. Configuring the Inactivity Timeout Users do not always bother to disconnect from wireless connections when they turn off or leave their stations. Although the user is no longer truly connected, the Wireless Edge Services xl Module continues to store the station’s association.
PAGE 222
Wireless Local Area Networks (WLANs) Configuring a WLAN The Wireless Edge Services xl Module forces stations that have been idle for a certain period of time to reassociate. Note Stations handle the reassociation in the background; users may not even notice the process. The time that a station can be idle before reassociating is the inactivity timeout and is configured for all stations on a particular WLAN. To set this time, follow these steps: 1. Access the WLAN’s Edit screen. 2.
PAGE 223
Wireless Local Area Networks (WLANs) Configuring a WLAN Figure 3-34. Setting the Inactivity Timeout Specifying Multicast Addresses for Voice Traffic VoWLAN devices often send and listen for traffic on a specific multicast address. The Wireless Edge Services xl Module configures RPs to communicate this address to voice devices when they associate to the WLAN. Follow these steps: 1. Select Network Setup > WLAN Setup. 2. Select the WLAN that includes voice devices and click Edit. 3.
PAGE 224
Wireless Local Area Networks (WLANs) Configuring a WLAN Configuring Global WLAN Settings The ProCurve Wireless Edge Services xl Module also supports these features: ■ Proxy ARP With this feature enabled, stations are prohibited from sending ARP requests. Instead, RPs handle looking up the correct MAC addresses for destination IP addresses. This feature can reduce congestion on the radio medium.
PAGE 225
Wireless Local Area Networks (WLANs) Configuring a WLAN Figure 3-35. Global WLAN Settings Screen 4. Note Check the boxes for the features that you want to enable. Keep the default setting in the WLAN Redundancy Group field. Advanced configuration relates to how SSIDs are assigned to RP radios and is described in “Advanced Mode Configuration” on page 3-11. 5. Click OK. If you enabled WLAN prioritization, the module forwards traffic to RPs according to the weight of the destination WLAN.
PAGE 226
Wireless Local Area Networks (WLANs) Configuring a WLAN Figure 3-36. Enabling a WLAN 4. The icon in the Enabled column should change from a red X to a green check mark, as shown in Figure 3-36. As long as you are operating in normal mode, all radios on all RPs that the module has adopted or will adopt support the enabled WLANs. You can confirm that RPs are actually supporting the enabled WLANs by selecting Network Setup > Radio > WLAN Assignment.
PAGE 227
Wireless Local Area Networks (WLANs) Configuring a WLAN Figure 3-37. Viewing the Default Configuration To review how the module assigns WLANs to this configuration, see “Normal Mode Configuration” on page 3-4.
PAGE 228
Wireless Local Area Networks (WLANs) VLAN Assignment VLAN Assignment The instructions for configuring a WLAN include the basic mechanics for assigning all traffic from a WLAN to a VLAN. This section will explain in more depth when and why you would assign one WLAN to one VLAN and another WLAN to another.
PAGE 229
Wireless Local Area Networks (WLANs) VLAN Assignment You do not configure identity-based VLAN assignment on the module itself. If the Wireless Edge Services xl Module uses identity-based assignment, it dynamically assigns traffic to the correct VLAN based on settings received from an authentication server. Note that the Wireless Edge Services xl Module can use both kinds of assignment on the same WLAN, but identity-based settings always take precedence. For example, you manually assign WLAN 1 to VLAN 10.
PAGE 230
Wireless Local Area Networks (WLANs) VLAN Assignment Figure 3-39. Configuring WLAN-Based VLAN Assignment You can quickly change the VLAN assignment for multiple WLANs by selecting the VLAN Assignment tab in the Network Setup > WLAN Setup screen, as shown in Figure 3-40.
PAGE 231
Wireless Local Area Networks (WLANs) VLAN Assignment Figure 3-40. Network Setup > WLAN Setup > VLAN Assignment Screen The Network Setup > WLAN Setup > VLAN Assignment Screen shows: ■ WLANs, listed by SSID, in the first column ■ all the VLANs to which at least one WLAN has been assigned in the subsequent columns The check mark indicates which VLAN has been assigned to the WLAN.
PAGE 232
Wireless Local Area Networks (WLANs) VLAN Assignment Figure 3-41. Assigning a New VLAN to a WLAN See “Identity-Based, or Dynamic, VLAN Assignment” on page 3-69 for an explanation of how the Wireless Edge Services xl Module can dynamically match WLAN traffic to multiple VLANs. Considerations for WLAN-Based VLAN Assignment By default, all WLANs are mapped to VLAN 1. In some networks that use multiple VLANs, this VLAN is reserved for the management VLAN.
PAGE 233
Wireless Local Area Networks (WLANs) VLAN Assignment When determining how many WLANs to create and which VLANs to assign to these WLANs, consider these issues: ■ What type of network access will users connecting to the wireless network require? For example, if the users need the wireless connection exclusively for Internet access, then they probably will not need to be part of any specific subnet. You could create a single WLAN and map that WLAN to any user VLAN in your network.
PAGE 234
Wireless Local Area Networks (WLANs) VLAN Assignment If, on the other hand, the employees need access equivalent to that over their wired connections, then you must configure the Wireless Edge Services xl Module to place each employee in the VLAN in which that employee operates in the Ethernet network. In a network with a single user VLAN, the process is straightforward enough: simply create a WLAN and assign it to that VLAN.
PAGE 235
Wireless Local Area Networks (WLANs) VLAN Assignment Figure 3-42. Assigning a Wireless Station to a VLAN Identity-Based, or Dynamic, VLAN Assignment The Wireless Edge Services xl Module can also divide traffic from wireless users into VLANs based on those users’ identities.
PAGE 236
Wireless Local Area Networks (WLANs) VLAN Assignment One of the easiest ways to configure the VLAN assignment on the RADIUS server itself is via an Identity Driven Management (IDM) agent installed on the server. In this case, you would configure the assignment through ProCurve IDM and its Policy Manager. For example, on IDM, you create and deploy policies that assign one community of users to one VLAN and another community of users to a different VLAN.
PAGE 237
Wireless Local Area Networks (WLANs) Traffic Management (QoS) Refer to the ProCurve Identity Driven Manager User’s Guide for more detailed instructions on how to configure identity-based settings. (You can download this guide from http://www.procurve.com.) Traffic Management (QoS) Contemporary users demand more from wireless connections—more bandwidth and more multimedia applications—but they also demand less jitter and fewer dropped calls.
PAGE 238
Wireless Local Area Networks (WLANs) Traffic Management (QoS) Figure 3-43. QoS Mechanisms Supported by the Wireless Edge Services xl Module SVP SVP maintains a high QoS specifically for VoWLAN devices that are SVPcapable. SVP is implemented in wireless phones, wireless APs, and SpectraLink servers. This IEEE 802.
PAGE 239
Wireless Local Area Networks (WLANs) Traffic Management (QoS) The Wireless Edge Services xl Module can configure RPs to support SVP— that is, recognize SVP frames, place them in priority queues, and transmit them with a zero backoff time. If your network includes a SpectraLink server and SVP-capable phones, you should enable this support in the WLAN that includes these phones. Follow these steps: Note 1. Select Network Setup > WLAN Setup. 2.
PAGE 240
Wireless Local Area Networks (WLANs) Traffic Management (QoS) Prioritization with WMM WMM improves QoS by dividing traffic into priority queues, one for each of four access categories (ACs). The higher the AC, the higher QoS the traffic requires. Table 3-5 shows the queues into which RPs and wireless stations can divide traffic. Table 3-5.
PAGE 241
Wireless Local Area Networks (WLANs) Traffic Management (QoS) Table 3-6. Priorities for WMM Priority Queues Queue Number AC 802.1p Priority DSCP 1 Background 1, 2 8-23 2 Best effort 0, 3 0-7. 24-31 3 Video 4, 5 32-47 4 Voice 6, 7 48-63 By default, stations are told to use 802.1p priority to place traffic in a queue. You can configure the stations to use DSCP instead; see “Customizing Station WMM Parameters” on page 3-79.
PAGE 242
Wireless Local Area Networks (WLANs) Traffic Management (QoS) Enabling WMM on a WLAN When you enable WMM on a WLAN, you are enabling it on the upstream traffic. That is, RPs send WMM queue settings to wireless stations, which WMM-enabled stations use to prioritize traffic. These settings will be referred to as the station WMM parameters, and they differ from those RPs use for downstream traffic. (For more information about the parameters for downstream traffic, see Chapter 5: Radio Port Configuration.
PAGE 243
Wireless Local Area Networks (WLANs) Traffic Management (QoS) Figure 3-45. Enabling WMM on a WLAN Adopted RP radios now broadcast WMM parameters to wireless stations in this WLAN. Wireless stations that are WMM-enabled will prioritize their transmissions accordingly. Non-WMM-enabled stations will continue to use standard DCF settings, which match those for the Best Effort queue (queue 2). Figure 3-46 displays a wireless network in which different classes of upstream traffic are prioritized.
PAGE 244
Wireless Local Area Networks (WLANs) Traffic Management (QoS) Figure 3-46. Prioritizing Upstream Traffic with WMM To view the station WMM parameters, select the WMM tab in the Network Setup > WLAN Setup screen.
PAGE 245
Wireless Local Area Networks (WLANs) Traffic Management (QoS) Figure 3-47. Station WMM Settings Figure 3-47 shows the default settings for WMM queues. As you can see, each WLAN has its own four queues. This is because RPs broadcast one set of station parameters to all stations in a WLAN. They can broadcast another set of station parameters to all stations in another WLAN (if that WLAN uses WMM). The first column (Idx) lists the WLAN and the queue number.
PAGE 246
Wireless Local Area Networks (WLANs) Traffic Management (QoS) Caution Because the module automatically defines settings such that traffic in a higherpriority queue receives lower latency, the default station WMM parameters settings are usually adequate. Also, because incorrect settings can adversely affect network performance, ProCurve Networking generally recommends that you do not change these parameters. To customize station WMM parameters: 1. Select Network Setup > WLAN Setup > WMM. Figure 3-48.
PAGE 247
Wireless Local Area Networks (WLANs) Traffic Management (QoS) Figure 3-49. Editing Station EDCA (WMM) Parameters 4. View the SSID and Access Category to verify that you are configuring the correct queue. In Figure 3-49, the Best Effort queue (queue 2) in MyWLAN is being customized. 5. Enter the desired values in the AIFSN, Transmit Ops, CW Minimum, and CW Maximum fields. The values for the AIFSN and Transmit Ops are in ms.
PAGE 248
Wireless Local Area Networks (WLANs) Traffic Management (QoS) Again, take great care in establishing these settings. ProCurve Networking cannot guarantee any behavior. However, you can keep these tips in mind: 6. • The lower the AIFSN and the CW minimum, the lower the latency for traffic in the queue, and in a congested network, the higher the throughput. In a congested network, raising the AIFSN or the CW minimum of low-priority queues can improve QoS for high-priority.
PAGE 249
Wireless Local Area Networks (WLANs) Traffic Management (QoS) Note If you change the protocol in one queue, the setting automatically changes in the other three queues; in other words, it applies to the WLAN as a whole. (It does not make sense to use 802.1p to place traffic in the background queue, but DSCP to place traffic in the voice queue.) 7. Select OK. Enabling Prioritization of Voice Traffic Voice prioritization improves the QoS for traffic destined to VoWLAN devices.
PAGE 250
Wireless Local Area Networks (WLANs) Traffic Management (QoS) In summary, a higher QoS weight for a WLAN increases throughput for return traffic associated with that WLAN. If your network includes multiple WLANs, you might raise the weight of a WLAN that includes voice devices or higherpriority stations. To configure a WLAN’s weight, follow these steps: 1. Select Network Setup > WLAN Setup > Configuration. 2. Select the WLAN and click Edit. 3. Enter a weight between 1 and 10 in the QoS Weight field.
PAGE 251
4 Redundancy Groups Contents High Availability for Wireless Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-2 Redundancy Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-3 Establishing a Redundancy Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-4 Active or Standby Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-5 Configure an Adoption Preference for the Module . . . . . . . . . . . .
PAGE 252
Redundancy Groups High Availability for Wireless Services High Availability for Wireless Services For many companies, wireless access has become as critical to their business as traditional wired access. Recognizing the importance of wireless access, ProCurve Networking has designed its wireless services with high availability in mind. To provide failover capabilities for the Wireless Edge Services xl Module (J9001A), you can purchase a Redundant Wireless Services xl Module (J9003A).
PAGE 253
Redundancy Groups High Availability for Wireless Services Figure 4-1. Failover Capabilities for the Wireless Edge Services xl Module Redundancy Group A redundancy group can contain: ■ one Wireless Edge Services xl Module ■ one Redundant Wireless Services xl Module In this chapter, the Wireless Edge Services xl Module is called the primary module, and the Redundant Wireless Services xl Module is called the redundant module.
PAGE 254
Redundancy Groups High Availability for Wireless Services To ensure that each module recognizes that it is part of a redundancy group and knows the IP address of the other module in the group, you must complete the steps to configure a redundancy group on each module. In addition, you must ensure that the modules can communicate with one another.
PAGE 255
Redundancy Groups High Availability for Wireless Services Figure 4-2. Stages of Establishing a Redundancy Group Active or Standby Mode When you configure a module to be part of a redundancy group, you must select a mode, which determines the module’s role in the group. You can select: ■ Active mode—In active mode, the module is responsible for adopting RPs and providing the wireless services that you have configured on the module.
PAGE 256
Redundancy Groups High Availability for Wireless Services It is possible, however, to select active mode for both the primary module and the redundant module (although this is not the preferred configuration). The two modules can then load balance the available RPs. By default, load balancing is based on each module’s load value. When an RP is detected, the module with the lowest load value adopts that RP.
PAGE 257
Redundancy Groups High Availability for Wireless Services Figure 4-3. Global Settings Screen 3. Configure an Adoption Preference ID and click OK. 4. Click the Save button in the navigation bar to save the change to the startupconfig. Configure an Adoption Preference for all Radios To configure an adoption preference for all RPs, edit the radio adoption default configuration. 1. Click Network Setup > Radio Adoption Defaults and select the Configuration tab.
PAGE 258
Redundancy Groups High Availability for Wireless Services Figure 4-4. Network Setup > Radio Adoption Defaults > Configuration Screen 2. 4-8 Select a radio type and click the Edit button.
PAGE 259
Redundancy Groups High Availability for Wireless Services Figure 4-5. 802.11 bg Configuration Screen 3. Under Advanced Properties, enter a preference ID in the Adoption Preference ID field. 4. Click OK. 5. Click the Save button in the navigation bar to save your changes to the startup-config. To force another module to adopt a particular RP, change its radio preference ID to match the ID on that second module, as explained in “Configuring Advanced Properties for a Particular Radio” on page 5-36.
PAGE 260
Redundancy Groups High Availability for Wireless Services Adopting RPs In a typical configuration with the primary module in active mode and the redundant module in standby mode, the primary module adopts all the RPs it can detect—until it reaches its maximum number of RP licenses. In standby mode, the redundant module adopts RPs only in certain circumstances: ■ The redundant module does not receive a heartbeat from the primary module for the length of time specified in the hold period option.
PAGE 261
Redundancy Groups High Availability for Wireless Services If the primary module is available, however, the two modules together cannot adopt more RPs than the maximum number of licenses allowed for the group. (Remember that if the primary module is available, the redundant module— in standby mode—adopts RPs only if the primary module cannot.) Configuring Wireless Services on the Redundant Wireless Services xl Module The redundant module has its own software image and configuration file.
PAGE 262
Redundancy Groups Configuring a Redundancy Group Configuring a Redundancy Group When you configure a redundancy group, you must define the following on each module that is a member of the group: ■ the interface IP address for the module you are configuring ■ the member IP address (which is the IP address for the other module in the redundancy group) These two settings enable each module to send messages to and receive messages from the other module.
PAGE 263
Redundancy Groups Configuring a Redundancy Group To configure a redundancy group on a module, complete the following steps: 1. Click Network Setup > Redundancy Group and select the Configuration tab. Figure 4-6. Network Setup > Redundancy Group > Configuration Screen 2. Note In the Interface ID field, enter the IP address of the module you are configuring. The redundancy feature uses this IP address to send heartbeat and update messages to the other module in the redundancy group.
PAGE 264
Redundancy Groups Configuring a Redundancy Group 3. In the Redundancy Group ID field, enter a number for the group. Each redundancy group on your network must have a unique group ID, and you must use the same group ID for both members of the group. You can enter any number between 1 and 65535. 4. For Mode, select Active if you are configuring the primary module.
PAGE 265
Redundancy Groups Configuring a Redundancy Group Figure 4-7. Network Setup > Redundancy Group > Member Screen b. Click the Add button.
PAGE 266
Redundancy Groups Configuring a Redundancy Group Figure 4-8. c. Add Members Screen Enter the IP address of the other module in the redundancy group and click OK. The module is now listed on the Network Setup > Redundancy Group > Member screen. 11. Click the Configuration tab to return to the Network Setup > Redundancy Group > Configuration screen. 12. Select the Enable Redundancy box. The redundancy group configuration options are now greyed out.
PAGE 267
Redundancy Groups Configuring a Redundancy Group Figure 4-9. Redundancy Group Is Enabled 13. Click the Apply button to save the configuration to the running-config. 14. Click the Save button in the navigation bar to save the configuration to the startup-config. 15. Access the Web browser interface for the other module in the redundancy group and complete steps 1–14 for that module.
PAGE 268
Redundancy Groups Configuring a Redundancy Group ■ Module Authorization Level—This field displays the number of RP licenses installed on the module. ■ Protocol Version—When the modules attempt to establish a redundancy group, each module includes its protocol version in the update messages sent during the discovery stage. If the two modules are not using the same protocol version, they cannot establish a group.
PAGE 269
Redundancy Groups Configuring a Redundancy Group Figure 4-10. Network Setup > Redundancy > Configuration Screen History At the bottom of the Network Setup > Redundancy > Configuration screen, you can also view the history of redundancy events that have occurred on this module. The module records an event each time its redundancy state changes. For example, when you enable redundancy on the module, its state changes to startup, and the module records this event in the history.
PAGE 270
Redundancy Groups Configuring a Redundancy Group Viewing Information about the Other Member in the Redundancy Group In addition to viewing information about the redundancy group, you can view information about the other member of the group. Click Network Setup > Redundancy Group and select the Member tab. (See Figure 4-11.) Figure 4-11.
PAGE 271
Redundancy Groups Configuring a Redundancy Group • Not Seen—The module can no longer exchange heartbeats with the member. • Established—The module and this member have successfully established a redundancy group.
PAGE 272
Redundancy Groups Configuring a Redundancy Group ■ HB Received—the number of heartbeats the module has received from this member ■ Updates Sent—the number of updates the module has sent to this member ■ Updates Received—the number of updates the module has received from this member When you have finished reviewing this information, click Close.
PAGE 273
5 Radio Port Configuration Contents Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-2 Country-code and Regulatory Procedures . . . . . . . . . . . . . . . . . . . . . . . . . . 5-3 Configuring Radio Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-5 Creating a Radio Adoption Default Configuration . . . . . . . . . . . . . . . . 5-8 Viewing and Configuring Properties . . . . . . . . . . . . . . . .
PAGE 274
Radio Port Configuration Overview Overview The Wireless Edge Services xl Module is used to manage the ProCurve Radio Ports (RPs) 210, 220, and 230. Using their Ethernet port and one or two radios, these IEEE 802.11-compliant RPs grant wireless stations access to an Ethernet network. RPs provide the physical connection to wireless users, but little intelligence on their own.
PAGE 275
Radio Port Configuration Country-code and Regulatory Procedures In addition, the ProCurve RPs improve quality of service (QoS) in the wireless network with support for Wi-Fi Multimedia (WMM). Each radio automatically divides outbound wireless traffic into four queues based on priority. For example, voice traffic (if appropriately marked) is placed in the highestpriority queue. The default settings for each queue are designed to provide a high QoS for voice and video traffic from RPs to associated stations.
PAGE 276
Radio Port Configuration Country-code and Regulatory Procedures Figure 5-1. Configuring the Country Code Refer to http://www.hp.com/rnd/support/manuals/rp.htm for information about each country’s regulations and permissible radio settings.
PAGE 277
Radio Port Configuration Configuring Radio Settings Configuring Radio Settings You configure radio settings for the ProCurve RPs 210, 220, and 230 through the Wireless Edge Services xl Module. The ProCurve RP 220 and 230 each have two built-in radios; one radio supports 802.11a standards while the other supports 802.11bg standards. The ProCurve 210 has a single radio that supports the 802.11bg standards.
PAGE 278
Radio Port Configuration Configuring Radio Settings Figure 5-2. Default Configuration Screen for a Radio Type The screen for configuring the radio adoption default settings is labeled Network Setup > Radio Adoption Defaults > Configuration > Edit. The top left on the screen reads Configuration and the top right displays the radio type: 802.11a or 802.11bg. For ease of reference, this guide will call that screen a radio type's default Configuration screen.
PAGE 279
Radio Port Configuration Configuring Radio Settings Figure 5-3. Configuration Screen for a Radio Be careful to make configuration changes in the correct screen. Otherwise, they will not take effect as expected. Table 5-1 summarizes how you configure and how the module deploys these configurations. For more information, see Chapter 1: Introduction.
PAGE 280
Radio Port Configuration Configuring Radio Settings Table 5-1.
PAGE 281
Radio Port Configuration Configuring Radio Settings Setting 802.11a 802.11bg Antenna mode Diversity Diversity Maximum stations 64 64 RTS threshold (bytes) 2346 2346 Beacon interval (microseconds) 100 100 Adoption preference ID 1 1 DTIM period (beacons) 2 2 Support short preamble — No Self healing offset 0 0 As described above, you establish settings for a radio adoption default configuration from a radio type's default Configuration screen.
PAGE 282
Radio Port Configuration Configuring Radio Settings Figure 5-4. Accessing the Radio Adoption Default Configurations 5-10 3. Select the radio type for which you want to alter the configuration. 4. Click the Edit button, and the screen for that radio type displays, as shown in Figure 5-5.
PAGE 283
Radio Port Configuration Configuring Radio Settings Figure 5-5. Editing a Radio Adoption Default Configuration This screen includes three categories: Properties, Radio Settings, and Advanced Properties. In the following sections, you will learn how to configure each of the settings in this screen. Viewing and Configuring Properties For the most part, you view, rather than configure, settings in this section.
PAGE 284
Radio Port Configuration Configuring Radio Settings When you configure this setting as part of the default configuration, you dedicate all radios of that 802.11 mode. For example, if your network does not include any stations that use 802.11a mode, you could dedicate all 802.11a radios in your network to scanning for rogue APs. (Note, however, that these radios will only detect APs operating in an 802.11a channel.) Note As a security measure, you can configure all RPs to be adopted as detectors.
PAGE 285
Radio Port Configuration Configuring Radio Settings Figure 5-6. Editing a Radio Adoption Default Configuration Defining the Radio Placement. You can configure a radio for indoor or for outdoor use. Because a radio adjusts its power and channel settings according to its placement, it is important to configure this setting accurately. Not doing so can create various problems, and even cause you to break the law.
PAGE 286
Radio Port Configuration Configuring Radio Settings To define the RP placement, follow these directions: 1. Select Network Setup > Radio Adoption Defaults > Configuration, select the radio type, and click Edit. 2. In the Radio Settings section, select Indoors or Outdoors from the Placement drop-down menu. 3. Click OK. Configuring the Desired Channel Selection Method. The 802.
PAGE 287
Radio Port Configuration Configuring Radio Settings You might need to set a higher power to ensure RF coverage when: ■ a radio experiences electromagnetic interference—for example, from a nearby microwave oven or other wireless technology ■ the distance between the RP and wireless stations is long Likewise, you may need to decrease the RF power level when: ■ the radio is close to other RP radios (unintentionally overlapping RF coverage may cause lost packets and complicate roaming) ■ the radio uses
PAGE 288
Radio Port Configuration Configuring Radio Settings Figure 5-7. Rate Settings Screen In this screen, you can set basic and supported rates. The data rates displayed depend on the type of radio that you are configuring. The basic rates are rates for which RP radios advertise support.
PAGE 289
Radio Port Configuration Configuring Radio Settings To select basic data rates for newly adopted radios of a particular type, follow these directions: 1. 2. Access the Rate Settings screen for the radio type: a. Select Network Setup > Radio Adoption Defaults > Configuration, select the radio type, and click Edit. b. Click the Rate Settings button. In the Basic Rates column, click the box next to the data rates that radios should use for management, broadcast, and multicast traffic.
PAGE 290
Radio Port Configuration Configuring Radio Settings Figure 5-8. Clear All Rates Error Message. Setting Advanced Radio Properties The third section of a radio type's default Configuration screen allows you to configure advanced radio properties.
PAGE 291
Radio Port Configuration Configuring Radio Settings The RTS threshold, Beacon interval, DTIM Period, and Self Healing Offset fields are accompanied by a column that describes the units in which these settings are configured. For example, the RTS threshold is configured in bytes, and the beacon interval in units of 1000 microseconds. Max Stations Antenna Mode Options Units Adoption Pref ID Short Preamble Figure 5-9. Advanced Properties Setting the Antenna Mode.
PAGE 292
Radio Port Configuration Configuring Radio Settings diversity antennas and some are not. You connect the diversity antennas to both SMA connectors on the radio. You connect non-diversity external antennas to only one of the SMA connections (marked either primary or secondary). You can select one of three options for the antenna mode: diversity, primary, and secondary. The Diversity option requires the RP radio to have a diversity antenna (whether internal or external).
PAGE 293
Radio Port Configuration Configuring Radio Settings might alter this setting to ensure that the same module adopts all RPs in the same area. Wireless Edge Services xl Module preferentially adopts RPs that have the same ID as the module itself. Note Having two active members in a redundancy group is not a standard configuration.
PAGE 294
Radio Port Configuration Configuring Radio Settings To configure 802.11bg radios to support a short preamble, complete the following steps: 1. Select Network Setup > Radio Adoption Defaults > Configuration, select the radio type, and click Edit. 2. Check the box next to Support Short Preamble. 3. Click OK. Setting the RTS Threshold.
PAGE 295
Radio Port Configuration Configuring Radio Settings 2. In the RTS Threshold field, enter the data frame size, in bytes, at which a station must send an RTS frame. The default threshold is 2346 bytes, which means that the RTS/CTS exchange will never be used. (2346 is the maximum size for an 802.11 frame.) 3. Click OK. Setting the Beacon Interval. A beacon is an 802.11 management frame broadcast by an RP radio to advertise its presence as a network point of access and to keep the network synchronized.
PAGE 296
Radio Port Configuration Configuring Radio Settings To allow wireless stations to sleep longer between transmissions, you can increase the number of beacons between DTIMs. This helps to preserve battery life for the wireless station. However, spacing DTIMs further apart increases the chance that a station may miss the DTIM, which can cause increased jitter and delay. To support streaming multicast audio and video or other jitter-sensitive applications, you can decrease the number of beacons between DTIMs.
PAGE 297
Radio Port Configuration Configuring Radio Settings Note Like the desired power setting, you may need to tailor the self healing offset from radio to radio. To learn how to configure a self healing offset for a particular radio, see “Configuring Advanced Properties for a Particular Radio” on page 5-36. Creating a Radio Configuration for a Particular Radio When the Wireless Edge Services xl Module is powered on, it can identify and adopt the RPs that are connected to the network.
PAGE 298
Radio Port Configuration Configuring Radio Settings Figure 5-10. Network Setup > Radio > Configuration Screen The Network Setup > Radio > Configuration screen lists all the radios that the Wireless Edge Services xl Module has identified and their current settings and status. Radios are listed by index number. (The first radio that the module identifies is typically assigned the first index and so forth.) Radios are further identified by a description and type.
PAGE 299
Radio Port Configuration Configuring Radio Settings The Properties section at the bottom of the screen displays the actual settings that the selected radio is using. For example, you can check the radio’s channel and transmit power. You can perform several actions on a radio by selecting it from the list and clicking the buttons at the bottom of the screen: ■ Click Reset to reboot the radio. See “Resetting a Radio” on page 5-37.
PAGE 300
Radio Port Configuration Configuring Radio Settings Actual Column Placement Channel Selection Power Options Figure 5-11. Configuring a Particular RP Radio Configuring Properties In the Properties section, you can set an appropriate description for this radio and define the radio as a dedicated detector.
PAGE 301
Radio Port Configuration Configuring Radio Settings The default radio description is RADIO. For example, the radio that has been assigned to index 1 has RADIO1 as its description. It is often a good idea to describe a radio according to its intended coverage area or function. To modify the description, follow these directions: 1. Select Network Setup > Radio > Configuration, select the radio that you want to configure, and click Edit. 2.
PAGE 302
Radio Port Configuration Configuring Radio Settings Figure 5-12. Viewing the Radio State Base Radio MAC. The MAC address displayed in a radio's Configuration screen is the hardware MAC address for that radio. A dual-radio RP has two separate radio MAC addresses (as well as an Ethernet MAC address).
PAGE 303
Radio Port Configuration Configuring Radio Settings MAC Address Radio Type Index Type Figure 5-13. Radio MAC, Radio Type, and Index Type A BSSID, which is the MAC address the radio uses to carry traffic for a particular WLAN (or WLANs), is generated from this base MAC address. Each RP radio includes four BSSIDs (each of which can carry traffic for four WLANs). Radio Type. The Radio Type listed under Properties in a radio's Configuration screen describes the 802.11 standard with which this radio complies.
PAGE 304
Radio Port Configuration Configuring Radio Settings Index Type. The index type describes whether a radio was pre-configured before the Wireless Edge Services xl Module adopted it. If a radio was adopted with the default configuration, the index type is displayed as Dynamic. If you created a configuration for the radio before allowing the module to adopt it, the index type is Static. Refer to the Index Type to verify that a particular radio is using the correct configuration.
PAGE 305
Radio Port Configuration Configuring Radio Settings Actual Column Placement Channel Selection Power Options Figure 5-14. Radio Settings To change the radio settings, follow these directions: 1. If you are not already in the correct screen, select Network Setup > Radio > Configuration, select the radio that you want to configure, and click Edit. 2. It is very important that the radio’s placement be accurate. (See “Defining the Radio Placement” on page 5-13 for more information.
PAGE 306
Radio Port Configuration Configuring Radio Settings 5. Depending on its channel, placement, and other factors discussed in “Setting the Desired Radio Power” on page 5-14, a particular radio might need to use a different power from that in the radio adoption default configuration. Determine this power, being careful to comply with your country's regulations, and select it from the Desired Power (dBm) dropdown menu. 6.
PAGE 307
Radio Port Configuration Configuring Radio Settings Figure 5-15. Running ACS Configuring Rate Sets for a Particular Radio. If your wireless network supports different types of stations in different areas, you might need to configure different rate settings on various radios. In the radio’s Configuration screen, click Rate Settings. In the screen that displays, check boxes for the desired basic and supported rates. Click OK. See “Configuring Rate Settings” on page 5-15 for more information.
PAGE 308
Radio Port Configuration Configuring Radio Settings Configuring Advanced Properties for a Particular Radio The Advanced Properties section of a radio's Configuration screen includes the same settings as that in radio types' default Configuration screens: ■ Antenna Mode ■ Maximum Stations ■ Adoption Preference ID ■ Support Short Preamble (802.
PAGE 309
Radio Port Configuration Configuring Radio Settings Resetting a Radio It may become necessary for you to reboot an RP. For a dual-radio RP, you can either reset the entire RP or only one of its radios. Follow these steps: 1. Select Network Setup > Radio. 2. Select the radio or radios. 3. Click Reset. 4. A screen displays, asking whether you want to reset the radio or the RP. For example, the Network Setup > Radio > Configuration screen shown in Figure 5-16 lists two radios.
PAGE 310
Radio Port Configuration Configuring Client Roaming Configuring Client Roaming A mobile station may roam back and forth between several RPs. Ideally, such roaming is hidden from the wireless user, who need not know when he or she connects to a new RP. At the Physical Layer, wireless stations can easily roam between ProCurve RPs depending on which currently provides the best signal strength.
PAGE 311
Radio Port Configuration Configuring Client Roaming For more information on configuring data rate settings and power levels, see “Configuring Rate Settings” on page 5-15 and “Setting the Desired Radio Power” on page 5-14. Roaming can be slowed when the WLAN to which the station connects requires the station to authenticate itself. With fast roaming, RPs receive keys for stations supported by neighboring RPs, so that if a station should roam, the new RP can immediately associate with it.
PAGE 312
Radio Port Configuration Configuring WMM Configuring WMM The IEEE 802.11e-2005 ratified specification for wireless QoS enhancements includes packet prioritization, scheduled access, and call admission control. Eager to spur interoperability among multi-vendor wireless gear, the Wi-Fi Alliance created a certification process on a subset of 802.11e called Wi-Fi Multimedia (WMM). WMM divides traffic into four access categories (ACs): voice, video, best effort, and background.
PAGE 313
Radio Port Configuration Configuring WMM The ProCurve 210, 220, and 230 RPs include default WMM parameters that will work for nearly all applications. (The parameters are such, for example, that voice frames more quickly and more often win access to the medium.) Note Because the module automatically defines settings such that traffic in a higherpriority queue receives lower latency, the default radio WMM settings are usually adequate.
PAGE 314
Radio Port Configuration Configuring WMM Figure 5-17. Edit WMM Screen for a Voice AC 5-42 5. To change the AIFSN value, enter a new value between 0 and 15 in the AIFSN field. This value is in ms. 6. To change the Transmit Ops value, enter a new value between 0 and 65535 in the Transmit Ops field. This value is in ms. 7. To change the CW Min, enter a new value between 0 and 15 in the CW Minimum field. The CW Min is 2 to the power of this value minus 1, in ms.
PAGE 315
Radio Port Configuration Configuring WMM SpectraLink Voice Priority (SVP) To raise voice quality over a wireless network, SpectraLink Corporation has developed a de facto industry QoS mechanism called SpectraLink Voice Priority (SVP). SVP is implemented in wireless phone handsets, wireless APs or RPs, and SpectraLink servers. This IEEE 802.
PAGE 316
Radio Port Configuration Configuring WMM 5-44
PAGE 317
6 Wireless Network Management Contents Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-3 Monitoring the Wireless Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-4 Wireless Stations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-4 Viewing Wireless Stations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-5 Disconnecting a Wireless Station . . . . . .
PAGE 318
Wireless Network Management Contents Managing the Alarm Log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-47 Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-49 Delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-50 Acknowledge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-51 Export . . . . . . . . . . . . . . . . . . . . . . .
PAGE 319
Wireless Network Management Overview Overview In this chapter you will learn how to monitor and manage your wireless network.
PAGE 320
Wireless Network Management Monitoring the Wireless Network Monitoring the Wireless Network This section will show you where to view information about wireless stations and wireless network activity. It will also provide you with some tips in interpreting this information.
PAGE 321
Wireless Network Management Monitoring the Wireless Network Viewing Wireless Stations To view the wireless stations, select Device Information > Wireless Stations, as shown in Figure 6-1. Figure 6-1. Viewing Wireless Station Associations The screen displays this information for each station associated with one of the WLANs on this module: ■ Index—Stations are listed in the order in which they associated. ■ MAC address—Use this value to identify the station.
PAGE 322
Wireless Network Management Monitoring the Wireless Network ■ WLAN—This column displays the index number of the WLAN to which the station has connected (not the service set identifier [SSID]). The WLAN defines the broadcast group for the station and determines settings such as encryption and QoS. ■ VLAN—The virtual LAN (VLAN), or subnet, in which the module will forward traffic from this station is displayed. This important setting determines the type of network access that the station receives.
PAGE 323
Wireless Network Management Monitoring the Wireless Network Viewing Details about a Wireless Station If you want to view more information about a particular station’s capabilities and connection, highlight that station in the list in the Device Information > Wireless Stations screen. Click Details. A screen such as the one shown in Figure 6-2 displays. Figure 6-2.
PAGE 324
Wireless Network Management Monitoring the Wireless Network ■ Last Active—You can view how many seconds it has been since the station last sent a frame. If the station is idle for longer than the WLAN’s inactivity timeout, the Wireless Edge Services xl Module will force it to reassociate.
PAGE 325
Wireless Network Management Monitoring the Wireless Network The next columns display traffic statistics for the connection: ■ Throughput Mbps—the actual throughput for data in Mbps ■ Bit Speed (Avg.
PAGE 326
Wireless Network Management Monitoring the Wireless Network Figure 6-4. Viewing Detailed Information about a Wireless Station’s The Station Properties section displays much the same information as the Device Information > Wireless Stations screen, such as the station’s MAC and IP address. However, you can also see whether the station supports QoS capabilities such as Voice and WMM. View the Traffic section to monitor the quality and performance of the connection.
PAGE 327
Wireless Network Management Monitoring the Wireless Network The RF Status section displays the status of the radio medium. A very low signal-to-noise ratio (SNR) can indicate interference. In the Errors section, the interface reports the total number of error packets. A significant percentage in the Average Number of Retries may indicate excessive congestion or interference from another wireless device.
PAGE 328
Wireless Network Management Monitoring the Wireless Network Figure 6-5. Network Setup > Radio > Statistics Screen Every radio adopted by the module displays, identified by: ■ Index ■ Description ■ Type (802.11a or 802.11bg) The Stations column indicates how many stations are connected to this RP.
PAGE 329
Wireless Network Management Monitoring the Wireless Network As always, you can select either Last 30s or Last Hr to view either the most current statistics or statistics over a more extended period. You can also view more detailed statistics for a specific radio by selecting that radio and clicking Details. Figure 6-6. Radio Statistics Details The Information section describes this radio and shows the number of stations currently associated to it. You should check the Current Channel.
PAGE 330
Wireless Network Management Monitoring the Wireless Network WLAN Statistics You can monitor wireless activity on a WLAN-wide scale by selecting Network Setup > WLAN Setup > Statistics. Figure 6-7. Network Setup > WLAN Setup > Statistics Screen Every WLAN enabled on the module displays. (See Figure 6-7.) WLANs are identified by: ■ Index (the WLAN’s number) ■ SSID ■ Description ■ VLAN The Stations column shows the number of stations currently connected to that WLAN.
PAGE 331
Wireless Network Management Monitoring the Wireless Network Module Statistics You can also monitor all wireless traffic to and from stations associated with this Wireless Edge Services xl Module. Select Network Setup > Module Statistics. (See Figure 6-8.) Figure 6-8.
PAGE 332
Wireless Network Management Monitoring the Wireless Network These statistics apply to all wireless traffic associated with this module and are divided into statistics for the last 30 seconds (black) and the last hour (blue). On the right, the Traffic section also divides statistics into traffic received and traffic transmitted. View the RF Status section to monitor the quality of radio media on a networkwide level, and the Errors section to look for problems with congestion or interference.
PAGE 333
Wireless Network Management Monitoring the Wireless Network For each adopted RP, the screen lists: ■ Base Radio MAC—This is the MAC address on the RP’s Ethernet interface. ■ Model—The Wireless Edge Services xl Module only adopts ProCurve Radio Ports 210, 220, or 230. ■ Serial—The serial number is unique to this device. ■ HW Version—This column indicates the hardware used by the RP. ■ Bootloader—This column indicates the software from which the RP boots.
PAGE 334
Wireless Network Management AP Detection Figure 6-10. Device Information > Radio Port/LAN Statistics > Unadopted RP Screen AP Detection People may introduce unauthorized APs into your network for several reasons. Sometimes attackers set up rogue APs in your environment, hoping to lure wireless users to authenticate to them, instead of to your network’s RPs. In this way, attackers can collect sensitive information, including passwords with which they can then target your private network.
PAGE 335
Wireless Network Management AP Detection The ProCurve RPs 210, 220, and 230 can listen for such unauthorized APs, collecting information about them to be sent to the Wireless Edge Services xl Module. The module helps you to manage this information. You can even configure the module to automatically send an alarm when an unauthorized AP is detected. Note AP detection tracks devices that are not connected, either directly or indirectly, to the Wireless Edge Services xl Module.
PAGE 336
Wireless Network Management AP Detection Figure 6-12. Enabling AP Detection Alternatively, you can enable AP detection as follows: 1. Select Special Features > Intrusion Detection > Configuration. Figure 6-13.
PAGE 337
Wireless Network Management AP Detection 2. Check the Enable box in the AP Detection section. 3. If you so desire, customize settings. You can: • Increase the size of the list for detected APs by entering a value between 1 and 1000 in the Maximum detected APs field. This value controls the number of APs about which the module will store information in the approved APs list and in the unapproved APs list. The two lists are considered separately.
PAGE 338
Wireless Network Management AP Detection Table 6-1. Normal RP Radios Versus Detector RP Radios Normal RP Radio Detector RP Radio Passively listens for beacons Actively sends probe requests Listens on its own channel only Sends probes on all channels in its frequency that are allowed by its country’s regulations Supports wireless stations Does not support wireless stations Figure 6-14.
PAGE 339
Wireless Network Management AP Detection To enable a radio to act as a detector, you must both enable AP detection and configure this option in the radio’s configuration. You can enable dedicated AP detection either as: ■ part of an override configuration on a particular radio For example, your organization might install an RP that is entirely dedicated to searching out rogue APs.
PAGE 340
Wireless Network Management AP Detection Figure 6-15. Dedicating a Radio as a Detector 6-24 4. In the radio’s Configuration screen, check the Dedicate this Radio as a Detector box. The interface warns you that the radio will disassociate any connected stations, as shown in Figure 6-15. 5. If you are sure the radio should perform this role, click OK.
PAGE 341
Wireless Network Management AP Detection Figure 6-16. Viewing the Radio State 6. Note The radio state should now be listed as Detector in the Network Setup > Radio screen, as shown in Figure 6-16. The Wireless Edge Services xl Module stores the configuration for a particular radio with its MAC address so that this configuration persists even if the radio powers down. For more information on radio configurations, see Chapter 5: Radio Port Configuration.
PAGE 342
Wireless Network Management AP Detection Figure 6-17. Editing the Radio Adoption Default Configuration 3. Click the Edit button. 4. In the screen that displays, check the Dedicate this Radio as a Detector box. 5. Click OK. Creating Lists of Allowed APs AP detection simply enables adopted RPs to report on neighboring APs. The Wireless Edge Services xl Module must sort the detected APs into approved and unapproved lists.
PAGE 343
Wireless Network Management AP Detection Two types of criteria can define APs as approved: ■ MAC address ■ SSID For example, you can list the MAC address of every AP and RP in your network (not connected to this module) and allow those addresses. Or you can simply allow all APs and RPs that are members of one of your network’s WLANs (as defined by the SSID). These solutions are appropriate only in a relatively secure environment.
PAGE 344
Wireless Network Management AP Detection Figure 6-18. Allowing a Particular AP Based on MAC Address b. 6-28 You can allow any AP that is a member of a particular WLAN, as shown in Figure 6-19: i. Select the second field under SSID and enter the WLAN’s SSID. ii. Leave Radio MAC Address selection at Any MAC Address.
PAGE 345
Wireless Network Management AP Detection Figure 6-19. Allowing any AP in a Particular WLAN c. You can allow a particular AP only if it is a member of the correct WLAN, as shown in Figure 6-20: i. Select the Radio MAC Address field and enter the address. ii. Select the SSID field and enter the WLAN’s SSID.
PAGE 346
Wireless Network Management AP Detection Figure 6-20. Allowing a Particular AP in a Particular WLAN 5. Click OK. Monitoring Detected APs You should periodically check the unapproved APs list for rogue APs. It can also be a good idea to configure your module to automatically generate and send an alarm whenever a radio detects an unapproved AP.
PAGE 347
Wireless Network Management AP Detection Figure 6-21. Viewing the Unapproved APs List Note You can also view this list by selecting Device Information > AP Detection > Unapproved APs. However, you can only view information about APs in this screen: you cannot allow the APs as described below. As shown in Figure 6-21, the list includes this information for each AP: ■ Radio MAC Address—The address is the AP’s BSSID. RPs report each BSSID that is a source of a beacon as a detected AP.
PAGE 348
Wireless Network Management AP Detection ■ Last Seen (In Seconds)—This column indicates how recent the information is. ■ SSID—A radio with an unapproved MAC address, but one of your WLAN’s SSIDs, may signal a hacker phishing for passwords and other sensitive data. Remember to check the Number of Unapproved APs at the bottom of the screen. If this number nears the maximum (by default, 100), you should take one or more of these steps: ■ Raise the number of maximum detected APs.
PAGE 349
Wireless Network Management AP Detection Figure 6-22. Add Allowed AP Screen Enter a number not yet used for a rule in the Index field and click OK. In a way, allowing an AP is like acknowledging an alarm. You are letting other administrators know you have checked the potential threat. This feature is particularly useful for allowing APs that do not belong to your network—so you cannot create a rule to allow them in advance—but that you have verified as legitimate APs in a nearby organization.
PAGE 350
Wireless Network Management AP Detection You can view this list in two ways: ■ Select Special Features > Intrusion Detection > Approved APs. ■ Select Device Information > AP Detection > Approved APs. The approved APs list includes all detected APs that match the criteria for one of the rules in the Allowed APs screen. For each AP, the list displays information similar to that in the unapproved list, as shown in Figure 6-23. Figure 6-23.
PAGE 351
Wireless Network Management AP Detection 1. Select Management > SNMP Trap Configuration > Configuration. The screen shown in Figure 6-24 displays. 2. Expand the Wireless heading and then the AP Detection heading. 3. Click Enable all sub-items. 4. Make sure that the Allow Traps to be generated box is checked. 5. Click Apply. Figure 6-24. Enabling an SNMP Trap for AP Detection If an RP detects an external AP, a log appears in the Device Information > Alarm Log screen, as shown in Figure 6-25.
PAGE 352
Wireless Network Management AP Detection Figure 6-25. Receiving an Alarm about an External AP If you have configured an SNMP server, the module forwards the alarm to the SNMP server as well. (See Chapter 2: ProCurve Wireless Edge Services xl Module Configuration.
PAGE 353
Wireless Network Management Configuring Anomaly Detection Configuring Anomaly Detection AP detection protects your network against unauthorized APs. The Wireless Edge Services xl Module can also guard against potentially malicious stations. Using anomaly detection, the module monitors stations for suspicious behavior including: ■ sending too many association requests ■ sending too many probe requests Such behavior can signal a denial-of-service (DoS) attack.
PAGE 354
Wireless Network Management Configuring Anomaly Detection 2. Move to the Anomaly Detection section. 3. Enter a value between 0 and 65535 in the Association Threshold field. If a station sends more than this number of association requests in one second, the module will begin filtering its traffic. The default value is 0, which allows stations to send an unlimited number of association requests per second. 4. Enter a value between 0 and 65535 in the Probe Threshold field.
PAGE 355
Wireless Network Management Logging and Alarms Logging and Alarms The Wireless Edge Services xl Module generates logs for various events that occur on a system; these logs report on messages the module receives and actions the module takes. The module can log events to: ■ its buffer ■ the console ■ an external server Events are ranked according to severity, as shown in Table 6-2. The lower the number, the greater the risk to network functionality. Table 6-2.
PAGE 356
Wireless Network Management Logging and Alarms Table 6-3.
PAGE 357
Wireless Network Management Logging and Alarms Figure 6-27. Configuring Logging You can configure the module to store events for up to a minute before logging them. Enter a value in the Logging aggregation time field. (If the value is 0, then events are immediately logged.) Forwarding Logs to an External Server You can also configure the Wireless Edge Services xl Module to forward logs to up to three external syslog servers: 1. Select Management > System Logging > Log Options.
PAGE 358
Wireless Network Management Logging and Alarms Figure 6-28. Forwarding Logs to an External Syslog Server 2. Check the Enable Logging to Syslog Server box. 3. Select the lowest severity for logs that the module will forward from the corresponding drop-down menu. The default level is 6, Info. 4. From the Server Facility drop-down menu, select the facility that your syslog server uses to receive such logs. Local7 is typically reserved for network devices. 5.
PAGE 359
Wireless Network Management Logging and Alarms The local log file stores the events the Wireless Edge Services xl Module logs to its buffer. You can see the type of events in a file by highlighting it. The preview shows in the bottom section of the screen, as illustrated in Figure 6-29. Figure 6-29. Viewing Logged Events To view the actual log file with all saved events, select the file and click the View button. A screen such as the one shown in Figure 6-30 is displayed.
PAGE 360
Wireless Network Management Logging and Alarms Figure 6-30. Viewing Logged Events The most recent events are listed at the top of the screen. The color code helps you to quickly identify the most important events (those with the lowest level, or greatest severity). For each event, the log reports: 6-44 ■ Time stamp—Remember to look at the time stamp to make sure that you are not examining obsolete logs. (Quickly checking the time stamp when you preview the log file can also save you time.
PAGE 361
Wireless Network Management Logging and Alarms You can click on any column heading to organize events according to the information in that column. The bottom of the screen shows you which line in the log file you are currently examining. You can also enter a value in the field at the bottom of the screen to quickly move to another page in the log. Note that the Wireless Edge Services xl Module will continue to save events to this log.
PAGE 362
Wireless Network Management Logging and Alarms It is often a good idea to store a copy of the log remotely before you clear it. Your organization might also have a policy of periodically collecting device information and storing it on a central server. To transfer the local log file, complete the following steps: 1. Click the Transfer Files button. The Transfer screen is displayed. 2. In the Source section, select Wireless Services Module in the From dropdown menu.
PAGE 363
Wireless Network Management Logging and Alarms Figure 6-32. Saving the Local Log File to a Remote Server 4. Click Transfer. Managing the Alarm Log In order for the Wireless Edge Services xl Module to log an alarm, you must activate the corresponding SNMP trap. See Chapter 2: ProCurve Wireless Edge Services xl Module Configuration for information on setting these traps. When an enabled trap is triggered, the module generates an entry in its alarm log.
PAGE 364
Wireless Network Management Logging and Alarms Figure 6-33. Viewing the Alarm Log For each alarm, the screen displays this information: 6-48 ■ Index—Alarms are numbered in the order in which they were received. ■ Status—If the alarm has been acknowledged, then an administrator has seen and presumably dealt with it.
PAGE 365
Wireless Network Management Logging and Alarms ■ Message—The message, which varies according to the alarm’s type, includes specific information about the particular event. For example, the message for the “radiusAuthFailed” alarm is the MAC address of the station that failed to authenticate and the radio to which it attempted to connect. You could use this information to track down the station. By default, the alarm log lists alarms according to index number.
PAGE 366
Wireless Network Management Logging and Alarms Figure 6-34. Viewing Alarm Details General information that applies to all alarms of this type displays in the Alarm Details section. The interface explains what the alarm means and suggests possible solutions or causes. For example, details for a “radiusAuthFailed” alarm suggest that you verify that your Wireless Edge Services xl Module can connect to its RADIUS server.
PAGE 367
Wireless Network Management Logging and Alarms Acknowledge Sometimes you will want to store an alarm in the log even after you have viewed it, whether because you want another administrator to see it or because you want to track a particular pattern of activity. In this case, instead of deleting the alarm, you should click Acknowledge to change its status. Only acknowledge an alarm, of course, if you have addressed any associated problems; otherwise, other administrators may neglect to do so.
PAGE 368
Wireless Network Management MAC Authentication (Filters) MAC Authentication (Filters) The Wireless Edge Services xl Module can control which wireless stations connect to a WLAN according to their MAC, or hardware-based, addresses. The module filters stations denied by access control lists (ACLs) before they authenticate and associate with the WLAN. MAC authentication can act by itself or in conjunction with another form of authentication.
PAGE 369
Wireless Network Management MAC Authentication (Filters) 4. By default, the module allows all stations. Unless you explicitly deny a station in an ACL, it can connect. You will generally follow one of two strategies for MAC authentication: 1. Deny all stations except a select group of authorized stations. In this case, you should create one or more allow ACLs that specify the group of authorized stations.
PAGE 370
Wireless Network Management MAC Authentication (Filters) 3. In the ACL’s Configuration screen, enter a value between 1 and 1000 in the Station-ACL Index field. Each ACL must have a unique index number. Pay close attention to this number because, when a station matches more than one entry, only the entry with the lowest number affects the station. 4. Enter a range of MAC addresses, placing the first in the Starting MAC field and the last in the Ending MAC field.
PAGE 371
Wireless Network Management MAC Authentication (Filters) Configuring WLAN Memberships The ACL will not affect traffic until you associate it with one or more WLANs. To do so, you make the ACL a member of those WLANs: 1. In the Special Features > Filters screen, select the ACL. 2. Click the Memberships button. Figure 6-37. Editing WLAN Memberships for an ACL 3. In the Edit Memberships screen, check the boxes for the WLANs to which you want to apply the ACL.
PAGE 372
Wireless Network Management MAC Authentication (Filters) 2, and they made ACL 1 a member of WLAN 1. Only stations in ACL 2’s range can connect to both WLANs 1 and 2. Other stations are denied by ACL 3. The single station in ACL 1 can connect to WLAN 2 but not to WLAN 1; ACL 1 denies the station (and the module stops processing the ACLs) before ACL 2 can allow it. Figure 6-38.
PAGE 373
Wireless Network Management Network Self Healing Network Self Healing Self healing keeps your wireless network functioning optimally in response to changing conditions.
PAGE 374
Wireless Network Management Network Self Healing ■ Neighbors no longer receive beacons from it. An RP checks the beacons it has received every 30 seconds. If it has not received beacons from a neighbor in the last two seconds, it reports that neighbor as down. In other words, an RP considers a neighbor failed when it loses contact with that neighbor for more than two seconds; however, the RP only checks whether it has lost contact with a neighbor every 30 seconds.
PAGE 375
Wireless Network Management Network Self Healing Specifying Neighbors Manually Keep these concepts in mind as you configure neighbors: ■ The neighbor relationship is reflexive: if you configure a neighbor list on radio 1 that includes radio 3, radio 3’s neighbor list automatically adds radio 1. (See Figure 6-39.) ■ However, the relationship is not communicative: if radio 1’s neighbor list includes both radio 3 and radio 4, radio 3’s list includes radio 1, but not necessarily radio 4.
PAGE 376
Wireless Network Management Network Self Healing To assign a radio neighbors, complete the following steps: 1. Select Special Features > Self Healing > Neighbor Details. Make sure the upper-right corner of the screen reads “Neighbor recovery is currently ‘enabled’.” Figure 6-40. Configuring Neighbors 6-60 2. All RP radios adopted by this module are listed. Select a radio. 3. Click Edit.
PAGE 377
Wireless Network Management Network Self Healing Figure 6-41. Specifying Neighbors 4. In the screen that displays, the radio’s neighbors are listed on the right under Neighbor Radios. All other RP radios adopted by this module are listed on the left under Available Radios: these are potential neighbors. 5. To add a neighbor, select a radio from the field on the left and click Add. The radio moves to the right; it is now the neighbor of the radio that you are editing. 6.
PAGE 378
Wireless Network Management Network Self Healing 8. From the SelfHealing Action drop-down menu, you must select the action this radio takes when a neighbor fails. Because you must also complete this step when you use auto detection, configuring this setting is described in “Selecting the Self-Healing Action” on page 6-63. 9. Click OK.
PAGE 379
Wireless Network Management Network Self Healing Configuring Radios to Automatically Detect Neighbors Instead of manually configuring neighbors, you can have RP radios detect each other and choose their own neighbors. In this case, each radio will select the three other radios from which it receives the strongest signal. To use this option, complete the following steps: Note 1. Select Special Features > Self Healing > Neighbor Details. 2. Click the Detect Neighbors button.
PAGE 380
Wireless Network Management Network Self Healing Figure 6-43. Self Healing Action for Neighbor Recovery ■ both raise its transmit power and open its data rates (see Figure 6-43) Sometimes you lower radios’ transmit power so that closely grouped RPs can support higher data rates within their relatively small coverage areas. When an RP radio raises its transmit power to take over a failed neighbor’s coverage area, it can no longer support high data rates for all stations (some are too far away).
PAGE 381
Wireless Network Management Network Self Healing ■ take no action Remember that radios are always neighbors to each other. However, you might want one radio to respond to the failure of a second radio, but the second not to respond to that of the first. For example, the second radio might be in a more important location. When editing the second radio, configure it to take no action.
PAGE 382
Wireless Network Management Network Self Healing Figure 6-44. Defining the Action 3. 4. Select the action from the SelfHealing Action drop-down menu: • Select Open Rates to configure the radio to support all data rates. • Select Raise Power to configure the radio to raise its power to the legal maximum. See “Configuring a Self Healing Offset” on page 6-66 to determine whether you will need to configure a self healing offset. • Select Both to configure the radio to take both of these actions.
PAGE 383
Wireless Network Management Network Self Healing The Wireless Edge Services xl Module subtracts the offset from the maximum power allowed in your regulatory domain to define the maximum power for that radio. Complete these steps to configure this parameter: 1. Select Network Setup > Radio. 2. Choose the radio from the list. 3. Click Edit. Figure 6-45. Configuring the Self Healing Offset Option 4. In the Advanced Properties section, enter a value in the Self Healing Offset box.
PAGE 384
Wireless Network Management Network Self Healing Interference Avoidance Also called dynamic channel selection, interference avoidance helps your RP radios to choose the best channel in your environment at the moment. If the Wireless Edge Services xl Module detects interference on a radio’s current channel, it has the radio use ACS to choose a new channel. The module implements this procedure for interface avoidance: 1.
PAGE 385
Wireless Network Management Network Self Healing Figure 6-46. Enabling Interference Avoidance 2. Check the Enable Interference Avoidance box. 3. Typically, you should leave the settings below at their defaults. However, you can customize them: a. Enter a value between 1 and 15 in the Average Retries field to set the threshold described above in the interference avoidance procedure.
PAGE 386
Wireless Network Management Viewing and Copying Configuration Files Viewing and Copying Configuration Files The Wireless Edge Services xl Module stores several configuration files: ■ startup-config ■ factory default-config ■ named files transferred from a TFTP or an FTP server To review how the module uses these files, and how it stores configuration changes to them, see Chapter 2: ProCurve Wireless Edge Services xl Module Configuration.
PAGE 387
Wireless Network Management Viewing and Copying Configuration Files Figure 6-47. Copying a Config File to the Startup-Config 6. Select the Copy this file as the system startup config and click OK.
PAGE 388
Wireless Network Management Viewing and Copying Configuration Files 6-72
PAGE 389
7 Web Authentication for Mobile Users Contents Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-2 The Web-Auth Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-2 Authentication Through a RADIUS Server . . . . . . . . . . . . . . . . . . . . . . 7-5 Web Pages for the Login Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-6 Allow List . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 390
Web Authentication for Mobile Users Overview Overview With the ProCurve Wireless Edge Services xl Module, you can require mobile users to authenticate by entering their login credentials on a Web page. Like other authentication methods, Web authentication (Web-Auth) is verified through a RADIUS server. You can use Web-Auth to provide limited network services for mobile users who visit your company’s office.
PAGE 391
Web Authentication for Mobile Users Overview Figure 7-1. The Station Receives an IP Address from a DHCP Server. After a station successfully receives an IP address and associates with the WLAN, it enters the Web-Auth state. (See Figure 7-2.) In this state, the station can access only the network devices that you have added to the Web-Auth Allow list. This list should include the Wireless Edge Services xl Module and the IP address of any device that you want unauthenticated users to be able to access.
PAGE 392
Web Authentication for Mobile Users Overview When the user enters a username and password, the Wireless Edge Services xl Module submits these login credentials to the RADIUS server. If the RADIUS server verifies the user’s login credentials, the login attempt is successful, and the Wireless Edge Services xl Module displays the Web-Auth welcome page. At this point, the user’s station enters the authentication state, and the mobile user can access the network resources to which he or she has rights.
PAGE 393
Web Authentication for Mobile Users Overview Figure 7-2. The Web-Auth Process Authentication Through a RADIUS Server To allow mobile users to access the Internet and selected services on your company’s network, you configure Web-Auth(open) as the authentication method for a WLAN and define a RADIUS server that verifies each user’s login credentials. You can specify both a primary RADIUS server and a secondary RADIUS server, ensuring high availability.
PAGE 394
Web Authentication for Mobile Users Overview Web Pages for the Login Process To enable authentication through the Web, the Wireless Edge Services xl Module provides three default Web pages that guide users through the login process: ■ Login page—When users associate with a WLAN that is configured for Web-Auth and try to access a valid Web site, their Web browser is redirected to the login page, and they are prompted to enter a username and password. (See Figure 7-3.) Figure 7-3.
PAGE 395
Web Authentication for Mobile Users Overview ■ Failed page—If users do not enter a valid username and password on the login page, the failed page is displayed. (See Figure 7-5.) Figure 7-5. Default Failed Page You can use the default Web pages as they are, or customize them for your environment. The default Web pages are stored on the Wireless Edge Services xl Module. If you prefer, you can create your own Web pages and store them on your company’s Web server.
PAGE 396
Web Authentication for Mobile Users Configuring Web-Auth Creating a Separate VLAN for Web-Auth Users Management access to the Wireless Edge Services xl Module is protected by a username and password. If a Web-Auth user attempts to access the Web browser interface, that user must enter the correct username and password. To block any attempts to guess the username and password, however, you may want to create a separate virtual LAN (VLAN), such as VLAN 10, for the WLAN that supports Web authentication.
PAGE 397
Web Authentication for Mobile Users Configuring Web-Auth You must also set the security options, which specify the authentication method and the encryption standard for the WLAN. In this case, you will select Web-Auth(open) as the authentication method. The No Encryption option is then automatically selected. In addition to configuring these settings, you can configure advanced settings for individual WLANs, which include inter-station blocking, closed system operations, and inactivity timeouts.
PAGE 398
Web Authentication for Mobile Users Configuring Web-Auth Figure 7-7. WLAN Edit Screen Note 3. Under Configuration, enter an SSID for this WLAN in the SSID field. 4. In the Description field, you can enter information that will help you identify this WLAN. This field is optional. 5. By default, the module places all wireless traffic in VLAN 1. If you want to assign this WLAN to a different VLAN, enter the number in the VLAN ID field.
PAGE 399
Web Authentication for Mobile Users Configuring Web-Auth 7. Click the Config button next to the Web-Auth(open) option. The Web-Auth screen is displayed. Figure 7-8. Web-Auth Screen 8. In the fields under RADIUS Authentication, define the RADIUS server. a. In the Primary IP field, enter the IP address of the RADIUS server that authenticates users. b. Leave the Primary Port at the default value unless the RADIUS server uses a different port. c.
PAGE 400
Web Authentication for Mobile Users Configuring Web-Auth 9. e. In the Server Timeout field, enter a timeout value. The default setting is 5 seconds. f. In the Server Retries field, enter the number of times the Wireless Edge Services xl Module should attempt to contact the RADIUS server. The default setting is 3. Define the Allow list, which determines the devices that stations can access before they are authenticated by the RADIUS server.
PAGE 401
Web Authentication for Mobile Users Configuring Web-Auth Figure 7-9. Configuring the Login Page i. ii. Note In the Title Text field, accept the text Login Page or enter the text you want to use. In the Header Text field, accept the text Network Login or enter the text you want to be displayed at the top of the Login page. (See Figure 7-10.) If you customize the Header Text, Footer Text, or Descriptive Text, you can enter a maximum of 1024 characters.
PAGE 402
Web Authentication for Mobile Users Configuring Web-Auth iii. In the Footer Text field, accept the default text, Contact the network administrator if you do not have an account, or enter the text you want to be displayed at the bottom of the login page. (See Figure 7-10.) For example, you might want to enter: Call the IT department at ext. 1253 to receive a valid username and password. iv. In the Small Logo URL field, enter the name of a logo file to include a small logo on the login page.
PAGE 403
Web Authentication for Mobile Users Configuring Web-Auth Enter the username and password you were assigned. Remember that both the username and password are case sensitive. The main logo is displayed at the top of the page Header text Descriptive text Footer text Figure 7-11. Displaying the Main Logo on the Web-Auth Login Page c. Configure the welcome page, which mobile users see if they enter a valid username and password and the RADIUS server authenticates them. i.
PAGE 404
Web Authentication for Mobile Users Configuring Web-Auth Figure 7-12. Configuring the Welcome Page In the Title Text field, accept the default text, Authentication success, or enter the text that you want to use. iii. In the Header Text field, accept the default text, Authentication Success, or enter the text that you want users to see when they log in. (See Figure 7-13.) ii. Note If you customize the Header Text, Footer Text, or Descriptive Text, you can enter a maximum of 1024 characters. iv.
PAGE 405
Web Authentication for Mobile Users Configuring Web-Auth v. In the Small Logo URL field, enter the name of a logo file to include a small logo on the welcome page. (See Figure 7-13.) You must copy this logo to the flash on the Wireless Edge Services xl Module. (For instructions on how to copy the logo file to flash, see “Copying Logo Files to the Module’s Flash” on page 7-24.) Header text Descriptive text The small logo is displayed at the bottom of the page Figure 7-13.
PAGE 406
Web Authentication for Mobile Users Configuring Web-Auth The main logo is displayed at the top of the page Header text Descriptive text Figure 7-14. Displaying the Main Logo on the Web-Auth Welcome Page d. 7-18 Configure the failed page, which is displayed if mobile users enter an invalid username and password. i. Select the Failed tab.
PAGE 407
Web Authentication for Mobile Users Configuring Web-Auth Figure 7-15. Configuring the Failed Page In the Title Text field, accept the default text, Unable to Authenticate, or change the text as needed. iii. In the Header Text field, accept the default text, Authentication Failed, or enter the text that you want users to see if they fail to log in. (See Figure 7-16.) ii. Note If you customize the Header Text, Footer Text, or Descriptive Text, you can enter a maximum of 1024 characters. iv.
PAGE 408
Web Authentication for Mobile Users Configuring Web-Auth v. In the Small Logo URL field, enter the name of a logo file to include a small logo on the failed page. (See Figure 7-16.) You must copy this logo to the flash on the Wireless Edge Services xl Module. (For instructions on how to copy the logo file to flash, see “Copying Logo Files to the Module’s Flash” on page 7-24.) Header text The small logo is displayed above the footer text Descriptive text Footer text Figure 7-16.
PAGE 409
Web Authentication for Mobile Users Configuring Web-Auth The main logo is displayed at the top of the page Header text Descriptive text Footer text Figure 7-17. Displaying the Main Logo on the Web-Auth Failed Page viii. Click OK and then continue with step 12. 11. Configure Web-Auth pages that are stored on an external server. (If you want to store the Web-Auth pages on the Wireless Edge Services xl Module, complete step 10 instead.) a.
PAGE 410
Web Authentication for Mobile Users Configuring Web-Auth Figure 7-18. Specifying the URL for Web-Auth Pages That Are Stored on an External Web Server 7-22 b. Select the Login tab to configure the login page, which users see when they try to access your network services. i. Under Web Page URL, specify the URL of the login page. For example, you might enter a URL such as http://192.168.1.1/ login.html or http://www.yourcompany.com/login.html. c.
PAGE 411
Web Authentication for Mobile Users Configuring Web-Auth e. Click OK. 12. Click OK to close the WLAN Edit screen and save your configuration changes to the running-config. You are returned to the Network Setup > WLAN Setup > Configuration screen. Figure 7-19. Network Setup > WLAN Setup > Configuration Screen 13. Activate the WLAN you have configured by selecting the WLAN and clicking the Enable button. 14.
PAGE 412
Web Authentication for Mobile Users Copying Logo Files to the Module’s Flash Copying Logo Files to the Module’s Flash If you want to display your company’s logo on the Web-Auth login, welcome, or failed page, you must copy the logo file to the appropriate directory on the Wireless Edge Services xl Module’s flash. The module’s flash contains a hotspot directory, which, in turn, contains a subdirectory for each WLAN on the module.
PAGE 413
Web Authentication for Mobile Users Copying Logo Files to the Module’s Flash 3. 4. Specify the source for the file transfer. a. In the From field under Source, use the drop-down menu to select Server. b. In the File field, enter the name of the logo file. c. In the Using field, use the drop-down menu to select either FTP or TFTP. d. In the IP Address field, enter the IP address of the FTP or TFTP server. e. If you are using an FTP server, enter the login credentials. i.
PAGE 414
Web Authentication for Mobile Users Configuring Web-Auth Pages That Are Stored on an External Web Server Configuring Web-Auth Pages That Are Stored on an External Web Server If you want to design your own Web-Auth pages and store them on an external server, you must create a login page, a welcome page, and a failed page.
PAGE 415
Web Authentication for Mobile Users Configuring Web-Auth Pages That Are Stored on an External Web Server <
PAGE 416
Web Authentication for Mobile Users Configuring Web-Auth Pages That Are Stored on an External Web Server Figure 7-23. Simple Welcome Page That Is Stored on an External Server When the user clicks the Disconnect link, the network session ends, and the login page is displayed in the user’s Web browser.
PAGE 417
A ProCurve Wireless Services xl Module Command Line Reference Contents Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-6 Manager Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-7 acknowledge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-9 cd . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 418
ProCurve Wireless Services xl Module Command Line Reference Contents mkdir . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-26 more . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-26 no . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-27 page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 419
ProCurve Wireless Services xl Module Command Line Reference Contents Interface Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-55 description (interface) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-55 ip (interface) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-56 management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-57 mtu .
PAGE 420
ProCurve Wireless Services xl Module Command Line Reference Contents show redundancy-group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-93 show redundancy-history . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-94 show redundancy-member . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-95 show running-config . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-96 show snmp . . . . . . . . . . . . . .
PAGE 421
ProCurve Wireless Services xl Module Command Line Reference Contents show wireless wlan-config . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-125 show wireless wlan-statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-126 Support Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-129 Support Commands (All Contexts) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-131 support clear . . . . . . . . . . . .
PAGE 422
ProCurve Wireless Services xl Module Command Line Reference Overview Overview This chapter describes the commands provided by the CLI. The CLI commands can be broken down into their respective context groups. A-6 Command Group Description Page Manager Commands run from the Manager Context. A-7 Global Configuration Commands run from the Global Context. A-35 Interface Configuration Commands run from the Interface Context. A-55 Wireless Configuration Commands run from the Wireless Context.
PAGE 423
ProCurve Wireless Services xl Module Command Line Reference Manager Commands Manager Commands These commands are used to configure the manager commands on the access point. Command Function Page acknowledge alarm-log (all | <1-65535> ) Acknowledges alarms. A-9 cd (DIR|) Changes directory. A-9 clear (alarm-log | arp | logging| wireless-statistics) Clears cache and reporting logs. A-10 configure (terminal) Enters configure context. A-10 copy FILE| URL Copies from one file to another.
PAGE 424
ProCurve Wireless Services xl Module Command Line Reference Manager Commands Command Function Page rename FILENAME NEWFILENAME Renames a file. A-30 rmdir DIR Deletes a directory. A-30 telnet WORD | WORD PORT Opens a telnet connection. A-31 terminal length | width Sets width and length parameters on a screen. A-32 upgrade URL Upgrades the software image. A-32 upgrade-abort Aborts an ongoing upgrade.
PAGE 425
ProCurve Wireless Services xl Module Command Line Reference Manager Commands acknowledge This command acknowledges the presence of alarms. Syntax acknowledge alarm-log (all | <1-65535>) • alarm-log - Acknowledge the alarm logs. – all - Acknowledge all alarms. – <1-65535> - Acknowledge specific alarm ID Default Setting N/A Command Mode Manager Example ProCurve(wireless-services-B)#acknowledge alarm-log 65535 ProCurve(wireless-services-B)# cd This command changes the current directory.
PAGE 426
ProCurve Wireless Services xl Module Command Line Reference Manager Commands clear This command resets specified cache and reporting logs. Syntax clear (alarm-log | arp | arp | logging | wireless-statistics ) • alarm-log (<1-65535> | acknowledged |all | new)- Clear alarm log. – <1-65535> - Clear specific alarm id. – acknowledged - Clear acknowledged alarms. – all - Clear all alarms. – new- Clear new alarms. • arp - Clear arp cache. • logging - Modify message logging facilities.
PAGE 427
ProCurve Wireless Services xl Module Command Line Reference Manager Commands Example ProCurve(wireless-services-B)#configure terminal ProCurve (wireless-services-B)(config)# copy This command copies from one file to another. Syntax copy FILE | URL • FILE -File from which to copy. – Files: flash: /path/file nvram: startup-pconfig system: running-config Filenames are case sensitive and limited to 45 chars. • URL -URL from which to copy.
PAGE 428
ProCurve Wireless Services xl Module Command Line Reference Manager Commands Default Setting N/A Command Mode Manager Exec Example ProCurve(wireless-services-B)#debug all ProCurve(wireless-services-B)# debug cc This command traces cellcontroller (wireless) debugging messages. The no command negates the trace. Syntax debug cc (err | warn | info | all) • err- Trace error messages from the cellcontroller. The no version of the command negates the trace.
PAGE 429
ProCurve Wireless Services xl Module Command Line Reference Manager Commands debug imi This command traces integrated management debugging messages. The no command negates the trace. Syntax debug imi (all | cli | errors | init) • all- Traces all messages from the integrated management interface. The no version of the command negates the trace. • cli- Trace cli commands to/from the protocol modules. The no version of the command negates the trace.
PAGE 430
ProCurve Wireless Services xl Module Command Line Reference Manager Commands • monitor - Trace logging to monitors. The no version of the command negates the trace. • subagent - Trace logging to the subagent. The no version of the command negates the trace.
PAGE 431
ProCurve Wireless Services xl Module Command Line Reference Manager Commands Example ProCurve(wireless-services-B)#debug mgmt cgi ProCurve(wireless-services-B)# ProCurve(wireless-services-B)#no debug mgmt sys ProCurve(wireless-services-B)# debug nsm This command traces network service module (NSM). The no command negates the trace. Syntax debug nsm (all | events | kernel | packet) • all- Trace all messages from the network service module. The no version of the command negates the trace.
PAGE 432
ProCurve Wireless Services xl Module Command Line Reference Manager Commands debug pktdrvr This command traces pktdrvr (kernel wireless) debugging messages. The no command negates the trace. Syntax debug pktdrv (debug | err | info | rate-limit | warn | all) • debug - Trace all messages from the pktdrvr. • err- Trace error messages from the pktdrvr. Default if no parameter is specified. • info - Trace error, warning, and informational messages from the pktdvr.
PAGE 433
ProCurve Wireless Services xl Module Command Line Reference Manager Commands • proc- Trace process state machine messages. The no version of the command negates the trace. • shutdown- Trace shutdown process messages. The no version of the command negates the trace. • subagent- Trace subagent messages. The no version of the command negates the trace. • sys- Trace system state machine messages. The no version of the command negates the trace.
PAGE 434
ProCurve Wireless Services xl Module Command Line Reference Manager Commands • shutdown- Trace shutdown messages. • states- Trace redundancy state machine messages. • subagent - Trace subagent messages. • timer- Trace timer handling messages. • warnings- Trace warning messages. Default Setting N/A Command Mode Manager Example ProCurve(wireless-services-B)#debug redundancy ccmsg ProCurve(wireless-services-B)# debug upd-server This command traces update server debugging messages.
PAGE 435
ProCurve Wireless Services xl Module Command Line Reference Manager Commands Example ProCurve(wireless-services-B)#debug upd-server autoinstall ProCurve(wireless-services-B)# ProCurve(wireless-services-B)#no debug upd-server cli ProCurve(wireless-services-B)# debug wireless-statistics This command traces wireless statistics debugging messages. The no command negates the trace. Syntax debug wireless-statistics (all | error |) • all- Trace all messages from wireless-statistics.
PAGE 436
ProCurve Wireless Services xl Module Command Line Reference Manager Commands Default Setting N/A Command Mode Manager Example ProCurve(wireless-services-B)#diff TESTFILE TESTFILE2 --- TESTFILE +++ TESTFILE2 @@ -1 +1 @@ -testing edit, view, and delete file. +testing edit, erase, and contents of file. ProCurve(wireless-services-B)# dir This command displays list of available files on the filesystem. Syntax dir (all | recursive |) (DIR | all-filesystems |) • all - Display all available files.
PAGE 437
ProCurve Wireless Services xl Module Command Line Reference Manager Commands Example One ProCurve(wireless-services-B)# dir all ------------------------------------------------------------------Directory of flash:/ drwx 1024 Wed Dec 7 17:06:32 2005 hotspot drwx 1024 Thu Dec 8 09:31:07 2005 crashinfo drwx 80 Mon Feb 13 09:35:10 2006 log Directory of nvram:/ -rw625 Thu Dec 2 Directory of system:/ -rw- 08:53:36 2006 startup-config running-config ProCurve(wireless-services-B)# Example Two ProCurve(wire
PAGE 438
ProCurve Wireless Services xl Module Command Line Reference Manager Commands edit This command edits an existing file or creates a new text file. Syntax edit FILE • FILE -Name of file to edit or create. Default Setting N/A Command Mode Manager Example ProCurve(wireless-services-B)#edit TESTFILE GNU nano 1.2.
PAGE 439
ProCurve Wireless Services xl Module Command Line Reference Manager Commands erase This command deletes a specified file from the system. Syntax erase FILE • FILE- Name of the specified file to be deleted. – FILES: + flash:/path/file + startup-config - Resets configuration back to factory default. Default Setting N/A Command Mode Manager Examples ProCurve(wireless-services-B)#erase startup-config Startup config is deleted.
PAGE 440
ProCurve Wireless Services xl Module Command Line Reference Manager Commands Example This example shows how to return to the previous command levels starting from the Manager Configuration mode and finally logging out of the CLI session. ProCurve(wireless-services-B)#exit ProCurve (config)#exit ProCurve#exit ProCurve>exit Do you want to log out [y/n]?y Do you want to save your current configuration?n Connection to host lost. halt This command halts the wireless module.
PAGE 441
ProCurve Wireless Services xl Module Command Line Reference Manager Commands Command Mode Manager Example ProCurve(wireless-services-B)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'. If nothing matches, the help list will be empty and you must backup until entering a '?' shows the available options. Two styles of help are provided: 1. Full help is available when you are ready to enter a command argument (e.g.
PAGE 442
ProCurve Wireless Services xl Module Command Line Reference Manager Commands mkdir This command creates a directory. Syntax mkdir DIR • DIR - Directory name. Default Setting N/A Command Mode Manager Example ProCurve(wireless-services-B)#mkdir TESTDIR ProCurve(wireless-services-B)# more This command displays the contents of a file. Syntax more FILE • FILE- File name.
PAGE 443
ProCurve Wireless Services xl Module Command Line Reference Manager Commands no This command series negates a command or sets its defaults. Three main command sets are provided, see the individual command levels for details. Syntax no • debug - Debug functions. To access individual debug commands, begin with the basic command “debug all” on page A-11. • page - Toggle paging. See “page” on page A-27. • show - Show commands. To access individual show commands, “debug all” on page A-11.
PAGE 444
ProCurve Wireless Services xl Module Command Line Reference Manager Commands ping This command sends ICMP echo request packets to another node on the network. Syntax ping WORD • WORD - Hostname or IP address of the host. Default Setting N/A Command Mode Manager Command Usage • Use the ping command to see if another site on the network can be reached.
PAGE 445
ProCurve Wireless Services xl Module Command Line Reference Manager Commands pwd This command displays the current directory. Syntax pwd Default Setting N/A Command Mode Manager Example ProCurve(wireless-services-B)#pwd flash:/ ProCurve(wireless-services-B)# reload This command halts and performs a warm reboot.
PAGE 446
ProCurve Wireless Services xl Module Command Line Reference Manager Commands rename This command renames a file. Syntax rename FILE • FILE - File to be renamed. – FILE - New file name. Default Setting N/A Command Mode Manager Example To validate the name change, use the DIR command.
PAGE 447
ProCurve Wireless Services xl Module Command Line Reference Manager Commands Command Mode Manager Example To validate the directory is deleted, use the DIR command.
PAGE 448
ProCurve Wireless Services xl Module Command Line Reference Manager Commands terminal This command sets terminal line parameters. Syntax terminal length | width • length - Set number of lines on a screen. – <2-1000> - Number of lines on a screen. • width - Set width of display terminal. – <61-1920> - Number of characters on a screen line.
PAGE 449
ProCurve Wireless Services xl Module Command Line Reference Manager Commands Example ProCurve(wireless-services-B)#upgrade tftp://192.168.1.10/ WS.00.01.img ProCurve(wireless-services-B)# upgrade-abort This command aborts an ongoing upgrade. Syntax upgrade-abort Default Setting N/A Command Mode Manager Example ProCurve(wireless-services-B)#upgrade-abort ProCurve(wireless-services-B)# write This command writes the running configuration to memory or terminal.
PAGE 450
ProCurve Wireless Services xl Module Command Line Reference Manager Commands Example ProCurve(wireless-services-B)#write terminal ! ! configuration of ProCurveWLANModule Wireless Services version WS.01.XX.0551Sw6 ! version 1.
PAGE 451
ProCurve Wireless Services xl Module Command Line Reference GlobalCommands GlobalCommands These commands are used to configure the global commands. Command Function Page boot Reboots wireless module. A-36 country-code Configures the country code. A-36 crypto Encryption related commands. A-38 end Ends current mode and changes back to Manager mode. A-38 enrollment Enrollment parameters. A-39 exit Detailed in Manager Command Section.
PAGE 452
ProCurve Wireless Services xl Module Command Line Reference GlobalCommands boot This command reboots the wireless module. Syntax boot flash (primary | secondary ) • flash - Specifies the boot image to use after reboot. – primary - Primary image. – secondary - Secondary image.
PAGE 453
ProCurve Wireless Services xl Module Command Line Reference GlobalCommands Table A-1.
PAGE 454
ProCurve Wireless Services xl Module Command Line Reference GlobalCommands crypto This command configures encryption related parameters. Syntax crypto pki (enroll | trustpoint ) • crypto pki - Configures public key infrastructure commands. – enroll - Request a certificate from a CA. – + local - CA server name. trustpoint- Define a CA trustpoint. + local - CA server name.
PAGE 455
ProCurve Wireless Services xl Module Command Line Reference GlobalCommands Example ProCurve(wireless-services-B)#configure ProCurve(wireless-services-B)(config)#end ProCurve(wireless-services-B)# enrollment This command configures enrollment related parameters. Syntax enrollment (selfsigned) • selfsigned - Generates a self signed certificate.
PAGE 456
ProCurve Wireless Services xl Module Command Line Reference GlobalCommands Command Mode Global Configuration Example ProCurve(wireless-services-B)#configure ProCurve(wireless-services-B)(config)#no fallback enable ProCurve(wireless-services-B)(config)# hostname This command sets the system’s network name. The no command negates this configuration. Syntax hostname (LINE) no hostname • LINE - The system’s network name.
PAGE 457
ProCurve Wireless Services xl Module Command Line Reference GlobalCommands Syntax interface (IFNAME) no interfaces • IFNAME - Specifies interfaces (vlan1 - vlan4094). Default Setting N/A Command Mode Global Configuration Example ProCurve(wireless-services-B)#configure ProCurve(wireless-services-B)(config)#interface vlan1 ProCurve(wireless-services-B)(config-if)# ip (global) This command configures ip parameters.The no command negates this configuration.
PAGE 458
ProCurve Wireless Services xl Module Command Line Reference GlobalCommands • routing - Turns on IP routing. • web-management - Configures web server. Default Setting N/A Command Mode Global Configuration Example ProCurve(wireless-services-B)#configure ProCurve(wireless-services-B)(config)#ip route 10.0.0.1/4 255.255.255.
PAGE 459
ProCurve Wireless Services xl Module Command Line Reference GlobalCommands Command Mode Global Configuration Example ProCurve(wireless-services-B)#configure ProCurve(wireless-services-B)(config)#licenses hardware-id radio-ports The hardware Id for package radio-ports is SG528WC011-H-EXAMPLE-8KJKPT6-T67XT6P-3GT8QJ9 ProCurve(wireless-services-B)(config)# Related Commands show licenses (page A-91) logging This command modifies message logging facilities. The no command negates the logging configuration.
PAGE 460
ProCurve Wireless Services xl Module Command Line Reference GlobalCommands • facility - Sets syslog facility in which log messages are sent. – local0 - Syslog facility local0. – local1 - Syslog facility local1. – local2 - Syslog facility local2. – local3 - Syslog facility local3. – local4 - Syslog facility local4. – local5 - Syslog facility local5. – local6 - Syslog facility local6. – local7 - Syslog facility local7. • host - Configures remote host to receive log messages. – A.B.C.
PAGE 461
ProCurve Wireless Services xl Module Command Line Reference GlobalCommands Default Setting Disabled Command Mode Global Configuration Example ProCurve(wireless-services-B)#configure ProCurve(wireless-services-B)(config)#password-encryption secret 2 pass ProCurve(wireless-services-B)(config)# Related Commands show password-encryption (page A-92) redundancy This command configures redundancy group parameters. The no negates the configuration.
PAGE 462
ProCurve Wireless Services xl Module Command Line Reference GlobalCommands • member-ip - Adds member to this redundancy group. – - IP address of the member. • mode - Sets the redundancy mode. – active - Mode can be active. – standby - Mode can be standby. Default Setting Disabled Command Mode Global Configuration Example ProCurve(wireless-services-B)#configure ProCurve(wireless-services-B)(config)#redundancy ip 10.10.1.20 ProCurve(wireless-services-B)(config)#redundancy 10.10.1.
PAGE 463
ProCurve Wireless Services xl Module Command Line Reference GlobalCommands snmp-server This command modifies the snmp-server parameters. Use the no form to remove the specified snmp-server parameters. Syntax snmp-server (community | contact | enable | host | location | manager | user ) no snmp-server • community - Sets community string and access privileges. – WORD - SNMP community string. (private | public) +restricted - Read-only access with this community string.
PAGE 464
ProCurve Wireless Services xl Module Command Line Reference GlobalCommands -ids - Enable wireless IDS traps. ++excessiveAuthAssocation - Excessive association authentication. ++excessiveProbes - Excessive probes. -radio - Enable wireless radio traps. ++adopted - Radio adopted. ++detectedRadar - Radio detected radar. ++unadopted - Radio unadopted. -self-healing - Enable self healing traps. ++activated - Self healing activated. - station - Enable wireless station traps.
PAGE 465
ProCurve Wireless Services xl Module Command Line Reference GlobalCommands The following three commands share the rate parameters. - radio - Modify radio rate traps. - station - Modify station rate traps. - wlan - Modify wlan rate traps. ++avg-bit-speed-less-than - Average bit speed in Mbps is less than. ++avg-retry-greater-than - Average retry is greater than. ++avg-signal-less-than - Average signal in dBm is less than. ++gave-up-percent-greater-than - Percentage of pkts dropped is greater than.
PAGE 466
ProCurve Wireless Services xl Module Command Line Reference GlobalCommands - encrypted - Specifying password as md5 digests. ++auth - Authentication parameters for the user. - -md5 - Use HMAC MD5 algorithm for authentication – +++PASSWD - Authentication password for user. operator - Operator user. +v3 - User using v3 security model. - auth - Authentication parameters for the user. ++md5 - Use HMAC MD5 algorithm for authentication. - -PASSWD - Authentication password for user.
PAGE 467
ProCurve Wireless Services xl Module Command Line Reference GlobalCommands sntp This command configures simple NTP. The no command negates this configuration. Syntax sntp (enable | server1 | sever2 | server3) no sntp • enable - Enables time synchronization with Simple NTP servers. • server1 - Configures first SNTP server. – A.B.C.D - IP address of first SNTP server. • server2 - Configures second SNTP server. – A.B.C.D - IP address of second SNTP server. • server3 - Configures first SNTP server. – A.
PAGE 468
ProCurve Wireless Services xl Module Command Line Reference GlobalCommands Command Mode Global Configuration Example ProCurve(wireless-services-B)#configure ProCurve(wireless-services-B)(config)#time 20:32:26 ProCurve(wireless-services-B)(config)# Related Commands show time (page A-102) timezone This command configures timezone parameters.The no command negates this configuration. Syntax timezone (TIMEZONE) no timezone • TIMEZONE - File containing the timezone.
PAGE 469
ProCurve Wireless Services xl Module Command Line Reference GlobalCommands upd-server This command configures autoinstall update server parameters. The no command negates this configuration. Syntax upd-server (cfg-file-loc | img-file-loc | ip | unreachable) no upd-server • cfg-file-loc - Sets configuration file location on the ftp/tftp server. – WORD - Config file ftp/tftp location. • img-file-loc - Sets image file location. – WORD - Image file ftp/tftp location. +img-file-ver- Image file version.
PAGE 470
ProCurve Wireless Services xl Module Command Line Reference GlobalCommands wireless This command accesses the wireless context. This section does not detail the commands in the wireless context, refer to the Wireless Context Command Section.
PAGE 471
ProCurve Wireless Services xl Module Command Line Reference Interface Commands Interface Commands These commands are used to configure the Interface Context commands. Command Function Page [no] description (Negates) Interface specific description. A-55 end Detailed in Global Command Section. A-38 exit Detailed in Manager Command Section. A-23 help Detailed in Manager Command Section A-24 [no] ip (Negates) Sets the IP address of the interface.
PAGE 472
ProCurve Wireless Services xl Module Command Line Reference Interface Commands Example ProCurve(wireless-services-B)#configure ProCurve(wireless-services-B)(config)#interface vlan1 ProCurve(wireless-services-B)(config-if)#description EXAMDES ProCurve(wireless-services-B)(config-if)# Related Commands show interfaces (page A-88) ip (interface) This command configures ip parameters of the interface. The no command negates this configuration.
PAGE 473
ProCurve Wireless Services xl Module Command Line Reference Interface Commands management This command configures the selected interface as the management interface.
PAGE 474
ProCurve Wireless Services xl Module Command Line Reference Interface Commands Example ProCurve(wireless-services-B)#configure ProCurve(wireless-services-B)(config)#interface vlan1 ProCurve(wireless-services-B)(config-if)#mtu 600 ProCurve(wireless-services-B)(config-if)# A-58
PAGE 475
ProCurve Wireless Services xl Module Command Line Reference Wireless Commands Wireless Commands These commands are used to configure the Wireless Context commands. Command Function Page [no] adopt-unconf-radio (Negates) Adopts an unconfigured radio. A-60 [no] adoption-pref-id (Negates) Configures a preference identifier. A-60 [no] advanced-config (Negates) Enables advanced configuration. A-61 [no] ap-detection (Negates) Configures neighboring access point detection.
PAGE 476
ProCurve Wireless Services xl Module Command Line Reference Wireless Commands adopt-unconf-radio This command adopts a radio even if its not yet configured. The default templates are used for configuration. The no command negates this configuration. Syntax adopt-unconf-radio (enable) no adopt-unconf-radio enable • enable - Enables the adoption of unconfigured radios.
PAGE 477
ProCurve Wireless Services xl Module Command Line Reference Wireless Commands Example ProCurve(wireless-services-B)#configure ProCurve(wireless-services-B)(config)#wireless ProCurve(wireless-services-B)(config-wireless)#adoptionpref-id 600 ProCurve(wireless-services-B)(config-wireless)# advanced-config This command allows advanced configuration of wlan settings . The no command negates this configuration. Syntax advanced-config no advanced-config • enable - Enables support for the advanced configuration.
PAGE 478
ProCurve Wireless Services xl Module Command Line Reference Wireless Commands Syntax ap-detection (approved | enable | max-aps | timeout ) no ap-detection • approved - Configures the approved detection list. – add - Add an entry to the approved AP list . +<1-200> - Index where this approved entry will be added: <1-200>. - MAC - MAC address in AA-BB-CC-DD-EE-FF format. ++LINE - A string of up to 32 characters. ++any - Any SSID. - any - Any MAC address. ++LINE - A string of up to 32 characters.
PAGE 479
ProCurve Wireless Services xl Module Command Line Reference Wireless Commands Related Commands show wireless ap-detection-config (page A-107) dot11-shared-key-auth This command enables support for 802.11 shared key authentication. The no command negates the support. Note Shared key authentication has known weaknesses that can compromise your WEP key. It should only be configured to accommodate wireless stations that are unable to carry out Open-System authentication.
PAGE 480
ProCurve Wireless Services xl Module Command Line Reference Wireless Commands • excessive-associations - Monitors the number of association requests from stations. – <0-65535> - Maximum number of association requests per second . • excessive-probes - Monitors the number of probe requests from stations. – <0-65535> - Maximum number of association requests per second . • filter-ageout - Set the number of seconds to filter a station that off IDS. – <0-65535> - Time in seconds.
PAGE 481
ProCurve Wireless Services xl Module Command Line Reference Wireless Commands +MAC - Starting MAC address in AA-BB-CC-DD-EE-FF format. - MAC - Ending MAC address in AA-BB-CC-DD-EE-FF format. – ++WORD - A list (eg: 1,3,7) or range (eg: 3-7) of wlan indices. deny - Deny stations that match this rule to associate. +MAC - Starting MAC address in AA-BB-CC-DD-EE-FF format. - MAC - Ending MAC address in AA-BB-CC-DD-EE-FF format. ++WORD - A list (eg: 1,3,7) or range (eg: 3-7) of wlan indices.
PAGE 482
ProCurve Wireless Services xl Module Command Line Reference Wireless Commands Example ProCurve(wireless-services-B)#configure ProCurve(wireless-services-B)(config)#wireless ProCurve(wireless-services-B)(config-wireless)#proxy-arp enable ProCurve(wireless-services-B)(config-wireless)# radio This command configures the radio parameters. The no command negates the radio parameter configuration. Note To configure many of the radio parameters, you must first configure the country code. See country code.
PAGE 483
ProCurve Wireless Services xl Module Command Line Reference Wireless Commands – bss - Map wireless LANs to radio BSSIDs. +<1-4> - The BSS where wireless LANs will be mapped. - WLAN - A list (eg: 1,3,7) or range (eg: 3-7) of WLAN indices. When a BSS is also specified, the first WLAN will be used as the primary WLAN. When the auto option is used, the system will automatically assign the first four WLANs as primaries on their respective BSS. +auto - Automatic assignment of BSS.
PAGE 484
ProCurve Wireless Services xl Module Command Line Reference Wireless Commands – – reset-rp - Resets the parent rp (this will reset all radios on that radio-port). rts-threshold - RTS threshold. – +<100-2346> - RTS threshold in bytes. run-acs - Runs auto-channel-selection on a radio. The radio should already have been configured for ACS. self-heal-offset - Configure the self-healing offset for regulatory. – – +<0-65535> - The self-heal offset in dB. short-preamble - Short preamble.
PAGE 485
ProCurve Wireless Services xl Module Command Line Reference Wireless Commands • add - Adds a new radio. – <1-1000> - Index where this radio is to be added. + - Mac address in AA-BB-CC-DD-EE-FF format. -11a - 802.11a type radio. -11bg - 802.11bg type radio. • configure-8021X - Configures 802.1X username and password onto all currently adopted radio-ports. – username - Specify the 802.1X username the radio-port must use. +WORD - 802.1X username. -password - Specify the 802.
PAGE 486
ProCurve Wireless Services xl Module Command Line Reference Wireless Commands Examples ProCurve(wireless-services-B)#configure ProCurve(wireless-services-B)(config)#wireless ProCurve(wireless-services-B)(config-wireless)#radio 1 adoption-pref-id 5 ProCurve(wireless-services-B)(config-wireless)#radio 1 antenna-mode diversity ProCurve(wireless-services-B)(config-wireless)#radio 1 beacon-interval 50 ProCurve(wireless-services-B)(config-wireless)#radio 1 channel-power indoor acs 10 Regulatory parameter values
PAGE 487
ProCurve Wireless Services xl Module Command Line Reference Wireless Commands • interference-avoidance - Interference Avoidance configuration. – enable - Enables/disables interference avoidance. – hold-time - The number of seconds to disable interference avoidance after a detection. This prevents a radio from changing channels continuously. – • +<0-65535> - A number of seconds between 0-65535. retries - The average number retries to cause a radio to re-run auto channel selection.
PAGE 488
ProCurve Wireless Services xl Module Command Line Reference Wireless Commands Example ProCurve(wireless-services-B)#configure ProCurve(wireless-services-B)(config)#wireless ProCurve(wireless-services-B)(config-wireless)#self-heal interference-avoidance enable ProCurve(wireless-services-B)(config-wireless)#self-heal neighbor-recovery enable ProCurve(wireless-services-B)(config-wireless)#self-heal neighbor-recovery neighbors 5 5 ProCurve(wireless-services-B)(config-wireless)#self-heal neighbor-recovery run-n
PAGE 489
ProCurve Wireless Services xl Module Command Line Reference Wireless Commands – dot11i - Configures IEEE 802.11i (TKIP/AES) parameters. +key - Configures the key (PMK). -0 - Password is specified UNENCRYPTED. ++WORD - The 256 bit (64 hex characters) long key. -2 - Password is encrypted with password-encryption secret. ++WORD - The 256 bit (64 hex characters) long key. -WORD - The 256 bit (64 hex characters) long key.
PAGE 490
ProCurve Wireless Services xl Module Command Line Reference Wireless Commands – – – inactivity-timeout - Inactivity timeout in seconds. If a frame is not received from a station for this amount of time, the station is disassociated. +<60-86400> - Inactivity timeout in seconds. inter-station-blocking - Prevents station to station traffic on this WLAN. qos - Quality of Service commands. +mcast1 - The Egress prioritization multicast mask. - MAC - MAC address in AA-BB-CC-DD-EE-FF format.
PAGE 491
ProCurve Wireless Services xl Module Command Line Reference Wireless Commands ++burst - Transmit-opportunity: an interval of time when a particular WMM STA has the right to initiate transmissions onto the wireless medium. - -<0-65535> - The transmit-opportunity in 32 microSecond units. ++cw - Contention Window parameters: wireless stations pick a number between 0 and the minimum contention window to wait before retrying transmission.
PAGE 492
ProCurve Wireless Services xl Module Command Line Reference Wireless Commands +timeout - Time the wireless module waits for a response from the radius server before retrying. - <1-60> - Timeout in seconds. ++retransmit- Number of retries before the wireless module will give up and disassociate the station. – - - <1-10> - Retry count. station - Modifies Radius/802.1X supplicant related parameters. +timeout - Time the wireless module waits for a response from the radius server before retrying.
PAGE 493
ProCurve Wireless Services xl Module Command Line Reference Wireless Commands The failure/login/welcome parameters share these parameters: - -description - Text that is displayed as the main body (normal font, middle of page) of the webpage. - -footer - Text that is displayed at the footer (smaller font, bottom section ) of the webpage. - -header - Text that is displayed as a header (large font, top section) of the webpage. - -main-logo - Main image (large size) that will be served up by the local webpage.
PAGE 494
ProCurve Wireless Services xl Module Command Line Reference Wireless Commands +phrase - Specify a passphrase from which the keys are to be derived. -LINE - The passphrase between 4 and 32 characters long. +web-default-key - Configures the transmit key index. -<1-4>- The key index to be used for transmission from AP to MU.
PAGE 495
ProCurve Wireless Services xl Module Command Line Reference Wireless Commands wlan-prioritization This command uses WLAN priority weights to determine packet order. The no command disables this support. queueing Syntax wlan-prioritization (enable) no wlan-prioritization enable • enable- Enables prioritization across wireless LANs.
PAGE 496
ProCurve Wireless Services xl Module Command Line Reference Show Commands Show Commands These commands are common commands used to display configured parameters in all contexts. Command Function Page Show Commands (All Contexts) A-80 show alarm-log (<1-65535> | acknowledged | all | new |) Displays list of alarms occurring since boot. A-83 show commands Shows command lists. A-84 show crypto pki (certificates | trustpoints |) Displays encryption related commands.
PAGE 497
ProCurve Wireless Services xl Module Command Line Reference Show Commands Command Function show sntp Displays sntp configuration. A-100 show startup-config Displays contents of startup configuration. A-100 show terminal Displays terminal configuration parameters. A-101 show time Displays system clock. A-102 show timezone Displays time zone. A-102 show upd-server Displays server information. A-103 show upgrade-status (detail) Displays status of the last image upgrade.
PAGE 498
ProCurve Wireless Services xl Module Command Line Reference Show Commands A-82 Command Function Page show wireless radio-status Displays radio status. show wireless regulatory Displays regulatory (allowed channel/power) A-115 information for a particular country. show wireless rp-images Displays list of radio-port images on the wireless module. A-118 show wireless rp-unadopted Displays status of adopted radio-port.
PAGE 499
ProCurve Wireless Services xl Module Command Line Reference Show Commands (All Contexts) Show Commands (All Contexts) This section details the show commands displayed in all available contexts. show alarm-log This command displays all alarms since the last boot. Syntax show alarm-log (<1-65535> | acknowledged | all | new |) • <1-65535> - Display details for specific alarm id. • acknowledged - Display acknowledged alarms since boot. • all - Display all alarms occurred since boot.
PAGE 500
show commands This command displays command lists.
PAGE 501
ProCurve Wireless Services xl Module Command Line Reference Show Commands (All Contexts) show crypto This command displays encryption related commands. Syntax show crypto pki (certificates | trustpoints |) • pki - Display public key infrastructure commands. – certificates - Display certificates.
PAGE 502
ProCurve Wireless Services xl Module Command Line Reference Show Commands (All Contexts) Example ProCurve(wireless-services-B)#show debug debugging is off ProCurve(wireless-services-B)# show file This command displays filesystem information. Syntax show file (information | systems |) • information - Display file information. – FILE - Display information on file. • systems - Display filesystems.
PAGE 503
ProCurve Wireless Services xl Module Command Line Reference Show Commands (All Contexts) show flash This command displays flash information. Syntax show flash Default Setting N/A Command Mode Manager Example ProCurve(wireless-services-B)#show flash Image Build Date Install Date ------------------------------------------Primary Nov 17 22:16:26 2005 Nov 22 15:18:17 2005 Secondary Nov 17 22:16:26 2005 Nov 21 13:10:07 2005 Version -------------WS.01.XX.0551Swami WS.01.XX.
PAGE 504
ProCurve Wireless Services xl Module Command Line Reference Show Commands (All Contexts) Example ProCurve(wireless-services-B)#show history 1 show hostname 2 show history ProCurve(wireless-services-B)# show hostname This command displays the network name of the system.
PAGE 505
ProCurve Wireless Services xl Module Command Line Reference Show Commands (All Contexts) Example ProCurve(wireless-services-B)#show interfaces Interface dnlink Hardware Type Ethernet, Interface Mode Layer 2, address is 00-01-e6-f5-86-fc index 2 metric 1 mtu 1500 Speed: Admin Auto, Operational 1g Duplex: Admin Auto, Operational Full input packets 2693, bytes 204774, dropped 0, multicast packets 0 input errors 0, length 0, overrun 0, CRC 0, frame 0, fifo 0, missed 0 output pa
PAGE 506
ProCurve Wireless Services xl Module Command Line Reference Show Commands (All Contexts) • route - Display ip routing table. • routing- Display ip routing status. • web-management - Display web-server status. Default Setting N/A Command Mode Manager Examples ProCurve(wireless-services-B)#show ip arp IP Address MAC Address Interface 192.168.15.1 00-14-bf-bf-72-30 vlan1 Type dynamic ProCurve(wireless-services-B)# show ip dns 68.87.76.178 dynamic 68.87.66.
PAGE 507
ProCurve Wireless Services xl Module Command Line Reference Show Commands (All Contexts) show licenses This command displays installed licenses. Syntax show licenses (uninstalled) • uninstalled - Display uninstalled licenses.
PAGE 508
ProCurve Wireless Services xl Module Command Line Reference Show Commands (All Contexts) Example ProCurve(wireless-services-B)#show logging Syslog logging: enabled Aggregation time: disabled Console logging: level debugging Monitor logging: disabled Buffer logging: disabled Trap logging: disabled Log Buffer (0 bytes): ProCurve(wireless-services-B)# show management This command displays L3 management interface name.
PAGE 509
ProCurve Wireless Services xl Module Command Line Reference Show Commands (All Contexts) Command Mode Manager Example ProCurve(wireless-services-B)#show password-encryption status Password encryption is enabled ProCurve(wireless-services-B)# show redundancy-group This command displays redundancy group parameters. Syntax show redundancy-group (config | runtime ) • config - Displays configured redundancy group information. • runtime - Displays runtime redundancy group information.
PAGE 510
ProCurve Wireless Services xl Module Command Line Reference Show Commands (All Contexts) Examples: These examples display runtime and group information. ProCurve(wireless-services-B)#show redundancy-group runtime Redundancy Group Runtime Information Redundancy Protocol Version : 1.
PAGE 511
ProCurve Wireless Services xl Module Command Line Reference Show Commands (All Contexts) Command Mode Manager Example ProCurve(wireless-services-B)#show redundancy-history State Transition History Time Event Triggered State --------------------------------------------------------Apr 25 07:42:30 2006 Redundancy Disabled Disabled ProCurve(wireless-services-B)# show redundancy-member This command displays redundancy group parameters. Syntax show redundancy-member (A.B.C.D) • A.B.C.
PAGE 512
ProCurve Wireless Services xl Module Command Line Reference Show Commands (All Contexts) show running-config This command displays current operating configuration. Syntax show running-config (include-factory | interface ) • include-factory - Include the factory defaults. • interface - Displays interface configuration. – IFNAME - Interface name.
PAGE 513
ProCurve Wireless Services xl Module Command Line Reference Show Commands (All Contexts) Example ProCurve(wireless-services-B)#show running-config ! configuration of ProCurveWLANModule Wireless Services version WS.01.03 on Tue6 ! version 1.0 ! no country-code redundancy group-id 50 redundancy interface-ip 10.10.1.20 redundancy holdtime-period 20 redundancy discovery-period 10 redundancy handle-stp enable redundancy member-ip 10.10.1.
PAGE 514
ProCurve Wireless Services xl Module Command Line Reference Show Commands (All Contexts) show snmp This command displays snmp engine parameters. Syntax show snmp [user (manager | operator) | server | ] • user - Display snmp user details. – manager - Display snmp manager details. – operator - DIsplay snmp operator details. • server - Display snmp server details. – traps - Display trap flags. – – – – + wireless statistics - Display wireless stats rate traps. ++ radio - Display radio rate traps.
PAGE 515
ProCurve Wireless Services xl Module Command Line Reference Show Commands (All Contexts) Examples ProCurve(wireless-services-B)#show snmp user userName manager operator access rw ro engineId 0000000c000000007f000001 0000000c000000007f000001 Auth MD5 MD5 Priv DES DES ProCurve(wireless-services-B)#show snmp-server traps ---------------------------------------------------------------------Global enable flag for Traps N ---------------------------------------------------------------------Enable flag statu
PAGE 516
ProCurve Wireless Services xl Module Command Line Reference Show Commands (All Contexts) show sntp This command displays simple NTP configuration. Syntax show sntp Default Setting N/A Command Mode Manager Example ProCurve(wireless-services-B)#show sntp Simple NTP is Disabled Simple NTP Servers: No Simple NTP servers are configured ProCurve(wireless-services-B)# show startup-config This command displays contents of startup configuration.
PAGE 517
ProCurve Wireless Services xl Module Command Line Reference Show Commands (All Contexts) Example ProCurve(wireless-services-B)#show startup-config ! factory default configuration ! prompt to include indication of crash files support prompt crash-info ! vlan 1 gets an IP address via DHCP interface vlan1 ip address dhcp ! web and snmp are enabled to allow the management java applet to function ip web-management snmp-server manager v2 snmp-server manager v3 snmp-server user manager v3 encrypted auth md5 0x709
PAGE 518
ProCurve Wireless Services xl Module Command Line Reference Show Commands (All Contexts) show time This command displays the system clock. Syntax show time Default Setting N/A Command Mode Manager Example ProCurve(wireless-services-B)#show time Feb 21 16:56:46 2006 ProCurve(wireless-services-B)# show timezone This command displays the timezone.
PAGE 519
ProCurve Wireless Services xl Module Command Line Reference Show Commands (All Contexts) show upd-server This command displays update server parameters.
PAGE 520
ProCurve Wireless Services xl Module Command Line Reference Show Commands (All Contexts) Command Mode Manager Example ProCurve(wireless-services-B)#show upgrade-status Last Image Upgrade Status : Successful Last Image Upgrade Time : Tue Nov 22 15:18:17 2005 ProCurve(wireless-services-B)#show upgrade-status detail Last Image Upgrade Status : Successful Last Image Upgrade Time : Tue Nov 22 15:18:17 2005 -------------------------------------------------------var2 is 13 percent full /tmp is 35 percent full Fre
PAGE 521
ProCurve Wireless Services xl Module Command Line Reference Show Commands (All Contexts) Command Mode Manager Example ProCurve(wireless-services-B)#show version ProCurveWLANModule version WS.01.XX.0551Swami Copyright (c) 2005 Symbol Technologies, Inc. Booted from primary.
PAGE 522
ProCurve Wireless Services xl Module Command Line Reference Show Commands (All Contexts) Default Setting N/A Command Mode Manager Example ProCurve(wireless-services-B)#show vlans Downlink: VLAN ID VLAN Name Ports 2100 VLAN2100 ADP,C1-C24 Uplink: VLAN ID VLAN Name Ports 1 DEFAULT_VLAN AUP,B1-B4,C1-C24,D1-D24 ProCurve(wireless-services-B)# A-106
PAGE 523
ProCurve Wireless Services xl Module Command Line Reference Show Commands (Wireless) Show Commands (Wireless) This section details the show commands pertaining to the wireless parameters. show wireless ap-detection-config This command displays detected access point configuration parameters.
PAGE 524
ProCurve Wireless Services xl Module Command Line Reference Show Commands (Wireless) Default Setting N/A Command Mode Manager Configuration Context Global Configuration Context Interface Configuration Context Wireless Configuration Context show wireless channel-power This command displays available channel and power levels for a radio. Syntax show wireless channel-power (11a | 11bg) • 11a - Radio is of type 802.11a. – Indoor - Radio is placed indoor. – Outdoor - Radio is placed outdoors.
PAGE 525
ProCurve Wireless Services xl Module Command Line Reference Show Commands (Wireless) Example ProCurve(wireless-services-B)(config-wireless)#show wireless channel-power 11a indoor Channel Max Power (dBm) Radar Detected 36 (5180 MHz) 17 40 (5200 MHz) 17 44 (5220 MHz) 17 48 (5240 MHz) 17 52 (5260 MHz) 20 56 (5280 MHz) 20 60 (5300 MHz) 20 64 (5320 MHz) 20 149 (5745 MHz) 20 153 (5765 MHz) 20 157 (5785 MHz) 20 161 (5805 MHz) 20 165 (5825 MHz) 20 ProCurve(wireless-services-B)(config-wireless)#show wireless channe
PAGE 526
ProCurve Wireless Services xl Module Command Line Reference Show Commands (Wireless) Default Setting N/A Command Mode Manager Configuration Context Global Configuration Context Interface Configuration Context Wireless Configuration Context Example ProCurve(wireless-services-B)(config-wireless)#show wireless config country-code : us adoption-pref-id : 1 proxy-arp : disabled wlan-prioritization : disabled adopt-unconf-radio : enabled dot11-shared-key-auth: disabled ap-detection : enabled advanced-config : di
PAGE 527
ProCurve Wireless Services xl Module Command Line Reference Show Commands (Wireless) Example ProCurve(wireless-services-B)(config-wireless)#show wireless ids filter-agetout : 60 seconds excessive-probes : disabled excessive-associations : disabled ProCurve(wireless-services-B)(config-wireless)# show wireless mac-auth-local entries This command displays the mac-auth-local entries.
PAGE 528
ProCurve Wireless Services xl Module Command Line Reference Show Commands (Wireless) Command Mode Manager Configuration Context Global Configuration Context Interface Configuration Context Wireless Configuration Context Example ProCurve(wireless-services-B)(config-wireless)#show wireless phrase-to-key wep128 help 1) d7aad741102ccc216ed1b59322 2) 2cdd3865719e93719d5a2a87c6 3) 984590afb106774126f8c0b583 4) 792ebf65147269f968cc23c204 ProCurve(wireless-services-B)(config-wireless)# show wireless radio-config
PAGE 529
ProCurve Wireless Services xl Module Command Line Reference Show Commands (Wireless) Example ProCurve(wireless-services-B)(config-wireless)#show wireless radio-config index description radio port mac type wlans-mapped 1 ] RADIO1 00-14-C2-A0-0B-EC 11bg 2 ] RADIO2 00-14-C2-A0-0B-EC 11a 3 ] RADIO3 00-14-C2-A0-1B-3E 11bg 4 ] RADIO4 00-14-C2-A0-1B-3E 11a 5 ] RADIO5 A1-B2-C3-D4-E5-F6 11a def-11a ] DEFAULT-11A FF-FF-FF-FF-FF-FF 11a def-11bg] DEFAULT-11BG FF-FF-FF-FF-FF-FF 11bg ProCurve(wireless-services-B)(config
PAGE 530
ProCurve Wireless Services xl Module Command Line Reference Show Commands (Wireless) Example ProCurve(wireless-services-B)(config-wireless)#show wireless radio-statistics ***** Radio-1 ********************* stations Associated : 1 ------ Traffic ------------------------------------------------------Total Rx Tx ---------------- ---------------- ---------------30s 1hr 30s 1hr 30s 1hr 29.43 8.60 0.00 0.00 29.43 8.60 pps 0.01 0.00 0.00 0.00 0.01 0.
PAGE 531
ProCurve Wireless Services xl Module Command Line Reference Show Commands (Wireless) Command Mode Manager Configuration Context Global Configuration Context Interface Configuration Context Wireless Configuration Context Example ProCurve(wireless-services-B)(config-wireless)#show wireless radio-status # Radio Port MAC Start BSS Radio State Channel Pwr Idx-tye 1] 00-14-C2-A0-0B-EC 00-14-C2-A0-4E-EC 11bg normal 11 (rnd) 15 dyna 2] 00-14-C2-A0-0B-EC 00-14-C2-A0-CF-34 11a normal 60 (rnd) 15 dyna 3] 00-14-C2-A0-
PAGE 532
ProCurve Wireless Services xl Module Command Line Reference Show Commands (Wireless) – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – A-116 cz Czech Republic de Germany dk Denmark ec Ecuador ee Estonia eg Egypt es Spain fi Finland fr France gr Greece hk Hong Kong hr Croatia hu Hungary id Indonesia ie Ireland il Israel in India is Iceland it Italy jo Jordan jp Japan kr South Korea kw Kuwait kz Kazakhstan li Liechtenstein lk Sri Lanka lt Lithuania lu Luxembourg lv Lat
PAGE 533
ProCurve Wireless Services xl Module Command Line Reference Show Commands (Wireless) – – – – – – – – – – – – – – – sa Saudi Arabia se Sweden sg Singapore si Slovenia sk Slovak Republic th Thailand tr Turkey tw Taiwan ua Ukraine uk United Kingdom us United States uy Uruguay ve Venezuela vn Vietnam za South Africa Default Setting N/A Command Mode Manager Configuration Context Global Configuration Context Interface Configuration Context Wireless Configuration Context A-117
PAGE 534
ProCurve Wireless Services xl Module Command Line Reference Show Commands (Wireless) Example ProCurve(wireless-services-B)(config-wireless)#show wireless regulatory us 802.11a Outdoor Channels : 52 56 60 64 149 153 157 161 165 Power(dBm): 20 20 20 20 20 20 20 20 20 802.11a Indoor Channels : 36 40 44 48 52 56 60 64 149 153 157 161 165 Power(dBm): 17 17 17 17 20 20 20 20 20 20 20 20 20 802.11bg Outdoor Channels : 1 2 Power(dBm): 20 20 3 20 4 20 5 20 6 20 7 20 8 20 9 10 11 20 20 20 802.
PAGE 535
ProCurve Wireless Services xl Module Command Line Reference Show Commands (Wireless) Example ProCurve(wireless-services-B)(config-wireless)#show wireless rp-images Idx Image-File Version Release Date Size (bytes) 1 ProCurve-200-Series 00.02-27 [00] 04 Feb 2006 293320 ProCurve(wireless-services-B)(config-wireless)# show wireless rp-status This command displays the status of adopted radio-port.
PAGE 536
ProCurve Wireless Services xl Module Command Line Reference Show Commands (Wireless) show wireless rp-unadopted This command displays a list of unadopted radio-port.
PAGE 537
ProCurve Wireless Services xl Module Command Line Reference Show Commands (Wireless) Command Mode Manager Configuration Context Global Configuration Context Interface Configuration Context Wireless Configuration Context Example ProCurve(wireless-services-B)(config-wireless)#show wireless self-heal-config interference-avoidance : disabled retries : 14.
PAGE 538
ProCurve Wireless Services xl Module Command Line Reference Show Commands (Wireless) show wireless station-statistics This command displays the statistics of associated stations. Syntax show wireless station-statistics • station-statistics - station statistics. – AA-BB-CC-DD-EE-FF - MAC address of station. +detail - MAC address of station.
PAGE 539
ProCurve Wireless Services xl Module Command Line Reference Show Commands (Wireless) show wireless web-auth-config This command displays the WLAN web-auth configuration. Syntax show wireless web-auth-config • web-auth-config - Wlan web-auth configuration. – <1-32> - A WLAN index.
PAGE 540
ProCurve Wireless Services xl Module Command Line Reference Show Commands (Wireless) show wireless wireless-module-statistics This command displays the wireless module statistics. Syntax show wireless wireless-module-statistics wireless-module-statistics - wireless-module statistics. – detail - detailed wireless-module statistics.
PAGE 541
ProCurve Wireless Services xl Module Command Line Reference Show Commands (Wireless) show wireless wlan-config This command displays the WLAN configuration. Syntax show wireless wlan-config • wlan-config - WLAN configuration. – <1-32> - A WLAN index. – all - all WLANs in configuration.
PAGE 542
ProCurve Wireless Services xl Module Command Line Reference Show Commands (Wireless) Example ProCurve(wireless-services-B)(config-wireless)#show wireless wlan-config # enabled ssid authentication encryption vlan description 1 Y Finance none wep128 1 Bldg-3-Finance 2 Y Employees eap aes 2 Bldg-2 3 N SSID 3 none none 1 4 N SSID 4 none none 1 5 N SSID 5 none none 1 6 N SSID 6 none none 1 7 N SSID 7 none none 1 8 Y Mngmnt eap tkip-aes 1 Bldg-1 9 N SSID 9 none none 1 10 N SSID 10 none none 1 11 N SSID 11 none n
PAGE 543
ProCurve Wireless Services xl Module Command Line Reference Show Commands (Wireless) • wlan-statistics - WLAN statistics. – <1-32> - A WLAN index. +detail - detailed WLAN statistics.
PAGE 544
ProCurve Wireless Services xl Module Command Line Reference Show Commands (Wireless) Example ProCurve(wireless-services-B)(config-wireless)#show wireless wlan-statistics ***** WLAN-1 ********************* stations Associated : 1 Radios active : 2 ------ Traffic ------------------------------------------------------- Pkts per sec: Throughput: Mbps Avg bit speed: % Non-unicast pkts: Total Rx Tx ---------------- ---------------- ---------------30s 1hr 30s 1hr 30s 1hr 0.00 27.34 0.00 0.00 0.00 27.
PAGE 545
ProCurve Wireless Services xl Module Command Line Reference Support Commands Support Commands These commands are common commands used for advanced support duties in all contexts. Command Function Page Support Commands (All Context) support clear (all | cores | dumps | panics | pm ) Displays command history for switch. A-131 support copy tech-support URL Displays resets the functions. A-131 [no] support diag (enable | period ) (Negate) Configures diagnostics.
PAGE 546
ProCurve Wireless Services xl Module Command Line Reference Support Commands Command Function Page Support Commands (Wireless) A-130 [no]support wireless dump-core Creates a core file of the ccsrvr process. A-141 [no] support wireless dump-scale Creates a ccsrvr.dump file in nvram with internal state information. A-141 [no]support wireless rate-scale Enables wireless rate scaling (default) A-142 [no] support wireless spectrummanagement Enables 802.11h+d spectrum management on A-142 all 802.
PAGE 547
ProCurve Wireless Services xl Module Command Line Reference Support Commands (All Contexts) Support Commands (All Contexts) This section details the support commands available to all contexts. support clear This command resets the functions. Syntax support clear (all | cores | dumps | panics | pm ) • all - Removes all core, dump, panic, and pm files. • cores - Removes all core files. • dumps - Removes all dump files. • panics - Removes all kernel panic files.
PAGE 548
ProCurve Wireless Services xl Module Command Line Reference Support Commands (All Contexts) • tech-support - Copy extensive system information useful to technical support for troubleshooting a problem. – URL - URL to which to copy. URLs: tftp:///path/file ftp://:@/path/file scp://@/path/fileDefault Setting Default Setting N/A Command Mode Manager Example ProCurve(wireless-services-B)#support copy tech-support tftp://192.168.1.
PAGE 549
ProCurve Wireless Services xl Module Command Line Reference Support Commands (All Contexts) support diag-shell This command provides diagnostic shell access. The no command negates the shell access. Syntax support diag-shell Default Setting N/A Command Mode Manager Example ProCurve(wireless-services-B)#support diag-shell Diagnostic shell started for testing diag > support kill This command kills specified session. Syntax support kill session • session - Active session number. – <1-16> - Session ID.
PAGE 550
ProCurve Wireless Services xl Module Command Line Reference Support Commands (All Contexts) support pm This command supports the process monitor. The no command negates the process configuration. Syntax support pm (max-sys-restarts | sys-restart) • max-sys-restarts - Maximum number of times PM will restart the system because of failure. – <1-5> - Number of system restarts. • sys-restart - Enable PM to restart the system when a process fails.
PAGE 551
ProCurve Wireless Services xl Module Command Line Reference Support Commands (All Contexts) support rp This command configures radio-port serviceability parameters. Syntax support rp (force-dump) • force-dump - Trigger the radio port to send a crash dump to the blade. Default Setting N/A Command Mode Manager Example ProCurve(wireless-services-B)#support rp force-dump ProCurve(wireless-services-B)# support save cli-tree This command saves cli tree for all modes in HTML format.
PAGE 552
ProCurve Wireless Services xl Module Command Line Reference Support Commands (All Contexts) support set This command sets service parameters. Syntax support set (command-history | reboot-history | upgrade-history ) • command-history - Set size of command history. Default: 200. – <10-300> - History size. • reboot-history - Set size of reboot history. Default: 50. – <10-100> - History size. • upgrade-history - Set size of upgrade history. Default: 50. – <10-100> - History size.
PAGE 553
ProCurve Wireless Services xl Module Command Line Reference Support Commands (All Contexts) – – period - Shows the period (ms) for the in service diagnostics. stats - Shows the curent diagnostics statistics. • info - Shows snapshot of available support information. • last-passwd - Displays last password used to enter shell. • pm - Process Monitor. – history - States changes for a process, the time they happened and the events that triggered them. +WORD - Process name. +all - All processes.
PAGE 554
ProCurve Wireless Services xl Module Command Line Reference Support Commands (All Contexts) ProCurve(wireless-services-B)#support show info 4.0M out of 4.0M available for logs. 6.7M out of 8.2M available for history. 3.5M out of 4.8M available for crashinfo. List of Files: /flash/crashinfo/ccsrvr.dump 0 Nov 1 09:57 /var/log/messages.log 0 Feb 27 09:09 /var/log/startup.log 11.2k Feb 27 09:09 /var2/history/command.history 834 Feb 27 15:17 /var2/history/reboot.history 3.4k Feb 27 09:09 /var2/history/upgrade.
PAGE 555
ProCurve Wireless Services xl Module Command Line Reference Support Commands (All Contexts) support start-shell This command provides access into the shell. Syntax support start-shell Default Setting N/A Command Mode Manager Example ProCurve(wireless-services-B)#support start-shell Password: ProCurve(wireless-services-B)# support terminal This command sets terminal line parameters. Syntax support terminal • monitor - copy debug output to the current terminal line.
PAGE 556
ProCurve Wireless Services xl Module Command Line Reference Support Commands (All Contexts) support tethereal This command dumps and analyzes network traffic. Syntax support tethereal • LINE - tethereal options in the format.
PAGE 557
ProCurve Wireless Services xl Module Command Line Reference Support Commands (Wireless) Support Commands (Wireless) This section details the support commands available for the Wireless parameters. support wireless dump-core This command creates a core file of the ccsrvr process.
PAGE 558
ProCurve Wireless Services xl Module Command Line Reference Support Commands (Wireless) Example ProCurve(wireless-services-B)(config-wireless)#support wireless dump-state ProCurve(wireless-services-B)(config-wireless)# support wireless rate-scale This command enables wireless rate scaling. The no command negates the configuration of the wireless parameters. Syntax support wireless rate-scale no support wireless rate-scale • rate-scale - Enable wireless rate scaling (default).
PAGE 559
ProCurve Wireless Services xl Module Command Line Reference Support Commands (Wireless) Command Mode Manager Example ProCurve(wireless-services-B)(config-wireless)#no support wireless spectrum-management ProCurve(wireless-services-B)(config-wireless)# support wireless tkip-countermeasures This command enables countermeasures on all tkip-enabled wireless LANs. The no command negates the configuration of the wireless parameters.
PAGE 560
ProCurve Wireless Services xl Module Command Line Reference Support Commands (Wireless) A-144
PAGE 561
Appendix B The Apache Software License, Version 1.1 Copyright (C) 1999 The Apache Software Foundation. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2.
PAGE 562
LICENSE ISSUES -------------The OpenSSL toolkit stays under a dual license, i.e. both the conditions of the OpenSSL License and the original SSLeay license apply to the toolkit. See below for the actual license texts. Actually both licenses are BSD-style Open Source licenses. In case of any license issues related to OpenSSL please contact openssl-core@openssl.org. OpenSSL License --------------Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
PAGE 563
STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. This product includes cryptographic software written by Eric Young (eay@cryptsoft.com). This product includes software written by Tim Hudson (tjh@cryptsoft.com).
PAGE 564
Original SSLeay License ----------------------Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) All rights reserved. This package is an SSL implementation written by Eric Young (eay@cryptsoft.com). The implementation was written so as to conform with Netscapes SSL. This library is free for commercial and non-commercial use as long as the following conditions are aheared to. The following conditions apply to all code found in this distribution, be it the RC4, RSA, lhash, DES, etc.
PAGE 565
OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. The licence and distribution terms for any publically available version or derivative of this code cannot be changed. i.e. this code cannot simply be copied and put under another distribution licence [including the GNU Public Licence.] Various copyrights apply to this package, listed in various separate parts below. Please make sure that you read all the parts.
PAGE 566
Copyright (c) 2001-2003, Networks Associates Technology, Inc All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: * Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
PAGE 567
CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ---- Part 4: Sun Microsystems, Inc. copyright notice (BSD) ----Copyright 2003 Sun Microsystems, Inc.
PAGE 568
* Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
PAGE 569
ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. Copyright (c) 1991, 1992 Paul Kranenburg Copyright (c) 1993 Branko Lankester Copyright (c) 1993 Ulrich Pegelow Copyright (c) 1995, 1996 Michael Elizabeth Chastain Copyright (c) 1993, 1994, 1995, 1996 Rick Sladkey Copyright (C) 1998-2001 Wichert Akkerman All rights reserved.
PAGE 570
Copyright (c) 2000-2004 Dug Song All rights reserved, all wrongs reversed. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2.
PAGE 571
LInux LOader (LILO) program code, documentation, and auxiliary programs are Copyright 1992-1998 Werner Almesberger. Copyright 1999-2004 John Coffman. All rights reserved. License ------Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: * Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
PAGE 572
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE ABOVE COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
PAGE 573
thttpd.c - tiny/turbo/throttling HTTP server Copyright 1995,1998,1999,2000,2001 by Jef Poskanzer . All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2.
PAGE 574
zlib.h -- interface of the 'zlib' general purpose compression library version 1.2.3, July 18th, 2005 Copyright (C) 1995-2005 Jean-loup Gailly and Mark Adler This software is provided "AS IS", without any express or implied warranty. In no event will the authors be held liable for any damages arising from the use of this software.
PAGE 575
restrictive); see below for details. [However, none of that term is relevant at this point in time. All of these restrictively licenced software components which he talks about have been removed from OpenSSH, i.e.
PAGE 576
contributed by CORE SDI S.A. under a BSD-style license. Cryptographic attack detector for ssh - source code Copyright (c) 1998 CORE SDI S.A., Buenos Aires, Argentina. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that this copyright notice is retained. THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES ARE DISCLAIMED. IN NO EVENT SHALL CORE SDI S.A.
PAGE 577
5) One component of the ssh source code is under a 3-clause BSD license, held by the University of California, since we pulled these parts from original Berkeley code. Copyright (c) 1983, 1990, 1992, 1993, 1995 The Regents of the University of California. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1.
PAGE 578
Corinna Vinschen Cray Inc. Denis Parker Gert Doering Jakob Schlyter Jason Downs Juha YrjMichael Stone Networks Associates Technology, Inc. Solar Designer Todd C. Miller Wayne Schroeder William Jones Darren Tucker Sun Microsystems Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2.
PAGE 579
Apart from the previously mentioned licenses, various pieces of code in the openbsd-compat/ subdirectory are licensed as follows: Some code is licensed under a 3-term BSD license, to the following copyright holders: Todd C. Miller Theo de Raadt Damien Miller Eric P. Allman The Regents of the University of California Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1.
PAGE 580
Some code is licensed under a MIT-style license to the following copyright holders: Free Software Foundation, Inc.
PAGE 581
*********************************************************************** * * * Copyright (c) David L.
PAGE 582
23.[25]Poul-Henning Kamp Oncore driver (Original author) 24.[26]Frank Kardel [27] PARSE driver (14 reference clocks), STREAMS modules for PARSE, support scripts, syslog cleanup 25.[28]William L. Jones RS/6000 AIX modifications, HPUX modifications 26.[29]Dave Katz RS/6000 AIX port 27.[30]Craig Leres 4.4BSD port, ppsclock, Magnavox GPS clock driver 28.
PAGE 583
3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 15. 16. 17. 18. 19. 20. 21. 22. 23. 24. 25. 26. 27. 28. 29. 30. 31. 32. 33. 34. 35. 36. 37. 38. 39. 40. 41. 42. 43. 44. 45. 46. 47. 48. 49. 50. 51. 52. 53. 54. 55. mailto:%20vbais@mailman1.intel.co mailto:%20kirkwood@striderfm.intel.com mailto:%20michael.barone@lmco.com mailto:%20Jean-Francois.Boudreault@viagenie.qc.ca mailto:%20karl@owl.HQ.ileaf.com mailto:%20greg.brackley@bigfoot.com mailto:%20Marc.Brett@westgeo.com mailto:%20Piete.Brooks@cl.cam.ac.
PAGE 584
Copyright (c) 2004-2005 by Internet Systems Consortium, Inc. ("ISC") Copyright (c) 1995-2003 by Internet Software Consortium Permission to use, copy, modify, and distribute this software for any purpose with or without fee is hereby granted, provided that the above copyright notice and this permission notice appear in all copies. THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS.
PAGE 585
GNU GENERAL PUBLIC LICENSE Version 2, June 1991 Copyright (C) 1989, 1991 Free Software Foundation, Inc. 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. Preamble -------The licenses for most software are designed to take away your freedom to share and change it.
PAGE 586
patent must be licensed for everyone's free use or not licensed at all. The precise terms and conditions for copying, distribution and modification follow. GNU GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 0. This License applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License.
PAGE 587
a warranty) and that users may redistribute the program under these conditions, and telling the user how to view a copy of this License. (Exception: if the Program itself is interactive but does not normally print such an announcement, your work based on the Program is not required to print an announcement.) These requirements apply to the modified work as a whole.
PAGE 588
form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable. If distribution of executable or object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place counts as distribution of the source code, even though third parties are not compelled to copy the source along with the object code. 4.
PAGE 589
patents or other property right claims or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free software distribution system, which is implemented by public license practices.
PAGE 590
12.
PAGE 591
be called something other than `show w' and `show c'; they could even be mouse-clicks or menu items--whatever suits your program. You should also get your employer (if you work as a programmer) or your school, if any, to sign a "copyright disclaimer" for the program, if necessary. Here is a sample; alter the names: Yoyodyne, Inc., hereby disclaims all copyright interest in the program `Gnomovision' (which makes passes at compilers) written by James Hacker.
PAGE 592
GNU LIBRARY GENERAL PUBLIC LICENSE Version 2, June 1991 Copyright (C) 1991 Free Software Foundation, Inc. 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. [This is the first released version of the library GPL. It is numbered 2 because it goes with version 2 of the ordinary GPL.
PAGE 593
Finally, any free program is threatened constantly by software patents. We wish to avoid the danger that companies distributing free software will individually obtain patent licenses, thus in effect transforming the program into proprietary software. To prevent this, we have made it clear that any patent must be licensed for everyone's free use or not licensed at all. Most GNU software, including some libraries, is covered by the ordinary GNU General Public License, which was designed for utility programs.
PAGE 594
GNU LIBRARY GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 0. This License Agreement applies to any software library which contains a notice placed by the copyright holder or other authorized party saying it may be distributed under the terms of this Library General Public License (also called "this License"). Each licensee is addressed as "you".
PAGE 595
2. You may modify your copy or copies of the Library or any portion of it, thus forming a work based on the Library, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions: a) The modified work must itself be a software library. b) You must cause the files modified to carry prominent notices stating that you changed the files and the date of any change.
PAGE 596
instead of to this License. (If a newer version than version 2 of the ordinary GNU General Public License has appeared, then you can specify that version instead if you wish.) Do not make any other change in these notices. Once this change is made in a given copy, it is irreversible for that copy, so the ordinary GNU General Public License applies to all subsequent copies and derivative works made from that copy.
PAGE 597
whether or not they are linked directly with the Library itself. 6. As an exception to the Sections above, you may also compile or link a "work that uses the Library" with the Library to produce a work containing portions of the Library, and distribute that work under terms of your choice, provided that the terms permit modification of the work for the customer's own use and reverse engineering for debugging such modifications.
PAGE 598
distribute. 7.
PAGE 599
refrain entirely from distribution of the Library. If any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply, and the section as a whole is intended to apply in other circumstances.
PAGE 600
WARRANTY FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE LIBRARY "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE LIBRARY IS WITH YOU.
PAGE 601
You should also get your employer (if you work as a programmer) or your school, if any, to sign a "copyright disclaimer" for the library, if necessary. Here is a sample; alter the names: Yoyodyne, Inc., hereby disclaims all copyright interest in the library `Frob' (a library for tweaking knobs) written by James Random Hacker.
PAGE 602
UC Berkeley and by Digital Equipment Corporation. are under the following license: The DEC portions Portions Copyright (C) 1993 by Digital Equipment Corporation.
PAGE 603
All Rights Reserved. Permission to use, copy, modify and distribute this software and its documentation is hereby granted, provided that both the copyright notice and this permission notice appear in all copies of the software, derivative works or modified versions, and any portions thereof, and that both notices appear in supporting documentation. CARNEGIE MELLON ALLOWS FREE USE OF THIS SOFTWARE IN ITS "AS IS" CONDITION.
PAGE 604
Copyright (c) 2000, Intel Corporation All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: * Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
PAGE 605
THIS SOFTWARE IS PROVIDED BY ITS AUTHORS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
PAGE 606
ALTERNATIVELY, provided that this notice is retained in full, this product may be distributed under the terms of the GNU General Public License (GPL), in which case the provisions of the GPL apply INSTEAD OF those given above. Copyright (c) 2004 Linus Torvalds Copyright (c) 2004 Red Hat, Inc., James Morris
PAGE 607
Index Numerics 802.11 … 1-31 a … 5-5 no short preamble with … 5-21 bg … 5-5 management frames … 1-32 viewing radio type … 5-31 802.
PAGE 608
B basic rate settings … 5-16 specifying for a specific radio … 5-35 specifying in radio adoption defaults … 5-17 beacon DTIM in … 5-23 information in … 1-37 selecting SSID … 3-18, 3-21 setting interval for a specific radio … 5-36 setting interval for radio adoption defaults … 5-23 SSID in … 1-37, 3-9 broadcast key … 3-49, 3-51 BSS … 1-32 BSSID … 1-34 generated from base radio MAC … 5-31 radio ports, on … 1-36 C certificate defined … 2-90 request … 2-93 restart HTTP service … 2-97 self-signed … 2-91 uploadi
PAGE 609
H hardware ID … 2-81 help, online … 2-11 hidden stations … 5-22 setting RTS threshold for radio adoption defaults … 5-22 specific radio … 5-36 high availability See redundancy group hostname definition … 2-27 HTTPS access … 2-15 certificate … 2-90 service, restart … 2-97 I IDM … 1-20, 3-70 inactivity timeout … 3-55 index type … 1-43, 5-32 indoors radio specifying for a specific radio … 5-33 specifying in radio adoption defaults … 5-13 infrastructure mode … 1-33 interference avoidance … 6-68 ACS with … 6-68
PAGE 610
monitoring neighbors … 6-57 self healing action opening data rates … 6-63 raising transmit power … 6-63 self healing offset … 5-24, 6-66 normal mode configuration … 3-4 enabling more than four WLANs … 3-7 O online help … 2-11 open-key authentication … 3-42 operator user … 2-15 changing password … 2-65 opportunistic key caching … 3-52 outdoors radio specifying for a specific radio … 5-33 specifying in radio adoption defaults … 5-13 P password changing … 2-65 Web browser interface … 2-8 PMK caching … 3-51 P
PAGE 611
adoption automatic … 2-35 in redundancy group … 4-6, 4-10 manual … 2-35, 2-36 network requirements … 2-30 adoption preference ID … 5-20 BSSIDs … 1-36 configuring … 5-5 deleting, or unadopting … 5-27 failure … 6-57 licenses … 1-26, 2-76 additive … 1-27 hardware ID … 2-81 installing … 2-81 installing additive … 2-80 license key … 2-81 radio port … 2-88 redundancy group and … 4-10 registration ID … 2-81 uninstall verification key … 2-81 uninstalling … 2-85 uninstalling additive … 2-80 load balancing in redunda
PAGE 612
S Secure Shell access … 2-14 security … 3-34 adopting RPs as detectors … 5-12 authentication … 3-34 encryption … 1-14, 3-41 for management access … 2-14 See also authentication See also encryption self healing … 6-57 interference avoidance … 6-68 See also interference avoidance neighbor recovery … 6-57 See also neighbor recovery self healing offset in radio adoption defaults … 5-24 specific radio configuration, for … 5-36 serial session accessing CLI through … 2-12 shared-key authentication … 3-58 short pre
PAGE 613
V video WMM queue for … 3-75 video traffic radio settings for beacon interval … 5-23, 5-36 DTIM period … 5-24, 5-36 WMM parameters … 5-40 WMM queue for … 3-74 VLAN … 2-21 assigning to a WLAN … 3-64 assignment considerations … 3-66 for Web-Auth … 7-8 IP address … 2-20 assigning … 2-21 editing … 2-24 Radio Port … 1-4 radio port automatic creation of … 2-30 uplink … 1-9, 3-34, 3-68, 3-70 user-based or dynamic … 1-20, 3-63, 3-69 802.
PAGE 614
customizing station parameters … 3-79 DSCP with … 3-75, 3-82 enabling on a WLAN … 3-76 enabling on upstream traffic … 3-76 prioritization … 1-25 downstream traffic … 5-40 upstream traffic … 3-74 RP parameters … 5-40 viewing station parameters … 3-78 viewing station support for … 6-7 Wireless Services Module 12 RP License … 2-76 installing … 2-80 uninstalling … 2-80 wireless services-enabled switch auto-provisioning of radio port VLAN … 2-30 downlink ports, viewing … 2-22 uplink ports, viewing … 2-22 Web bro
PAGE 615
PAGE 616
Technical information in this document is subject to change without notice. © Copyright 2006 Hewlett-Packard Development Company, L.P. Reproduction, adaptation, or translation without prior written permission is prohibited except as allowed under the copyright laws.