HP M220 802.
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein. Acknowledgments Windows® is a U.S registered trademark of Microsoft Corporation.
Contents 1 Deploying the M220 ................................................................................... 7 2 Using Quick setup ....................................................................................... 9 Overview................................................................................................................................................. 9 Automatically running Quick setup the first time you log in ......................................................................
6 Creating WDS links ................................................................................... 65 Key concepts.......................................................................................................................................... 65 Simultaneous AP and WDS support ..................................................................................................... 65 Using the 5 GHz band for WDS links ..............................................................................
Packet trace file download .................................................................................................................101 Ping .....................................................................................................................................................102 11 Support and other resources ................................................................... 103 Online Documentation .....................................................................................
1 Deploying the M220 In a small office, the M220 can be directly connected to a broadband router (DSL or cable) to provide wireless networking for all employees. In the following scenario, employees can share data and resources with each other and access the Internet at the same time: Wireless community Wireless community High security security wireless High wirelessnetwork networkforfor employees using employees usingWPA/WPA2. WPA/WPA2.
In the following scenario, M220 #1 provides wireless network services to the employees in the main office, while M220 #2 and M220 #3 use the Wireless Distribution System (WDS) to create a wireless link between the main office network and a small network in a warehouse. WDS eliminates the need to run cabling, allowing for fast and easy deployment.
2 Using Quick setup Overview Quick setup provides an easy way to quickly configure settings on the M220 for several different networking scenarios. Just pick the scenario that most closely resembles your installation and fill in the appropriate fields. Automatically running Quick setup the first time you log in The first time you log in to the management tool (see the HP M220 802.11n Access Point Quickstart for first time login procedure), the HP end user license agreement displays.
This scenario supports clustering mode, where multiple APs in the network are deployed and administered as a single entity. Multiple wireless networks Choose this option if you want to create multiple wireless networks to support users with different networking requirements. For example, you could create two wireless networks, one for employees and one for guests. This option can be used to connect the M220 to a network using static IP, DHCP, or IPv6 addressing.
Multiple wireless networks with wired VLANs Choose this option if you want to: • Create multiple wireless networks to support users with different requirements. • Map the traffic from each wireless network to a specific VLAN. As in Multiple wireless networks mode, this option supports static IP, DHCP, or IPv6 addressing for the network connection, and supports clustering mode.
Add to wireless network with existing AP cluster Use this option if your network already has a defined cluster of M220 APs and you want this AP to join the cluster. Accessing Quick setup after your first login When you log in subsequent to completing or cancelling out of the Quick setup wizard, the System summary page displays by default. You can view and configure the Quick setup global settings by selecting Home > Quick setup. See Quick setup global settings page on page 24.
See also the HP M220 802.11n Access Point Quickstart, which describes the configuration procedure for a basic wireless network.
• 5 GHz IEEE 802.11n: (Pure 802.11n) Up to 300 Mbps in the 802.11n 5 GHz frequency band. • 2.4 GHz IEEE 802.11n: (Pure 802.11n) Up to 300 Mbps in the 802.11n 2.4 GHz frequency band. Get an IP address You can use these settings to configure IP addresses and how they are assigned. The IPv4 configuration field displays by default. To configure IPv6 settings, click the + to the left of IPv6. You can configure addresses for both protocol versions. Only IPv4 supports DHCP.
Change administrator login credentials The M220 supports one administrator login. Use this section to change the password. Note As an immediate first step in securing your wireless network, it is recommended that you change the administrator password from the default. Current password The default password is admin. New password and Confirm password Specify a new password for the M220 administrator account. The administrator password can be from 1 to 32 alphanumeric characters.
Step 3: Specify wireless network settings Use this section to define wireless networks and to configure the security settings for client access and encryption. This section displays different settings depending on the selected network environment. • For a Basic wireless network, the page displays fields for configuring the network name (SSID) and security settings: • For a Multiple wireless networks configuration, an additional table displays for adding wireless networks.
• For a Multiple wireless networks with RADIUS authentication configuration, an appropriate security method is selected and additional fields display to configure RADIUS server information: • For an Add to wireless network with existing AP cluster configuration, this section does not display, as no security settings or additional wireless communities are needed.
Wireless communities The M220 allows you to create up to eight wireless communities. Each wireless community defines the settings for a distinct wireless network, with its own network name (SSID), settings for wireless protection, user authentication, VLANs, and more. Radio settings are shared by all wireless communities.
The name is case-sensitive and must include between 2 and 32 alphanumeric characters, including spaces. The following characters are not allowed: • ?, “, $, [, \, ], and + • only spaces • #, !, ;,and a space as the first character • a space as the last character Map wireless network to a VLAN This option displays only when you select Multiple wireless networks with wired VLANs or Multiple wireless networks with a RADIUS authentication as the network environment.
Network environment Security methods Multiple wireless networks with RADIUS authentication If the wireless mode includes 802.11n: • WPA/WPA2 Personal • WPA/WPA2 Enterprise (default) If the wireless mode does not include 802.11n: • Static WEP (see note) • 802.1X/Dynamic WEP (see note) • WPA/WPA2 Personal • WPA/WPA2 Enterprise (default) Add to wireless network with existing AP cluster The AP will inherit its security settings from the cluster. Note: WEP-based security is not available in 802.
Version Description WPA2 WPA2 (802.11i) with AES-based CCMP encryption. If all of your clients support WPA2, select this option for the maximum possible security. If the chosen wireless mode is one of the 802.11n-only modes, then this mode must be selected. WPA and WPA2 You can select both versions at the same time. Some legacy WPA clients may not work if this mode is selected. This mode is slightly less secure than using the pure WPA2 mode.
WPA/WPA2 Enterprise This option is available in the Quick setup wizard only when you select the Multiple wireless networks with RADIUS authentication network environment. WPA Enterprise with RADIUS is an implementation of the Wi-Fi Alliance IEEE 802.11i standard, which includes the TKIP and CCMP (AES) mechanisms. The Enterprise mode requires the use of a RADIUS server to authenticate users. This security mode is backwards compatible with wireless clients that support the original WPA.
Static WEP This is the least secure method of protecting wireless transmissions. WEP is provided so you can support clients that do not support WPA. Note WEP cannot be used when the radio operating mode supports 802.11n. Key length Select one of the following values as the length of the encryption key: • 64 bits: The key can be 5 ASCII characters or 10 hexadecimal digits. • 128 bits: The key can be 13 ASCII characters or 26 hexadecimal digits.
Quick setup global settings page If you manually launch Quick setup by selecting Home > Quick setup, you will see the Quick setup global settings page. This page will also display if you select Manually configure wireless network settings check box on the initial Quick setup page. This page enables you to configure the same settings as available in the Quick setup wizard. See “Quick setup wizard” on page 13 for instructions.
System settings In the Configure system settings area, you can specify information that helps identify the AP: System name Specify a name. System location Provide a description that identifies where the M220 is physically located. System contact Specify a person to contact for administrative purposes. Multiple RADIUS servers If you select 802.
MAC address The MAC address of the AP. This is the address by which the AP is known externally to other networks. This MAC address applies to the Ethernet port on the AP and to the first (default) wireless community, referred to as wlan0. The MAC address is incremented by 1 for each additional wireless community that you create.
3 Managing the M220 The M220 is managed via its web-based management tool using Microsoft Internet Explorer 8+ or Mozilla Firefox 9+. You can access the M220 management tool using either http or https. Using https is more secure but you will see a security warning until you purchase and install your own certificate. With https, it is acceptable to choose the option that allows you to proceed through the security warning. In a web browser, specify either: http://192.168.1.1 or https://192.168.1.1.
SNMP configuration The M220 provides a robust SNMP v1/v2 implementation supporting both industry-standard MIB II objects and HP-specific MIB objects. Read-only access is supported. Select Management > SNMP to open the SNMP configuration page. SNMP Use this checkbox to enable/disable the SNMP agent. By default, the SNMP agent is enabled. If you disable the agent, the M220 will not respond to SNMP requests.
Private MIBs The following private MIBs and MIB objects are supported: • COLUBRIS-SMI • COLUBRIS-SYSTEM-MIB. Only the following objects are supported: • systemFirmwareRevision • systemBootRevision • systemSerialNumber • systemDeviceIdentification • HP-WLAN-ACCESS-POINT-MIB System time Correct system time is important for proper operation of the M220, especially when using the logs to troubleshoot. Select Management > System time to open the System time page.
Set system time This section displays the current system time. You can configure the time manually or have it automatically configured by a Network Time Protocol (NTP) server. Manually Select the date, time (in 24-hour notation), and timezone. Using network time protocol (NTP) NTP servers transmit Coordinated Universal Time (UTC, also known as Greenwich Mean Time) to their client systems. NTP sends periodic time requests to servers, using the returned time stamp to adjust its clock.
4 Working with wireless communities and authentication Overview The M220 allows you to create up to eight wireless communities. Each wireless community defines the settings for a distinct wireless network, with its own network name (SSID), settings for wireless protection, user authentication, VLANs, and more. For example, in the following scenario, four wireless communities are defined. Each wireless community is configured with a different wireless network name (SSID).
One server acts as a primary, while the others act as backup servers. The network type (IPv4 or IPv6) and accounting mode are common across all configured global RADIUS servers. For example, you can configure four IPv4 servers or four IPv6 servers, but not a combination of IPv4 and IPv6 servers. Note Additional IPv4 or IPv6 RADIUS servers can be configured for each wireless community when 802.1X/Dynamic WEP or WPA-Enterprise is used as the authentication protocol. See 802.
Managing wireless communities To manage wireless communities, select Wireless > Communities. You can define up to eight wireless communities. • To edit an existing community, select its name in the list. Settings are displayed for the community selected in the communities list. Modify the settings as needed and select Update. • To add a new community, select Add New Wireless Community. You can select Save to accept the default settings, or modify the settings and select Add, then Save.
Wireless community configuration options You can configure the following settings for each wireless community: Network name (SSID) Specify a name to uniquely identify the wireless network associated with this wireless community. Each wireless user that wants to connect to this community must use this name. The name is case-sensitive and must include between 2 and 32 alphanumeric characters, including spaces. The following characters are not allowed: • ?, “, $, [, \, ], and + • only spaces • #, !, ;,and a s
Security method By default, no security is defined for a wireless community. It is strongly recommended to configure a security method to provide encrypted data exchanges between wireless clients and the M220. See Wireless protection on page 35 for details on the available security methods. Wireless protection The M220 provides several methods to protect wireless transmissions from eavesdropping and to safeguard network access by unauthorized users.
Key type Select the format used to specify the encryption key. The definition for the encryption key must be the same on the M220 and all wireless clients. • ASCII: ASCII keys are much weaker than carefully chosen hexadecimal keys. You can include ASCII characters from 32 to 126, inclusive, in the key, which includes upper and lower case alphabetic letters, the numeric digits, and special symbols such as @ and #.
802.1X/Dynamic WEP 802.1X enables you to authenticate wireless clients via user accounts stored on a third-party RADIUS server. 802.1X is purely a protocol for user authentication. On the M220, it is paired with Dynamic WEP, which adds WEP encryption based on a set of dynamically generated keys. Note Dynamic WEP cannot be used when the radio operating mode supports 802.11n.
RADIUS IP or IPv6 address 1 to 3 Enter up to three IPv4 and/or IPv6 addresses to use as the backup RADIUS servers for this wireless community. The field label is RADIUS IP address when IPv4 is selected as the RADIUS IP address type, and RADIUS IPv6 address when IPv6 is selected. If authentication fails with the primary server, each configured backup server is tried in sequence. RADIUS key Enter the RADIUS key in the text box. The RADIUS key is the shared secret key for the RADIUS server.
WPA Personal WPA Personal is a Wi-Fi Alliance IEEE 802.11i standard, which includes AES-CCMP and TKIP mechanisms. It employs a preshared key (instead of using IEEE 802.1X and EAP, as is used in the WPA Enterprise mode). The preshared key (PSK) is used for an initial check of credentials only. WPA versions Select one of the following options: • WPA (TKIP): WPA with TKIP encryption. This is the original version of the standard and is still supported by many legacy clients. • WPA2 (AES): WPA2 (802.
WPA Enterprise WPA Enterprise with RADIUS is an implementation of the Wi-Fi Alliance IEEE 802.11i standard, which includes the CCMP (AES) and TKIP mechanisms. The Enterprise mode requires the use of a RADIUS server to authenticate users. WPA versions Select the types of wireless clients you want to support: • WPA (TKIP): If all wireless clients on the network support WPA but none support WPA2, then select WPA.
Enable pre-authentication If for WPA versions you select only WPA2 (AES) or both WPA (TKIP) and WPA2 (AES), you can enable pre-authentication for WPA2 clients. Enable pre-authentication if you want WPA2 wireless clients to send pre-authentication packets. The pre-authentication information will be relayed from the AP the client is currently using to the target AP. Enabling this feature can help speed up authentication for roaming clients who connect to multiple APs.
Broadcast key refresh rate Enter the interval at which the broadcast (group) key is refreshed for clients associated with this wireless community (the default is 300). The valid range is 0 to 86400 seconds. Specify a value of 0 to disable the refreshing of broadcast keys. Session key refresh rate Enter the interval at which the AP will refresh session (unicast) keys for each client associate with the wireless community. To enable session key refreshing, specify a value in the range of 30 to 86400 seconds.
Local MAC authentication Select Wireless > MAC authentication to display the Configure local MAC authentication list page. You can use this page to configure a local list, which applies to every wireless community on which local MAC authentication is enabled. Filter Select one of the following options: • Allow only stations in list: Only users whose MAC addresses appear in the MAC address list can connect to the wireless network created by this community.
Working with wireless communities and authentication
5 Wireless configuration Wireless coverage As a starting point for planning your network, you can assume that when operating at high power, the M220 radio provides a wireless networking area (also called a wireless cell) of up to 300 feet (100 meters) in diameter. Before creating a permanent installation, you should always perform a site survey to determine the optimal settings and location for the M220. The following sections provide information on wireless coverage.
Configuring overlapping wireless APs When the radio is operating in the 2.4 GHz band and two or more APs may are within transmission range of each other, they may use overlapping channels. This may be under your control (for example, when you use several APs to cover a large location) or out of your control (for example, when your neighbors set up their own wireless networks). In either case, the problems you face are similar.
The solution to this problem is to set the two networks to different channels with as great a separation as possible in their operating frequencies. This reduces crosstalk and enables wireless clients connected to each M220 to transmit at the same time. AP 1 Channel = 1 AP AP 2 Channel = 6 AP Selecting channels For optimal performance when operating in the 2.4 GHz band, select an operating frequency that is different by at least 25 MHz from the frequency used by neighboring APs.
Sample channel selections For example, when operating in 802.11b mode, the M220 supports the following 14 channels in the 2.4 GHz band: Channel Frequency Channel Frequency 1 2 3 4 5 6 7 2412 2417 2422 2427 2432 2437 2442 8 9 10 11 12 13 14 2447 2452 2457 2462 2467 2472 2477 However, the number of channels available for use in a particular country are determined by regional regulations.
In North America, you can reduce transmission delays by using different operating frequencies, as shown in the following figure: AP 1 Channel = 1 AP AP 2 Channel = 6 AP AP 3 Channel = 11 AP Alternatively, you can stagger APs to reduce overlap and increase channel separation, as shown in the following figure: AP 1 Channel = 1 AP AP 2 Channel = 6 AP AP 3 Channel = 11 AP AP 4 Channel 1 AP Wireless coverage 49
This strategy can be expanded to cover an even larger area using three channels, as shown in the following figure: AP 1 Channel = 1 AP 2 Channel = 6 AP 3 Channel = 11 AP 4 Channel = 1 AP AP AP AP AP AP AP AP AP 5 Channel = 11 AP 6 Channel = 1 AP 7 Channel = 6 AP 9 Channel 11 802.11n best practices This section provides recommendations on how to best use 802.11n wireless technology, especially when legacy (a/b/g) clients must also be supported. Supporting legacy wireless clients The 802.
802.11n clients face the same problem as described for 802.11g clients. Legacy a/b/g clients cannot detect the High Throughput (HT) rates that 802.11n uses. To avoid causing excessive collisions, 802.11n clients must use the same protection mechanisms when a legacy client is present. Even the most efficient protection mechanism (CTS-to-self) causes a substantial decline in throughput. Performance can decline by as much as 50 percent. The 802.
Channel width When operating in an 802.11n mode, the M220 enables you to use the standard channel width of 20 MHz or a double width of 40 MHz. A width of 40 MHz is achieved by using two adjacent channels to send data simultaneously. The advantage of using a 40 MHz wide channel is that the available bandwidth is doubled, leading to much higher throughput for clients operating in that mode. A disadvantage is that fewer channels are available for use by all clients.
Country The country of operation, also known as the regulatory domain, determines the availability of certain wireless settings on the M220. Once the country has been set, the M220 automatically limits the available wireless channels and channel width, and adjusts the radio power level in accordance with the regulations of the selected country. Caution Incorrectly selecting the country may result in illegal operation and may cause harmful interference to other systems.
Note In 802.11n (2.4 GHz) and 802.11n (5 GHz) modes, the M220 does not permit non802.11n clients to associate. Also in this mode, the M220 does not use protection mechanisms (RTS/CTS or CTS-to-self) to enable legacy APs to operate on the same frequency. This can potentially cause problems with legacy (802.11a/b/g) APs operating on the same channel, but provides the best throughput for the M220 and its 802.11n clients. In 802.11a/n, and 802.11b/g/n modes, the M220 permits both 802.
Note Although some 802.11n clients only support 20 MHz channels, they can still associate with a M220 configured for Auto 20/40 MHz. Primary channel (802.11n modes only) This setting can be changed only when the channel bandwidth is set to 40 MHz. A 40-MHz channel can be considered to consist of two 20-MHz channels that are contiguous in the frequency domain. These two 20-MHz channels are often referred to as the Primary and Secondary channels. The Primary channel is used for 802.
Select one of the following options: • Yes (default): AP transmits data using a 400 ns guard interval when communicating with clients that also support the short guard interval. • No: The AP transmits data using an 800 ns guard interval. STBC mode This setting is available only if the selected radio mode includes 802.11n. Space Time Block Coding (STBC) is an 802.11n technique that improves the reliability of data transmissions.
Fragmentation threshold Specify a number from 256 to 2,346 to set the frame size threshold in bytes. The fragmentation threshold is a way of limiting the size of frames transmitted over the network. If a frame exceeds the fragmentation threshold you set, the fragmentation function is activated and the frame is sent as multiple 802.11 frames. If the frame being transmitted is equal to or less than the threshold, fragmentation is not used.
Bcast/Mcast rate limiting Enabling multicast and broadcast rate limiting can improve overall network performance by limiting the number of packets transmitted across the network. Note, however, that the performance of client applications that rely on multicast or broadcast traffic may be affected. By default, this option is disabled. When you enable it, the following fields are editable: Rate limit Enter the rate limit you want to set for multicast and broadcast traffic.
Detected and Known AP lists When the M220 discovers an AP during a scan, it compares the MAC address of the AP against the Known AP list (a list that you create or import using the capabilities on this page). If the scanned AP does not appear in the list of known APs, it is displayed in the Detected rogue AP list. The following information displays for each detected rogue AP: Field Description MAC The MAC address of the neighboring AP detected during a scan. Beacon Int.
Field Description WPA Whether WPA security is on or off for this AP. Band The 802.11 band used on this AP, as follows: • 2.4 indicates 802.11b, 802.11g, or 802.11n mode (or a combination of the modes). • 5 indicates 802.11a or 802.11n mode (or both modes). Channel The channel on which the AP is currently broadcasting. The channel defines the portion of the radio spectrum that the radio uses for transmitting and receiving. The channel is set in the Radio settings.
Working with saved AP lists You can save the Known AP list and import a saved list to the M220. A saved list can show APs that you previously identified as known APs but that may not be showing in the current Detected rogue AP list (because they are not currently operational, for example). To create a list, under Save AP list, select Save and then save the file to your PC or network. By default, the filename is Rogue2.cfg. You can use a text editor or web browser to open the file and view its contents.
Viewing wireless information The M220 provides several pages where you can view information related to wireless operation. Viewing all connected wireless clients Select Wireless > Client connections. The following information is displayed for each client currently connected to the M220: Field Description Network The wireless community the client is associated with. For example, an entry of wlan0vap2 means the client is associated with wireless community 2.
Viewing wireless statistics for the radio Select Status > Wireless to display the Wireless status page. This page displays the following information: Field Description WLAN packets received Total packets received by the AP. WLAN bytes received Total bytes received by the AP. WLAN packets transmitted Total packets transmitted by the AP. WLAN bytes transmitted Total bytes transmitted by the AP. WLAN packets receive dropped Number of packets received by the AP that were dropped.
Field Description Fragments transmitted Number of transmitted MPDU with an individual address or an MPDU with a multicast address of type data or management. Multicast frames received Count of MSDU frames received with the multicast bit set in the destination MAC address. Multicast frames transmitted Count of successfully transmitted MSDU frames where the multicast bit is set in the destination MAC address.
6 Creating WDS links Key concepts The Wireless Distribution System (WDS) feature enables you to create point-to-point wireless links between one or more M220s. These links create a wireless bridge that interconnects the networks connected to the Ethernet port on each M220.
Using the 5 GHz band for WDS links When the M220 uses WDS only to extend the network by providing a dedicated link to another M220 (that is, it does not simultaneously act as an AP for wireless clients), it is recommended that, whenever possible, the WDS links use 802.11n or 802.11a in the 5 GHz band. This optimizes throughput and reduces the potential for interference, as follows: • Most Wi-Fi clients support 802.11b or b/g; therefore, most APs are set to operate in the 2.4 GHz band.
WDS configuration To view or add a WDS link, select Wireless > WDS. General Local address Shows the MAC address of the wireless port on the M220. This address needs to be entered on the M220 to which this link will connect. Spanning tree mode The Spanning-Tree Protocol (STP) can be enabled to prevent undesirable loops from occurring in the network that may result in decreased throughput. Enabling spanning tree is recommended.
WDS link 1/2/3/4 You can link the M220 with up to four other M220 devices. Specify the following settings for each WDS interface: Remote address Specify the MAC address of the wireless port on the remote M220 to which this link will connect. Or, click the left arrow next to the text box to select from a list of MAC addresses detected during an AP scan.
Sample WDS deployment This example shows you how to create a wireless link between two physically separate network segments. M220 #1 M220 #3 WDS Wireless link M220 #2 022M 3# DHCP server 192.168.5.10 5.1 5.15 192.168.5.20 5.16 5.21 5.22 This example assumes that both M220s have their IP addresses set and are connected to their respective networks as shown in the diagram. A. Obtain the MAC address of M220 #2 1.
6. Select Wireless > WDS. 7. Under WDS link 1, configure the following settings: • If not already selected, set Remote address to the MAC address of M220 #2. • Set Encryption to WPA (PSK). • Set the Link name to M220_WDS1. • Set Key to a39xm210. 8. Select Save. C. Setup the WDS link on M220 #2 Configuration settings on M220 #2 are similar to those defined on M220 #1. 9. Open the management tool on M220 #2. 10. Select Wireless > Radio. 11.
13. Select Wireless > WDS. 14. Under WDS Link 1, configure the following settings: • Set Remote address to the MAC address of M220 #2. • Set Encryption to WPA (PSK). • Set Link name to the same value you entered for the first M220 (M220_WDS1). • Set Key to a39xm210. 15. Select Save. D.Test the link and make performance adjustments The WDS link should now be active. 1. Select Tools > Ping on M220 #1 and ping the address of M220 #2 (192.168.5.20). If the ping succeeds, it means that the WDS link is working.
Creating WDS links
7 Configuring Ethernet, IP, and VLAN settings Ethernet configuration The M220 connects wireless clients to a wired network through its Ethernet port. You can configure the IP settings for this interface and the VLAN membership required for management access to the M220. To configure the Ethernet port settings, select Network > IP. The Ethernet configuration area shows the MAC address assigned to the M220 Ethernet port and to the default wireless community (wlan0). The MAC address is also printed on the AP.
The M220 does not add VLAN tags when forwarding traffic to wireless clients, regardless of whether the traffic was tagged or untagged on the wired network. By default, this option is enabled and the untagged VLAN ID is 1. Note If VLANs are not used on your network, these settings have no effect on the forwarding of traffic. IPv4 configuration Use this area to configure the M220 to be assigned an IPv4 address from a DHCP server on your network, or to statically configure an IPv4 address.
Subnet mask Specify the mask for the IP address. Default gateway Set the IP address of the gateway on the network. DNS nameservers: Select Dynamic to have the DNS nameservers assigned through DHCP, or select Manual to configure up to two static DNS nameserver addresses. IPv6 configuration If the attached network uses the IPv6 protocol, you can enable IPv6 support on the M220. IPv6 functionality is enabled by default.
used to transmit or receive traffic, except to exchange messages with other network nodes to verify the uniqueness of the address. • Blank (no value): No IP address is assigned or the assigned address is not operational. IPv6 link local address The IPv6 link local address is the IPv6 address used by the local physical link. The link local address is not configurable and is assigned by using the IPv6 Neighbor Discovery process.
• The Employee wireless community is configured with VLAN 10. All employee traffic exits the M220 on VLAN 10, providing access to the company file server, shared printer, and the Internet. • The Guest wireless community is configured with VLAN 20. All traffic from the Guest community exits the M220 on VLAN20, providing access to the shared printer and the Internet. VLAN assignment via RADIUS VLANs can also be assigned on a per-user basis by setting VLAN attributes in a user’s RADIUS account.
Employee wireless community • R&D employees are assigned to VLAN 10 via attributes in their RADIUS account. • Accounting employees are assigned to VLAN 15 via attributes in their RADIUS account. • Employees without a VLAN assignment in their RADIUS account get assigned to the VLAN that is configured for the wireless community, which in this example is 20. This enables these employees to access the shared printer and the Internet. Guest wireless community • The Guest community does not use RADIUS.
8 Clustering multiple M220s Overview The M220 supports AP clustering. A cluster provides a single point of administration and lets you view, deploy, configure, and secure the wireless network as a single entity rather than a series of separate wireless devices. When APs are clustered, you can also configure channel planning, which helps to reduce radio interference and maximize bandwidth on the wireless network.
Settings that are shared/not shared by the cluster Settings that are shared Settings that are not shared Event logging settings WDS links Neighboring AP detection mode Ethernet (wired) settings Wireless settings (Exception: Static channel configuration is not shared.
Cluster formation Cluster criteria A cluster can be formed between two or more M220 APs if the following conditions are met: • The APs have the same part number. For example, part number J9798A cannot be clustered with part number J9799A. You can view the part number on the System summary page. • The APs are configured with the same Country setting. • The APs are connected on the same wired subnet. Clustering is not supported over a wireless connection such as a WDS link.
selected. If they have an equal number of changes, but AP2 has the most recent change, then AP2 is selected.) Creating a cluster To create a cluster: 1. On the first M220 that you want to be clustered, select Cluster > Configuration. 2. For the Clustering mode, select Enabled. 3. Enter a Cluster name (required). The cluster name must be the same on all APs. It can consist of up to 64 alphanumeric and special characters. 4. Enter a Cluster location, which describes where the AP is physically located.
Removing an AP from the cluster To remove an AP from the cluster: 1. On the M220 that you want to remove from the cluster, select Cluster > Access points. 2. For the Clustering setting, select Disabled, then select Save. Client connections From any AP in a cluster, you can select Cluster > Client connections to view information about clients connected to any clustered AP. Note This page displays data only if clustering is enabled on the Cluster > Configuration page.
Tx total The number of total packets transmitted to the client during the current session. Error rate The percentage of time frames are dropped during transmission to or from this client. Channel planning When channel planning is enabled, the M220 automatically assigns radio channels used by clustered APs.
Interference threshold Select the minimum percentage of interference reduction a proposed plan must achieve to be applied. The default is 75 percent. You can select percentages ranging from 5 percent to 75 percent. This setting lets you set a gating factor for channel reassignment so that the network is not continually disrupted for minimal gains in efficiency.
Status Indicates whether the channel is up or down. Locked You can select to lock the AP onto the current channel. When selected, automated channel plans cannot reassign the AP to a different channel as a part of the optimization strategy. Instead, APs with locked channels will be factored in as requirements for the plan.
9 Maintenance Configuration file management The configuration file contains all the settings that customize the operation of the M220. You can save and restore the configuration file by selecting Maintenance > Config file management. Reset See Resetting to factory defaults on page 105. Save The Save feature enables you to back up your configuration settings so that they can be easily restored in case of failure. Before you install new software, you should always back up your current configuration.
For HTTP downloads, you are prompted for the location in which to save the configuration file. For TFTP downloads, specify the file path and file name under which to save the file, and the TFTP server name. Restore The Restore feature enables you to load a previously saved configuration file. For an HTTP restore, select Browse to select to the configuration file that you want to restore, then select Restore.
Software updates To update the M220 software, select Maintenance > Software updates. The Manage software page displays. Software information The M220 maintains both a primary software image and a backup image. The M220 always tries to boot with the primary image. If it fails to load, then the secondary image is used. Whenever such a failover occurs, the system creates a log message to help you troubleshoot the software failure. The Software information area shows the active image and backup image versions.
System information The System page enables you to download logs, settings, system tools outputs, and other information that customer support may find helpful in diagnosing problems. To download system information, select Maintenance > System. In the Show tech area, you can download a file that can be read in a text editor. The file contains configuration settings, including those that have been customized by the user. The file is named showtech.rtf by default.
10 Tools System log The system log is a comprehensive list of system messages and kernel messages, which may indicate error conditions such as dropped frames. The M220 stores up to 512 system error messages in volatile memory (RAM). You can view these events using the M220 management tool, and you can configure M220 to relay them as syslog messages to a syslog server residing on the network. You can also configure the M220 to store up to 512 messages in nonvolatile memory (flash).
Severity Specify the severity level of the log messages to write to the system log(s). This setting applies to messages stored in RAM and flash. In the following list, the severity levels are listed from most severe (top) to least severe (bottom): • Emergency indicates that the system is unusable. It is the highest level of severity. • Alert indicates action must be taken immediately. • Critical indicates critical conditions. • Error indicates error conditions. • Warning indicates warning conditions.
Remote syslog Use this setting to enable or disable this feature. When enabled, messages of the selected Severity level or higher are sent to the configured syslog server. When disabled, a limited number of these messages will be stored locally and can be viewed in the Events section of the System log page. Syslog server Specify the IP address or DNS name of the remote log server. Syslog port The syslog process uses logical port 514 by default. It is recommended that you keep this default.
From address Specify the email address that appears in the From field of alert messages sent from the AP, for example AP23@company.com. It is recommended that you use an email address that exits on your own network, so that the address will receive a notification if an email from the AP is undeliverable, and to prevent spam filters on the network from blocking the sending or delivery of emails from the AP. The address can be a maximum of 255 characters and can contain only printable characters.
Mail server address Specify the IP address or hostname of the SMTP server on the network. Mail server security Specify whether to use SMTP over SSL (TLSv1) or no security (Open) for authentication with the mail server. The default is Open. Mail server port Configure the TCP port number for SMTP. The range is a valid port number from 0 to 65535. The default is 25, which is the standard port for SMTP. Username This field displays only when TLSv1 is selected as the Mail server security setting.
Viewing email alert status You can select Status > Email alert to view the status of the email alert feature and information about past activity. Email alert status Indicates whether the Email alert feature is administratively enabled or disabled. Number of emails sent The number of alert emails sent since the feature was enabled. Number of emails failed The number of alert emails sent since the feature was enabled that did not reach the intended destination.
Packet trace configuration Use this section to configure parameters that affect how packet trace functions on the radio interfaces. Trace beacons Enable to trace the 802.11 beacons detected or transmitted by the radio. Promiscuous trace Enable to place the radio in promiscuous mode when the trace is active. In promiscuous mode, the radio receives all traffic on the channel, including traffic that is not destined to the M220.
Performing a packet file trace To perform a packet file trace. 1. Select Tools > Network trace. 2. Select a Trace interface. The following M220 interfaces are available for packet trace: • radio1: 802.11 traffic on the radio. • eth0: 802.3 traffic on the Ethernet port. • wlan0: Traffic for the default wireless community. • wlan0vapx: Traffic for wireless community x, where x is the community ID and can be from 1 to 7.
When the remote trace mode is in use, the M220 does not store any captured data locally in its file system. Setting up Wireshark sessions You can trace up to five interfaces on the M220 at the same time. However, you must start a separate Wireshark session for each interface. You can configure the IP port number used for connecting Wireshark to the M220. The default port number is 2002. The system uses five consecutive port numbers starting with the configured port for the packet trace sessions.
Performance and security considerations In remote packet trace mode, traffic is sent to the PC running Wireshark via one of the network interfaces. Depending on where the Wireshark tool is located, the traffic can be sent on an Ethernet interface or one of the radios. To avoid a traffic flood caused by tracing the trace packets, the M220 automatically installs a trace filter to filter out all packets destined to the Wireshark application.
4. Select Start Remote Trace. The trace session will run for the specified duration. You can view the trace status in the Packet trace status section. Select Refresh to see the updated trace time. You can also select Stop Trace to stop a trace before the specified duration has elapsed. Packet trace status This section enables you to view the status of the packet trace on the AP. Current trace status Whether a packet trace is running or is stopped.
TFTP server filename The file will be saved to the TFTP server under this name and path. Server IP Enter the IP address of the TFTP server. When you select Download, a progress bar displays to indicate download status. Ping The M220 supports ping functionality to enable basic diagnostics of network devices. To ping another device, select Tools > Ping. Address to ping You can specify an IPv4 address, an IPv6 address, or a hostname.
11 Support and other resources Online Documentation You can download documentation from the HP Support Website at: www.hp.com/networking/support. Search by product number or name. Contacting HP For worldwide technical support information, see the HP Support Website: www.hp.
Conventions The following conventions are used in this guide. Management tool This guide uses specific syntax when directing you to interact with the management tool user interface. Refer to the following image for identification of key user-interface elements and then the table below for example directions: Main Sub-menu 104 Example directions in this guide What to do in the user interface Select Wireless > Radio. Select Wireless on the main menu, and then select Radio on the sub-menu.
A Resetting to factory defaults Factory reset procedures To force the M220 into its factory default state, follow the procedures in this section. Caution Resetting the M220 to factory defaults deletes all configuration settings, resets the manager user name and password to admin, and enables the DHCP client on the Ethernet port. If no DHCP server assigns an address to the M220, its address defaults to 192.168.1.1.