Table of Contents

Advertisement

Quick Links

HP A-MSR Router Series
WLAN

Configuration Guide

Abstract
This document describes the software features for the HP A Series products and guides you through the
software configuration procedures. These configuration guides also provide configuration examples to help
you apply software features to different network scenarios.
This documentation is intended for network planners, field technical support and servicing engineers, and
network administrators working with the HP A Series products.
Part number: 5998-2030
Software version: CMW520-R2207P02
Document version: 6PW100-20110810

Advertisement

Table of Contents
loading

Summary of Contents for HP a-msr

  • Page 1: Configuration Guide

    Configuration Guide Abstract This document describes the software features for the HP A Series products and guides you through the software configuration procedures. These configuration guides also provide configuration examples to help you apply software features to different network scenarios.
  • Page 2 The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional...
  • Page 3: Table Of Contents

    Contents WLAN interface configuration ······································································································································· 1 WLAN-radio interface ······················································································································································ 1 Configuring a WLAN-radio interface ···················································································································· 1 WLAN-BSS interface ························································································································································· 1 Configuring a WLAN-BSS interface ······················································································································· 1 WLAN-Ethernet interface ·················································································································································· 2 Entering WLAN-Ethernet interface view ················································································································· 2 Configuring a WLAN-Ethernet interface ················································································································ 3 Displaying and maintaining a WLAN interface ············································································································...
  • Page 4 SVP service configuration example ····················································································································· 62 Troubleshooting ······························································································································································ 63 EDCA parameter configuration failure ··············································································································· 63 SVP or CAC configuration failure························································································································ 63 Support and other resources ········································································································································ 64 Contacting HP ································································································································································ 64 Subscription service ·············································································································································· 64 Related information ························································································································································ 64 Documents ······························································································································································ 64 Websites ································································································································································ 64 Conventions ····································································································································································...
  • Page 5: Wlan Interface Configuration

    The terms AP and fat AP in this document refer to A-MSR900 and A-MSR20- 1 X routers with IEEE 802.1 1b/g and A-MSR series routers installed with a SIC WLAN module. Wireless routers support WLAN-Radio interfaces, which are physical interfaces that provide wireless network access.
  • Page 6: Wlan-Ethernet Interface

    To do… Use the command… Remarks Enter system view. system-view — Required. Enter WLAN-BSS interface interface wlan-bss If the WLAN-BSS interface does view. interface-number not exist, this command creates the WLAN-BSS interface first. Optional. Set the description string for the By default, the description string of description text interface.
  • Page 7: Configuring A Wlan-Ethernet Interface

    To do… Use the command… Remarks Required. If the WLAN-Ethernet interface Enter WLAN-Ethernet interface interface wlan-ethernet does not exist, this command view. interface-number creates the WLAN-Ethernet interface first. Restore the default settings of default Optional. the WLAN-Ethernet interface. Configuring a WLAN-Ethernet interface For a WLAN-Ethernet interface, you can configure basic settings such as MTU, and ARP, DHCP, and routing protocols as listed in the following table.
  • Page 8 To do… Use the command…  ipv6 address  ipv6 address auto link-local  ipv6 mtu  ipv6 nd autoconfig managed-address-flag  ipv6 nd autoconfig other-flag  ipv6 nd dad attempts  ipv6 nd ns retrans-timer Configure basic IPv6 settings. ...
  • Page 9 To do… Use the command…  rip authentication-mode  rip input  rip output  rip metricin  Configure RIP. rip metricout  rip poison-reverse  rip split-horizon  rip summary-address  rip version Configure IPv6 IS-IS. isis ipv6 enable ...
  • Page 10 To do… Use the command…  igmp enable  igmp fast-leave  igmp group-policy  igmp last-member-query-interval  igmp max-response-time  igmp require-router-alert Configure IGMP.  igmp robust-count  igmp send-router-alert  igmp static-group  igmp timer other-querier-present  igmp timer query ...
  • Page 11 To do… Use the command…  pim ipv6 bsr-boundary  pim ipv6 hello-option  pim ipv6 holdtime  pim ipv6 require-genid  pim ipv6 sm  pim ipv6 dm Configure IPv6 PIM.  pim ipv6 state-refresh-capable  pim ipv6 timer graft-retry ...
  • Page 12: Displaying And Maintaining A Wlan Interface

    To do… Use the command…  port-security authorization ignore  port-security max-mac-count  port-security port-mode { mac-and-psk | mac-authentication | mac-else-userlogin-secure | mac-else-userlogin-secure-ext | psk | userlogin-secure | userlogin-secure-ext | Configure port security. userlogin-secure-ext-or-psk | userlogin-secure-or-mac | userlogin-secure-or-mac-ext }  port-security preshared-key { pass-phrase | raw-key } ...
  • Page 13: Wlan Service Configuration

    The terms AP and fat AP in this document refer to A-MSR900 and A-MSR20- 1 X routers with IEEE 802.1 1b/g and A-MSR series routers installed with a SIC WLAN module. WLANs have become very popular because they are easy to set up and maintain. Generally, several APs can cover a building or an area.
  • Page 14 Figure 1 Establish a client access Client Active/Passive scanning Authentication request Authentication response Association request Association response Scanning A wireless client can get the surrounding wireless network information in two ways: passive scanning or active scanning. With passive scanning, a wireless client gets wireless network information through listening to Beacon frames sent by surrounding APs.
  • Page 15 A client sends a probe request (with a specified SSID): When the wireless client is configured to access  a specific wireless network or has already successfully accessed a wireless network, the client periodically sends a probe request carrying the specified SSID of the configured or connected wireless network.
  • Page 16: Wlan Topologies

    Other related procedures De-authentication A de-authentication frame can be sent by either an AP or wireless client to break an existing link. In a wireless system, de-authentication can occur due to many reasons, such as:  Receiving an association/disassociation frame from a client which is unauthenticated. ...
  • Page 17 Multi-ESS This topology describes a scenario where more than one ESS exists. When a mobile client joins the fat AP, it can join one of the available ESSs. Figure 6 shows a multi-ESS network. Figure 6 Multi-ESS network Internet Gateway FAT AP ESS 2 ESS 1...
  • Page 18: Protocols And Standards

    Protocols and standards ANSI/IEEE Std 802.1 1, 1999 Edition  IEEE Std 802.1 1a  IEEE Std 802.1 1b  IEEE Std 802.1 1g  IEEE Std 802.1 1i  IEEE Std 802.1 1-2004  IEEE Std 802.1 1n  Configuring WLAN service Configuration task list Task...
  • Page 19: Configuring A Wlan Service Template

    To specify the country code: To do… Use the command… Remarks Enter system view. system-view — By default, the country code for Specify the country code. wlan country-code code North American models is US, and for other models is CN. You cannot modify the country code for North American models.
  • Page 20: Configuring The Radio Of The Ap

    To do… Use the command… Remarks interface wlan-radio Enter radio interface view. — interface-number Specify a radio type for the radio-type [ type { dot11b | dot11g | Required. radio. dot11gn } ] Bind a service template to a service-template WLAN-ESS interface for the service-template-number interface Required.
  • Page 21: Configuring 802.11N

    To do… Use the command… Remarks Optional. Specify the RTS threshold rts-threshold size By default, the RTS threshold is length. 2346 bytes. Set the maximum number of Optional. retransmission attempts for long-retry threshold count By default, the long retry frames larger than the RTS threshold is 4.
  • Page 22: Displaying And Maintaining Wlan Service

    To do… Use the command… Remarks Optional. Enable access permission for By default, an 802.11gn radio client dot11n-only 802.1 1n clients only. permits both 802.11b/g and 802.11gn clients to access. Optional. Enable the short GI function. short-gi enable Enabled by default. Optional.
  • Page 23: Configuring Wlan Client Isolation

    To do… Use the command… Remarks reset wlan statistics client { all | Clear client statistics. Available in user view mac-address mac-address } Configuring WLAN client isolation User isolation enables a fat AP to isolate Layer-2 packets (unicast/broadcast) exchanged between wireless clients associated with it, disabling them from direct communication.
  • Page 24: Wlan Service Configuration Examples

    To do… Use the command… Remarks Enter system view. system-view — Required. If the specified user profile does not Enter user profile view. user-profile profile-name exist, this command creates it and enters its view. Required. Specify a permitted No permitted SSID is specified by wlan permit-ssid ssid-name SSID.
  • Page 25: 802.11N Configuration Example

    [AP] interface wlan-radio 2/0 [AP-WLAN-Radio2/0] radio-type dot11g [AP-WLAN-Radio2/0] channel 1 [AP-WLAN-Radio2/0] service-template 1 interface wlan-bss 1 Verify the configuration The clients can associate with the APs and access the WLAN.  You can use the display wlan client and display connection commands to view the online clients. ...
  • Page 26 [AP-WLAN-Radio2/0] radio-type dot11gn [AP-WLAN-Radio2/0] channel 6 [AP-WLAN-Radio2/0] channel band-width 20 [AP-WLAN-Radio2/0] service-template 1 interface WLAN-BSS 1 Verify the configuration The clients can associate with the APs and access the WLAN.  You can use the display wlan verbose command to view the online clients. The 802.1 1n client ...
  • Page 27: Wlan Rrm Configuration

    The terms AP and fat AP in this document refer to A-MSR900 and A-MSR20- 1 X routers with IEEE 802.1 1b/g and A-MSR series routers installed with a SIC WLAN module. Radio signals are susceptible to surrounding interference. The causes of radio signal attenuation in different directions are very complex.
  • Page 28: Configuring 802.11N Rates

    To do… Use the command… Remarks Optional. By default, mandatory rates are dot11g { disabled-rate | 1, 2, 5.5, and 11; supported Configure rates for 802.1 1g. mandatory-rate | supported-rate } rates are 6, 9, 12, 18, 24, 36, rate-value 48, and 54;...
  • Page 29 Table 2 MCS data rate table (40 MHz) Data rate (Mbps) Number of spatial MCS index Modulation streams 800ns GI 400ns GI BPSK 13.5 15.0 QPSK 27.0 30.0 QPSK 40.5 45.0 16-QAM 54.0 60.0 16-QAM 81.0 90.0 64-QAM 108.0 120.0 64-QAM 121.5 135.0...
  • Page 30: Configuring Non-Dot11H Channel Scanning

    To do… Use the command… Remarks Optional. Specify the maximum MCS By default, the maximum MCS index for 802.1 1n supported dot11n support maximum-mcs index index for 802.11n supported rates. rates is 76. If you configure the client dot1 1n-only command for a radio, you must configure the maximum MCS index for 802.1 1n mandatory rates.
  • Page 31: Displaying And Maintaining Wlan Rrm

    To do… Use the command… Remarks Enter WLAN RRM view. wlan rrm — Optional Enable 802.1 1g protection. dot11g protection enable Disabled by default NOTE: Enabling 802.11g protection reduces network performance. Displaying and maintaining WLAN RRM To do… Use the command… Remarks display wlan rrm [ | { begin | Display WLAN RRM configuration...
  • Page 32: Wlan Security Configuration

    The terms AP and fat AP in this document refer to A-MSR900 and A-MSR20- 1 X routers with IEEE 802.1 1b/g and A-MSR series routers installed with a SIC WLAN module. The wireless security capabilities incorporated in 802.1 1 are inadequate for protecting networks containing sensitive information.
  • Page 33: Wlan Data Security

    Figure 12 Shared key authentication process Client Authentication Request Authentication Response(Challenge) Authentication(Encrypted Challenge) Authentication Response(Success) WLAN data security Compared with wired networks, WLAN networks are more susceptible to attacks because all WLAN devices share the same medium. Thus, every device can receive data from any other sending device. If no security service is provided, plain-text data is transmitted over the WLAN.
  • Page 34: Client Access Authentication

    enhance the security of the CCMP encryption mechanism. During the encryption process, CCMP uses a 48-bit PN to ensure that each encrypted packet uses a different PN. This improves security to a certain extent. Client access authentication PSK authentication To implement PSK authentication, the client and the authenticator must have the same shared key configured. Otherwise, the client cannot pass PSK authentication.
  • Page 35: Configuring Wlan Security

    Configuring WLAN security Configuration task list To configure WLAN security in a service template, map the service template to a radio policy, and add radios to the radio policy. The SSID name, advertisement setting (beaconing), and encryption settings are configured in the service template. You can configure an SSID to support any combination of WPA, RSN, and Pre-RSN clients Complete these tasks to configure WLAN security configuration tasks.
  • Page 36: Configuring The Gtk Rekey Method

    To do… Use the command… Remarks Enter system view system-view — Enter WLAN service wlan service-template — template view. service-template-number crypto Optional. Configure the PTK lifetime. ptk-lifetime time By default, the PTK lifetime is 43,200 seconds. Configuring the GTK rekey method A fat AP generates a GTK and sends the GTK to a client during the authentication process between an AP and the client through group key handshake or the 4-way handshake.
  • Page 37: Configuring Security Ie

    To do… Use the command… Remarks Enter WLAN service wlan service-template — template view. service-template-number crypto Required. Enable GTK rekey. gtk-rekey enable By default, GTK rekey is enabled. Required. Configure GTK rekey based gtk-rekey method packet-based The default packet number is on packet.
  • Page 38: Configuring Cipher Suite

    To do… Use the command… Remarks Enable the RSN IE in the Required. beacon and probe security-ie rsn By default, RSN IE is disabled. responses. Configuring cipher suite A cipher suite is used for data encapsulation and de-encapsulation. It uses the following encryption methods: ...
  • Page 39: Configuring Port Security

    To do… Use the command… Remarks Required. Enable the TKIP cipher suite. cipher-suite tkip By default, no cipher suite is enabled. Optional. Configure the TKIP The default countermeasure tkip-cm-time time countermeasure interval. interval is 0 seconds. No countermeasures are taken. MIC is used to prevent attackers from data modification.
  • Page 40 To do… Use the command… Remarks Enter WLAN-BSS interface interface wlan-bss Required. view. interface-number Required. Enable 802.1 1 key port-security tx-key-type 11key negotiation. Not enabled by default. port-security preshared-key Required. Configure the pre-shared key. { pass-phrase | raw-key } [ cipher Not configured by default.
  • Page 41: Displaying And Maintaining Wlan Security

    To do… Use the command… Remarks Required. Enable 802.1 1 key port-security tx-key-type 11key negotiation. Not enabled by default. Enable the PSK and MAC port port-security port-mode mac-and-psk Required. security mode. Required. port-security preshared-key { pass-phrase | The key is a string of 8 to Configure the pre-shared key.
  • Page 42: Mac And Psk Authentication Configuration Example

    Figure 13 Network diagram for PSK authentication configuration Switch Client Configuration procedure Configure the fat AP. # Enable port security. <Sysname> system-view [Sysname] port-security enable # Configure WLAN port security, configure the authentication mode as PSK, and the pre-shared key as 12345678.
  • Page 43 Figure 14 MAC and PSK authentication RADIUS server 10.18.1.88/24 IP network FAT AP L2 switch Client 10.18.1.1/24 Configuration procedure Configure the fat AP. # Enable port security. <Sysname> system-view [Sysname] port-security enable # Configure WLAN port security, configure the authentication mode as mac-and-psk, and the pre-shared key as 12345678.
  • Page 44 # Configure AAA domain imc by referencing RADIUS scheme rad. [Sysname] domain imc [Sysname-isp-imc] authentication lan-access radius-scheme rad [Sysname-isp-imc] authorization lan-access radius-scheme rad [Sysname-isp-imc] accounting lan-access radius-scheme rad [Sysname-isp-imc] quit # Configure the MAC authentication domain. [Sysname] mac-authentication domain imc # Configure MAC authentication user name format, using MAC addresses without hyphen as username and password (consistent with the format on the server).
  • Page 45: 802.1X Authentication Configuration Example

    Figure 16 Add service # Add an account. Select the User tab, and then select User > All Access Users from the navigation tree to enter the user page. Then, click Add on the page to enter the page as shown in Figure ...
  • Page 46 Figure 18 802.1x authentication configuration RADIUS server 10.18.1.88/24 IP network FAT AP L2 switch Client 10.18.1.1/24 Configuration procedure Configure the fat AP. # Enable port security and configure the 802.1X authentication mode as EAP. <Sysname> system-view [Sysname] port-security enable [Sysname] dot1x authentication-method eap # Configure a RADIUS scheme name rad and configure the IP addresses of the primary authentication server and accounting server as 10.18.1.88.
  • Page 47 [Sysname] wlan service-template 1 crypto [Sysname-wlan-st-1] ssid dot1x # Enable the RSN IE in the beacon and probe responses, and use the CCMP cipher suite. [Sysname-wlan-st-1] authentication-method open-system [Sysname-wlan-st-1] cipher-suite ccmp [Sysname-wlan-st-1] security-ie rsn [Sysname-wlan-st-1] service-template enable [Sysname-wlan-st-1] quit # On interface WLAN-radio 2/0, bind service template 1 to interface WLAN-BSS 1. [Sysname] interface wlan-radio2/0 [Sysname-WLAN-Radio2/0] radio-type dot11g [Sysname-WLAN-Radio2/0] service-template 1 interface wlan-bss 1...
  • Page 48 Figure 19 Configure the wireless card (I)
  • Page 49 Figure 20 Configure the wireless card (II)
  • Page 50: Supported Combinations For Ciphers

    Figure 21 Configure the wireless card (III) Verify the configuration. The client can pass 802.1x authentication and access the WLAN. You can use the display wlan client command, display connection command, and display dot1x command to view the online clients. Supported combinations for ciphers This section introduces the combinations that can be used during the cipher suite configuration.
  • Page 51 Unicast cipher Broadcast cipher Authentication method Security Type CCMP CCMP TKIP WEP40 TKIP WEP104 TKIP WEP128 TKIP TKIP CCMP WEP40 802.1x CCMP WEP104 802.1x CCMP WEP128 802.1x CCMP TKIP 802.1x CCMP CCMP 802.1x TKIP WEP40 802.1x TKIP WEP104 802.1x TKIP WEP128 802.1x TKIP...
  • Page 52 Unicast cipher Broadcast cipher Authentication method Security Type TKIP WEP128 802.1x TKIP TKIP 802.1x Pre-RSN For Pre-RSN stations, the WLAN-WSEC module supports only WEP cipher suites. (WEP40, WEP104 and WEP128 are mutually exclusive). Unicast cipher Broadcast cipher Authentication method Security Type WEP40 WEP40 Open system...
  • Page 53: Wlan Ids Configuration

    The terms AP and fat AP in this document refer to A-MSR900 and A-MSR20- 1 X routers with IEEE 802.1 1b/g and A-MSR series routers installed with a SIC WLAN module. 802.1 1 networks are susceptible to a wide array of threats such as unauthorized access points and clients, ad hoc networks, and DoS attacks.
  • Page 54: Wlan Ids Configuration Task List

    A flood attack refers to the case where WLAN devices receive large volumes of frames of the same kind within a short span of time. When this occurs, the WLAN devices are overwhelmed and, consequently, are unable to service normal clients. WIDS attacks detection counters flood attacks by constantly keeping track of the density of traffic generated by each device.
  • Page 55: Displaying And Maintaining Ids Attack Detection

    To do… Use the command… Remarks Enter system view. system-view — Enter IDS view. wlan ids — Required attack-detection enable { all | flood Enable IDS attack detection. | weak-iv | spoof } Disabled by default Displaying and maintaining IDS attack detection To do…...
  • Page 56: Wlan Ids Frame Filtering Configuration

    The terms AP and fat AP in this document refer to A-MSR900 and A-MSR20- 1 X routers with IEEE 802.1 1b/g and A-MSR series routers installed with a SIC WLAN module. Frame filtering is a feature of 802.1 1 MAC and a sub-feature of WLAN IDS.
  • Page 57: Configuring Wlan Ids Frame Filtering

    Figure 22 Frame filtering IP network L2 Switch FAT AP Client 1 Client 4 Client 2 Client 3 If client 1 is present in the backlist, it cannot associate with the fat AP. If it is only in the white list, it can be associated with the fat AP.
  • Page 58: Displaying And Maintaining Wlan Ids Frame Filtering

    To do… Use the command… Remarks Optional. Configure the lifetime for dynamic-blacklist lifetime lifetime By default, the lifetime is 300 dynamic blacklist entries. seconds. Displaying and maintaining WLAN IDS frame filtering To do… Use the command… Remarks display wlan blacklist { static | dynamic } [ | Display blacklist entries.
  • Page 59: Wlan Qos Configuration

    The terms AP and fat AP in this document refer to A-MSR900 and A-MSR20- 1 X routers with IEEE 802.1 1b/g and A-MSR series routers installed with a SIC WLAN module. An 802.1 1 network offers contention-based wireless access. To provide applications with QoS services, IEEE developed 802.1 1e for the 802.1 1-based WLAN architecture.
  • Page 60 EDCA parameters WMM assigns data packets in a BSS to four AC queues. By allowing a high-priority AC queue to have more channel contention opportunities than a low-priority AC queue, WMM offers different service levels to different AC queues. WMM define a set of EDCA parameters for each AC queue, covering the following: ...
  • Page 61: Protocols And Standards

    U-APSD power-save mechanism U-APSD improves the 802.1 1 APSD power saving mechanism. When associating clients with AC queues, you can specify some AC queues as trigger-enabled, some AC queues as delivery-enabled, and the maximum number of data packets that can be delivered after receiving a trigger packet. Both the trigger attribute and the delivery attribute can be modified when flows are established using CAC.
  • Page 62 AC-VO queue. However, enabling CAC for the AC-VO queue does not enable CAC for the AC-VI queue. HP recommends you use the default EDCA parameter settings for APs and clients (except the TXOPLimit parameter for devices using 802.1 1b radio cards) unless it is necessary to modify the default settings.
  • Page 63: Displaying And Maintaining Wmm

    Table 3 The default EDCA parameters for clients AC queue AIFSN ECWmin ECWmax TXOP Limit AC-BK queue AC-BE queue AC-VI queue AC-VO queue Table 4 The default EDCA parameters for APs AC queue AIFSN ECWmin ECWmax TXOP Limit AC-BK queue AC-BE queue AC-VI queue AC-VO queue...
  • Page 64: Cac Service Configuration Example

    Figure 25 Network diagram for WMM basic configuration IP network FAT AP L2 switch Client Configuration procedure # Configure interface WLAN-BSS 1 to use the 802.1 1e priority of the received packets for priority mapping. <Sysname> system-view [Sysname] interface wlan-bss 1 [Sysname-WLAN-BSS1] qos trust dot11e [Sysname-WLAN-BSS1] quit # Configure interface Ethernet 1/0 to use the 802.1p priority of received packets for priority mapping.
  • Page 65 Figure 26 Network diagram for CAC service configuration L2 Switch IP network FAT AP Client Configuration procedure # Configure interface WLAN-BSS 1 to use the 802.1 1e priority of received packets for priority mapping. <Sysname> system-view [Sysname] interface wlan-bss 1 [Sysname-WLAN-BSS1] qos trust dot11e [Sysname-WLAN-BSS1] quit # Configure interface Ethernet 1/0 to use the 802.1p priority of received packets for priority mapping.
  • Page 66: Svp Service Configuration Example

    requesting for high-priority AC queues on the AP is smaller than or equal to the maximum number of high-priority AC clients (10 in this example), the request is accepted. Otherwise, the request is denied. SVP service configuration example Network requirements As shown in Figure 27, the fat AP is connected to the Ethernet and has WMM enabled.
  • Page 67: Troubleshooting

    [Sysname-WLAN-Radio2/0] wmm edca radio ac-vo ecw ecwmin 0 ecwmax 0 [Sysname-WLAN-Radio2/0] quit If a non-WMM client goes online and sends SVP packets to the AP, the SVP packets are assigned to the AC-VO queue. Troubleshooting EDCA parameter configuration failure Symptom Configuring EDCA parameters for an AP failed.
  • Page 68: Support And Other Resources

    After registering, you will receive email notification of product enhancements, new driver versions, firmware updates, and other product resources. Related information Documents To find related documents, browse to the Manuals page of the HP Business Support Center website: http://www.hp.com/support/manuals For related documentation, navigate to the Networking section, and select a networking category. ...
  • Page 69: Conventions

    Conventions This section describes the conventions used in this documentation set. Command conventions Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown. Italic Italic text represents arguments that you replace with actual values. Square brackets enclose syntax choices (keywords or arguments) that are optional. Braces enclose a set of required syntax choices separated by vertical bars, from which { x | y | ...
  • Page 70 Network topology icons Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features.
  • Page 71: Index

    RSN security IE, 33 configuring WLAN security, 31 scanning, 10 configuring WLAN service, 14 security IE, 33 contacting HP, 64 shared key authentication, 28 country code, 14 single BSS, 12 data transmit rates, 23 single ESS Multi-BSS (the multi-radio case), 13...
  • Page 72 white list, 52 WLAN QoS examples WIDS attack detection, 49 CAC service configuration example, 60 wireless client access, 9 network requirements, 59, 60, 62 wireless medium, 9 SVP service example, 62 WLAN client isolation, 19 WMM basic configuration, 59 WLAN data security, 29 WMM configuration examples, 59 WLAN IDS WLAN QoS protocols and standards, 57...
  • Page 73 WLAN data security, 29 single ESS Multi-BSS (the multi-radio case), 13 WPA, 47 specifying a permitted SSID in a user profile, 19 WPA security IE, 33 SSID, 9 WLAN security configuration, 28 SSID-based access control, 19 WLAN security examples, 37 task list, 14 802.1X authentication example, 41 topologies, 12...

Table of Contents