Page of 562
Download Print This PagePrint Bookmark Comment
   
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492 493 494 495 496 497 498 499 500 501 502 503 504 505 506 507 508 509 510 511 512 513 514 515 516 517 518 519 520 521 522 523 524 525 526 527 528 529 530 531 532 533 534 535 536 537 538 539 540 541 542 543 544 545 546 547 548 549 550 551 552 553 554 555 556 557 558 559 560 561 562
ProCurve Wireless Access Point 530
www.procurve.com
Management and
Configuration Guide

Advertising

   Related Manuals for HP 530

   Summary of Contents for HP 530

  • Page 1

    Management and Configuration Guide ProCurve Wireless Access Point 530 www.procurve.com...

  • Page 3

    ProCurve Wireless Access Point 530 Management and Configuration Guide...

  • Page 4

    Packard. performance, or use of this material. The only warranties for HP products and services are set Publication Number forth in the express warranty statements accompanying such products and services. Nothing herein should be 5991-2193 construed as constituting an additional warranty.

  • Page 5: Table Of Contents, Getting Started, Using The Command Line Interface (cli)

    Advantages of Using the CLI ........2-5 Advantages of Using the ProCurve Access Point 530 Browser Interface . 2-6 3 Using the Command Line Interface (CLI) Contents .

  • Page 6: Table Of Contents, Using The Procurve Web Browser Interface

    Password Security ......... . . 3-6 Logging In .

  • Page 7: Table Of Contents, General System Configuration

    Changing the Management Password ......4-24 If You Lose the Password ....... . 4-26 Rebooting or Resetting the Access Point .

  • Page 8: Table Of Contents, Wireless Interface Configuration

    CLI: Enabling & Disabling SNMPv3 ......5-39 Web: Managing SNMPv3 Users ....... 5-40 CLI: Managing SNMPv3 Users .

  • Page 9: Table Of Contents, Wireless Security Configuration

    CLI: Setting the Radio Working Mode ......6-11 Configuring the Radio Channel and Other Basic Settings ..6-12 Web: Configuring Basic Radio Settings .

  • Page 10: Table Of Contents

    Encryption ..........7-8 Wired Equivalent Privacy (WEP) .

  • Page 11: Table Of Contents, Special Features

    The Web-Auth Process ........7-57 Associating with the AP-530 ......7-57 URL Intercept .

  • Page 12: Table Of Contents, Command Line Reference

    CLI: Configuring QoS Parameters ......8-8 sFlow ............8-12 Flow Sampling by the sFlow Agent .

  • Page 13: Table Of Contents

    show ........... . . 9-14 terminal .

  • Page 14: Table Of Contents

    snmpv3 enable ..........9-46 snmpv3 user-name .

  • Page 15: Table Of Contents

    MAC Lockout ..........9-75 lockout-mac .

  • Page 16: Table Of Contents

    ssid ........... . . 9-103 description .

  • Page 17: Table Of Contents

    wpa-allowed | wpa2-allowed ....... . 9-132 wpa-pre-shared-key ........9-133 wpa-cipher-tkip .

  • Page 18: Table Of Contents

    enable (wds) ..........9-160 wds-ssid .

  • Page 19: Table Of Contents

    Overview ........... . . B-3 System Management .

  • Page 20: Table Of Contents

    Airport Case 2 – With RF Group Name ......C-5 Settings ..........C-5 Decisions: AP #1 .

  • Page 21

    Getting Started...

  • Page 22: Table Of Contents

    Getting Started Contents Overview ............1-3 Conventions .

  • Page 23: Overview, Conventions, Command Syntax Statements

    This guide describes how to use the command line interface (CLI) and Web browser interface to configure, manage, and monitor access point operation. The ProCurve Wireless Access Point 530 is referenced as the Access Point 530 or AP 530 throughout the remainder of this document.

  • Page 24: Command Prompts, Screen Examples

    ProCurve Access Point 530# Commands typed by the user are shown in boldface. In some cases, brief command-output sequences appear outside a numbered figure. For example: ProCurve Access Point 530(ethernet)# ip address 192.168.1.2 255.255.255.0 192.168.1.253 ProCurve Access Point 530(ethernet)# dns primary-server...

  • Page 25: Related Publications

    Getting Started Related Publications Related Publications Installation and Getting Started Guide. Use the Installation and Getting Started Guide shipped with your access point to prepare for and perform the physical installation. That guide also steps you through the process of connecting the access point to your network and assigning IP addressing, as well as describes the LED indications for correct operation and trouble analysis.

  • Page 26: Getting Documentation From The Web, Sources For More Information

    Getting Started Getting Documentation From the Web Getting Documentation From the Web N o t e : You will need the Adobe® Acrobat® Reader to view, print, and/or copy the product documentation. 1. Go to the ProCurve Networking Web site at www.procurve.com.

  • Page 27: Need Just A Quick Start?, Ip Addressing, Need Just A Quick Start

    If you just want to give the access point an IP address so that it can commu- nicate on your network, HP recommends that you use the CLI to quickly configure IP addressing. To do so, do one of the following: Log in to the CLI interface using the default username and password (“admin and admin”).

  • Page 28: To Set Up And Install The Access Point In Your Network

    Getting Started Need Just a Quick Start? To Set Up and Install the Access Point in Your Network I m p o r t a n t ! Use the Installation and Getting Started Guide shipped with your access point for the following: ■...

  • Page 29

    Selecting a Management Interface...

  • Page 30: Contents

    Advantages of Using the CLI ........2-5 Advantages of Using the ProCurve Access Point 530 Browser Interface . 2-6...

  • Page 31

    Selecting a Management Interface Overview Overview This chapter describes the following: Access Point management interfaces ■ ■ Advantages of using each interface type...

  • Page 32: Understanding Management Interfaces

    Selecting a Management Interface Understanding Management Interfaces Understanding Management Interfaces The Access Point 530 management interfaces enable you to reconfigure the access point and to monitor its status and performance. Interface types include: ■ CLI—a command line interface offering the full set of access point commands through the VT-100/ANSI console built into the access point.

  • Page 33: Advantages Of Using The Cli

    Selecting a Management Interface Advantages of Using the CLI Advantages of Using the CLI Manager Exec Level ProCurve Access Point 530# Global Configuration Level ProCurve Access Point 530(config)# Interface Configuration Levels ProCurve Access Point 530(<interface>)# Context-specific configurations, such as (ethernet, wds1, radio1, radio1-wlan1).

  • Page 34: Advantages Of Using The Procurve Access Point 530 Browser Interface

    Advantages of Using the ProCurve Access Point 530 Browser Interface Advantages of Using the ProCurve Access Point 530 Browser Interface Figure 2-2. Example of the ProCurve Access Point 530 Browser Interface ■ Easy access to the access point from anywhere on the network.

  • Page 35

    Using the Command Line Interface (CLI)

  • Page 36

    Using the Command Line Interface (CLI) Contents Contents Contents ............3-2 Overview .

  • Page 37

    Using the Command Line Interface (CLI) Overview Overview The Command Line Interface (CLI) is a text-based command interface for configuring and monitoring the access point. The CLI gives you access to the access point’s full set of commands while providing the same password protection that is used in the Web browser interface.

  • Page 38: Accessing The Cli, Direct Console Access

    Direct Console Access To connect a console directly to the access point, use a null-modem cable or an HP serial cable, part number 5184-1894 (shipped with many HP ProCurve switches) Connect the serial cable between a VT-100 terminal or a PC terminal emulator and the access point’s Console port.

  • Page 39: Telnet Access, Secure Shell Access

    Using the Command Line Interface (CLI) Accessing the CLI When correctly connected to the access point, press to initiate the [Enter] console session. For more information on connecting to the access point’s Console port, refer to the Installation and Getting Started Guide. N o t e The default Static IP address is 192.168.1.10.

  • Page 40: Using The Cli, Password Security

    CLI command modes. C a u t i o n HP strongly recommends that you configure a Manager password. If a Manager password is not configured, the access point is not password- protected, and anyone having in-band or out-of-band access to the access point may be able to compromise access point and network security.

  • Page 41: Logging In

    After entry of the user name, you will be prompted for the password. The default password is admin. For example: ProCurve AP-530: admin Password Prompt Password: Figure 3-1. Example of CLI Log-On Screen with Password When you successfully log onto the CLI, you will see the following command prompt: ProCurve Access Point 530#...

  • Page 42: Command Levels, Manager Exec Level, Global Configuration Level

    The prompt for the Manager Exec level contains only the system name and the "#" delimiter. For example: ProCurve Acess Point 530 # Global Configuration Level Global Configuration level gives access to commands for configuring the access point’s software features, plus all the commands available at the lower...

  • Page 43: Context-specific Configuration Levels

    ■ Ethernet Configuration: To enter the Ethernet configuration context, enter the interface ethernet command at the Exec prompt. For example: ProCurve Acess Point 530(config)# interface ethernet ProCurve Acess Point 530(ethernet)# ■ WDS Configuration: To enter the WDS configuration context for WDS...

  • Page 44: Moving Between Command Levels, When Changes Are Applied

    Example of Prompt, Command, and Result Manager Exec level ProCurve Acess Point 530# config ProCurve Acess Point 530(config)# Global configuration level Global Configuration level ProCurve Acess Point 530(config)# interface ethernet to a ProCurve Acess Point 530(ethernet)# Context Configuration level Move from any level to the...

  • Page 45: Options For Getting Help In The Cli, Displaying All Available Commands

    Global Configuration level, you can display Global Configuration commands plus all the commands available at the lower Manager Exec level. For example, typing "?" at the Manager Exec level produces this listing: ProCurve Access Point 530# ? configure Enter the Configuration context.

  • Page 46

    Using the Command Line Interface (CLI) Using the CLI Typing ? at the Global Configuration level produces this listing: ProCurve Access Point 530(config)# ? ap-authentication Configure username/password this access point uses to au thenticate to the network. buttons Enable/disable the ability to clear the password(s) and/ or configuration(s) via the buttons on this device.

  • Page 47: Completing The Current Command

    For example, at the Global Configuration level, if you press immediately [Tab] after typing "s", the CLI displays the command that begins with "s". For example: ProCurve Acess Point 530(config)# s[Tab] show snmp-server snmpv3 sntp Use Shorthand Entries. The CLI accepts abbreviated commands and options as long as they contain enough characters to be distinguished from any other currently available commands or options.

  • Page 48: Displaying Available Command Options

    You can display a reminder of the options available for the current command by entering "?" or the [Tab] key in place of the next option. For example, to see the command options for configuring SNMP: ProCurve Access Point 530(config)# snmp-server ? community Add/remove an SNMP community.

  • Page 49: Cli Control And Editing

    Using the Command Line Interface (CLI) CLI Control and Editing CLI Control and Editing Keystrokes Function [Ctrl] [A] Jumps to the first character of the command line. or [<] Moves the cursor back (to the left) one character. [Ctrl] [B] Terminates a task if one is running and displays the command line.

  • Page 50

    Using the Command Line Interface (CLI) CLI Control and Editing — This page is intentionally unused. — 3-16...

  • Page 51

    Using the ProCurve Web Browser Interface...

  • Page 52

    Using the ProCurve Web Browser Interface Contents Contents Overview ............4-3 Starting a Web Browser Interface Session with the Access Point .

  • Page 53

    Using the ProCurve Web Browser Interface Overview Overview The Access Point 530 Web browser interface lets you easily access the access point from a browser-based PC on your network. This chapter covers the following: Starting a Web browser interface session ■...

  • Page 54: Starting A Web Browser Interface Session With The Access Point

    Using the ProCurve Web Browser Interface Starting a Web Browser Interface Session with the Access Point Starting a Web Browser Interface Session with the Access Point You can start a Web browser session using a standalone Web browser on a network connection from a PC in the following ways: •...

  • Page 55

    Using the ProCurve Web Browser Interface Starting a Web Browser Interface Session with the Access Point N o t e Access point management can be limited to access from the Ethernet inter- face. For more on this feature, see “Setting Up Filter Control” on page 5-55 Type the IP address (or DNS name) of the access point in the browser Location .

  • Page 56: Description Of The Web Interface, The Home Page

    Using the ProCurve Web Browser Interface Description of the Web Interface Description of the Web Interface Subjects covered in this section include: The Home Page ■ ■ The Support Page ■ Online Help The Home Page The home page is the entry point for the Web browser interface. The following figure identifies the various parts of the screen.

  • Page 57: Support Page, Online Help For The Procurve Web Browser Interface

    Using the ProCurve Web Browser Interface Description of the Web Interface Support Page The support page for the access point’s Web browser interface is accessed through the Support option in the upper-right corner of any of the Web browser interface screens. You can also access support using the Technical Support option through the left-menu bar: http://www.procurve.com The support page provides key information regarding your access point,...

  • Page 58: Using The Help In The Browser Interface

    Using the ProCurve Web Browser Interface Description of the Web Interface Using the Help in the Browser Interface Clicking on the Help option in the upper-right corner of any of the Web browser interface screens displays a pop-up window displaying details about the page you are viewing.

  • Page 59: Web Interface Screens

    Using the ProCurve Web Browser Interface Web Interface Screens Web Interface Screens The four menu sashes at the left side of the Web interface contain the four main screen groups: Device Information ■ ■ Network Setup Management ■ Special Features. ■...

  • Page 60: Device Information Group

    Device Information Group The Device Information sash is the first logical group available on the Web- interface menu. This sash provides access to the following screens: • Device Information (Access Point 530 Home Page) • Wireless Stations • AP/LAN Statistics •...

  • Page 61: Device Information Summary

    Using the ProCurve Web Browser Interface Web Interface Screens Device Information Summary The Device Information summary screen is primarily informational, but also serves as the configuration screen for basic system information (as described in “Web: Setting the System Name, Location, and Contact” on page 5-15). Figure 4-6.

  • Page 62: Wireless Stations Screen

    Using the ProCurve Web Browser Interface Web Interface Screens Wireless Stations Screen Accessed through the Wireless Stations option on the Device Information sash, the Wireless Stations screen displays radio and network station status details. Figure 4-7. The Wireless Stations Screen The Wireless Stations screen displays client stations associated with a partic- ular access point.

  • Page 63

    Using the ProCurve Web Browser Interface Web Interface Screens when the access point is using "wpa-psk" security on the WLAN. If the WLAN is set to “static-wep” or “no-security”, this parameter displays “n/ a” as it does not apply. ■ Received Packets: Indicates total packets received by this access point.

  • Page 64: Ap/lan Statistics Screen

    Using the ProCurve Web Browser Interface Web Interface Screens AP/LAN Statistics Screen Accessed through the AP/LAN Statistics option on the Device Information sash, the AP/LAN Statistics screen displays transmit/receive details. Figure 4-8. The AP/LAN Statistics Screen The AP/LAN Statistics screen displays the following information: ■...

  • Page 65: Wireless Statistics Screen

    Using the ProCurve Web Browser Interface Web Interface Screens Wireless Statistics Screen Accessed through the Wireless Statistics option on the Device Information sash, the Wireless Statistics screen displays transmit/receive details. Figure 4-9. The Wireless Statistics Screen The Wireless Statistics screen displays dual radio information: ■...

  • Page 66

    Using the ProCurve Web Browser Interface Web Interface Screens Receive Total Packets: Indicates total packets received over the radio ■ or WDS link. ■ Transmit Total Bytes: Indicates total bytes sent over the radio or WDS link. Receive Total Bytes: Indicates total bytes received over the radio or ■...

  • Page 67: Event Log Screen

    Using the ProCurve Web Browser Interface Web Interface Screens Event Log Screen Accessed through the Wireless Statistics option on the Device Information sash, the Wireless Statistics screen displays transmit/receive details. Figure 4-10. The Event Log Screen The Event Log tab displays the following information: ■...

  • Page 68: Network Setup Group

    Using the ProCurve Web Browser Interface Web Interface Screens Network Setup Group The Network Setup sash is the second logical group available on the Web- interface menu. Once accessed, it defaults to the Network Setup screen. This group provides access to the following screens: •...

  • Page 69: Network Setup Summary

    Using the ProCurve Web Browser Interface Web Interface Screens Network Setup Summary Accessed through the Network Setup sash, the Network Setup screen displays the Ethernet and radio features within the network setup group. Figure 4-11. The Network Setup Summary Screen The Network Setup screen summarizes: Ethernet: details basic Ethernet parameters.

  • Page 70: Management Group

    Using the ProCurve Web Browser Interface Web Interface Screens Management Group The Management sash is the third logical group available on the Web interface menu. Once accessed, it defaults to the Management screen. This group provides access to the following screens: •...

  • Page 71: Management Summary

    Using the ProCurve Web Browser Interface Web Interface Screens Management Summary Accessed through the Management sash, the Management screen displays a summary of access point management settings. Figure 4-12. The Management Summary Screen The Management screen summarizes: Software Version: Displays the version of the running software. ■...

  • Page 72: Special Features Group

    Using the ProCurve Web Browser Interface Web Interface Screens Special Features Group The Special Features sash is the fourth logical group available on the Web interface menu. Once accessed, it defaults to the Special Features screen. This group provides access to the following screens: •...

  • Page 73: Special Features Summary

    Using the ProCurve Web Browser Interface Web Interface Screens Special Features Summary Accessed through the Special Features sash, the Special Features screen displays a summary of special feature statistics. Figure 4-13. The Special Features Summary Screen The Special Features screen summarizes: QoS: Indicates if Quality of Service packet prioritization (also referred to ■...

  • Page 74: Tasks For Your First Procurve Web Browser Interface Session, Changing The Management Password

    Using the ProCurve Web Browser Interface Tasks for Your First ProCurve Web Browser Interface Session Tasks for Your First ProCurve Web Browser Interface Session The ProCurve AP530 Installation and Getting Started Guide includes instructions for a minimal initial configuration using the CLI on a console attached to the access point.

  • Page 75

    Using the ProCurve Web Browser Interface Tasks for Your First ProCurve Web Browser Interface Session N o t e If you want security beyond that achieved with user names and passwords, you can disable access to the either the or the CLI and limit management access to, for example, only the Web browser interface, only the CLI via the console port, Telnet, or SSH.

  • Page 76: If You Lose The Password, Rebooting Or Resetting The Access Point, Setting Snmp Community Names

    Using the ProCurve Web Browser Interface Tasks for Your First ProCurve Web Browser Interface Session The Manager user name and password control access to both the CLI and the Web browser management interfaces for the access point. You are prompted to supply the user name and password every time you try to access the access point through either of these interfaces.

  • Page 77

    Using the ProCurve Web Browser Interface Tasks for Your First ProCurve Web Browser Interface Session Figure 4-15. Setting SNMP Community Names To Change A Default SNMP Community Name: Click Management > SNMP and select the Settings tab. To activate the SNMP feature on the access point, click SNMPv1/v2c Enabled.

  • Page 78: Setting The Radio Mode And Channel

    Using the ProCurve Web Browser Interface Tasks for Your First ProCurve Web Browser Interface Session Setting the Radio Mode and Channel The access point’s radio channel settings are limited by local regulations, which determine the number of channels that are available. You can manually set the access point’s radio channel or allow it to automatically select an unoccupied channel.

  • Page 79: Configuring Tcp/ip Settings

    Using the ProCurve Web Browser Interface Tasks for Your First ProCurve Web Browser Interface Session To Set Radio Mode and Channel:. Select Network Setup > Radio. Using the Radio drop-down, select the radio (1 or 2) you want to configure. To enable the radio, click the Status On button.

  • Page 80

    Using the ProCurve Web Browser Interface Tasks for Your First ProCurve Web Browser Interface Session To Set IP Parameters i: Select Network Setup > Ethernet. To set a dynamic connection, select DHCP in the Connection Type drop- down. To set a manual connection, select Static IP in the Connection Type drop- down.

  • Page 81: Setting Wlan Ssid And Security Settings

    Using the ProCurve Web Browser Interface Tasks for Your First ProCurve Web Browser Interface Session Setting WLAN SSID and Security Settings Wireless stations can read the SSIDs from the access point’s beacon frame. If the “closed system” option is selected when configuring the access point, the SSID is not broadcast in the beacon frame.

  • Page 82

    Using the ProCurve Web Browser Interface Tasks for Your First ProCurve Web Browser Interface Session Figure 4-18. The WLANs Screen 4-32...

  • Page 83

    Using the ProCurve Web Browser Interface Tasks for Your First ProCurve Web Browser Interface Session Figure 4-19. Configuring WLAN Security To Configure WEP Security: Select Network Setup > WLANs. Check the Radio 1 box, and the SSID name and VLAN ID fields populate with defaults.

  • Page 84

    Using the ProCurve Web Browser Interface Tasks for Your First ProCurve Web Browser Interface Session WEP is the security protocol initially specified in the IEEE 802.11 standard for wireless communications. While WEP provides a margin of security for environments with light network traffic, it is not sufficient for enterprise use where highly-sensitive data is transmitted.

  • Page 85

    General System Configuration...

  • Page 86: Table Of Contents

    General System Configuration Contents Overview ............5-4 AP Network Configuration Checklist .

  • Page 87: Table Of Contents

    General System Configuration CLI: Setting Logging Parameters ......5-45 Configuring the Time (SNTP) ........5-48 Web: Setting SNTP Parameters .

  • Page 88

    General System Configuration Overview Overview This Chapter describes how to: Secure your access point ■ Modify system management passwords ■ ■ Set management access controls ■ View and modify access point system information Configure IP, SNMP, SNTP, RADIUS Accounting, and VLAN parameters ■...

  • Page 89: Ap Network Configuration Checklist

    Network Installation & Security Configuration Summary Physical Security Using a Kensington Lock. See the ProCurve AP 530 Installation and Getting Started Guide. Using back panel covers to hide access to buttons and cable connections. See the ProCurve AP 530 Installation and Getting Started Guide.

  • Page 90: Modifying Management Passwords, Web: Setting The Management Password

    “Setting Up Filter Control” on page 5-55 C a u t i o n HP strongly recommends that you configure a new Manager password and not use the default. If a Manager password is not configured, then the access point is not password-protected, and anyone having in-band or out-of-band access to the access point may be able to compromise access point and network security.

  • Page 91

    General System Configuration Modifying Management Passwords Figure 5-1. Creating a Password To Create a Password: Click Management > AP Access and select the Password tab. In the Current Password field, enter the current password. In the New Password field, enter a new password. Note: The password is case sensitive and must be at least 1 character and at most 32 characters long.

  • Page 92: Cli: Setting The Management Password

    32 characters long. However, only the first 8 characters of the password are used; character number 9 and above are ignored at log in. ProCurve Access Point 530# configure ProCurve Access Point 530(config)# password manager 9gY2dV7G ProCurve Access Point 530(config)#...

  • Page 93: Setting Management Access Controls

    General System Configuration Setting Management Access Controls Setting Management Access Controls To provide more security for the access point, management interfaces that are not required can be disabled. This includes the Web, Telnet, and Secure Shell (SSH), as well as the serial console port and Reset button. N o t e The access point’s serial port and Reset button cannot be disabled at the same time.

  • Page 94: Web: Configuring Access Controls

    General System Configuration Setting Management Access Controls Web: Configuring Access Controls The AP Access screen configures access to management interfaces and button. The Web interface enables you to modify these parameters: CLI Access ■ Serial Interface: Enables or disables management access through the access point’s serial console port.

  • Page 95

    General System Configuration Setting Management Access Controls Figure 5-2. Configuring Access Controls To Configure Access Control Settings: Click Management > AP Access and select the Access tab. As required, enable or disable the serial, Telnet, or SSH interfaces. N o t e If using SSH for secure access to the CLI over a network connection, you may want to disable the Telnet server.

  • Page 96: Cli: Configuring Management Controls

    N o t e Enter management commands, one per line. ProCurve Access Point 530# configure ProCurve Access Point 530(config)# no console ProCurve Access Point 530(config)# show console ------------------------------------------------------------ CLI Access: Serial Interface...

  • Page 97

    The following example demonstrates the no ssh command to disable the serial SSH port, and the show ssh command to display the current status. ProCurve Access Point 530# configure ProCurve Access Point 530(config)# no ssh ProCurve Access Point 530(config)# show ssh SSH Status...

  • Page 98

    General System Configuration Setting Management Access Controls To display the current status for management access controls, use the show system command. ProCurve Access Point 530# show system Serial Number TW633VV01D System Name HP-AP-200 System Up Time 23 hours 17 mins 11 secs...

  • Page 99: Modifying System Information, Web: Setting The System Name, Location, And Contact

    System Name: An alias for the access point only, enabling the device to be uniquely identified on the network. Setting must be at least 1 character and a maximum of 63 characters long . (The default is ProCurve AP-530.) Location: The access point’s assigned location. (The default is not set.) ■...

  • Page 100

    General System Configuration Modifying System Information Figure 5-3. Configuring System Information To Configure System Information: Select Device Information in the navigation bar. Type a name to uniquely identify the access point in the System Name field. Type a location to identify where the access point it located in the Location field.

  • Page 101: Cli: Setting The System Name

    N o t e Enter management commands, one per line. ProCurve Access Point 530# configure ProCurve Access Point 530(config)# hostname ProCurve-AP530 ProCurve Access Point 530(config)# To display the configured system name, use the show system-information command.

  • Page 102

    General System Configuration Modifying System Information ProCurve Access Point 530# show system-information Serial Number TW633VV01D System Name HP-AP-200 System Up Time 23 hours 18 mins 37 secs System Location 2FS17 System Country Code Software Version WA.02.00.0412 Ethernet MAC Address 00:14:C2:A5:6A:B3 IP Address 192.168.15.200...

  • Page 103: Configuring Ethernet Settings, Web: Configuring Ip Settings Statically Or Via Dhcp

    General System Configuration Configuring Ethernet Settings Configuring Ethernet Settings Configuring the access point with an IP address expands your ability to manage the access point and use its features. A number of access point features depend on IP addressing to operate. N o t e You can use the Web browser interface to access IP addressing only if the access point already has an IP address that is reachable through your network.

  • Page 104

    General System Configuration Configuring Ethernet Settings Note: After changing the speed/duplex setting, the access point reboots. ■ Connection Type: Allows selection of a static or DHCP setting. • DHCP: DHCP is the default. The IP address, subnet mask, default gateway, and Domain Name Server (DNS) addresses are dynamically assigned to the access point’s DHCP client by the network DHCP server.

  • Page 105

    General System Configuration Configuring Ethernet Settings Figure 5-4. Configuring IP Settings To Enable the DHCP Client i: Select Network Setup > Ethernet. To configure the VLAN (untagged), enter a value in the VLAN field. To set the mode and speed of data transmission, select Speed/Duplex in the drop-down.

  • Page 106

    General System Configuration Configuring Ethernet Settings If a management station exists on another network segment, enter the IP address of a gateway that can route traffic between these segments. This is a required field. To set dynamic DNS nameservers, click the Dynamic button. To set the nameservers manually, click Manual.

  • Page 107: Cli: Configuring Ip Settings Statically Or Via Dhcp

    Enter ethernet commands, one per line. ProCurve Access Point 530# configure ProCurve Access Point 530(config)# interface ethernet ProCurve Access Point 530(ethernet)# ip address dhcp ProCurve Access Point 530(ethernet)# N o t e To ensure the access point doesn’t overwrite the static IP address, you must first disable the DHCP client with the ‘no ip address dhcp’...

  • Page 108

    General System Configuration Configuring Ethernet Settings ProCurve Access Point 530# configure ProCurve Access Point 530(config)# interface ethernet ProCurve Access Point 530(ethernet)# no ip address dhcp ProCurve Access Point 530(ethernet)# ip address 192.168.1.105 255.255.255.2 ProCurve Access Point 530(ethernet)# ip default-gateway 192.168.1.1 ProCurve Access Point 530(ethernet)# exit ProCurve Access Point 530(config)# dns primary 204.127.202.0...

  • Page 109: Configuring Snmp

    General System Configuration Configuring SNMP Configuring SNMP You can use a network management application such as the ProCurve Manager to manage the access point via the Simple Network Management Protocol (SNMP) from a network management station. Simple Network Management Protocol (SNMP) is an industry standard protocol for managing network devices, such as hubs, bridges, and switches.

  • Page 110: Mib Support, Web: Setting Basic Snmp Parameters

    General System Configuration Configuring SNMP MIB Support The Access Point 530 supports the following Management Information Bases (MIBs): Read-Only Support Read-Write Support IEEE802dot11-MIB HP-PROCURVE-WLAN-SMI HP-PROCURVE-WLAN-TC RFC1155-SMI HP-PROCURVE-WLAN-SYSTEM- MIB II (RFC 1213) RFC-1215 HP-PROCURVE-WLAN-AP-MIB SNMPv2-SMI (RFC2578) HP-PROCURVE-NOTIFY-MIB SNMPv2-TC (RFC2579) SNMPv2-CONF (RFC2580)

  • Page 111

    General System Configuration Configuring SNMP The Web interface enables you to modify these parameters: ■ SNMPv1/v2c: Enables or disables SNMP version 1 and version 2c management access, and also enables the access point to send SNMP traps (notifications). (The default is Enabled.) Community Name (RO): Defines the SNMP community access string ■...

  • Page 112: Cli: Setting Basic Snmp Parameters

    General System Configuration Configuring SNMP To Enable SNMP and Set Parameters: Click Management > SNMP and select the Settings tab. To activate SNMPv1/v2 features on the access point, click the SNMPv1/ v2 Enabled button. To establish a public read-only SNMP community, enter a name text string to replace the default community name (public) in the Community Name (RO) field.

  • Page 113

    SNMP management on the access point defaults the community settings to “restricted” and “public”. To disable SNMP communities, type the following commands. ProCurve Access Point 530# configure ProCurve Access Point 530(config)# no snmp-server community public restricted ProCurve Access Point 530(config)# no snmp-server community system unrestricted...

  • Page 114

    ProCurve Access Point 530(config) #snmp-server community alpha unrestricted ProCurve Access Point 530(config) #snmp-server community beta restricted ProCurve Access Point 530(config) #snmp-server host 192.16 8.1.15 alpha ProCurve Access Point 530(config) #snmp-server contact Jim ProCurve Access Point 530(config) #snmp-server location 2F ProCurve Access Point 530(config) #snmp-server port 161...

  • Page 115

    General System Configuration Configuring SNMP ProCurve Access Point 530# configure ProCurve Access Point 530(config)# show snmp-server SNMP Server Settings --------------------------------------------------------------------------- SNMP Status Enabled SNMP Port Community (ro) public Community (rw) private Location 2FR19 Contact No SNMP trap destinations are currently configured.

  • Page 116: Web: Configuring Snmp V1 And V2c Traps, Snmp Traps

    General System Configuration Configuring SNMP Web: Configuring SNMP v1 and v2c Traps The SNMP – Traps and SNMP – Trap Hosts screens configure SNMP v1 and v2c trap notifications that can be sent to specified management stations. SNMP Traps The SNMP – Traps screen controls whether specific SNMP notifications are sent: System Traps: pertaining to the system.

  • Page 117

    General System Configuration Configuring SNMP • hpWlanClientRequestFailure – The station request failure is sent when a station fails to associate / re-associate / authenticate with the access point. The notification includes the station MAC address and the reason code for the failure. •...

  • Page 118

    General System Configuration Configuring SNMP • hpWlanDot1XAuthNotInitiated– This notification is sent when a station did not initiate 802.1X authentication with the RADIUS server. The notification value includes the MAC address of the station that did not initiate 802.1X authentication. • hpWlanDot1XAuthSuccess –...

  • Page 119: Snmp Trap Hosts

    General System Configuration Configuring SNMP Click Management > SNMP and select the Traps tab. Under the Trap Groups, check or uncheck the required traps boxes. Click Update. SNMP Trap Hosts The SNMP – Trap Hosts screen allows configuration of the following SNMP trap parameters: Trap Destination Host (1 to 3): Enables/Disables recipients (up to ■...

  • Page 120: Cli: Configuring Snmp V1 And V2c Traps, Cli: Configuring Snmp V1 And V2c Trap Destinations

    To send SNMP v1 and v2c traps to a management station, specify the host IP address using the snmp-server host command and enable specific traps using the snmp-server trap command. ProCurve Access Point 530(config)# snmp-server host 192.168. 1.15 public ProCurve Access Point 530(config)# snmp-server host 192.168.

  • Page 121

    General System Configuration Configuring SNMP To display the current SNMP settings from the Manager Exec level, use the show snmp-server command, as shown in the following example. ProCurve Access Point 530(config)# show snmp-server SNMP Server Settings --------------------------------------------------------------------------- SNMP Status Enabled...

  • Page 122: Configuring Snmpv3, Web: Enabling & Disabling Snmpv3, Configuring Snmpv, Web: Enabling & Disabling Snmpv

    N o t e s ■ The AP-530 does not configure an ‘initial’ user for SNMPv3. If you want to enable SNMPv3 without first enabling SNMPv1/2c, it will be necessary to log into the AP-530 using the CLI interface and add an SNMPv3 user manually (See “CLI: Managing SNMPv3 Users”...

  • Page 123: Cli: Enabling & Disabling Snmpv3, Cli: Enabling & Disabling Snmpv

    General System Configuration Configuring SNMPv3 Figure 5-8. The SNMP - Settings Tab To Enable SNMPv3: Click Management > SNMP and select the Settings tab. Click the SNMPv3 Enabled button. Click [Update]. To Disable SNMPv3: Click Management > SNMP and select the Settings tab. Click the SNMPv3 Disabled button.

  • Page 124: Web: Managing Snmpv3 Users

    ProCurve Access Point 530(config)# snmpv3 enable ProCurve Access Point 530(config)# To disable SNMPv3, enter the no snmpv3 enable command. ProCurve Access Point 530(config)# no snmpv3 enable ProCurve Access Point 530(config)# Web: Managing SNMPv3 Users The SNMP – SNMPv3 Users screen enables you to add and remove SNMPv3 users, and to manage their settings.

  • Page 125

    General System Configuration Configuring SNMPv3 Figure 5-9. The SNMP SNMPv3 Users Tab To Add an SNMPv3 User: Click Management > SNMP and select the SNMPv3 Users tab. Enter the new username in the Username field. Optionally, select an authentication method from the Authentication Type drop-down.

  • Page 126: Cli: Managing Snmpv3 Users

    To create an SNMPv3 user, enter the snmpv3 user-name command. ProCurve Access Point 530(config)# snmpv3 user-name tjames ProCurve Access Point 530(config)# To remove an SNMPv3 user, enter the no snmpv3 user-name command. ProCurve Access Point 530(config)# no snmpv3 user-name tjame ProCurve Access Point 530(config)# 5-42...

  • Page 127: Cli: Displaying Snmpv3 Settings

    Configuring SNMPv3 To create an SNMPv3 user with MD5 authentication, add the auth parameter and password to the definition. ProCurve Access Point 530(config)# snmpv3 user-name tjames auth md5 12345678 ProCurve Access Point 530(config)# To create an SNMPv3 user with MD5 authentication and AES privacy, add the auth md5 and priv aes parameters and their passwords to the definition.

  • Page 128: Enabling System Logging

    General System Configuration Enabling System Logging Enabling System Logging The access point supports a logging process that can control error messages saved to memory or sent to a server. The logged messages serve as a valuable tool for isolating access point and network problems. The following table lists the error message levels from the most severe (Emergency) to least severe (Debug).

  • Page 129: Web: Setting Logging Parameters, Cli: Setting Logging Parameters

    General System Configuration Enabling System Logging Web: Setting Logging Parameters The Event Log – Settings screen configures system logs and server details for the access point. The Web interface enables you to modify these parameters: ■ Primary Syslog Host: Enables the logging of error messages. ■...

  • Page 130

    The following example shows how to set an IP address for the receiving server using the logging command. ProCurve Access Point 530# configure ProCurve Access Point 530(config)# logging 10.1.0.3 ProCurve Access Point 530(config)# The following example shows the settings. ProCurve Access Point 530# configure...

  • Page 131

    General System Configuration Enabling System Logging The following example shows the security level of entries. ProCurve Access Point 530# configure ProCurve Access Point 530(config)#show logging Keys: M=eMergency C=Critical W=Warning I=Information A=Alert E=Error N=Notice D=Debug ----- Event Log Listing: Most Recent Events First...

  • Page 132: Configuring The Time (sntp), Web: Setting Sntp Parameters, Configuring The Time (sntp)

    General System Configuration Configuring the Time (SNTP) Configuring the Time (SNTP) Simple Network Time Protocol (SNTP) allows the access point to set its internal clock based on periodic updates from a time server (SNTP or NTP). Maintaining an accurate time on the access point enables the system log to record meaningful dates and times for event entries.

  • Page 133

    General System Configuration Configuring the Time (SNTP) To Set SNTP Parameters: Select Special Features > Time. For SNTP, click Enabled. For the SNTP Server, enter the IP address or the hostname in the SNTP Server field. Click [Update]. 5-49...

  • Page 134: Cli: Setting Sntp Parameters

    The following example shows how to enable SNTP and configure a server IP address by using the sntp <server> command. ProCurve Access Point 530# configure ProCurve Access Point 530(config) #sntp 10.1.0.19 ProCurve Access Point 530(config)# To display the current SNTP status, use the show sntp command, as shown in the following example.

  • Page 135: Configuring Radius Accounting

    General System Configuration Configuring RADIUS Accounting Configuring RADIUS Accounting Remote Authentication Dial-in User Service (RADIUS) Accounting is an extension to the RADIUS authentication protocol that uses a central server to log user activity on the network. A RADIUS Accounting server runs software that receives user-session information from the access point.

  • Page 136: Web: Setting Radius Accounting Server Parameters

    General System Configuration Configuring RADIUS Accounting Web: Setting RADIUS Accounting Server Parameters The Accounting Servers screen in the WLAN Configuration – Security pop-up window sets the primary and secondary server parameters for the RADIUS Accounting server. This configures the RADIUS Accounting servers to which the access point RADIUS server transmits user-session information.

  • Page 137

    General System Configuration Configuring RADIUS Accounting Figure 5-12. Configuring RADIUS Accounting Servers To Set RADIUS Accounting Server Parameters: Click Network Setup > WLANs. Click the [Edit] button for the WLAN (BSS/SSID) interface you want to modify. A pop-up window with Security settings opens. Select the Accounting Servers tab.

  • Page 138: Cli: Enabling Radius Accounting Parameters

    N o t e Enter radius commands, one per line. ProCurve Access Point 530# configure ProCurve Access Point 530(config)# radius-accounting primary ip 192.168.1.52 ProCurve Access Point 530(config)# radius-accounting primary port 161...

  • Page 139: Setting Up Filter Control, Web: Setting Traffic Filters

    General System Configuration Setting Up Filter Control Setting Up Filter Control You can prevent communications between wireless stations associated to the access point, only allowing traffic between stations and the wired network. You can also prevent any wireless client from performing any access point configuration through any of its management interfaces, including Web, Telnet, or SNMP access.

  • Page 140: Cli: Setting Traffic Filters

    9-89 The following example shows how to block communications between wire- less stations. ProCurve Access Point 530# configure ProCurve Access Point 530(config)# inter-station-blocking ProCurve Access Point 530(config)# The following example shows how to block wireless stations from gaining management access to the access point.

  • Page 141: Configuring Vlan Support

    General System Configuration Configuring VLAN Support Configuring VLAN Support A Virtual Local Area Network (VLAN) is a location independent broadcast domain. A VLAN is like the standard definition of a LAN without the physical constraints. These VLAN domains are a collection of workstations that are part of the same logical, working community but not likely part of the same physical community.

  • Page 142: Web: Setting A Management Vlan

    General System Configuration Configuring VLAN Support Management VLAN. A management VLAN can be configured for secure management access to the access point. The management VLAN is for managing the access point through remote management tools, such as the Web interface, SSH, Telnet, or SNMP. The access point only accepts management traffic that is tagged with the specified management VLAN ID.

  • Page 143: Web: Changing The Untagged Vlan Id

    General System Configuration Configuring VLAN Support Figure 5-14. Setting A Management VLAN To Set A Management VLAN: Click Network Setup > Ethernet. Enter a valid number between 1 and 4094 in the Management VLAN ID field. Select [Update]. Web: Changing the Untagged VLAN ID The Network Setup –...

  • Page 144

    General System Configuration Configuring VLAN Support Figure 5-15. Changing Untagged VLAN ID To Set Untagged VLAN ID: Click Network Setup > Ethernet. Enter a valid number between 1 and 4094 in the Untagged VLAN field. Select [Update]. 5-60...

  • Page 145: Cli: Enabling Vlan Support

    9-118 The following example shows how to establish a management VLAN ID. ProCurve Access Point 530# configure ProCurve Access Point 530(config)# interface ethernet ProCurve Access Point 530(ethernet)# management-vlan 9 ProCurve Access Point 530(ethernet)# The following example shows how to set an untagged VLAN ID in the interface context.

  • Page 146

    The following example displays the management VLAN ID. The static or dynamic VLAN state is configured per WLAN and can be validated using the show wlans command. ProCurve Access Point 530# show wlans All WLANs on Radio 1: WLAN BSSID...

  • Page 147: Managing Group Configuration

    Managing Group Configuration The Group Configuration feature enables an administrator to configure and manage groups of up to twelve AP 530 access points using the management interface of only one of the devices. Group Configuration can be configured using the web-browser interface, the CLI, or through SNMP.

  • Page 148: Guidelines For Deploying Group Configuration, The Synchronization Process

    General System Configuration Managing Group Configuration The Administrator password (see “Modifying Management Passwords” on ■ page 5-6) ■ The local RADIUS user database (see “Configuring RADIUS Client Authentication” on page 7-32) All Probe Table settings (see “Probe Table” on page 8-35) ■...

  • Page 149: Security And Integrity Recommendations, Web: Enabling Group Configuration

    General System Configuration Managing Group Configuration Parameter changes that are made using the CLI (after the write mem command), the Web browser interface (after clicking the Update button), or an SNMP request will all trigger synchronization. Complete synchronization may take up to one minute to propagate, depending on the size of the group and on network latency.

  • Page 150

    General System Configuration Managing Group Configuration Member ID: An optional text string identifying the access point within ■ the group. ■ [Update]: Updates the Group Configuration settings on the access point. The current members of the selected group are listed in the Members list. N o t e The IP addresses of the other members of the group appear as links.

  • Page 151: Cli: Enabling Group Configuration

    9-63 The following example shows how to add the current access point to a group. ProCurve Access Point 530# configuration ProCurve Access Point 530(config)# group-config name HBldg22 ProCurve Access Point 530(config)# group-config member-id AP-2 ProCurve Access Point 530(config)# group-config...

  • Page 152

    General System Configuration Managing Group Configuration 5-68...

  • Page 153: Table Of Contents

    Wireless Interface Configuration Contents Overview ............6-3 Setting the Country Code .

  • Page 154

    Wireless Interface Configuration Managing Multiple WLAN (BSS/SSID) Interfaces ....6-34 Web: Configuring SSID Interfaces ......6-35 CLI: Naming an SSID Interface .

  • Page 155

    Wireless Interface Configuration Overview Overview The Access Point 530 supports up to 16 service set identifier (SSID) interfaces. Most radio parameters apply globally to all configured SSID interfaces. For each SSID interface, different security settings, VLAN assignments and other parameters can be applied.

  • Page 156: Setting The Country Code, Cli: Setting The Country Code

    N o t e The country code is preset to “US” in the Access Point 530 NA unit and can be changed from the U.S. to only the Canada, Mexico, or Taiwan country code.

  • Page 157

    You do not need to perform a system reboot to set the country code. Use the write mem command to save the country code. ProCurve Access Point 530# configure ProCurve Access Point 530(config)# country GB ProCurve Access Point 530(config)# write mem The following example shows how to use the show system-information command to return the access point’s current values, including the country...

  • Page 158: Configuring The Radio

    This includes any changes to a WLAN or radio parameter. Table 6-1. Radio Configuration Summary Table Summary Point Parameters Three wireless LAN modes are available for use on the 530 802.11a, 802.11b, and access point. 802.11g Two separate wireless LAN radios are available for use on the Radio 1 and Radio 2 530 access point.

  • Page 159

    Wireless Interface Configuration Configuring the Radio Summary Point Parameters Because they are in different parts of the spectrum, the channels 802.11b and 802.11a within these modes do not interfere with one another. channels. 802.11g and 802.11a channels. Each radio that is used, no matter what the mode, must be set to All modes (802.11a, a unique channel to avoid interference with other radios in the 802.11b, and 802.11g).

  • Page 160: Configuring The Radio Working Mode

    Wireless Interface Configuration Configuring the Radio Configuring the Radio Working Mode As specified in the , the access point “Radio Configuration Summary Table” on page 6-6 can operate in three standard radio modes: IEEE 802.11a, 802.11b, or 802.11g. Getting to know 802.11a. The IEEE 802.11a provides specifications for wireless ATM systems.

  • Page 161: Web: Setting The Radio Working Mode

    Wireless Interface Configuration Configuring the Radio To support both 802.11g and 802.11b stations, the access point must first communicate with all stations using CCK and only switch to OFDM for data transfers between 802.11g-compatible stations. This mechanism has the effect of reducing the maximum throughput for 802.11g stations in the network.

  • Page 162

    Wireless Interface Configuration Configuring the Radio • IEEE 802.11g: Stations communicate at a higher data transfer range, between 1 to 54 Mbps, than the 802.11b PHY, while operating in the 2.4 GHz band. This standard uses orthogonal frequency division multiplexing (OFDM). Backward-compatible with IEEE 802.11b. (Radio 1 is the default.) •...

  • Page 163: Cli: Setting The Radio Working Mode

    N o t e Enter radio commands, one per line. ProCurve Access Point 530# configure ProCurve Access Point 530(config)# radio 1 ProCurve Access Point 530(radio1)# mode g ProCurve Access Point 530(radio1)# The following example uses the show radios command to display current details on the dual radios configured on the access point.

  • Page 164: Configuring The Radio Channel And Other Basic Settings, Web: Configuring Basic Radio Settings

    Wireless Interface Configuration Configuring the Radio Configuring the Radio Channel and Other Basic Settings The access point uses the configured radio channel to communicate with wireless stations. As indicated in the “Radio Configuration Summary Table” on page 6- , the access point’s channel settings and radio mode have a configuration relationship to enhance the performance of the access point.

  • Page 165

    Wireless Interface Configuration Configuring the Radio N o t e When the radio is configured for auto channel selection, any radio mode changes result in a five- to ten-second delay as the optimum radio channel is determined and selected. ■ Maximum Stations: The maximum number of stations allowed to access the applicable radio at any one time.

  • Page 166: Web: Configuring Advanced Radio Settings

    Wireless Interface Configuration Configuring the Radio Web: Configuring Advanced Radio Settings The Radio – Advanced Settings pop-up window, shown in Figure 6-3, enables you to configure a number of advanced settings for the access point’s radio operation: ■ Broadcast/Multicast Rate Limiting: Enables the rate limiting on the radio to transmit multicast and broadcast traffic.

  • Page 167

    Wireless Interface Configuration Configuring the Radio • Short: Sets the slot time to 9 microseconds. A short slot time can increase data throughput on the access point, but its use requires that all stations can support a short slot time (that is, 802.11g-compliant stations must support a short slot time).

  • Page 168: Configuring Advanced Radio Settings

    Wireless Interface Configuration Configuring the Radio Configuring Advanced Radio Settings Figure 6-3. Configuring Advanced Radio Settings To Modify Advanced Radio Settings: Click Network Setup > Radio. Click the Edit button for Advanced Settings. A pop-up window for Advanced Settings opens (see figure 6-3). To enable rate limiting, click the Broadcast/Multicast Rate Limiting Enabled button.

  • Page 169: Configuring B + G Mode

    Wireless Interface Configuration Configuring the Radio To configure the communication periods and packet size transmissions, enter values within the appropriate range for the Fragmentation Threshold and RTF Threshold fields. Enter the length of time value to establish Inactivity Timeout. Select values for the Supported and Basic Rate Sets. 10.

  • Page 170

    Wireless Interface Configuration Configuring the Radio Figure 6-5. Configuring B + G Modes [Advanced Radio Settings] To Configure B + G Modes: The setting, shown in Figure 6-5, allows both b stations and g stations to associate with the AP. Select Network Setup >...

  • Page 171: Configuring G- Only Mode

    Wireless Interface Configuration Configuring the Radio Configuring G- Only Mode Figure 6-6. Configuring Wi-Fi G-Only Mode To Configure Wi-Fi G-Only Mode: This setting, shown in Figure 6-6, allows g-only stations to associate with the AP. This is Wi-Fi standard-based g-only mode. Select Network Setup >...

  • Page 172: Configuring Pure G Mode

    The setting, shown in Figure 6-7, allows only g stations to associate with the access point, but should be used only if no legacy 802.11b clients or access points are within range of the 530 access point. C a u t i o n This mode is not a standard-based configuration mode.

  • Page 173: Cli: Configuring Radio Settings

    Enter radio commands one line at a time. ProCurve Access Point 530# configure ProCurve Access Point 530(config)# radio 1 ProCurve Access Point 530(radio1)# description “Radio 1 - 802.11g” ProCurve Access Point 530(radio1)# beacon-interval 102 ProCurve Access Point 530(radio1)# fragmentation-thresh 1024...

  • Page 174

    Wireless Interface Configuration Configuring the Radio The following example uses the show radio <radio> command to display this access point’s radio parameter details. ProCurve Access Point 530# show radio 1 Description Radio 1 - 802.11g Base MAC 00:14:C2:A7:11:A0 Status Enabled Mode 802.11g...

  • Page 175: Modifying Antenna Settings, Web: Setting The Tx Power Reduction

    Wireless Interface Configuration Modifying Antenna Settings Modifying Antenna Settings When using an external antenna with the access point, you must configure the radio for the type of external antenna that is attached: either Diversity or Single. Also, the access point’s transmit power must be limited to conform to local regulations.

  • Page 176

    Wireless Interface Configuration Modifying Antenna Settings Figure 6-8. Setting Transmit Power Reduction To Modify the Transmit Power Reduction: Select Network Setup > Radio. Use the Tx Power Reduction drop-down to select a dBm value. Select [Update] to set the radio transmit power reduction. 6-24...

  • Page 177: Web: Setting The Antenna Type And Antenna Mode

    Wireless Interface Configuration Modifying Antenna Settings Web: Setting the Antenna Type and Antenna Mode The Radio – Advanced Settings pop-up window, shown in Figure 6-9, enables you to configure the following settings for adjusting the transmit power limits: ■ Antenna Type: The type of radio antenna utilized by this access point. (The default is Internal.) Antenna Mode: The mode of radio antenna utilized by this access point.

  • Page 178: Cli: Setting The Transmit Power Reduction And Antenna Parameters

    Single on the access point. The default mode is set to Diversity. ProCurve Access Point 530(config)# radio 1 ProCurve Access Point 530(radio1)# tx-power-reduction 5 ProCurve Access Point 530(radio1)# antenna external ProCurve Access Point 530(radio1)# antenna mode single 6-26...

  • Page 179

    Wireless Interface Configuration Modifying Antenna Settings You can use the show radio command to display the current radio settings from the wireless interface configuration level. ProCurve Access Point 530# show radio 1 Description Radio 1 - 802.11g Base MAC 00:14:C2:A7:11:A0...

  • Page 180: Adaptive Tx Power Control, Feature Overview

    Adaptive Tx Power Control is a group of advance radio settings that can optimize channel coverage and reduce interference from neighboring APs by dynamically reducing the transmit power levels of the AP 530. When it is enabled, ATPC is applied independently to each radio. ATPC assesses and adjusts power levels about once every second.

  • Page 181: Scope Of Neighboring Aps, Adaptive Mode

    Wireless Interface Configuration Adaptive Tx Power Control Scope of Neighboring APs ATPC may be applied broadly to all neighboring APs or more selectively to specific APs by configuring either RF Group Name or Avoid Neighbor APs. These parameters are mutually exclusive: Enabling one disables the other. ■...

  • Page 182: Power Reduction Limit, Configuration Strategy

    Wireless Interface Configuration Adaptive Tx Power Control This mode is recommended for low density deployments where coverage holes may be of concern. The data transmit power attenuation is calculated to put transmissions into the noise floor of the nearest same-channel AP, then reduced if needed to reach the farthest associated client station at a target RSSI.

  • Page 183: Web: Configuring Adaptive Tx Power Control

    Wireless Interface Configuration Adaptive Tx Power Control Since ATPC can only reduce transmit power (not amplify it), optimal place- ment of access points will provide full coverage at a transmit power level somewhat below the maximum. Furthermore, if the deployment needs to be able to remediate conditions such as the failure or down-time of individual access points, the density should be such that ATPC can compensate for a missing unit by lessening power reduc- tion, thus allowing transmit power to increase towards its maximum.

  • Page 184: Cli: Configuring Adaptive Tx Power Control

    Wireless Interface Configuration Adaptive Tx Power Control Figure 6-10. Setting Adaptive Transmit Power Control Parameters To Configure Adaptive Transmit Power Control: Select Network Setup > Radio tab > > Advanced Settings. [Edit] Select the Adaptive Tx Power Control Enabled button to enable ATPC. Depending on the scope of the neighboring APs you want to include in the ATPC calculations, do one of the following: To adapt transmit power to all neighboring APs (on the same...

  • Page 185

    With RF Group Name” on page C-5. To configure AP #1 in this use case, enter the following commands: ProCurve Access Point 530(config)# radio 1 ProCurve Access Point 530(radio1)# atpc adapt ap ProCurve Access Point 530(radio1)# atpc max-reduction 18 ProCurve Access Point 530(radio1)# atpc rf-group-name...

  • Page 186: Managing Multiple Wlan (bss/ssid) Interfaces

    Wireless Interface Configuration Managing Multiple WLAN (BSS/SSID) Interfaces Managing Multiple WLAN (BSS/SSID) Interfaces A wireless local area network (WLAN) is a local area network (LAN) that users access through a wireless connection. The IEEE 802.11-1999 standards specify WLAN technologies. The WLAN uses high-frequency radio waves rather than wires to communicate between nodes.

  • Page 187: Web: Configuring Ssid Interfaces

    Wireless Interface Configuration Managing Multiple WLAN (BSS/SSID) Interfaces The following figure shows the configuration scenario to follow when managing VLANs and SSID interfaces. Figure 6-11. Configuring VLANs and SSID Interfaces Web: Configuring SSID Interfaces The WLANs tab, shown in Figure 6-11, enables you to configure SSIDs, VLANS, and closed system settings.

  • Page 188

    Wireless Interface Configuration Managing Multiple WLAN (BSS/SSID) Interfaces N o t e If you are connected as a wireless client to the same AP that you are admin- istering, resetting the SSID will cause you to lose connectivity to the AP. You will need to reconnect to the new SSID after you save this new setting.

  • Page 189

    Wireless Interface Configuration Managing Multiple WLAN (BSS/SSID) Interfaces Enter a unique name for the SSID interface. This name is automatically copied over to the compatible SSID interface for Radio 2. To prohibit WLAN (BSS/SSID) interface broadcasting, check the Closed- System box. To assign a VLAN ID per WlAN (BSS/SSSID), enter a VLAN ID in the VLAN field.

  • Page 190: Cli: Naming An Ssid Interface

    The WLAN index uses the format “wlan x,” where x is a number between 1 and 16. ProCurve Access Point 530# configure ProCurve Access Point 530(config)# radio 1 ProCurve Access Point 530(radio1)# wlan 1 ProCurve Access Point 530(radio1-wlan1)#ssid PR3_WLAN To display a list of configured WLAN interface settings, use the show wlan <x>...

  • Page 191: Cli: Modifying Wlan (bss/ssid) Interface Settings

    Wireless Interface Configuration Managing Multiple WLAN (BSS/SSID) Interfaces ProCurve Access Point 530(radio1-wlan1)# show wlan 1 WLAN #1 on Radio 1 Description Radio 1 - WLAN 1 Status Enabled SSID PR3_WLAN VLAN - Untagged BSSID 00:14:C2:A7:11:A0 DTIM Period Security Type no-security (No Sec.)

  • Page 192

    Wireless Interface Configuration Managing Multiple WLAN (BSS/SSID) Interfaces To display WLAN interface settings, use the show wlan command, as shown in the following example. ProCurve Access Point 530(radio1)# show wlan All WLANs on Radio 1: WLAN BSSID VLAN Security Status...

  • Page 193

    Wireless Interface Configuration Managing Multiple WLAN (BSS/SSID) Interfaces — This page is intentionally unused. — 6-41...

  • Page 194

    Wireless Interface Configuration Managing Multiple WLAN (BSS/SSID) Interfaces 6-42...

  • Page 195

    Wireless Security Configuration...

  • Page 196: Table Of Contents

    Wireless Security Configuration Contents Overview ............7-5 Wireless Security Overview .

  • Page 197: Table Of Contents

    The Web-Auth Process ........7-57 Associating with the AP-530 ......7-57 URL Intercept .

  • Page 198

    Wireless Security Configuration CLI: Configuring Web-Auth on a WLAN ......7-70 Prerequisites ......... . . 7-70 Web: Customizing the Login, Welcome, and Failed Screens .

  • Page 199

    Wireless Security Configuration Overview Overview This chapter describes how to: Configure wireless security ■ Configure encryption ■ ■ Configure key management ■ Configure MAC and 802.1X authentication Configure MAC Lockout and Client/Station Deauthentication ■ ■ Configure AP Authentication ■ Configure Web Authentication...

  • Page 200: Wireless Security Overview, User Authentication, Mac Authentication

    User Authentication The two ways of authenticating users on the Access Point 530 are: MAC authentication: Based on the user’s wireless station MAC address. ■...

  • Page 201: X User Authentication, Access Point Authentication

    For the CLI commands, see Section 9, “MAC Address Authentication” on page 9-72 MAC Authentication on the AP 530 includes the ability to lock out clients by MAC address, and to force an already connected client or station to deauthen- ticate.

  • Page 202: Encryption, Wired Equivalent Privacy (wep), Temporal Key Integrity Protocol (tkip), Wired Equivalent Privacy (wep)

    Wireless Security Configuration Wireless Security Overview connections. The AP 530 supports port-access authentication through the AP Authentication feature. See “Configuring 802.1X AP Authentication” on page 7-53 for more information. Encryption The AP 530 supports three types of encryption: Wired Equivalent Privacy (WEP): Key lengths of 64 bits and 128 bits are ■...

  • Page 203: Counter Mode/cbc-mac Protocol (ccmp), Key Management, Security Profiles, No Security, Counter Mode/cbc-mac Protocol (ccmp)

    It is the most effective encryption system currently available for wireless networks. It is possible to use a mixed cipher mode of TKIP and CCMP on a WLAN in the AP 530. Key Management Keys for encrypting the data can be managed either dynamically using 802.1X authentication or statically using preshared keys between the access point and station.

  • Page 204: Static Wired Equivalent Privacy (wep), Dynamic Wired Equivalent Privacy (wep), Tkip With Preshared Key

    Wireless Security Configuration Wireless Security Overview network VPN server. If this mode is used, it may be desirable to prevent advertising availability of the network to other stations by configuring the WLAN for closed-system operation. C a u t i o n Use the No Security mode on a sensitive internal network only for initial setup, testing, or problem solving, or where VPN connections are mandated to provide end-to-end security for the otherwise insecure wireless connection.

  • Page 205: Tkip With 802.1x, Aes With 802.1x

    Wireless Security Configuration Wireless Security Overview TKIP with 802.1X The TKIP with 802.1X security profile uses TKIP as the encryption cipher and 802.1X as the authentication mechanism. In this way, each station uses a unique master key to derive the encryption between the access point and the station.

  • Page 206: Other Security Features

    Wireless Security Overview Other Security Features In addition to the wireless security features described in the preceding section, the Access Point 530 has a user-based security feature called Identity Driven Management (IDM). For more details on IDM, see “Identity Driven Management” on page 8-36 Table 7-1.

  • Page 207

    For more details on security configurations that are possible using the CLI, “CLI: Configuring Security Settings” on page 7-24. Table 7-2. Summary of Wireless Security Configuration Configuring Encryption in the ProCurve Wireless Access Point 530 Encryption Methods and WLAN Interface Level Commands Additional Notes...

  • Page 208

    The AP 530 supports the following Extensible Authentication Protocol (EAP) methods: TLS, TTLS, MD5, and PEAP (MS- CHAP v2) when configured to use an external RADIUS server for authentication. The AP 530 supports only PEAP (MS- CHAP v2) when configured to use the built-in (local) RADIUS server.

  • Page 209

    Wireless Security Configuration Wireless Security Overview Table 7-3. Summary of MAC Authentication Configuration Configuring MAC Authentication in the HP ProCurve Wireless Access Point 530 Local MAC MAC Authentication Table RADIUS Comments Authentication Authentication Authentication MAC Address Permission Mode MAC Table...

  • Page 210: Establishing Security

    Wireless Security Configuration Establishing Security Establishing Security The security options are available from the WLANs tab (shown in Figure 7-1) and provide wireless security configuration for the WLAN. Figure 7-1. Security Access Via the WLANs Screen Basic parameters required for a security option configuration are provided in the WLANs –...

  • Page 211

    You should give special consideration to the security option for WLAN 1 if you are configuring one or more Wireless Distribution System (WDS) links on the AP 530. The security option configured for WLAN 1 also establishes the security option that is used with WDS links (1–6). WDS security options (and thus the WLAN 1 configuration) are limited to one of the choices listed in Table 7-4.

  • Page 212: Web: Setting Security Options

    Wireless Security Configuration Establishing Security Web: Setting Security Options The Security tab provides these options: ■ No Security: The access point is configured as an open system with no user authentication or data encryption. This is the default setting. Static WEP: Use static IEEE 802.11 Wired Equivalent Privacy (WEP) ■...

  • Page 213

    Wireless Security Configuration Establishing Security WPA-PSK: Uses a preshared key (instead of using IEEE 802.1X and EAP ■ as is used in the WPA-802.1X security mode). The PSK is used for an initial check of credentials only. A WPA-supported station is required. If a mix of stations is used, with some supporting WPA2 and others supporting the original WPA, configure for both (set both wpa/wpa2 allowed).

  • Page 214

    Wireless Security Configuration Establishing Security N o t e Stations that are not configured to use WPA-PSK cannot associate with an access point. ■ WPA-802.1X: IEEE 802.11i-2004 includes AES, CCMP, and TKIP mecha- nisms. The standard specifies security enhancements in encryption, authentication, and key management, and provides support for roaming.

  • Page 215

    Wireless Security Configuration Establishing Security Figure 7-2. Configuring Static WEP To Configure Static WEP Shared Keys: Select Network Setup > WLANs. Click [Edit] after the selected WLAN. The WLAN Configuration Security pop-up window opens, displaying the Security tab. Select Static WEP from the Security Mode drop-down. To allow system authentication, select Shared from the Authentication option.

  • Page 216

    Wireless Security Configuration Establishing Security Figure 7-3. Configuring WPA-PSK To Configure WPA-PSK: Select Network Setup > WLANs. Click [Edit] after the selected WLAN. The WLAN Configuration Security pop-up window opens, displaying the Security tab. Select WPA-PSK from the Security Mode drop-down. Select WPA, WPA2, or Both for WPA support, as required.

  • Page 217

    Wireless Security Configuration Establishing Security Figure 7-4. Configuring WPA-802.1X To Configure WPA-802.1X: Select Network Setup > WLANs. Click [Edit] after the selected WLAN. The WLAN Configuration Security pop-up window opens, displaying the Security tab. Select WPA-802.1X from the Security Mode drop-down. Select WPA, WPA2, or Both for WPA support, as required.

  • Page 218: Manual Configuration Using The Cli, Cli: Configuring Security Settings

    Wireless Security Configuration Manual Configuration Using the CLI Manual Configuration Using the CLI The following sections show examples of how to use the CLI to view and configure access point security settings. N O T E : Security settings using the CLI can only be made for WLANs in the context of Radio 1.

  • Page 219

    Using the CLI to Configure No Security. The following example shows how to configure an WLAN interface to have no security set. ProCurve Access Point 530# configure ProCurve Access Point 530(config)# radio 1 ProCurve Access Point 530(radio1)# wlan 1 ProCurve Access Point 530(radio1-wlan1)#security no-security...

  • Page 220

    The following example shows how to view the current configuration settings. ProCurve Access Point 530# configure ProCurve Access Point 530(config)# radio 1 ProCurve Access Point 530(radio1)# wlan 1 ProCurve Access Point 530(radio1-wlan1)# show wlan 1 WLAN #1 on Radio 1 Description insecure...

  • Page 221

    These commands enable security and estab- lish the transfer key index (set to 4). ProCurve Access Point 530# configure ProCurve Access Point 530(config)# radio 1 ProCurve Access Point 530(radio1)# wlan 1 ProCurve Access Point 530(radio1-wlan1)#security static-wep ProCurve Access Point 530(radio1-wlan1)#wep-default-key 4...

  • Page 222

    Wireless Security Configuration Manual Configuration Using the CLI ProCurve Access Point 530(radio1-wlan1)#wep-key-1 abcde ProCurve Access Point 530(radio1-wlan1)#wep-key-2 fghi ProCurve Access Point 530(radio1-wlan1)#wep-key-3 klmn ProCurve Access Point 530(radio1-wlan1)#wep-key-4 pqrs ProCurve Access Point 530(radio1-wlan)# The following commands set the security to a shared-key authentication protocol.

  • Page 223

    Wireless Security Configuration Manual Configuration Using the CLI ProCurve Access Point 530# configure ProCurve Access Point 530(config)# radio 1 ProCurve Access Point 530(radio1)# wlan 1 ProCurve Access Point 530(radio1-wlan1)#security dynamic-wep radius primary ip ProCurve Access Point 530(radio1-wlan1)# 192.168.1.52 radius primary...

  • Page 224

    WPA-802.1X is the recommended security mode. The incorporation of the RADIUS server makes it superior to the WPA-PSK security mode. ProCurve Access Point 530# configure ProCurve Access Point 530(config)# radio 1 ProCurve Access Point 530(radio1)# wlan 1 ProCurve Access Point 530(radio1-wlan1)#security wpa-802.1x...

  • Page 225

    RADIUS server. Use of the built-in server automat- ically establishes the RADIUS key. ProCurve Access Point 530# configure ProCurve Access Point 530(config)# radio 1 ProCurve Access Point 530(radio1)# wlan 1 radius primary ip ProCurve Access Point 530(radio1-wlan1)# 192.168.1.52...

  • Page 226: Configuring Radius Client Authentication

    “Configuring VLAN Support” on page 5-57 N o t e You can enter VLAN IDs on the RADIUS server as a hexadecimal number or an ASCII string. The Access Point 530 requires that you configure VLAN IDs as an ASCII string. 7-32...

  • Page 227: Web: Setting Radius Server Parameters

    Wireless Security Configuration Configuring RADIUS Client Authentication To use dynamic VLAN, the access point must be using a security configuration that enables 802.1X authentication and must have a RADIUS server configured (see ). Wireless stations must also support 802.1X station software to page 7-41 be assigned to a specific VLAN.

  • Page 228

    Wireless Security Configuration Configuring RADIUS Client Authentication Secondary Server Setup: Configures a secondary RADIUS server to ■ provide a backup in case the primary server fails. The access point uses the secondary server if the primary server fails or becomes inaccessible. Once the access point switches over to the secondary server, it periodically attempts to establish communication again with the primary server.

  • Page 229: Cli: Setting Radius Server Parameters

    The following example shows how to configure RADIUS authentication failover and the RADIUS retransmit retry parameter for this WLAN. ProCurve Access Point 530# configure ProCurve Access Point 530(config)# radio1 ProCurve Access Point 530(radio1)# wlan 1 ProCurve Access Point 530(radio1-wlan1)#radius failover-to- local ProCurve Access Point 530(radio1-wlan1)#radius retransmit 30...

  • Page 230: Web: Establishing Local Radius Accounts, Managing Existing Radius Accounts

    WLAN. ProCurve Access Point 530# configure ProCurve Access Point 530(config)# radio 1 ProCurve Access Point 530(radio1)# wlan 1 ProCurve Access Point 530(radio1-wlan1)# radius primary key open ProCurve Access Point 530(radio1-wlan1)# radius primary ip 192.168.1.53 ProCurve Access Point 530(radio1-wlan1)# radius primary mac-...

  • Page 231: Adding New Radius Accounts

    Wireless Security Configuration Configuring RADIUS Client Authentication Figure 7-6. Configuring an Existing Account To Modify an Existing Local RADIUS Account: Select Special Features > Local Radius tab. Select the account to modify. Do one of the following: • To enable the account, select Enable. •...

  • Page 232

    Wireless Security Configuration Configuring RADIUS Client Authentication • Password: Provides a string with a minimum of 1 character and a maximum of 32 characters. Do not use special characters or spaces. • Confirm Password: Repeats the same string with a minimum of 1 character and a maximum of 32 characters.

  • Page 233: Managing The Radius User Database

    Wireless Security Configuration Configuring RADIUS Client Authentication Select [Add Account] to set the user account. Managing the RADIUS User Database The User Database tab shown in Figure 7-8 enables you to create a backup file. Once you have created user accounts for use with Local RADIUS, you can save the account information to a Backup file, which can then be used to Restore the Local RADIUS user accounts if needed.

  • Page 234

    Wireless Security Configuration Configuring RADIUS Client Authentication Click Save to complete the process. The backup file will be placed in the specified folder. To Restore the Local RADIUS User Accounts From a User Database Backup: Select Special Features > Local Radius to display the Local RADIUS screen and user account information.

  • Page 235: Cli: Setting Local Radius Server Parameters

    RADIUS server, the RADIUS accounting feature must be disabled and/or set to use an external RADIUS accounting server. ProCurve Access Point 530# configure ProCurve Access Point 530(config)# radius-local newuser ProCurve Access Point 530(config)# radius-local existinguser Disabled ProCurve Access Point 530(config)# no radius-local...

  • Page 236

    The following example first sets the radius-local username to “chris” and subsequently sets the password for the chris user account to “chrisopen”. ProCurve Access Point 530# configure ProCurve Access Point 530(config)# radius-local chris realname csmith ProCurve Access Point 530(config)# radius-local chris...

  • Page 237: Configuring Mac Address Authentication, Authentication Order, Access Control List And Radius Server

    Wireless Security Configuration Configuring MAC Address Authentication Configuring MAC Address Authentication MAC address authentication functions enable the access point to control which devices can associate with it. You can: ■ Configure the access point to authenticate client MAC addresses against a local Access Control List stored locally on the access point or stored remotely on a RADIUS server, Specify station MAC addresses in the local Access Control List as allowed...

  • Page 238: Mac Lockout And Client/station Deauthentication

    Wireless Security Configuration Configuring MAC Address Authentication Consider the following guidelines: ■ Use MAC address authentication for a small network with a limited number of users. You can manually configure MAC addresses on the access point itself without the need to set up a RADIUS server. The access point supports up to 200 MAC addresses in its filtering table, but managing a large number of MAC addresses across more than one access point quickly becomes very cumbersome.

  • Page 239: Web: Configuring Access Control List

    Wireless Security Configuration Configuring MAC Address Authentication Web: Configuring Access Control List The Local MAC Authentication tab shown in Figure 7-9 enables you to create and maintain access control lists (ACLs) that can be directly applied to each WLAN for access control. You can modify these parameters: ■...

  • Page 240: Web: Configuring Mac Address Authentication

    Wireless Security Configuration Configuring MAC Address Authentication To Add a MAC Address to an Access Control List: Select the ACL from the ACL List drop-down. Enter the MAC address in the MAC Entry field. Click [Add] to add the new address to the ACL address list. To Remove a MAC Address from an Access Control List: Select the ACL from the ACL List drop-down.

  • Page 241: Cli: Configuring Mac Address Authentication

    Wireless Security Configuration Configuring MAC Address Authentication Figure 7-10. Configuring Built-In MAC Authentication To Configure Built-In MAC Authentication:. Select Network Setup > WLANs. Click [Edit] after the selected WLAN. The WLAN Configuration Security pop-up window opens. Select the Mac Authentication tab. To enable local or remote MAC authentication, select Enabled and choose Local or Remote.

  • Page 242

    The address format is a 48-bit MAC address format, displayed as a string of 12 hexadecimal digits separated by periods. For example: FE:DC:BA:09:87:65. ProCurve Access Point 530# configure ProCurve Access Point 530(config)# mac-auth-local mylist mac 00:11:22:33:44:55 ProCurve Access Point 530(config)# mac-auth-local mylist mac...

  • Page 243

    Configuring MAC Address Authentication Verifying that the list was set on the WLAN. The following example shows how to view the newly created list using the show wlan command. ProCurve Access Point 530(radio1-wlan1)# show wlan 1 WLAN #1 on Radio 1 Description...

  • Page 244: Web: Configuring Mac Lockout

    The MAC Lockout tab shown in Figure 7-11 enables you to add devices with selected MAC addresses to a MAC Lockout list. The MAC Lockout list applies to all WLANs on all radios in the Access Point 530. You can modify these parameters: ■...

  • Page 245: Cli: Configuring Mac Lockout

    MAC address from the MAC Lockout list using the no lockout-mac command. ProCurve Access Point 530# configure ProCurve Access Point 530(config)# no lockout-mac 00:14:C2:A5:09:8D ProCurve Access Point 530(config)# Displaying the MAC Lockout list. The following example shows how to display the current MAC Lockout list.

  • Page 246: Cli: Configuring Client/station Deauthentication

    Clearing the MAC Lockout list. The following example shows how to remove all MAC addresses from the current MAC Lockout list. ProCurve Access Point 530# configure ProCurve Access Point 530(config)# lockout-mac clear all 2 MAC addresses removed from lockout list ProCurve Access Point 530(config)# show lockout-mac No MAC addresses in lockout list.

  • Page 247: Configuring 802.1x Ap Authentication, Guidelines For Ap Authentication

    Configuring 802.1X AP Authentication Configuring 802.1X AP Authentication The AP Authentication feature enables the AP 530 to authenticate itself to a standard RADIUS server using its own username and password, just as a client or station would. The Access Point 530 AP Authentication feature supports 802.1X port-access authentication when connecting to switches that support...

  • Page 248: Web: Configuring Ap Authentication

    C a u t i o n When a VLAN with tagged management is used together with AP authentica- tion on the Access Point 530, do not configure the switch authenticator with an "auth-vid" or with a RADIUS assigned VLAN. Using either of these config- urations will place the switch authentication port in an untagged state that will take precedence over any statically defined VLAN tagging on the port.

  • Page 249: Cli: Configuring Ap Authentication

    Enabling AP Authentication on the access point. The following exam- ple enables AP Authentication with username ‘AP2167’, password ‘21B83j0k’, and PEAP authentication. ProCurve Access Point 530# configure ProCurve Access Point 530(config) #ap-authentication AP2167 21B83j0k ProCurve Access Point 530(config)# ap-authentication eap- type peap...

  • Page 250

    Configuring 802.1X AP Authentication Displaying the current AP Authentication status. Use the show system- information command to check the current AP Authentication status of the access point. ProCurve Access Point 530(config)# show ap-authentication AP Authentication Settings for the Access Point: Status: Enabled...

  • Page 251: The Web-auth Process, Associating With The Ap-530, Web Authentication For Mobile Users

    Web Authentication for Mobile Users Web Authentication for Mobile Users With the ProCurve Access Point 530, you can permit mobile users to authen- ticate to your network by entering their login credentials on a Web page. Web authentication (Web-Auth) credentials are verified through a RADIUS server.

  • Page 252: Url Intercept, Logging In, Authenticating

    The user then opens a Web browser and attempts to access a valid URL that can be reached through the network. The AP-530 intercepts this request and redirects the user’s Web browser to the Web-Auth login page to initiate the authentication process.

  • Page 253

    Failed Authentication. If the user enters an invalid username and pass- word, the RADIUS server denies access, and the AP-530 displays the Web- Auth Invalid Credentials, or Failed, page (figure 7-15). In this case, the user’s station remains in the unauthenticated Web-Auth state.

  • Page 254: Redirecting To The Destination Url, Web-auth Security, User Credentials, Optional Encryption, Other Security Features

    For authentication, you can specify both a primary RADIUS server and a secondary RADIUS server to ensure high availability; the local RADIUS server may also be used. Optional Encryption Users connecting thorough Web-Auth may associate with the AP-530’s VLAN interface using: ■ No security, Static WEP, or ■...

  • Page 255: The Web-auth Address Pool, Customizing The Authentication Screens

    The Web-Auth Address Pool When a client using dynamic IP addressing first associates with the access point, the AP-530 assigns the client a temporary IP address from a pool of temporary addresses that is shared by all Web-Auth WLANs. The addresses are served by a limited-function address server used only for initializing Web- Auth connections.

  • Page 256: Default Text Values For Authentication Screens, Login Screen Default Values

    Wireless Security Configuration Web Authentication for Mobile Users Title Text Header Text Descr. Text Footer Text Figure 7-16. Web-Auth Failed Authentication Default Text Values for Authentication Screens The default values for each of the three customizable authentication screens varies, depending on whether Web-Auth access is granted to: Only registered users ■...

  • Page 257: Welcome Screen Default Values, Failed Screen Default Values, Guidelines For Deploying Web-auth

    Wireless Security Configuration Web Authentication for Mobile Users Welcome Screen Default Values Table 7-6. Welcome Screen Default Values Registered User Only Guest User Only Registered & Guest User Title Text Authentication Success Success Authentication Success Header Text Authentication Success Success Authentication Success Footer Text You now have access to the...

  • Page 258: Configuration Summary, Web: Configuring The Global Address Pool

    When using Web-Auth, users must disable any proxy server for their web browser. Configuration Summary Configuring the AP-530 to provide mobile clients with Web-Auth requires several steps: Configure the WLAN-SSID and VLAN ID (as described in Chapters 5 and Optionally, configure static WEP or WPA-PSK security (as described in “Establishing Security”...

  • Page 259: Cli: Configuring The Global Address Pool

    Wireless Security Configuration Web Authentication for Mobile Users [Update]: Updates the Web-Auth address pool configuration. ■ Figure 7-17. Configuring the Global Address Pool To Configure the global Address Pool: Select Web Authentication > Address Pool tab. Enter the starting IP address in the Starting IP Address field. Enter the desired subnet mask in the Subnet Mask field.

  • Page 260: Web: Configuring Global Guest Account Settings

    Configuring the global Address Pool on the access point. The follow- ing example configures a range of temporary IP addresses with 60 second leases. ProCurve Access Point 530(config)# web-auth starting-ip-address 192.168.0.1 255.255.240.0 ProCurve Access Point 530(config)# web-auth lease-time 60 show web-auth...

  • Page 261: Cli: Configuring Global Guest Account Settings

    Configuring Guest user credentials on the access point. The following example configures global Guest user credentials that will be assigned to Web- Auth Guest users. ProCurve Access Point 530(config)# web-auth guest-username lbg_guest ProCurve Access Point 530(config)# web-auth guest-password lbg_password show web-auth...

  • Page 262: Web: Configuring Web-auth On A Wlan, Prerequisites

    Wireless Security Configuration Web Authentication for Mobile Users Web: Configuring Web-Auth on a WLAN Prerequisites ■ Before enabling Web Authentication on a WLAN, the temporary address pool must be configured, as described in “Web: Configuring the Global Address Pool” on page 7-64. Before enabling the Guest Login option, you must define the Guest User ■...

  • Page 263

    Wireless Security Configuration Web Authentication for Mobile Users Figure 7-19. Configuring Web Authentication on a WLAN To Configure Web Authentication: Select Network Setup > WLANs. Click [Edit] after the selected WLAN. The WLAN Configuration Security pop-up window opens. Select the Web Authentication tab. Click Web Authentication Enabled.

  • Page 264: Cli: Configuring Web-auth On A Wlan, Prerequisites

    Wireless Security Configuration Web Authentication for Mobile Users Click [Update]. CLI: Configuring Web-Auth on a WLAN Prerequisites Before enabling Web Authentication on a WLAN, the temporary address ■ pool must be configured, as described in “CLI: Configuring the Global Address Pool” on page 7-65. ■...

  • Page 265

    Web-Authentication on WLAN 1, with Guest access and Registered User access enabled. ProCurve Access Point 530(radio1-wlan1)# web-auth guest-login ProCurve Access Point 530(radio1-wlan1)# web-auth username-login ProCurve Access Point 530(radio1-wlan1)# web-auth retry-limit 3 ProCurve Access Point 530(radio1-wlan1)# web-auth redirect-url www.procurve.com show wlan 1 ProCurve Access Point 530(radio1-wlan1)#...

  • Page 266: Web: Customizing The Login, Welcome, And Failed Screens

    Wireless Security Configuration Web Authentication for Mobile Users Web: Customizing the Login, Welcome, and Failed Screens The Web Authentication – WLAN Web Authentication screen, through the Login, Welcome, and Failed tabs, shown in Figure 7-20 allows customization of the text on the three primary screens that are displayed during the Web Authentication process.

  • Page 267

    Wireless Security Configuration Web Authentication for Mobile Users Figure 7-20. Configuring Guest Account Credentials To customize the text on the Web-Auth Login screen: Select Network Setup > WLANs. Click [Edit] after the selected WLAN. The WLAN Configuration Security pop-up window opens. Select the Web Authentication tab.

  • Page 268: Cli: Customizing The Login, Welcome, And Failed Screens

    Wireless Security Configuration Web Authentication for Mobile Users Follow the same procedure for the Welcome sub-tab and the Failed sub-tab, if desired. N o t e If any of the fields is not explicitly customized, then the default value of the field is used.

  • Page 269

    Login screen. The same fields may be customized on the Welcome screen and the Failed screen as well, using their respective commands. ProCurve Access Point 530(radio1-wlan1)# web-auth custom-login-text title GS User Login ProCurve Access Point 530(radio1-wlan1)# web-auth custom-login-text header GS...

  • Page 270

    Wireless Security Configuration Web Authentication for Mobile Users 7-76...

  • Page 271

    Special Features...

  • Page 272: Table Of Contents

    Special Features Contents Overview ............8-3 QoS Commands .

  • Page 273

    Special Features Overview Overview The Access Point 530 provides the Web interface and CLI methods for config- uring special features such as QoS, upgrading software, WDS, AP detection, and STP. This chapter describes how to: ■ Configure QoS parameters Maintain configuration and upgrade files ■...

  • Page 274: Qos Commands

    Special Features QoS Commands QoS Commands QoS describes a range of technologies for controlling traffic on shared network connections. The IEEE 802.11e - 2005 standard defines a QoS stan- dard for transmission quality and availability of service on wireless networks. QoS is designed to provide better network service by minimizing network congestion;...

  • Page 275: Web: Configuring Qos Parameters

    ■ coordination of wireless medium access. The QoS settings on the Access Point 530 control downstream traffic flowing from the access point to the client station (AP EDCA parameters) and the upstream traffic flowing from the station to the access point (station EDCA parameters). Disabling WMM deactivates QoS control of station EDCA parameters on upstream traffic flowing from the station to the access point;...

  • Page 276

    Special Features QoS Commands Figure 8-2. QoS Advanced Settings Screen The WMM Settings pop-up window, shown in Figure 8-2, enables you to modify the following queue QoS parameters: AP Enhanced Distributed Channel Access (EDCA) Parameters: ■ Affect traffic flowing from the access point to the client station. •...

  • Page 277

    Special Features QoS Commands for the “cwMin” are 1, 3, 7, 15, 31, 63, 127, 255, 511, and 1024. The value for “cwMin” must be lower than the value for “cwMax”. (The default per queue: 3, 7, 15, 15.) • cwMax: Specifies the Maximum Contention Window QoS parameter.

  • Page 278: Cli: Configuring Qos Parameters

    Special Features QoS Commands for the “cwMax” are 1, 3, 7, 15, 31, 63, 127, 255, 511, and 1024. The value for “cwMax” must be higher than the value for “cwMin”. (The default per queue: 7, 15, 1023, 1023.) • TXOP Limit: Specifies the Transmission Opportunity QoS parameter.

  • Page 279

    Special Features QoS Commands ProCurve Access Point 530(radio1)#qos ap-params voice aifs ProCurve Access Point 530(radio1)# This example sets the quality of service cwMin and cwMax contention window parameters on the AP EDCA medium-priority queue. ProCurve Access Point 530(radio1)#qos ap-params video cwmin...

  • Page 280

    This example sets the quality of service AIFS wait time parameter to 10 seconds on the Station EDCA high priority queue. ProCurve Access Point 530(radio1)#qos sta-params voice aifs ProCurve Access Point 530(radio1)# This example sets the quality of service cwMin and cwMax contention window parameters on the Standard EDCA high-priority queue.

  • Page 281

    This example uses the show qos commands to display QoS details on the access point. ProCurve Access Point 530# configure ProCurve Access Point 530(config)# radio 1 ProCurve Access Point 530(radio1)# show qos ap-params ------------------------------------------------------------ Transmission Queue QoS Settings for the Access Point: Radio 1...

  • Page 282: Sflow, Flow Sampling By The Sflow Agent

    The sampling algorithm is designed to give a high certainty that the total traffic within a small margin of error. On the Access Point 530, data sources are the interfaces, and “n”, the packet- sampling rate, is configurable per-interface and per-sampling instance (up to three per interface).

  • Page 283: Counter Polling By The Sflow Agent, Sflow Collector, Configuring Sflow Receiver Instances, Sflow Instances

    100, flow sampling only adds about 0.7 percent overhead. The Access Point 530 uses datagram version 5, and you can specify the size of the datagram when you configure sFlow. Counter Polling by the sFlow Agent In addition to sampling every “nth”...

  • Page 284

    Special Features sFlow The sFlow collector reserves the instance by writing its owner string into that instance on the sFlow receiver table. The sFlow collector, or receiver, also configures a receiver timeout value for itself. The agent counts down the receiver timeout, and when the timeout falls low, the sFlow receiver renews the reservation.

  • Page 285: Wireless Distribution System (wds) And Spanning Tree Protocol (stp)

    When implementing a WDS link, the recommended practice is to dedicate one of the two radios in the Access Point 530 to servicing the WDS link. It is not recommended that the same WDS radio be configured to support wireless stations, although it is possible to do so.

  • Page 286

    Special Features Wireless Distribution System (WDS) and Spanning Tree Protocol (STP) At least one Access Point 530 must be connected to the network by means of a wired Ethernet connection. This Access Point 530 can then provide wireless WDS links for up to six other Access Point 530 units. In this configuration, the...

  • Page 287

    Special Features Wireless Distribution System (WDS) and Spanning Tree Protocol (STP) The Access Point 530 can be used as a wireless bridge to connect two different wired subnetworks together. For example, you can connect wired networks in two buildings across the street from one another by attaching an Access Point 530 to each separate network and configuring with a WDS link between them.

  • Page 288

    Special Features Wireless Distribution System (WDS) and Spanning Tree Protocol (STP) You can also configure the Access Point 530 to use WDS links in a multiple- hop configuration, as shown in Figure 8-5. In this configuration, the intermediate access point serves as a “repeater,” to bridge wireless traffic between an access point with an Ethernet connection and a more remote access point on the other side.

  • Page 289: Web: Configuring Wds Parameters

    Special Features Wireless Distribution System (WDS) and Spanning Tree Protocol (STP) STP is supported with WDS to manage loops that might be formed in the network through configuration of multiple WDS links. Enabling STP is recom- mended whenever you configure WDS links, unless you are assured that network loops cannot occur in your WDS configuration.

  • Page 290

    Special Features Wireless Distribution System (WDS) and Spanning Tree Protocol (STP) – Key Type: Establishes the type of the key as either ASCII or Hex. – Characters Required: Automatically populated based on the key length and key type. – WEP Key: Configures the WEP key for security. WDS WPA Security (see Figure 8-8) –...

  • Page 291

    Special Features Wireless Distribution System (WDS) and Spanning Tree Protocol (STP) Figure 8-7. Configuring WDS Link Parameters with WEP Security To Configure WDS Link Parameters with WEP Security: Select Special Features > WDS tab. To enable a WDS link, choose Enabled for the specific link option. To set the radio to establish the WDS link, use the Radio drop-down.

  • Page 292

    Special Features Wireless Distribution System (WDS) and Spanning Tree Protocol (STP) Figure 8-8. Configuring WDS Link Parameters with WPA Security To Configure WDS Link Parameters with WPA Security: Select Special Features > WDS tab. To enable a WDS link, click the Enabled button for the specific link. To set the radio to establish the WDS link, use the Radio drop-down.

  • Page 293: Cli: Configuring Wds Links

    & show wds<wds_name> 9-162 Using the CLI to Enable WDS. This example enables the WDS link. ProCurve Access Point 530(config)# interface wds1 ProCurve Access Point 530(wds1)# enable Using the CLI to Set the WDS SSID. This command sets the WDS SSID string for this WDS link and establishes a preshared key.

  • Page 294

    This example sets the WDS WEP key length when using static-wep security. The options are 64 and 128. ProCurve Access Point 530(wds1)# wep-key-length 64 ProCurve Access Point 530(wds1)# This example defines the wep-key used for data encryption on a WDS inter- face.

  • Page 295

    Disabled no-security not assigned yet not set Disabled no-security ProCurve Access Point 530(wds1)# ProCurve Access Point 530(wds1)#show wds 1 WDS #1 Description WDSLINK Status Enabled Use Radio Local MAC 00:14:C2:A4:14:BO Remote MAC 00:0D:9D:C6:98:7E STP State...

  • Page 296: Web: Configuring Stp Parameters

    Special Features Wireless Distribution System (WDS) and Spanning Tree Protocol (STP) Web: Configuring STP Parameters The WDS screen in the Web browser interface (see Figure 8-9) provides global configuration for the Spanning Tree Protocol (STP). To modify additional details specific to the STP, see “CLI: Establishing STP Settings”...

  • Page 297: Cli: Establishing Stp Settings

    The “hello-time” range is 1–10, the “forward-delay” range is 4–30, and the bridge “priority” range is 0–65535. ProCurve Access Point 530# configure ProCurve Access Point 530(config)# stp hello-time 10 ProCurve Access Point 530(config)# stp forward-delay 10 ProCurve Access Point 530(config)# stp priority 255...

  • Page 298

    Using the CLI to View WDS Parameters. These examples use the show interface ethernet command and the show wds x command to check the status of the STP state and configured parameters. ProCurve Access Point 530#show interface ethernet Ethernet interface: --------------------...

  • Page 299

    N o t e Spanning Tree Protocol (STP) has detected a loop and the WDS 1 interface is being blocked by STP, as shown in the following example. ProCurve Access Point 530(wds1)#show wds 1 WDS #1 Description Wireless Distribution System - Link 1...

  • Page 300: Ap Detection Commands, Web: Configuring Ap Detection Parameters

    Special Features AP Detection Commands AP Detection Commands You can configure the access point to periodically scan all radio channels and find other access points within range. Alternatively, the access point can scan continuously in a dedicated mode with no stations supported. A database of nearby access points is maintained where detected access points can be identified.

  • Page 301

    Special Features AP Detection Commands The Settings tab, shown in Figure 8-11, enables you to modify the following parameters: ■ AP Detection Radio 1/Radio 2: Enables/disables ability per radio for the access point to scan radio channels to discover other access points. (The default is Disable.) Scan Interval: Sets the minimum amount of time that the access point ■...

  • Page 302

    Special Features AP Detection Commands Figure 8-11. AP Detection - Settings Tab To Enable AP Detection Parameters: Select Special Features > AP Detection > Settings tab. To enable scanning, select Enable from the AP Detection drop-down for the radio you are configuring. To specify the beacon transmission interval, enter the interval value in the Scan Interval field.

  • Page 303: Cli: Configuring Ap Detection

    ProCurve Access Point 530(radio1)#ap-detection ProCurve Access Point 530(radio1)#ap-detection duration 10 ProCurve Access Point 530(radio1)#ap-detection interval 15 Using the CLI to Set AP List Parameters. This example sets the time that a detected AP remains on the AP list, and sets the maximum number of AP entries displayed on the list.

  • Page 304

    Special Features AP Detection Commands ProCurve Access Point 530(radio1)#ap-detection expire-time ProCurve Access Point 530(radio1)#ap-detection max-entries Using the CLI to View the AP Scan Results. This example displays the current AP detection results. ProCurve Access Point 530(radio1)#show detected-ap Neighboring APs: BSSID...

  • Page 305: Probe Table, Probe Table Description, Guidelines For Configuring The Probe Table

    Special Features Probe Table Probe Table The Access Point 530 supports the Rogue AP Detection feature in ProCurve Mobility Manager by making available, via SNMP, a table of PROBE requests from unassociated audible clients. Probe Table Description The first time a PROBE request is received from an unassociated audible...

  • Page 306: Identity Driven Management, Idm Vlan

    ■ ■ Rate Limiting IDM on the Access Point 530 can be accomplished using either 802.1X authen- tication or MAC authentication. The 802.1X authentication is more secure, while MAC authentication can be used with stations that don’t have 802.1X supplicant. Although it is possible to use MAC authentication along with 802.1X, there are known user and ACL assignment overrides that occur.

  • Page 307: Configuring An Acl In A Radius Server, Idm Rate Limiting, Idm Acl

    ProCurve (HP) Vendor-Specific ID: 11 • Vendor-Specific Attribute for ACLs: 61 (string = HP-IP-FILTER-RAW) • Setting: HP-IP-FILTER-RAW = < “permit” or “deny” (Access Control Entry (ACE)> N o t e “Permit” forwards inbound packets, “deny” drops packets. ACL configuration, including: ■...

  • Page 308

    Special Features Identity Driven Management — This page is intentionally unused. — 8-38...

  • Page 309

    Command Line Reference...

  • Page 310

    Command Line Reference Contents Contents Overview ............9-8 General Commands .

  • Page 311: Table Of Contents

    Command Line Reference Contents System Clock Commands ........9-35 sntp .

  • Page 312: Table Of Contents

    Command Line Reference Contents RADIUS Accounting/Authentication ......9-65 radius-accounting ......... . 9-65 radius failover-to-local | retransmit .

  • Page 313: Table Of Contents

    Command Line Reference Contents description ..........9-93 dns primary .

  • Page 314

    Command Line Reference Contents show basic-rate ......... . . 9-122 show stations .

  • Page 315: Table Of Contents

    Command Line Reference Contents management-vlan ......... 9-148 QoS Commands .

  • Page 316

    Command Line Reference Overview Overview This chapter describes the commands provided by the Access Point 530 CLI. The CLI commands can be broken down into the functional groups shown below. Command Group Description Page General Initial commands for performing basic access point 9-10 tasks.

  • Page 317

    Command Line Reference Overview The access mode shown in the following tables is indicated by these abbrevi- ations: • GC (Global Configuration), MC (Manager Executive Configuration), • • IC-E (Ethernet Interface Configuration), • IC-WDS(WDS Interface Configuration), • IC-R (Radio Wireless Interface Configuration), and •...

  • Page 318: General Commands, Configure

    Command Line Reference General Commands General Commands These commands are used to configure the basic commands on the access point. Command Function Mode Page configure Set the current context level to the Global 9-10 Configuration level. copy See “Flash/File Commands” on page 9-50 9-51 Sets the current context level to the Manager 9-11...

  • Page 319: Exit

    Default Setting Command Mode Manager Exec Example ProCurve Access Point 530# configure ProCurve Access Point 530(config) This command sets the current context level to the Manager Exec level. Syntax Default Setting Command Mode...

  • Page 320: Logout

    This example shows how to return to the previous command levels starting from the Interface Configuration mode and finally logging out of the CLI session: ProCurve Access Point 530(ethernet)# exit ProCurve Access Point 530(config)# exit ProCurve Access Point 530# exit Connection to host lost.

  • Page 321: Ping

    Destination unreachable - The gateway for this destination indi- cates that the destination is unreachable. – Network or host unreachable - The gateway found no corre- sponding entry in the route table. Example ProCurve Access Point 530# ping 10.1.0.9 10.1.0.9 is alive ProCurve Access Point 530# 9-13...

  • Page 322: Reload, Show

    Manager Exec Example This example shows how to perform a warm reboot of the system: ProCurve Access Point 530# reload Device will be rebooted, do you want to continue [y/n]?y Do you want to save the current configuration [y/n]?n Connection to host lost.

  • Page 323

    Command Line Reference General Commands • custom-default -Shows custom default configuration file of device. See “show custom-default” on page 9-58. debug - Shows debug-related information on this device. See • “show debug” on page 9-33. • detected-ap - Shows detected neighboring wireless network details. “show detected-ap”...

  • Page 324: Terminal

    – <61-1920> - Number of characters on a screen line. Default Setting Command Mode Manager Exec Example ProCurve Access Point 530# terminal length 1000 ProCurve Access Point 530# ProCurve Access Point 530# terminal width 1900 ProCurve Access Point 530# 9-16...

  • Page 325: System Management Commands

    Command Line Reference System Management Commands System Management Commands These commands are used to configure the user name, password, system details, and a variety of other system information. Command Function Mode Page country Set the country code for the access point. 9-18 <country code>...

  • Page 326: Country

    Command Line Reference System Management Commands country This command configures the access point’s Country Code, which identifies the country of operation and sets the correct authorized radio channels. Syntax country <country_code> • country_code - A two character code that identifies the country of operation.

  • Page 327

    Command Line Reference System Management Commands Country Code Country Code Country Code Country Code Bermuda Hong Kong Mozambique Tajikstan Bolivia Hungary Myanmar Thailand Bosnia and Iceland Nambia Trinidad and Tobago TT Herzegovina Botswana India Netherlands Tunisia Brazil Indonesia New Zealand Turkey Brunei Darussalam Iran, Islamic Repubic...

  • Page 328: Hostname

    Appendix A, “Resets the configuration back to factory defaults.” on page A-17. Example ProCurve Access Point 530# country gb ProCurve Access Point 530# hostname This command sets the system hostname. Syntax hostname <hostname>...

  • Page 329: Domain, Password Manager

    Default Setting None Command Mode Global Configuration Example ProCurve Access Point 530# configure ProCurve Access Point 530(config)# domain example.com password manager This command sets the password for entering the Manager Exec level. Syntax password manager <password> • password - A text string to establish security for entry into the Manager Exec level.

  • Page 330: Buttons

    System Management Commands Example ProCurve Access Point 530# configure ProCurve Access Point 530(config)# password manager admin buttons This command enables the ability to clear the password(s) and/or configura- tion(s) via the buttons on the device. The no command disables this ability.

  • Page 331: Cli-confirmation, Console

    System Management Commands This example shows how to disable all the push button capabilities. ProCurve Access Point 530# configure ProCurve Access Point 530(config)# no buttons custom-reset ProCurve Access Point 530(config)# no buttons factory-reset ProCurve Access Point 530(config)# no buttons password-reset...

  • Page 332: Telnet

    Default Setting Enabled Command Mode Global Configuration Example ProCurve Access Point 530# configure ProCurve Access Point 530(config)# console ProCurve Access Point 530(config)# telnet This command enables remote Telnet access. The no version disables remote Telnet access to this device.

  • Page 333: Web-management

    Command Line Reference System Management Commands Example ProCurve Access Point 530# configure ProCurve Access Point 530(config)# telnet ProCurve Access Point 530(config)# This command enables the remote ssh access to this device. The no version disables the remote ssh access to this device.

  • Page 334: Show Buttons

    Default Setting Enabled Command Mode Global Configuration Example ProCurve Access Point 530# configure ProCurve Access Point 530(config)# web-management ssl ProCurve Access Point 530(config)# show buttons This command displays the status of the push button capabilities. Syntax show buttons Default Setting...

  • Page 335: Show Console, Show Ssh

    This command displays the status of the console. Syntax show console Default Setting Command Mode Manager Exec General Configuration Context Example ProCurve Access Point 530(config)# show console CLI Access: Serial Interface Enabled Telnet Interface Enabled SSH Interface Enabled CLI Confirmation Dialogs...

  • Page 336: Show System-information

    Command Line Reference System Management Commands Example ProCurve Access Point 530(config)# show ssh SSH Status Enabled ProCurve Access Point 530(config)# show system-information This command shows information about the device and the hostname/DNS information. This command is the same as the show system command.

  • Page 337

    Command Line Reference System Management Commands Example ProCurve Access Point 530# show system-information Serial Number TW547VV07X System Name ProCurve-AP-530 System Up Time 2 days 23 hours 35 mins 18 secs System Location not set System Country Code Software Version WA.01.00...

  • Page 338: Show Version

    This command displays the version of the software running on the device. Syntax show version Default Setting Command Mode Manager Exec Global Configuration Example ProCurve Access Point 530# show version Image Software Version WA.02.00.0412 Boot Software Version WAB.01.00 ProCurve Access Point 530# 9-30...

  • Page 339: System Logging Commands

    Command Line Reference System Logging Commands System Logging Commands These commands are used to configure system logging on the access point. Command Function Mode Page Displays all log entries in access point memory. 9-31 [no] logging Adds a syslog server host IP address and assign a port 9-32 <syslog_host>...

  • Page 340: Logging

    Command Line Reference System Logging Commands Example ProCurve Access Point 530# log Keys: M=eMergency C=Critical W=Warning I=Information A=Alert E=Error N=Notice D=Debug ----- Event Log Listing: Most Recent Events First ---- I 01/03/00 03:57:15 login[29765]: root login on `ttyp0' I 01/03/00 02:28:56 login[24466]: root login...

  • Page 341: Show Debug, Show Logging

    The following examples show how to relay log entries to a syslog host on port 514 at IP address 10.1.0.3. Example ProCurve Access Point 530# configure ProCurve Access Point 530(config)# logging 10.1.0.3 514 ProCurve Access Point 530(config)# Related Commands show logging (page 9-33) show debug This command displays debug related details on this device.

  • Page 342

    Command Line Reference System Logging Commands show logging Default Setting Command Mode Manager Exec Example ProCurve Access Point 530# show logging Keys: M=eMergency C=Critical W=Warning I=Information A=Alert E=Error N=Notice D=Debug ----- Event Log Listing: Most Recent Events First ---- I 01/03/00 03:57:15 login[29765]: root login...

  • Page 343: System Clock Commands, Sntp

    The access point will poll the time servers in the order specified until a response is received. Example ProCurve Access Point 530# configure ProCurve Access Point 530(config)# sntp 10.1.0.19 9-35...

  • Page 344: Show Sntp, Show Time

    This command displays the current time and configuration settings for the SNTP client. Syntax show sntp Default Setting Command Mode Manager Exec Example ProCurve Access Point 530# show sntp SNTP Status Enabled SNTP Server 10.1.0.19 ProCurve Access Point 530# show time This command displays the current date and time.

  • Page 345: Network Management Application Commands

    Command Line Reference Network Management Application Commands Network Management Application Commands These commands are used to configure Simple Network Management Protocol (SNMP) and Link Layer Discovery Protocol which defines standards for facilities network management.. Command Function Mode Page SNMP [no] snmp-server community Sets up the private community access 9-38 <comm>...

  • Page 346: Snmp-server Community Restricted | Unrestricted

    Restricted community with a public access default. Command Mode Global Configuration Example ProCurve Access Point 530# configure ProCurve Access Point 530(config)# no snmp-server community <public> restricted ProCurve Access Point 530(config)# no snmp-server community <system> unrestricted ProCurve Access Point 530(config)# 9-38...

  • Page 347: Snmp-server Contact

    This command specifies the SNMP contact name. Use the no form to remove the specified contact name. Syntax snmp-server contact <contact> no snmp-server contact • contact - Name of the contact. Default Setting Command Mode Global Configuration Example ProCurve Access Point 530(config)# snmp-server contact J Wilson ProCurve Access Point 530(config) 9-39...

  • Page 348: Snmp-server Host

    Community String: public Command Mode Global Configuration Command Usage The snmp-server host command is used in conjunction with the snmp-server enable server command to enable SNMP notifications. Example ProCurve Access Point 530(config)# snmp-server host 10.1.0.15 public ProCurve Access Point 530(config) 9-40...

  • Page 349: Snmp-server Location

    This command specifies the SNMP location description. Use the no form to remove the specified location description. Syntax snmp-server location <location> no snmp-server location • location - Name of the contact. Default Setting Command Mode Global Configuration Example ProCurve Access Point 530(config)# snmp-server location BHall6 ProCurve Access Point 530(config) 9-41...

  • Page 350: Snmp-server Port

    - The number specifying the port to which the SNMP server will listen. This must be an unused port on the AP. Default Setting Command Mode Global Configuration Example ProCurve Access Point 530# configure ProCurve Access Point 530(config)# snmp-server port 161 ProCurve Access Point 530(config)# 9-42...

  • Page 351: Snmp-server Trap

    Network Management Application Commands snmp-server trap This command enables and disables selected SNMP traps on the access point. Syntax [no] snmp-server trap <trap> • trap - One of the SNMP traps supported by the AP-530: adHocNetworkDetected apDetectionUpdate apInterfaceUpdate buttonUpdate clientAssociation clientAuthentication...

  • Page 352

    Command Line Reference Network Management Application Commands Example ProCurve Access Point 530# configure ProCurve Access Point 530(config)# snmp-server trap radiusAcctUpdate ProCurve Access Point 530(config)# 9-44...

  • Page 353: Show Snmp-server

    SNMP server on this device. Syntax show snmp-server Default Setting None Command Mode Manger Exec Example ProCurve Access Point 530# configure ProCurve Access Point 530(config)# show snmp-server SNMP Server Settings --------------------------------------------------------------------------- SNMP Status Enabled SNMP Port Community (ro) public Community (rw)

  • Page 354: Snmpv3 Enable

    [no] snmpv3 enable Default Setting Disabled Command Mode Global Configuration Example ProCurve Access Point 530# config ProCurve Access Point 530(config)# snmpv3 enable ProCurve Access Point 530(config)# show snmpv3 SNMPv3: Enabled SNMP engine ID: 00:00:00:0b:00:00:00:14:c2:a5:6a:b3 SNMPv3 user accounts: Username Auth. Protocol...

  • Page 355: Snmpv3 User-name, Show Snmpv3, Show Snmpv

    Default Setting None. Command Mode Global Configuration Example ProCurve Access Point 530# config ProCurve Access Point 530(config)# snmpv3 user-name ltulina auth md5 12345678 priv aes 87654321 ProCurve Access Point 530(config)# Related Commands snmpv3 enable (page 9-46) show snmpv3 (page 9-47) show snmpv3 This command displays the current SNMPv3 settings on the access point.

  • Page 356: Lldp

    Command Line Reference Network Management Application Commands show snmpv3 Default Setting Disabled Command Mode Manager Exec Example ProCurve Access Point 530# show snmpv3 SNMPv3: Enabled SNMP engine ID: 00:00:00:0b:00:00:00:14:c2:a5:09:8c SNMPv3 user accounts: Username Auth. Protocol Privacy Protocol ---------------------------------------------- ltulina afanto...

  • Page 357: Show Lldp

    This command displays the status of the Link Layer Discovery Protocol (LLDP) service on the device. Syntax show lldp Default Command Mode Global Configuration Example ProCurve Access Point 530# configure ProCurve Access Point 530(config)# show lldp LLDP Status Enabled ProCurve Access Point 530(config)# 9-49...

  • Page 358: Flash/file Commands

    Command Line Reference Flash/File Commands Flash/File Commands These commands are used to manage the system software or configuration files. Command Function Mode Page copy <ftp | scp | Copy data from a remote server onto the device. 9-53 tftp> <flash | startup-config>...

  • Page 359: Copy, Copy Custom-default Startup-config

    Manager Exec Example. ProCurve Access Point 530# copy startup-config tftp 192.168.1.52 copystart ProCurve Access Point 530# copy ftp flash 192.168.1.52 WA.01.00.img user-name Chris password chrispass ProCurve Access Point 530# copy custom-default startup-config This command sets the startup configuration file to contain the same settings as the customer-modifiable configuration on the device and reloads the device.

  • Page 360: Copy Startup-config

    Manager Exec Example In this example, the copy custom-default startup-config command resets the startup configuration to the same setting as the custom-default configuration. ProCurve Access Point 530# copy custom-default startup- config ProCurve Access Point 530# Related Commands erase (page 9-54)

  • Page 361: Copy Factory-default, Copy Running-config

    Command Line Reference Flash/File Commands Command Mode Manager Exec Example. ProCurve Access Point 530# copy startup-config ftp 192.168.1.52 copystart user-name chris password open ProCurve Access Point 530# copy startup-config tftp 192.168.1.52 copystart copy factory-default This command resets configuration file to the factory-default configuration...

  • Page 362: Erase

    • modifiable default configuration file. Default Setting Command Mode Manager Exec Example ProCurve Access Point 530# copy running-default startup- config ProCurve Access Point 530# Related Commands write (page 9-55 erase This command resets the specified configuration file stored on the device.

  • Page 363: Write

    Default Setting Command Mode Manager Exec Example This example shows how to reset the startup configuration to the defaults.: ProCurve Access Point 530# erase startup-config ProCurve Access Point 530# Related Commands copy custom-default startup-config (page 9-51) write This command views or saves the running configuration of the device.

  • Page 364: Show Config

    Flash/File Commands show config This command displays the startup configuration on the device. Syntax show config Default Setting Command Mode Manager Exec Example ProCurve Access Point 530# show config <?xml version="1.0"?> <config> <interface name="wlan0wds1"> <type>wds</type> <status>down</status> <wds-security-policy>no-security</wds-security-policy> <wep-key-length>104</wep-key-length> <radio>wlan1</radio> <wds-ssid>WDS SSID 2</wds-ssid>...

  • Page 365: Show Copy, Show Tech

    Syntax show copy Default Setting Command Mode Manager Exec Global Configuration Example ProCurve Access Point 530# show copy ------------------------------------------------------------ Copy Operation Status (FTP/SCP/TFTP) Last software image (flash) copy result: not initiated Last configuration file copy result: not initiated ProCurve Access Point 530#...

  • Page 366: Show Custom-default

    Command Line Reference Flash/File Commands Example ProCurve Access Point 530# show tech ------------------------------------------------------------ Description Radio 1 - WLAN 10 Status Disabled SSID SSID 10 VLAN None BSSID not assigned yet DTIM Period Security Type no-security (No Sec.) Closed System Disabled...

  • Page 367

    Command Line Reference Flash/File Commands Example ProCurve Access Point 530# show custom-default Version: 1 Length: 98936 MD5sum: 87a35d67230ec78a4a33d37abbf2bec0 <?xml version="1.0"?> <config> <interface name="wlan0wds1"> <type>wds</type> <status>down</status> <wds-security-policy>wpa-psk</wds-security-policy> <wep-key-length>104</wep-key-length> <radio>wlan1</radio> <wds-ssid>WDS SSID 2</wds-ssid> <wep-key-ascii>no</wep-key-ascii> <wds-wpa-psk-format>ascii</wds-wpa-psk-format> <description>Wireless Distribution System - Link 2</ description>...

  • Page 368: Show Running-config

    This command displays the running configuration file in a readable text format. Syntax show running-config Default Setting Command Mode Manager Exec Example ProCurve Access Point 530# show running-config <config> <interface name="wlan0wds1"> <type>wds</type> <status>down</status> <wds-security-policy>no-security</wds-security-policy> <wep-key-length>104</wep-key-length> <radio>wlan1</radio> <wds-ssid>WDS SSID 2</wds-ssid>...

  • Page 369: Group Configuration, Group-config

    Command Line Reference Group Configuration Group Configuration Use the following commands to configure a group of access points whose parameters are synchronized whenever one member of the group is updated. Only parameters in the Group Configuration Parameter Block are synchro- nized Command Function...

  • Page 370: Group-config Name, Group-config Member-id

    Global Configuration Example: The following example specifies that the access point will belong to group "WHBldg22". ProCurve Access Point 530# configure ProCurve Access Point 530(config)# group-config name WHBldg22 write memory ProCurve Access Point 530(config)# ProCurve Access Point 530(config)# group-config member-id The command sets an optional string that identifies the access point within the group.

  • Page 371: Show Group-config

    Global Configuration Example: The following example identifies the access point in the member list as "AP1". ProCurve Access Point 530# configure ProCurve Access Point 530(config)# group-config member-id AP1 ProCurve Access Point 530(config)# write memory ProCurve Access Point 530(config)# show group-config The command displays the current group configuration settings for the access point.

  • Page 372

    Command Line Reference Group Configuration Example:. ProCurve Access Point 530# show group-config Status: Enabled Group name: WHBldg22 Member ID: ------------------------------- 00:14:C2:A5:09:8C 10.0.1.101 00:14:C2:A5:6A:B3 10.0.1.102 ProCurve Access Point 530# 9-64...

  • Page 373: Radius Accounting/authentication, Radius-accounting

    Command Line Reference RADIUS Accounting/Authentication RADIUS Accounting/Authentication The access point provides configuration for RADIUS Accounting servers and Radius Authentication which can be used to provide valuable information on user activity in the network. Command Function Mode Page [no] radius-accounting <primary | Enables RADIUS Accounting.

  • Page 374: Radius Failover-to-local | Retransmit

    Disabled Command Mode WLAN Radio Interface Configuration Example ProCurve Access Point 530# configure ProCurve Access Point 530(config)# radio 1 ProCurve Access Point 530(radio1)# wlan 1 ProCurve Access Point 530(radio1-wlan1)# radius-accounting primary ip 192.168.1.52 ProCurve Access Point 530(radio1-wlan1)# radius-accounting port 161...

  • Page 375: Radius Primary | Secondary

    Command Line Reference RADIUS Accounting/Authentication Example ProCurve Access Point 530# configure ProCurve Access Point 530(config)# radio1 ProCurve Access Point 530(radio1)# wlan 1 ProCurve Access Point 530(radio1-wlan1)# radius failover-to- local ProCurve Access Point 530(radio1-wlan1)# radius retransmit radius primary | secondary This command configures RADIUS configures primary and secondary param- eters for this WLAN.

  • Page 376

    Example ProCurve Access Point 530# configure ProCurve Access Point 530(config)# radio 1 ProCurve Access Point 530(radio1)# wlan 1 ProCurve Access Point 530(radio1-wlan1)# radius primary key open ProCurve Access Point 530(radio1-wlan1)# radius primary ip 192.168.1.53 ProCurve Access Point 530(radio1-wlan1)# radius primary mac-...

  • Page 377: Radius Users, Radius-local

    Command Line Reference RADIUS Users RADIUS Users The access point provides configuration to add local RADIUS user information in the network. Command Function Mode Page [no] radius-local Configure a new radius-local user account 9-69 <username> [disabled] | or modify a user account. [password <password>] | realname <realname>] show radius-local...

  • Page 378: Show Radius-local

    The following example first sets the radius-local username to "chris" and subsequently sets the password for the chris user account to "chrisopen". ProCurve Access Point 530# configure ProCurve Access Point 530(config)# radius-local chris ProCurve Access Point 530(config)# radius-local chris password chrisopen ProCurve Access Point 530(config)# This example sets the real name of the chris user account to chris smith.

  • Page 379

    Command Line Reference RADIUS Users Example ProCurve Access Point 530# configure ProCurve Access Point 530(config)# show radius-local Username Real Name Status ---------- ---------- ---------- MSmith Mr Smith Enabled Chris CSmith Enabled ProCurve Access Point 530(config)# 9-71...

  • Page 380: Mac Address Authentication, Mac-auth-local

    Command Line Reference MAC Address Authentication MAC Address Authentication Use these commands to define MAC authentication on the access point. For local MAC authentication, first create the MAC authorization lists, enter the MAC addresses to be filtered and then define the default filtering policy using the address filter default command.

  • Page 381: Mac-auth-remote

    Default None Command Mode WLAN Interface Configuration Example ProCurve Access Point 530# configure ProCurve Access Point 530(config)# radio 1 ProCurve Access Point 530(radio1)# wlan 1 ProCurve Access Point 530(radio1-wlan1)# mac-auth-local Bob accept-list ProCurve Access Point 530(radio1-wlan1)# mac-auth-remote This command enables remote MAC address authentication by using the RADIUS authentication server settings on this WLAN.

  • Page 382: Show Mac-auth-local

    • name - Displays only MAC address entries for the specified list. Default Command Mode WLAN Radio Interface Configuration Example ProCurve Access Point 530# show mac-auth-local mylist MAC address entries for authentication control list "mylist": MAC Addresses ---------------------------------------------------------------------- 00:11:22:33:44:55 00:aa:bb:cc:dd:ee...

  • Page 383: Mac Lockout, Lockout-mac

    MAC address entry from the MAC Lockout list. Valid format is 00:00:00:00:00:00 - FF:FF:FF:FF:FF:FF. Default None Command Mode Global Configuration Example ProCurve Access Point 530# configure ProCurve Access Point 530(config)# lockout-mac 00:14:C2:A5:09:8D ProCurve Access Point 530(config)# 9-75...

  • Page 384: Show Lockout-mac, Lockout-mac Clear

    Syntax show lockout-mac Default None Command Mode Manager Exec Example ProCurve Access Point 530# show lockout-mac Locked out addresses 00:14:C2:A5:09:8D 0A:16:D2:5A:23:78 Number of locked out MAC addresses = 2 ProCurve Access Point 530# lockout-mac clear This command adds or removes entries in the MAC Lockout list on the device.

  • Page 385

    Command Line Reference MAC Lockout Example ProCurve Access Point 530# configure ProCurve Access Point 530(config)# lockout-mac clear all 2 MAC addresses removed from lockout list ProCurve Access Point 530(config)# show lockout-mac No MAC addresses in lockout list. ProCurve Access Point 530(config)#...

  • Page 386: Client/station Deauthentication, Deauth-mac

    This command deauthenticates a device from the access point. Syntax deauth-mac <mac address> • mac address - Specifies the MAC Address to deauthenticate. Valid format is 00:00:00:00:00:00 - FF:FF:FF:FF:FF:FF. Default None Command Mode Global Configuration Example ProCurve Access Point 530# deauth-mac 00:d0:59:c8:62:dd ProCurve Access Point 530# 9-78...

  • Page 387: Web Authentication Commands

    Command Line Reference Web Authentication Commands Web Authentication Commands The commands described in this section are used to enable and configure Web Authentication (Web-Auth) in the Access Point 530. Command Function Mode Page Global [no] web-auth Enables 802.1X authentication IC-R-...

  • Page 388: Web-auth (global Address Pool), Web-auth (global Address Pool)

    Command Line Reference Web Authentication Commands Command Function Mode Page [no] web-auth default-login-page Enables or disables the default IC-R- 9-83 field values for the Login screen. WLAN title- web-auth custom-login-text [title < Specifies the custom text field IC-R- 9-83 text header-text >] | [header <...

  • Page 389: Web-auth (global Guest User), Web-auth (global Guest User)

    Command Line Reference Web Authentication Commands Example ProCurve Access Point 530(config)# web-auth starting-ip- address 192.168.0.1 255.255.240.0 ProCurve Access Point 530(config)# web-auth lease-time 60 show web-auth ProCurve Access Point 530(config)# Temporary Address Pool Start 192.168.0.1 Subnet 255.255.240.0 Lease time (secs.) Guest Username...

  • Page 390: Web-auth (wlan Configuration), Web-auth (wlan Configuration)

    Command Line Reference Web Authentication Commands web-auth (WLAN Configuration) These commands configure the Web-Auth settings for the selected WLAN. The no version of a command clears the field value. Syntax [no] web-auth [no] web-auth guest-login [no] web-auth username-login [no] web-auth redirect-url web-auth retry-limit <retries>...

  • Page 391: Web-auth (wlan Screen Customization), Web-auth (wlan Screen Customization)

    Web Authentication Commands Example ProCurve Access Point 530(radio1-wlan1)# web-auth guest-login ProCurve Access Point 530(radio1-wlan1)# web-auth username-login ProCurve Access Point 530(radio1-wlan1)# web-auth retry-limit 3 ProCurve Access Point 530(radio1-wlan1)# web-auth redirect-url www.procurve.com show wlan 1 ProCurve Access Point 530(radio1-wlan1)# WLAN # 1 on Radio 1...

  • Page 392

    Syntax [no] web-auth default-login-page web-auth custom-login-text [title <title-text>] | [header <header-text>] | [footer <footer-text>] | [descriptive <descriptive-text>] [no] web-auth default-welcome-page web-auth custom-welcome-text [title <title-text>] | [header <header-text>] | [footer <footer-text>] | [descriptive <descriptive-text>] [no] web-auth default-failed-page web-auth custom-failed-text [title <title-text>] | [header <header-text>] | [footer <footer-text>] | [descriptive <descriptive-text>] •...

  • Page 393: Show Web-auth

    Command Line Reference Web Authentication Commands Example ProCurve Access Point 530(radio1-wlan1)# web-auth custom-login-text title GS User Login ProCurve Access Point 530(radio1-wlan1)# web-auth custom-login-text header GS User Login ProCurve Access Point 530(radio1-wlan1)# web-auth custom-login-text descriptive Enter your General Services Department username and password.

  • Page 394: Ap Authentication Commands, Ap-authentication

    Command Line Reference AP Authentication Commands AP Authentication Commands The command described in this section is used to enable and configure AP Authentication in the Access Point 530. Command Function Mode Page [no] ap-authentication Enables and disables AP authentication on 9-86 the access point.

  • Page 395: Show Ap-authentication, Filtering Commands

    Syntax show ap-authentication Default none Command Mode Global Configuration Example ProCurve Access Point 530(config)# show ap-authentication Status: Enabled EAP Type: peap ProCurve Access Point 530(config)# Filtering Commands The commands described in this section are used to filter communications between wireless stations, control access to the management interface from wireless stations, and filter traffic using specific Ethernet protocol types.

  • Page 396: Inter-station-blocking, Wireless-mgmt-block

    Default Disabled Command Mode Global Configuration Example ProCurve Access Point 530# configure ProCurve Access Point 530(config)# inter-station-blocking ProCurve Access Point 530(config)# wireless-mgmt-block This command enables access to the management interfaces (http/telnet/etc.) from the wireless side on the device. The no version of the command disables this ability on the device.

  • Page 397: Show Filters

    Command Line Reference Filtering Commands ProCurve Access Point 530# configure ProCurve Access Point 530(config)# wireless-mgmt-block ProCurve Access Point 530(config)# show filters This command displays management/traffic/security filter settings for the device. Syntax show filters Default Command Mode Global Configuration Manager Exec...

  • Page 398

    Command Line Reference Filtering Commands Example. ProCurve Access Point 530# show filters Traffic/Security Filters: Wireless Management Blocking Enabled Inter-Station Blocking Disabled ProCurve Access Point 530# 9-90...

  • Page 399: Ethernet Interface Commands, Interface

    Command Line Reference Ethernet Interface Commands Ethernet Interface Commands The commands described in this section configure connection parameters for the Ethernet interface. Command Function Mode interface <interface> Enters Ethernet interface configuration 9-91 mode enable Enables the interface. IC-E 9-92 disable Disables the interface.

  • Page 400: Enable (ethernet), Disable (ethernet), Enable (ethernet), Disable (ethernet)

    Command Line Reference Ethernet Interface Commands Command Mode Global Configuration Example: ProCurve Access Point 530(config)# interface ethernet ProCurve Access Point 530(ethernet)# enable (ethernet) This command enables the specified interface. Syntax enable Default Setting Command Mode Ethernet Interface Configuration Example: ProCurve Access Point 530(config)# interface ethernet...

  • Page 401: Description, Dns Primary

    (e.g., excessive collisions), and re-enable it after the problem has been resolved. You may also want to disable the Ethernet interface for security reasons. Example: ProCurve Access Point 530(config)# interface ethernet ProCurve Access Point 530(ethernet)# disable Connection to the host is lost. description This command specifies a human-readable string description of this interface.

  • Page 402: Dns Secondary

    DHCP client must be disabled in order to implement a static ip address. Example ProCurve Access Point 530# configure ProCurve Access Point 530(config)# dns primary 192.168.1.55 ProCurve Access Point 530(config)# dns secondary This command establishes the secondary DNS server address. The no version of the command clears the secondary IP address, if one is set and does not require for the IP to be specified.

  • Page 403: Ip Address

    Command Line Reference Ethernet Interface Commands Example ProCurve Access Point 530# configure ProCurve Access Point 530(config)# dns secondary 10.1.0.55 ProCurve Access Point 530(config)# ip address This command configures the IP address settings for the interface. The no version of the command clears the statically assigned IP address and network mask.

  • Page 404: Ip Default-gateway

    255, separated by periods. Anything other than this format will not be accepted by the configuration program. Example ProCurve Access Point 530(config)# interface ethernet ProCurve Access Point 530(ethernet)# ip address 192.168.1.2 255.255.255.0 ProCurve Access Point 530(ethernet)# ip default-gateway This command sets the static default gateway router for the device. The no version of the command does not require parameters and resets the address of the default gateway router, if any.

  • Page 405: Speed Duplex

    Command Line Reference Ethernet Interface Commands Example: ProCurve Access Point 530(config)# interface ethernet ProCurve Access Point 530(ethernet)# ip default-gateway 192.168.1.1 ProCurve Access Point 530(ethernet)# speed duplex This command configures the mode of operation for the Ethernet port (Requires reboot). Syntax speed-duplex <auto |auto-10 |auto-100 |10-half |100-half |10-full |100-full >...

  • Page 406: Show Interface

    Command Line Reference Ethernet Interface Commands show ip Default Setting Command Mode Manager Exec Example ProCurve Access Point 530# show ip IP Address Information: System Host Name ProCurve-AP-530 IP Address 192.168.1.2 Subnet Mask 255.255.255.0 Default Gateway 192.168.1.253 DHCP Client Enabled...

  • Page 407

    Command Line Reference Ethernet Interface Commands Example ProCurve Access Point 530# show interface ethernet Ethernet interface: --------------------- Description Ethernet MAC address 00:14:C2:A5:08:CB Speed-duplex auto Administrative status Enabled Link status [add-in-future] Management VLAN ID Untagged-VLAN ID Spanning Tree (STP) Enabled STP Port State...

  • Page 408

    Command Line Reference Ethernet Interface Commands Example ProCurve Access Point 530# show ip IP Address Information: System Host Name ProCurve-AP-530 IP Address 192.168.1.2 Subnet Mask 255.255.255.0 Default Gateway 192.168.1.253 DHCP Client Enabled DNS Information (Obtained from DHCP): Domain Name Suffix example.net...

  • Page 409: Wireless Interface Commands

    Command Line Reference Wireless Interface Commands Wireless Interface Commands The commands described in this section configure global parameters for the wireless interface. Command Function Mode Page radio < 1 | 2 > Enters wireless interface configuration mode. GC 9-102 ssid <ssid> Sets SSID string.

  • Page 410: Radio

    Command Line Reference Wireless Interface Commands Command Function Mode Page fragmentation-thresh Configures the minimum packet size that can IC-R 9-112 be fragmented inactivity-timeout Configures the inactivity time. IC-R 9-113 slot-time Sets the wait time. IC-R 9-114 rts-threshold Sets the packet size threshold at which an RTS IC-R 9-114 must be sent to the receiving station prior to the...

  • Page 411: Ssid

    Command Line Reference Wireless Interface Commands Radio Interface Configuration Example ProCurve Access Point 530# configure ProCurve Access Point 530(config)# radio 1 ProCurve Access Point 530(radio1)# ssid This command sets the Service Set Identifier (SSID) for this WLAN. Syntax ssid <SSID>...

  • Page 412: Closed-system, Description

    Radio Interface Configuration WDS Radio Interface Configuration WLAN Interface Configuration Example ProCurve Access Point 530# configure ProCurve Access Point 530(config)# radio 1 ProCurve Access Point 530(radio1)# wlan 1 ProCurve Access Point 530(radio1-wlan1)# description RD-AP# ProCurve Access Point 530(radio1-wlan1)# closed-system This command closes access to stations without a pre-configured SSID. Use the no form to disable this feature.

  • Page 413: Mode

    When closed system is enabled, stations with a configured SSID of "any" are not able to associate with the access point. Example ProCurve Access Point 530# configure ProCurve Access Point 530(config)# radio 1 ProCurve Access Point 530(radio1)# wlan 1 ProCurve Access Point 530(radio1-wlan1)# closed-system ProCurve Access Point 530(radio1-wlan1)# mode This command sets the wireless mode for the interface.

  • Page 414: Antenna, Antenna Mode

    Command Line Reference Wireless Interface Commands Radio Interface Configuration Example ProCurve Access Point 530# configure ProCurve Access Point 530(config)# radio 1 ProCurve Access Point 530(radio1)# mode g ProCurve Access Point 530(radio1)# antenna This command configures which antenna to use with this radio.

  • Page 415: Basic-rate

    Radio Interface Configuration Example ProCurve Access Point 530# configure ProCurve Access Point 530(config)# radio 1 ProCurve Access Point 530(radio1)# antenna mode diversity ProCurve Access Point 530(radio1)# basic-rate This command configures the specified transmission rate to the set of adver- tised rates for this radio. The no version of the command removes the specified transmission rate from the set of advertised rates for this radio.

  • Page 416: Supported-rate, Channel-policy

    (Options:1, 2, 5.5, 6, 9, 11, 12, 18, 24, 36, 54 Mbps) Command Mode Interface Configuration (Wireless) Example ProCurve Access Point 530# configure ProCurve Access Point 530(config)# radio 1 ProCurve Access Point 530(radio1)# supported-rate 24 ProCurve Access Point 530(radio1)# channel-policy This command sets the channel utilization policy on this radio.

  • Page 417: Beacon-interval

    Wireless Interface Commands Example ProCurve Access Point 530# configure ProCurve Access Point 530(config)# radio 1 ProCurve Access Point 530(radio1)# channel-policy static 1 ProCurve Access Point 530(radio1)# beacon-interval This command configures the rate at which beacon frames are transmitted from the access point. See...

  • Page 418: Dtim-period

    Power Save mode, but delays the transmission of broadcast/multicast frames. Example ProCurve Access Point 530# configure ProCurve Access Point 530(config)# radio 1 ProCurve Access Point 530(radio1)# wlan 1 ProCurve Access Point 530(radio1-wlan1)# dtim-period 100 ProCurve Access Point 530(radio1-wlan1)#...

  • Page 419: Max-stations, Preamble

    Command Mode Radio Interface Configuration Example ProCurve Access Point 530# configure ProCurve Access Point 530(config)# radio 1 ProCurve Access Point 530(radio1)# max-stations 100 ProCurve Access Point 530(radio1# preamble This command sets the length of the signal preamble for this radio.

  • Page 420: Protected-mode, Fragmentation-thresh

    Command Line Reference Wireless Interface Commands Example ProCurve Access Point 530# configure ProCurve Access Point 530(config)# radio 1 ProCurve Access Point 530(radio1)# preamble short ProCurve Access Point 530(radio1# protected-mode This command configures the 802.11 b/g CTS protection mode for this radio.

  • Page 421: Inactivity-timeout

    Example ProCurve Access Point 530# configure ProCurve Access Point 530(config)# radio 1 ProCurve Access Point 530(radio1)# fragmentation-thresh 512 ProCurve Access Point 530(radio1)# inactivity-timeout...

  • Page 422: Slot-time, Rts-threshold

    Command Line Reference Wireless Interface Commands Example ProCurve Access Point 530# configure ProCurve Access Point 530(config)# radio 1 ProCurve Access Point 530(radio1)# inactivity-timeout 10 ProCurve Access Point 530(radio1)# slot-time This command sets the wait-time before transmitting data on this radio.

  • Page 423: Tx-power-reduction

    The RTS/CTS mechanism can solve this “Hidden Node” problem. Example ProCurve Access Point 530# configure ProCurve Access Point 530(config)# radio 1 ProCurve Access Point 530(radio1)# rts-threshold 216 tx-power-reduction This command adjusts the power value of the radio signals transmitted from the access point.

  • Page 424: Enable (wireless), Enable (wireless)

    You may also want to apply Tx Power Reduction to avoid overlap with another access point coverage area (Default is 0) Example ProCurve Access Point 530# configure ProCurve Access Point 530(config)# radio 1 ProCurve Access Point 530(radio1)# tx-power-reduction 5 ProCurve Access Point 530(radio1)# enable (wireless) This command enables either the radio, ssid, or wds interfaces.

  • Page 425: Disable (wireless), Show Radio, Disable (wireless)

    Radio Interface Configuration WDS Interface Configuration WLAN Interface Configuration Example ProCurve Access Point 530# configure ProCurve Access Point 530(config)# radio 1 ProCurve Access Point 530(radio1)# disable ProCurve Access Point 530(radio1)# show radio This command displays detailed information about the radio.

  • Page 426: Show Ssid

    TX-Power ----------------------------------------------------------------------- Disabled 00:14:C2:A5:22:E0 802.11g - Auto 0 dBm Disabled 00:14:C2:A5:22:F0 802.11a 36 - Auto 0 dBm ProCurve Access Point 530# show radio 1 Description Radio 1 - 802.11g Base MAC 00:14:C2:A7:11:A0 Status Enabled Mode 802.11g Channel-Policy Auto Channel WLANs Supported...

  • Page 427

    (only has an effect when in a radio or WLAN context). Default Command Mode Manager Exec WLAN Interface Configuration Example: show ssid 1 ProCurve Access Point 530# show ssid 1 WLAN # 1 on Radio 1 Description Radio 1 - WLAN 1 Status Enabled...

  • Page 428: Show Wlan

    Command Line Reference Wireless Interface Commands show wlan This command provides information about the Service Sets/Basic Service Sets of the radio(s) on the device. If in a radio or WLAN context, displays informa- tion only about the radio in context. This is functionally equivalent to the show ssid command.

  • Page 429

    Command Line Reference Wireless Interface Commands Example: show wlans ProCurve Access Point 530(radio1-wlan1)# show wlans All WLANs on Radio 1: WLAN BSSID VLAN Security Status ------------------------------------------------------------------------------ SSID 1 00:14:C2:A5:22:E0 No Sec. Enabled SSID 2 not assigned yet none(-) No Sec. Disabled...

  • Page 430: Show Basic-rate

    Command Line Reference Wireless Interface Commands Example: show wlan1 ProCurve Access Point 530(config)# radio 1 ProCurve Access Point 530(radio1)# wlan 1 ProCurve Access Point 530(radio1-wlan1)# show wlan1 ------------------------------------------------------------ WLAN # 1 on Radio 1 Description Radio 1 - WLAN 1...

  • Page 431: Show Stations

    Command Line Reference Wireless Interface Commands Command Mode Manager Exec Example ProCurve Access Point 530# show basic-rate Basic (advertised) data rates (Mbps). -------------------------------------- Radio 1 (802.11g): 1, 2, 5.5, 11 Radio 2 (802.11a): 6, 12, 24, 54 ProCurve Access Point 530# show stations This command displays information about wireless stations.

  • Page 432: Show Supported-rate

    ------------------------------------------------------------ Station On WLAN (radio index/WLAN index) Auth. Assoc. Fwd. ------------------------------------------------------------------------------ 00:11:50:55:50:11 work1 (2/1) 00:15:00:47:5f:6a SSID 10 (1/10) ProCurve Access Point 530# show stations detail Station 00:11:50:55:50:11 Authenticated Radio/WLAN work1 (2/1) Associated Last RSSI Forwarding Rate (Mbps) 54 Listen Interval...

  • Page 433: Wireless Security Commands

    Command Line Reference Wireless Security Commands Wireless Security Commands The commands described in this section configure parameters for wireless security on SSID interfaces. Command Function Mode Page security <no-security | static- Enables the type of security suite on a IC-W-S 9-126 wep | dynamic wep | wpa-psk | SSID interface.

  • Page 434: Security

    Command Line Reference Wireless Security Commands security This command defines the mechanisms employed by the access point for wireless security. Syntax security <no-security | static-wep | dynamic-wep | wpa-psk| wpa-8021x> • no-security - No encryption for data transfers. This is not recom- mended.

  • Page 435

    Command Line Reference Wireless Security Commands • WPA2 defines a transitional mode of operation for networks moving from WPA security to WPA2. WPA2 Mixed Mode allows both WPA and WPA2 stations to associate to a common SSID interface. When the encryption cipher suite is set to tkip-aes, the unicast encryption cipher (TKIP or AES) is negotiated for each client.

  • Page 436: Wep-default-key

    Command Line Reference Wireless Security Commands Example ProCurve Access Point 530# configure ProCurve Access Point 530(config)# radio 1 ProCurve Access Point 530(radio1)# wlan 1 ProCurve Access Point 530(radio1-wlan1)# security wpa-8021x ProCurve Access Point 530(radio1-wlan1)# wpa-allowed ProCurve Access Point 530(radio1-wlan1)# wpa2-allowed...

  • Page 437: Wep-key-ascii

    These commands enable security and establish the transfer key index (set to ProCurve Access Point 530# configure ProCurve Access Point 530(config)# radio 1 ProCurve Access Point 530(radio1)# wlan 1 ProCurve Access Point 530(radio1-wlan1)# security static-wep...

  • Page 438: Wep-key-length, Wep-key

    104 bits). Default Setting Command Mode WLAN Interface Configuration Example ProCurve Access Point 530(radio1-wlan1)# wep-key-length 64 ProCurve Access Point 530(radio1-wlan1)# wep-key This command defines the wep-keys used for static-wep security. Syntax wep-key <1 | 2 | 3 | 4> <key>...

  • Page 439: Open-system-auth

    Command Mode WLAN Interface Configuration Example ProCurve Access Point 530(radio1-wlan1)# wep-key-ascii ProCurve Access Point 530(radio1-wlan1)# wep-key-length 64 ProCurve Access Point 530(radio1-wlan1)# wep-key-1 abcde ProCurve Access Point 530(radio1-wlan1)# wep-key-2 fghi ProCurve Access Point 530(radio1-wlan1)# wep-key-3 klmn ProCurve Access Point 530(radio1-wlan1)# wep-key-4 opqr...

  • Page 440: Shared-key-auth, Wpa-allowed | Wpa2-allowed

    Command Usage • Supported authentications are: open system, shared key, or both. Example ProCurve Access Point 530(radio1-wlan1)# shared-key-auth ProCurve Access Point 530(radio1-wlan1)# wpa-allowed | wpa2-allowed Enables wireless stations to use the original WPA or WPA2 on this WLAN. The no version of these commands disables stations from being able to use the original WPA or WPA2 on this WLAN.

  • Page 441: Wpa-pre-shared-key

    Example ProCurve Access Point 530# configure ProCurve Access Point 530(config)# radio 1 ProCurve Access Point 530(radio1)# wlan 1 ProCurve Access Point 530(radio1-wlan1)# wpa-pre-shared-key agoodsecret...

  • Page 442: Wpa-cipher-tkip, Wpa-cipher-aes

    AES stations can associate with the access point. WPA stations must have either a valid TKIP or AES Key to communicate. Example ProCurve Access Point 530(radio1-wlan1)# wpa-cipher-tkip ProCurve Access Point 530(radio1-wlan1)# wpa-cipher-aes This command enables Advanced Encryption Standard (AES) for WPA on this WLAN.

  • Page 443: Wpa-psk-ascii, Wpa-psk-hex

    AES stations can associate with the access point. WPA stations must have either a valid TKIP or AES Key to communicate. Example ProCurve Access Point 530(radio1-wlan1)# wpa-cipher-aes ProCurve Access Point 530(radio1-wlan1)# wpa-psk-ascii This command enables the use of an ASCII key for WPA-PSK. The key must be between 8 and 63 characters.

  • Page 444: Rsn-preauthentication

    Wireless Security Commands Command Mode WLAN Interface Configuration Example ProCurve Access Point 530(radio1-wlan1)# wpa-psk-hex ProCurve Access Point 530(radio1-wlan1)# rsn-preauthentication This command enables WPA2 stations to pre-authenticate on this WLAN. The no version of the command disables WPA2 stations from being able to pre- authenticate.

  • Page 445: Neighbor Ap Detection Commands, Ap-detection

    Command Line Reference Neighbor AP Detection Commands Neighbor AP Detection Commands The access point can be configured to periodically scan all radio channels and find other access points within range. Alternatively, the access point can scan continuously in a dedicated mode with no stations supported. A database of nearby access points is maintained where detected APs can be identified.

  • Page 446: Ap-detection Duration, Ap-detection Expire-time

    30 ms Command Mode Radio Interface Configuration Example ProCurve Access Point 530(radio1)# ap-detection duration 10 ProCurve Access Point 530(radio1)# ap-detection expire-time This command sets the amount of time that a dedicated AP will remain on the detected AP-list after its last beacon is received.

  • Page 447: Ap-detection Interval, Ap-detection Max-entries

    Default Setting 10 s Command Mode Radio Interface Configuration Example ProCurve Access Point 530(radio1)# ap-detection interval 50 ProCurve Access Point 530(radio1)# ap-detection max-entries This command sets the maximum amount of AP entries to be saved to the detected AP list.

  • Page 448: Show Detected-ap

    - The maximum size of the AP list. Range: 1-255. • Default Setting Command Mode Radio Interface Configuration Example ProCurve Access Point 530(radio1)# ap-detection max-entries ProCurve Access Point 530(radio1)# show detected-ap This command displays the current AP detection configuration. Syntax show detected-ap...

  • Page 449

    Command Line Reference Neighbor AP Detection Commands Example ProCurve Access Point 530(radio1)# show detected-ap Neighboring AP detection status: Radio 1 AP detection: Enabled (802.11g). Radio 2 AP detection: Disabled Neighboring APs: BSSID SSID Chan Type ------------------------------------------------------------ 00:14:02:a0:4F:bc SSID1 none 00:14:03:a2:4F:de...

  • Page 450: Adaptive Tx Power Control Commands, Atpc

    Command Line Reference Adaptive Tx Power Control Commands Adaptive Tx Power Control Commands The commands described in this section configure parameters for Adaptive Tx Power Control. Command Function Mode Page [no] atpc Enables and disables Adaptive Tx IC-R 9-142 Power Control on the selected radio. (The default is Disabled.) [no] atpc avoid-other-aps Enables and disables the Avoid Other...

  • Page 451: Atpc Avoid-other-aps, Atpc Rf-group-name

    Names and SSIDs are ignored. When this setting is disabled, uses RF Group Name or SSIDs to determine which APs to accommodate. Example ProCurve Access Point 530(radio1)# atpc avoid-other-aps ProCurve Access Point 530(radio1)# atpc rf-group-name This command sets the name used to group APs for Adaptive Transmit Power Control.

  • Page 452: Atpc Adapt

    • When no RF Group Name is specified, adapts to other APs according to a comparison of their respective SSID lists. Example ProCurve Access Point 530(radio1)# atpc rf-group-name AirportNet ProCurve Access Point 530(radio1)# atpc adapt This command chooses between AP and AP + Clients adaptive modes.

  • Page 453: Atpc Max-atpc-atten, Show Atpc

    Command Line Reference Adaptive Tx Power Control Commands Example ProCurve Access Point 530(radio1)# atpc adapt ap ProCurve Access Point 530(radio1)# atpc max-atpc-atten This command sets the Maximum Tx Power Reduction to be applied by on the selected radio. Syntax atpc max-reduction <max-reduction>...

  • Page 454

    Command Line Reference Adaptive Tx Power Control Commands Example ProCurve Access Point 530# show atpc Radio 1 ------- atpc: enabled RF Group name: AirportNet Avoid Other WLANs: disabled Max Power Reduction: Adaptive Mode: Current Beacon Backoff: 4 dB Current Data Backoff:...

  • Page 455: Vlan Commands, Vlan

    If a user does not have a configured VLAN ID, the access point assigns the user to the default VLAN ID (a number between 1 and 4094) of the associated SSID interface. Example ProCurve Access Point 530(radio1-wlan1)# vlan 3 ProCurve Access Point 530(radio1-wlan1)# 9-147...

  • Page 456: Untagged-vlan, Management-vlan

    Command Mode Ethernet Interface Configuration Example ProCurve Access Point 530# configure ProCurve Access Point 530(config)# interface ethernet ProCurve Access Point 530(ethernet)# untagged-vlan 9 ProCurve Access Point 530(ethernet)# management-vlan This command configures the VLAN ID for the management interfaces (Web UI, SNMP, Telnet, etc.).

  • Page 457

    Command Line Reference VLAN Commands Example ProCurve Access Point 530# configure ProCurve Access Point 530(config)# interface ethernet ProCurve Access Point 530(ethernet)# management-vlan 9 ProCurve Access Point 530(ethernet)# 9-149...

  • Page 458: Qos Commands

    Command Line Reference QoS Commands QoS Commands The QoS commands supported by the access point are listed below. C A U T I O N The default WMM parameters settings are usually adequate for WMM opera- tion. Incorrect WMM settings can adversely affect network performance. Changes to WMM parameters should be reserved for someone with an advanced knowledge of how WMM operates.

  • Page 459: Qos Ap-params

    Command Line Reference QoS Commands qos ap-params This command configures QoS-related parameters on the device for this radio. Syntax qos ap-params <voice | video | best-effort | background> { [aifs <aifs>] [cwmin <cwmin>] [cwmax <cwmax>] [burst <burst>]} • voice - High priority queue, minimum delay. Time-sensitive data such as VoIP and streaming media are automatically sent to this queue.

  • Page 460

    This example sets the quality of service AIFS wait time parameter to 10 seconds on the AP EDCA medium priority queue. ProCurve Access Point 530(radio1)# qos ap-params voice aifs ProCurve Access Point 530(radio1)# This example sets the quality of service CWIM minimum and CMAX maximum contention window parameters on the AP EDCA medium priority queue.

  • Page 461: Qos Sta-params

    Command Line Reference QoS Commands qos sta-params This command configures QoS related parameters on the device for the wireless stations. Syntax qos sta-params <voice|video|best-effort|background> {<[aifs <aifs>] [cwmin <cwmin>] [cwmax <cwmax>] [txop-limit <txop-limit>]} • voice - High priority queue, minimum delay. Time-sensitive data such as VoIP and streaming media are automatically sent to this queue.

  • Page 462

    This example sets the quality of service AIFS wait time parameter to 10 seconds on the Station EDCA high priority queue. ProCurve Access Point 530(radio1)# qos sta-params voice aifs ProCurve Access Point 530(radio1)# This example sets the quality of service CWMIN minimum and CWMAX maximum contention window parameters on the Standard EDCA high priority queue.

  • Page 463: Qos Wmm

    Command Line Reference QoS Commands This example sets the quality of service TXOP-LIMIT (transmission opportu- nity limit) parameter on the Standard EDCA high priority queue. . ProCurve Access Point 530(radio1)# qos sta-params background txop-limit 1 ProCurve Access Point 530(radio1)# qos wmm This command enables using Wireless Multimedia Extensions on this WLAN.

  • Page 464: Show Qos

    - Display detailed information about QoS settings on the • wireless client. Default Setting None Command Mode Radio Interface Configuration Example: tx-queue . ProCurve Access Point 530(radio1)# show qos ap-params Transmission Queue QoS Settings for the Access Point: ------------------------------------------------------------------------------- Radio 1 Adaptive Inter- Contention Contention Maximum Burst...

  • Page 465

    Command Line Reference QoS Commands Example: wme-queue . ProCurve Access Point 530(radio1)# show qos sta-params Transmission queue QoS settings for wireless stations: Radio 1 Adaptive Inter- Contention Contention Transmission Queue Frame Space Min. Window Max. Window Opportunity Limit ------------------------------------------------------------------------------- Voice...

  • Page 466: Rate-limit

    0. Default Setting Disabled. Rate-limit rate is 50, Rate-limit burst is 75. Command Mode Radio Interface Configuration Example ProCurve Access Point 530(radio1)# rate-limit 2 5 ProCurve Access Point 530(ratio1)# Related Commands beacon-interval (page 9-109) 9-158...

  • Page 467: Wireless Distribution System (wds), Description (wds)

    Command Line Reference Wireless Distribution System (WDS) Wireless Distribution System (WDS) The WDS commands supported by the access point are listed below. Command Function Mode Page description Establishes the WDS link description IC-WDS 9-160 disable Disables the WDS link. IC-WDS 9-160 enable Establishes the WDS link.

  • Page 468: Disable (wds), Enable (wds), Disable (wds), Enable (wds)

    Command Line Reference Wireless Distribution System (WDS) Example ProCurve Access Point 530# configure ProCurve Access Point 530(config)# interface wds1 ProCurve Access Point 530(wds1)# description WDSEXAMPLE ProCurve Access Point 530(wds1)# disable (wds) This command disables the WDS link. Syntax disable Default Setting...

  • Page 469: Wds-ssid, Radio-used

    Command Line Reference Wireless Distribution System (WDS) Example ProCurve Access Point 530# configure ProCurve Access Point 530(config)# interface wds1 ProCurve Access Point 530(wds1)# enable ProCurve Access Point 530(wds1)# wds-ssid This command sets the WDS SSID string for this WDS link. This command is only used for the wpa-psk security mode only.

  • Page 470: Remote-mac (wds), Show Wds, Remote-mac (wds)

    Wireless Distribution System (WDS) Default Command Mode WDS Interface Configuration Example ProCurve Access Point 530(wds1)# radio-used 1 remote-mac (wds) This command sets the remote MAC address associated with this WDS link. Syntax remote-mac <mac address> mac address - Specifies an entry in the authentication control list by •...

  • Page 471: Wep-key (wds), Wep-key (wds)

    Command Line Reference Wireless Distribution System (WDS) Command Mode WDS Interface Configuration Example ProCurve Access Point 530(wds1)# show wds 1 WDS # 1 Description WDSLINK Status Enabled Use Radio Local MAC 00:14:03:A2:4F:DE Remote MAC 00:0D:9D:C6:98:7E STP State forwarding WDS SSID...

  • Page 472: Wep-key-ascii (wds), Wep-key-length (wds), Wep-key-ascii (wds), Wep-key-length (wds)

    None Command Mode WDS Interface Configuration Example ProCurve Access Point 530(wds1)# wep-key abcde ProCurve Access Point 530(wds1)# wep-key-ascii (wds) This command sets the WDS WEP key type to ASCII when using static-wep security. The no version of the command sets the key type to hexadecimal.

  • Page 473: Wpa-pre-shared-key (wds), Wpa-pre-shared-key (wds)

    128 - The 128 bit wep key length (with initializing vector, otherwise it is 104 bits). Default Setting Command Mode WDS Interface Configuration Example ProCurve Access Point 530(wds1)# wep-key-length 64 ProCurve Access Point 530(wds1)# wpa-pre-shared-key (wds) This command defines a Wi-Fi Protected Access (WPA) personal key associ- ated with this link. Syntax wpa-pre-shared-key <key>...

  • Page 474: Spanning Tree Protocol (stp), Spanning Tree Protocol (stp)

    Command Line Reference Spanning Tree Protocol (STP) Spanning Tree Protocol (STP) The STP commands supported by the access point are listed below. Command Function Mode Page [no] stp [hello-time <value>] [forward- Sets stp parameters for this 9-166 delay <value>] [priority <value>] device.

  • Page 475

    Spanning Tree Protocol (STP) Example. ProCurve Access Point 530# configure ProCurve Access Point 530(config)# stp ProCurve Access Point 530(config)# stp hello-time 5 ProCurve Access Point 530(config)# stp forward-delay 10 ProCurve Access Point 530(config)# stp priority 255 ProCurve Access Point 530(config)#...

  • Page 476

    Command Line Reference Spanning Tree Protocol (STP) — This page is intentionally unused. — 9-168...

  • Page 477

    File Uploads, Downloads, and Resets...

  • Page 478

    File Uploads, Downloads, and Resets Contents Contents Overview ........... . . A-3 Downloading Access Point Software .

  • Page 479

    File Uploads, Downloads, and Resets Overview Overview You can download new access point software and upload or download config- uration files. These features are useful for acquiring periodic access point software upgrades and for storing or retrieving a switch configuration. This appendix includes the following information: ■...

  • Page 480: Downloading Access Point Software, General Software Download Rules, A Server

    File Uploads, Downloads, and Resets Downloading Access Point Software Downloading Access Point Software The ProCurve support site periodically provides access point software updates through the ProCurve Web site (http://www.procurve.com). For more information, see the support and warranty booklet shipped with the access point.

  • Page 481: Web: Tftp, Ftp, Or Stp Software Download To The Access Point

    File Uploads, Downloads, and Resets Downloading Access Point Software Determine the name of the access point software file stored in the TFTP, ■ FTP, or SCP server for the access point N o t e If your TFTP, FTP, or STP server is a Unix workstation, ensure that the case (upper or lower) that you specify for the filename is the same case as the characters in the access point software filenames on the server.

  • Page 482

    File Uploads, Downloads, and Resets Downloading Access Point Software • File Name: Specifies the name of the software file on the server. The new software file name should not contain slashes (\ or /), the leading letter of the file name should not be a period (.), and the maximum length for file names on the FTP/TFTP server is 255 char- acters or 32 characters for files on the access point.

  • Page 483: Cli: Viewing Software Versions

    CLI Reference Page show version 9-30 Using the CLI to View Software Versions. This example displays how to display the version of the software running on the device. ProCurve Access Point 530# show version Image Software Version WA.02.00.0412 Boot Software Version WAB.01.00...

  • Page 484: Transferring Configuration Files, Web: Configuration File Upload And Download

    File Uploads, Downloads, and Resets Transferring Configuration Files Transferring Configuration Files Using the Web user interface and CLI commands described in this section, you can copy access point configuration files to and from an FTP, TFTP, or STP server. When you copy the access point configuration file to a specified server type, that file can later be downloaded to the access point to restore the system configuration.

  • Page 485

    File Uploads, Downloads, and Resets Transferring Configuration Files • [Update]: Updates the system with the specified parameters and performs any requested actions. ■ Reset Configuration: Parameters and actions needed to reset a config- uration. • [Reset to Factory Default]: Resets the AP to original settings. •...

  • Page 486: Cli: Performing Configuration File Commands

    File Uploads, Downloads, and Resets Transferring Configuration Files Enter IP Address, File Name, Username, and Password for the server details Click [Update] to perform the upload or download operation. To Reset A Configuration: Select Management> System Maintenance > Configuration Files tab. To reset the configuration back to the factory default configuration, click [Reset] on the Reset to Factory Default option.

  • Page 487

    Using the CLI to Copy and Reset Config Files. This example displays how to reset the configuration file back to the factory-default configuration on the device. ProCurve Access Point 530#copy factory-default startup- config ProCurve Access Point 530# This example shows how to reset by ‘erasing’ the specified configuration file stored on the device.

  • Page 488

    If using this command for a FTP or STP server, you will need to include the username and password for the server. The TFTP server does not need a password or username.. ProCurve Access Point 530#copy ftp flash 192.168.1.52 copystart user-name chris password open ProCurve Access Point 530# Using the CLI to View Config Files.

  • Page 489

    File Uploads, Downloads, and Resets Transferring Configuration Files This example displays the custom configuration file in a readable text format. ProCurve Access Point 530#show custom-default ------------------------------------------------------------ <?xml version="1.0"?> <config> <interface name="wlan0wds1"> <radio>wlan0</radio> <type>wds</type> <status>down</status> <wep-key-length>104</wep-key-length> <wep-key-ascii>no</wep-key-ascii> <description>Wireless Distribution System - Link 2</ description>...

  • Page 490: Rebooting The Access Point, Web: Rebooting The System

    File Uploads, Downloads, and Resets Rebooting the Access Point Rebooting the Access Point Using the Web user interface and CLI described in this section, you can reboot the access point, which cycles the system back to the last saved configuration. Web: Rebooting the System The Reboot tab on the System Maintenance screen enables the access point to reboot to the last saved configuration file.

  • Page 491: Cli: Rebooting The System, Manual: Using The Reset And Clear Buttons

    The reload command will cause a loss of connectivity for all Telnet connec- tions and SSH connections. ProCurve Access Point 530#reload Device will be rebooted, do you want to continue [y/n]?y Do you want to save the current configuration [y/n]?n Connection to host lost.

  • Page 492

    File Uploads, Downloads, and Resets Rebooting the Access Point button while the LEDs are still flashing, then the AP is rebooted. Please note that this function can be disabled by the CLI or Web UI. “Disabling the Access Point Push Buttons” on page A-18. A-16...

  • Page 493

    File Uploads, Downloads, and Resets Rebooting the Access Point [Clear]: Resets the password. ■ • Use a pointed object to press the clear button. Once pressed, all LEDs shut off within one second. The LED shutdown is followed by all LEDs flashing rapidly (about 10 times/second).

  • Page 494: Disabling The Access Point Push Buttons, Web: Disabling The Push Buttons

    File Uploads, Downloads, and Resets Disabling the Access Point Push Buttons Disabling the Access Point Push Buttons Using the Web user interface and CLI described in this section, you can disable the ability to use the push buttons on the back panel of the access point. Web: Disabling the Push Buttons The Access tab on the Management –...

  • Page 495: Cli: Disabling The Access Point Buttons

    Point. This example displays how to disable the ability to manually use the reset and clear push buttons on the back panel of the device. ProCurve Access Point 530#configure ProCurve Access Point 530(config)#no buttons custom-reset ProCurve Access Point 530(config)#no buttons factory-reset ProCurve Access Point 530(config)#no buttons password-reset...

  • Page 496

    File Uploads, Downloads, and Resets Disabling the Access Point Push Buttons ProCurve Access Point 530(config)# show buttons ------------------------------------------------------------ Custom Reset Disabled Factory Reset Disabled Password Reset Disabled System Reset Disabled ProCurve Access Point 530(config)# A-20...

  • Page 497

    File Uploads, Downloads, and Resets Disabling the Access Point Push Buttons — This page is intentionally unused. — A-21...

  • Page 498

    File Uploads, Downloads, and Resets Disabling the Access Point Push Buttons A-22...

  • Page 499

    Defaults...

  • Page 500

    Defaults Contents Contents Contents ............B-2 Overview .

  • Page 501

    Defaults Overview Overview This section features useful tables detailing the defaults of the commands configured on the access point. N o t e The following command groupings are not included in this default appendix as they are not applicable (Show CLI, General, Flash/File, This appendix follows the syntax grouping structure in the Chapter 9 refer- ence CLI section and includes the following information: ■...

  • Page 502: System Management

    Defaults System Management System Management Command Default Settings Mode Page country For NA units, preset to US 9-18 <country code> hostname <hostname> ProCurve-AP-530 9-20 password manager admin 9-21 <password> [no] buttons Enabled 9-22 [no] cli-confirmation Enabled 9-23 [no] console Enabled...

  • Page 503: System Logging, System Clock

    Defaults System Logging System Logging Command Default Setting Mode Page [no] logging Disabled 9-32 <_host> [_port] System Clock. Command Default Setting Mode Page <server> sntp None. GUI is disabled. 9-35 NOTE: The GUI System Uptime parameter displays the Coordinated Universal Time (or UTC, formerly Greenwich Mean Time, or GMT) based on the time at the Earth’s prime meridian, zero degrees longitude...

  • Page 504: Snmp, Group Configuration

    Defaults SNMP SNMP Command Default Settings Mode Page [no] snmp-server Restricted community with a public access 9-38 <comm> restricted default. | unrestricted snmp-server Contact 9-41 contact<contact> [no] snmp-server Host Address: None 9-40 host Community String: public <host><comm> snmp-server port By default an SNMP agent only listens to 9-42 <port>...

  • Page 505: Web Authentication, Radius Accounting/authentication, Radius Users, Mac Address Authentication

    Defaults RADIUS Accounting/Authentication. RADIUS Accounting/Authentication. Command Default Settings Mode Page [no] radius-accounting Disabled 9-65 [no] radius failover-to- Disabled, retransmit value is 3. 9-66 local | retransmit [no] radius primary | Disabled 9-67 secondary RADIUS Users. Command Default Settings Mode Page [no] radius-local Ip address is 192.168.1.10.

  • Page 506: Ap Authentication, Filtering, Ethernet Interface

    Defaults AP Authentication AP Authentication Command Default Settings Mode Page ap-authentication Disabled 7-55 Filtering Command Default Settings Mode Page [no] inter-station- Disabled 9-88 blocking [no] wireless- Disabled. GC & MC 9-88 mgmt-block Ethernet Interface Command Default Settings Mode interface <interface> 9-91 enable IC-E...

  • Page 507: Wireless Interface

    Defaults Wireless Interface Wireless Interface Command Default Settings Mode Page radio None 9-102 ssid SSID 1 (1-16) IC-W 9-103 description Radio: Radio 1 - WLAN 1 IC-W 9-104 SSID: SSID 1 closed-system Disabled IC-W-S 9-104 mode<value> IC-W 9-105 antenna <external | Internal IC-W 9-106...

  • Page 508: Wireless Security, Ap Detection

    Defaults Wireless Security Wireless Security Command Default Settings Mode Page security <no-security|static- no-security IC-W-S 9-126 wep|dynamic wep|wpa- psk|wpa-8021x> wep-default-key <1| 2| 3| 4> IC-W-S 9-128 [no] wep-key ascii Enabled IC-W-S 9-129 wep-key-length <64|128> IC-W-S 9-130 wep-key-<1| 2| 3| 4> <key> None IC-W-S 9-130...

  • Page 509: Vlan, Adaptive Tx Power Control

    Defaults VLAN VLAN Command Default Settings Mode Page [no] vlan None IC-W-S 9-147 [no] untagged-vlan 9-148 <vid> management-vlan 9-148 <vid> [tagged | untagged] Adaptive Tx Power Control Command Default Settings Mode Page atpc Disabled IC-R 9-142 atpc avoid-other- Disabled IC-R 9-143 atpc adapt AP mode...

  • Page 510

    Defaults Command Default Settings Mode Page qos ap- IC-W-S 9-151 Radio 1 Adap Inter- Content Content Max Burst Queue Frame Space Min. Window Max. Window Length params ------------------------------------------------------------ Voice Video Best-Eff Background 7 1023 Radio 2 Adap Inter- Content Content Max Burst Queue Frame Space...

  • Page 511

    Defaults Wireless Distribution System (WDS) Wireless Distribution System (WDS) Command Default Settings Mode Page description (wds) None IC-W-W 9-159 enable (wds) Disabled IC-W-W 9-160 wds-ssid WDS SSID X, where X is the index of the WDS IC-W-W 9-161 interface. radio-used IC-W-W 9-161 remote-mac...

  • Page 512

    Defaults Wireless Distribution System (WDS) — This page is intentionally unused. — B-14...

  • Page 513

    Adaptive Tx Power Control Use Cases...

  • Page 514

    Adaptive Tx Power Control Use Cases Contents Contents Use Model: Airport Deployment ........B-3 Airport Case 1 –...

  • Page 515: Use Model: Airport Deployment, Airport Case 1 – No Rf Group Name

    Use Model: Airport Deployment This use model demonstrates how Adaptive Transmit Power Control works in relation to SSID and RF Group Name configuration settings. All AP-530 APs are owned/managed by the Airport ■ ■ The Airport leases AP service to wireless providers •...

  • Page 516: Settings, Decisions: Ap #1, Decisions: Ap #4, Results With No Rf Group Name

    Adaptive Tx Power Control Use Cases Use Model: Airport Deployment Settings Avoid Other WLANs – On the Airport APs, the network administrator has disabled ‘Avoid Other WLANs’, so that their power reduction calculations will not be affected by the APs of tenants, such as Jimbo’s AP #N. RF Group Name –...

  • Page 517: Airport Case 2 – With Rf Group Name, Settings, Decisions: Ap #1, Decisions: Ap #4

    Adaptive Tx Power Control Use Cases Use Model: Airport Deployment Airport Case 2 – With RF Group Name Now consider the exact same configuration as in Case 1, except that now the Airport APs have been configured with an RF Group Name of "AirportNet". AP #1 AP #2 AP #3...

  • Page 518: Results With Rf Group Name, Airport Model Analysis

    Adaptive Tx Power Control Use Cases Use Model: Airport Deployment AP #4 & AP #N – AP #4 [AirportNet] compares its RF Group Name with AP #N [none]. Since AP #N is not in the AirportNet RF Group, AP #1 will not consider reducing power for AP #N.

  • Page 519: Use Model: Warehouse Deployment, Warehouse Case 1 – Adaptive Mode Ap

    Adaptive Tx Power Control Use Cases Use Model: Warehouse Deployment Use Model: Warehouse Deployment This use model demonstrates how Adaptive Transmit Power Control works in physical environments with very high ceilings and remote stations, some of which are mobile, and how the Adaptive Mode affects RF coverage and performance in this environment.

  • Page 520: Decisions: Ap #1 And Ap #4, Settings, Results With Adaptive Mode Ap

    APs. RF Group Name – RF Group is configured on all APs as ‘storage 1’. All Warehouse APs will reduce power for any other audible AP 530 in the warehouse, regardless of the SSID configuration. Adaptive Mode – Adaptive Mode is set to ‘AP’, so that transmit power control of both beacons and data traffic will be attenuated, based on power levels of audible APs in the RF Group (but not the power levels of associated clients).

  • Page 521: Warehouse Case 2 – Adaptive Mode Ap + Clients, Settings

    Adaptive Tx Power Control Use Cases Use Model: Warehouse Deployment Warehouse Case 2 – Adaptive Mode AP + Clients Now consider the exact same configuration as in Case 1, except that now the Warehouse APs have been configured with Adaptive Mode set to "AP+Clients". AP #1 AP #2 AP #3...

  • Page 522: Warehouse Model Analysis

    Adaptive Tx Power Control Use Cases Use Model: Warehouse Deployment Warehouse Model Analysis The Warehouse Use Model is a good example of an "AP+Clients" Adaptive Mode environment. By nature, a warehouse's content is not static. Shelves and floor space can contain different amounts of materials that are being loaded or removed.

  • Page 523

    Open Source Licenses...

  • Page 524

    Open Source Licenses Contents Overview ..........C-3 GPL2 (GNU General Public License, v.2) .

  • Page 525

    Open Source Licenses Overview This appendix includes the following information: ■ Open Source licenses...

  • Page 526: Gpl2 (gnu General Public License, V.2)

    Open Source Licenses GPL2 (GNU General Public License, v.2) GNU GENERAL PUBLIC LICENSE Version 2, June 1991 Copyright (C) 1989, 1991 Free Software Foundation, Inc. 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed.

  • Page 527

    Open Source Licenses The precise terms and conditions for copying, distribution and modification follow. GNU GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 0. This License applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License.

  • Page 528

    Open Source Licenses These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Program, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works.

  • Page 529

    Open Source Licenses 4. You may not copy, modify, sublicense, or distribute the Program except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense or distribute the Program is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance.

  • Page 530

    Open Source Licenses distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License. 9. The Free Software Foundation may publish revised and/or new versions of the General Public License from time to time.

  • Page 531: Gpl + Linking Exception

    Open Source Licenses GPL + Linking Exception “GPL2 (GNU General Public License, v.2)” plus an exception permitting linking the library with other software.

  • Page 532: Clearsilver

    Open Source Licenses ClearSilver Neotonic ClearSilver is available under the following license, derived from the Apache Software License v1.1 For alternative licensing, please contact the authors at clearsilver@neotonic.com Neotonic ClearSilver Software License Version 1.0 Copyright (c) 2001 Brandon Long and Neotonic Software Corporation. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1.Redistributions of source code must retain the above copyright notice, this list of conditions and...

  • Page 533

    Open Source Licenses OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. This software consists of voluntary contributions made by many individuals on behalf of Neotonic Software Corporation. For more information on Neotonic Software Corporation, please see http:// www.neotonic.com/.

  • Page 534: Dropbear License

    Open Source Licenses Dropbear License The majority of code is written by Matt Johnston, under the following license: Copyright (c) 2002,2003 Matt Johnston All rights reserved. Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do...

  • Page 535

    Open Source Licenses loginrec is written primarily by Andre Lucas, atomicio.c by Theo de Raadt. strlcat() is (c) Todd C. Miller ===== Import code in keyimport.c is modified from PuTTY's import.c, licensed as follows: PuTTY is copyright 1997-2003 Simon Tatham. Portions copyright Robert de Bath, Joris van Rantwijk, Delian Delchev, Andreas Schultz, Jeroen Massar, Wez Furlong, Nicolas Barry, Justin Bradford, and CORE SDI S.A.

  • Page 536: Sflow License

    Open Source Licenses sFlow License Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. LICENSE AGREEMENT PLEASE READ THIS LICENSE AGREEMENT ("AGREEMENT") CAREFULLY BEFORE REPRODUCING OR IN ANY WAY UTILIZING THE sFlow(R) SOFTWARE ("SOFTWARE") AND/ OR ANY ACCOMPANYING DOCUMENTATION ("DOCUMENTATION") AND/OR THE RELATED SPECIFICATIONS ("SPECIFICATIONS").

  • Page 537

    Open Source Licenses Hardware and Products, and (v) distribute any Products that include the Software, the Documentation, or software in which the Specifications have been implemented. Trademark License. InMon hereby grants to Licensee a perpetual (subject to InMon's termination rights under Section 7 below), nonexclusive, royalty-free, worldwide, transferable, sublicensable license to use the Trademark on or in connection with the Software, the Documentation, the Specifications and any software that implements the Specifications.

  • Page 538

    Open Source Licenses DOCUMENTATION, THE SPECIFICATIONS. OR OTHERWISE, INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT OF ANY INTELLECTUAL PROPERTY RIGHTS. Limitation of Liability. IN NO EVENT SHALL INMON OR ITS SUPPLIERS OR LICENSORS BE LIABLE FOR ANY CONSEQUENTIAL, INCIDENTAL, SPECIAL, INDIRECT OR EXEMPLARY DAMAGES WHATSOEVER, WHETHER RELATED TO OR ARISING OUT OF THIS AGREEMENT, THE TRADEMARK, THE SOFTWARE, THE DOCUMENTATION, THE...

  • Page 539

    Open Source Licenses Choice of Law and Forum. This Agreement shall be governed by and construed under the laws of the State of California, without giving effect to such state's conflict of laws principles. The parties hereby submit to the personal jurisdiction of, and agree that any legal proceeding with respect to or arising under this Agreement shall be brought in, the United States District Court for the Northern District of California or the state courts of the State of California for the County of San Francisco.

  • Page 540: Lgpl (gnu Lesser General Public License)

    Open Source Licenses LGPL (GNU Lesser General Public License) GNU LESSER GENERAL PUBLIC LICENSE Version 2.1, February 1999 Copyright (C) 1991, 1999 Free Software Foundation, Inc. 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed.

  • Page 541

    Open Source Licenses that what they have is not the original version, so that the original author's reputation will not be affected by problems that might be introduced by others. Finally, software patents pose a constant threat to the existence of any free program. We wish to make sure that a company cannot effectively restrict the users of a free program by obtaining a restrictive license from a patent holder.

  • Page 542

    Open Source Licenses GNU LESSER GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 0. This License Agreement applies to any software library or other program which contains a notice placed by the copyright holder or other authorized party saying it may be distributed under the terms of this Lesser General Public License (also called "this License").

  • Page 543

    Open Source Licenses c) You must cause the whole of the work to be licensed at no charge to all third parties under the terms of this License. d) If a facility in the modified Library refers to a function or a table of data to be supplied by an application program that uses the facility, other than as an argument passed when the facility is invoked, then you must make a good faith effort to ensure that, in the event an application does not supply such function or table, the facility still operates, and performs whatever part of...

  • Page 544

    Open Source Licenses distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange. If distribution of object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place satisfies the requirement to distribute the source code, even though third parties are not compelled to copy the source along with the object code.

  • Page 545

    Open Source Licenses code, so that the user can modify the Library and then relink to produce a modified executable containing the modified Library. (It is understood that the user who changes the contents of definitions files in the Library will not necessarily be able to recompile the application to use the modified definitions.) b) Use a suitable shared library mechanism for linking with the Library.

  • Page 546

    Open Source Licenses distribute the Library is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance. 9.

  • Page 547

    Open Source Licenses distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License. 13. The Free Software Foundation may publish revised and/or new versions of the Lesser General Public License from time to time.

  • Page 548

    Open Source Licenses If you develop a new library, and you want it to be of the greatest possible use to the public, we recommend making it free software that everyone can redistribute and change. You can do so by permitting redistribution under these terms (or, alternatively, under the terms of the ordinary General Public License).

  • Page 549: Intel (2)

    Open Source Licenses Intel (2) Copyright (c) 2000-2003 Intel Corporation All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: Redistributions of source code must retain the above copyright notice, this list of conditions ❥...

  • Page 550

    Open Source Licenses Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial...

  • Page 551

    Open Source Licenses Copyright (c) [dates as appropriate to package] The Regents of the University of California. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1.

  • Page 552: Cmu (carnegie Mellon University)

    Open Source Licenses CMU (Carnegie Mellon University) Copyright (c) 1984-2000 Carnegie Mellon University. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.

  • Page 553: Openssl

    Open Source Licenses OpenSSL LICENSE ISSUES =============== The OpenSSL toolkit stays under a dual license, i.e. both the conditions of the OpenSSL License and the original SSLeay license apply to the toolkit. See below for the actual license texts. Actually both licenses are BSD-style Open Source licenses.

  • Page 554

    Open Source Licenses SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

  • Page 555

    Open Source Licenses 4. If you include any Windows specific code (or a derivative thereof) from the apps directory (application code) you must include an acknowledgement:: "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.

  • Page 556

    Open Source Licenses D-34...

  • Page 557

    Index Numerics ATPC use cases … C-3 802.11a … 6-8, 6-10 802.11b … 6-9 802.11e … 8-4 burst, AP EDCA … 8-7 802.11g … 6-10 802.11g & 802.11b … 6-8 Clear button … 4-26 Access Point configuration levels … 3-8 AP detection …...

  • Page 558

    wireless security … B-10 DHCP … 5-23, 9-95 local RADIUS accounts … 7-36 DNS name … 3-5, 4-5 logon authentication Domain Name Server … 4-4 RADIUS client … 9-65, 9-69, B-7 download, TFTP … A-4 RADIUS server … 9-65, 9-69, B-7 Dynamic VLAN …...

  • Page 559

    OS download advanced, Web … 6-14 using TFTP … A-4 antenna & transmit power parameters, CLI … 6-26, 6-33 antenna parameters, Web … 6-25 b & g modes, Web … 6-18 password basic, Web … 6-12 creating … 4-8, 4-24 country code, CLI …...

  • Page 560

    serial port user name, using for browser or console configuring … 9-17, 9-31, 9-35 access … 4-24 sFlow … 8-12 Simple Network Time Protocol … 5-48 SNMP … 9-37, B-6 VLAN community string … 9-38 client VLAN … 5-57 enabling SNMPv3 … 5-38, 5-40 enabling untagged VLAN, Web …...

  • Page 562

    Technical information in this document is subject to change without notice. © Copyright 2008 Hewlett-Packard Development Company, L.P. Reproduction, adaptation, or translation without prior written permission is prohibited except as allowed under the copyright laws. January 2008 Manual Part Number 5991-2193...

Comments to this Manuals

Symbols: 0
Latest comments: