HP ProCurve 420 Management And Configuration Manual
  1. Manuals
  2. Brands
  3. HP Manuals
  4. Wireless Access Point
  5. ProCurve 420
  6. Management and configuration manual

HP ProCurve 420 Management And Configuration Manual

Hide thumbs Also See for ProCurve 420:
Table of Contents

Advertisement

Quick Links

Download this manual See also: Management and Configuration Manual
HP ProCurve
Wireless Access Point 420
September 2003
Management and Configuration Guide

Advertisement

Table of Contents
loading

Related Manuals for HP ProCurve 420

Summary of Contents for HP ProCurve 420

  • Page 1 HP ProCurve Wireless Access Point 420 September 2003 Management and Configuration Guide...
  • Page 2 September 2003 not be liable for technical or editorial errors or omissions Edition 1 contained herein. Hewlett-Packard assumes no responsibility for the use or Applicable Products reliability of its software on equipment that is not furnished by Hewlett-Packard. HP ProCurve Wireless Access Point 420 na...

  • Page 3: Table Of Contents

    Contents 1 Getting Started Contents ............1-1 Introduction .
  • Page 4 How To Move Between Levels ....... . 3-6 Listing Commands and Command Options ..... . 3-7 Listing Commands Available at Any Privilege Level .
  • Page 5 Modifying System Management Access ......5-3 Web: Setting User Names and Passwords ..... . . 5-3 CLI: Setting User Names and Passwords .
  • Page 6 Web: Configuring MAC Address Authentication ....5-53 CLI: Configuring MAC Address Authentication ....5-55 Web: Configuring IEEE 802.1x .
  • Page 7 sntp-server date-time ........6-20 sntp-server daylight-saving .
  • Page 8 show authentication ........6-46 Filtering Commands .
  • Page 9 shutdown ..........6-75 show interface wireless g .

  • Page 11: Contents

    Getting Started Contents Introduction ..........1-2 Conventions .

  • Page 12: Getting Started

    Getting Started Introduction Introduction This Management and Configuration Guide is intended to support the following access points: HP ProCurve Wireless Access Point 420 na ■ ■ HP ProCurve Wireless Access Point 420 ww This guide describes how to use the command line interface (CLI) and web browser interface to configure, manage, and monitor access point operation.

  • Page 13: Command Prompts

    Getting Started Conventions Italics indicate variables for which you must supply a value when ■ executing the command. For example, in this command syntax, <host_ip_address | host_name > indicates that you must provide an IP address or a host name: Syntax: radius-server address [secondary] <host_ip_address | host_name>...

  • Page 14: Related Publications

    Getting Started Related Publications Related Publications Installation and Getting Started Guide. Use the Installation and Get­ ting Started Guide shipped with your access point to prepare for and perform the physical installation. This guide also steps you through connecting the access point to your network and assigning IP addressing, as well as describ­...

  • Page 15: Getting Documentation From The Web

    Getting Started Getting Documentation From the Web Getting Documentation From the Web Go to the HP ProCurve website at http://www.hp.com/go/hpprocurve Click on technical support. Click on manuals. Click on the product for which you want to view or download a manual. Figure 1-2.

  • Page 16: Sources For More Information

    Help options, refer to “Online Help for the HP Web Browser Interface” on page 4-16. ■ If you need further information on Hewlett-Packard access point technology, visit the HP ProCurve website at: http://www.hp.com/go/hpprocurve Need Only a Quick Start? IP Addressing.
  • Page 17 Getting Started Need Only a Quick Start? Quickly assigning an IP address, subnet mask, and gateway, set a ■ Manager password, and (optionally) configure other basic features. Interpreting LED behavior. ■ For the latest version of the Installation and Getting Started Guide and other documentation for your access point, visit to the HP ProCurve website.
  • Page 18 Getting Started Need Only a Quick Start? 1-8...

  • Page 19: Selecting A Management Interface

    Selecting a Management Interface Contents Overview ........... . . 2-2 Understanding Management Interfaces .

  • Page 20: Overview

    Selecting a Management Interface Overview Overview This chapter describes the following: ■ Access Point management interfaces Advantages of using each interface type ■ Understanding Management Interfaces Management interfaces enable you to reconfigure the access point and to monitor its status and performance. Interface types include: ■...

  • Page 21: Advantages Of Using The Cli

    Selecting a Management Interface Advantages of Using the CLI Advantages of Using the CLI Exec Level HP420# Global Configuration Level HP420(config)# Context Configuration Levels (Ethernet, wireless) HP420(<context>)# Figure 2-1. Command Prompt Examples Provides access to the complete set of the access point configuration ■...

  • Page 22: Advantages Of Using The Hp Web Browser Interface

    Selecting a Management Interface Advantages of Using the HP Web Browser Interface Advantages of Using the HP Web Browser Interface Figure 2-2. Example of the HP Web Browser Interface ■ Easy access to the access point from anywhere on the network ■...
  • Page 23 Using the Command Line Interface (CLI) Contents Overview ........... . . 3-2 Accessing the CLI .

  • Page 24: Using The Command Line Interface (Cli)

    Using the Command Line Interface (CLI) Overview Overview The CLI is a text-based command interface for configuring and monitoring the access point. The CLI gives you access to the access point’s full set of commands while providing the same password protection that is used in the web browser interface.
  • Page 25 Using the Command Line Interface (CLI) Using the CLI When you use the CLI to log on to the access point, you will be prompted to enter a password. For example: Ready Password Prompt Username: admin Password: Figure 3-1. Example of CLI Log-On Screen with Password When you log onto the CLI, you will see a command prompt: HP420#_ C a u t i o n...

  • Page 26: Privilege Level Operation

    Using the Command Line Interface (CLI) Using the CLI Privilege Level Operation Manager Privileges 1. Exec Level 2. Global Configuration Level 3. Context Configuration Level Figure 3-2. Access Sequence for Privilege Levels Exec Privileges Exec privileges allow you to examine the current configuration, perform system-level actions that do not require saving changes, and move between the three levels of access: Exec, Global Configuration, and Context Configu­...
  • Page 27 Using the Command Line Interface (CLI) Using the CLI The Context level is useful, for example, if you want to execute several commands directed at the same interface. To select this level, enter the specific context at the Global Configuration level prompt. For example, to select the context level for the Ethernet interface, you would enter the following command and see the indicated result: HP420(config)#interface ethernet...

  • Page 28: How To Move Between Levels

    Using the Command Line Interface (CLI) Using the CLI How To Move Between Levels Change in Levels Example of Prompt, Command, and Result Exec level HP420#config HP420(config)# Global configuration level Global configuration HP420(config)#interface ethernet level HP420(if-ethernet)# to a Context configuration level Move from any level HP420(if-ethernet)#end...

  • Page 29: Listing Commands And Command Options

    Using the Command Line Interface (CLI) Using the CLI Listing Commands and Command Options At any privilege level you can: ■ List all of the commands available at that level List the options for a specific command ■ Listing Commands Available at Any Privilege Level At a given privilege level you can list and execute the commands that level offers.
  • Page 30 Using the Command Line Interface (CLI) Using the CLI Typing ? at the Configuration level produces this listing: HP420(config)#? Configure commands: 8 02.1x Set 802.1x a ddress Set address e nd Return to pre vious mode e xit Exit to the E XEC mode f ilter Bridge protoc ol filtering h elp...

  • Page 31: Command Option Displays

    Using the Command Line Interface (CLI) Using the CLI the word for the CLI to distinguish it from other possibilities). For example, at the Global Configuration level, if you press immediately after typing [Tab] "u", the CLI displays the command that begins with "u". For example: HP420(config)#u [Tab] HP420(config)#username...

  • Page 32: Configuration Commands And The Context Configuration Modes

    Using the Command Line Interface (CLI) Using the CLI Configuration Commands and the Context Configuration Modes You can execute basic configuration commands in the global configuration mode. However, you must use a context mode to execute context-specific commands. The configuration options include interface (ethernet or wireless) context modes: Ethernet Context .
  • Page 33 Using the Command Line Interface (CLI) Using the CLI Wireless Context . Includes wireless-specific commands that apply only to the wireless interface. The prompt for this mode includes the identity of the wireless interface: Command executed at configuration HP420(config)#interface wireless g level to enter wireless context.

  • Page 34: Cli Control And Editing

    Using the Command Line Interface (CLI) CLI Control and Editing CLI Control and Editing Keystrokes Function [Ctrl] [A] Jumps to the first character of the command line. or [<] Moves the cursor back one character. [Ctrl] [B] [Ctrl] [C] Terminates a task and displays the command prompt. [Ctrl] [E] Jumps to the end of the current command line.

  • Page 35: Using The Hp Web Browser Interface

    Using the HP Web Browser Interface Contents Overview ........... . . 4-2 General Features .

  • Page 36: Overview

    Using the HP Web Browser Interface Overview Overview The HP web browser interface built into the access point lets you easily access the access point from a browser-based PC on your network. This lets you do the following: Make configuration changes to the access point ■...

  • Page 37: General Features

    Using the HP Web Browser Interface General Features General Features The access point includes these web browser interface features: Access Point Configuration: • System identification and service set identifier • IP settings via manual configuration or DHCP • RADIUS client identification •...

  • Page 38: Starting A Web Browser Interface Session With The Access Point

    Using the HP Web Browser Interface Starting a Web Browser Interface Session with the Access Point Starting a Web Browser Interface Session with the Access Point You can start a web browser session using a standalone web browser on a network connection from a PC in the following ways: •...

  • Page 39: Description Of Browser Interface

    The Home Page The home page is the entry point for the web browser interface.The following figure identifies the various parts of the screen. Active Tab Tab Bar World Wide Web site for Hewlett-Packard’s networking products Figure 4-1. The Home Page...

  • Page 40: Support Url

    This page provides the following URL: http://www.hp.com/go/hpprocurve which is the World Wide Web site for Hewlett-Packard’s networking products. Click on the link on this page and you can get to support information regarding your access point, including white papers, firmware updates, and more.

  • Page 41: Tasks For Your First Hp Web Browser Interface Session

    Using the HP Web Browser Interface Tasks for Your First HP Web Browser Interface Session Tasks for Your First HP Web Browser Interface Session The first time you access the web browser interface, there are a number of basic tasks that you should perform: ■...
  • Page 42 Using the HP Web Browser Interface Tasks for Your First HP Web Browser Interface Session Figure 4-2. The Change Password Window 2. Click in the appropriate box in the Change Password menu and enter a user name or password. You will be required to repeat the password string in the confirmation box.

  • Page 43: If You Lose The User Name Or Password

    Using the HP Web Browser Interface Tasks for Your First HP Web Browser Interface Session If You Lose the User Name or Password If you lose the user name or password, you can clear them by pressing the Reset button on the back of the access point for at least five seconds. This action deletes the password and resets the user name to the factory default settings for all of the access point’s interfaces.

  • Page 44: Setting The Radio Channel

    Using the HP Web Browser Interface Tasks for Your First HP Web Browser Interface Session Figure 4-3. Setting the SSID Setting the Radio Channel The access point’s radio channel settings are limited by local regulations, which determine the number of channels that are available. You can manually set the access point’s radio channel or allow it to automatically select an unoccupied channel.
  • Page 45 Using the HP Web Browser Interface Tasks for Your First HP Web Browser Interface Session The access point uses the configured radio channel to communicate with wireless clients. When multiple access points are deployed in the same area, be sure to choose a channel separated by at least five channels to avoid having the channels interfere with each other.

  • Page 46: Configuring Tcp/Ip Settings

    Using the HP Web Browser Interface Tasks for Your First HP Web Browser Interface Session Configuring TCP/IP Settings You can use the web browser interface to manage the access point only if it already has an IP address that is reachable through your network. You can set an initial IP address for the access point by using the CLI interface.

  • Page 47: Configuring Security Settings

    Using the HP Web Browser Interface Tasks for Your First HP Web Browser Interface Session Figure 4-5. IP Configuration Configuring Security Settings The access point is configured by default as an “open system,” which broad- casts a beacon signal including the configured SSID. Wireless clients can read the SSID from the beacon, and automatically reset their SSID to allow imme­...
  • Page 48 Using the HP Web Browser Interface Tasks for Your First HP Web Browser Interface Session 2. Set the Authentication Type to Shared Key to require authentication based on a shared key that has been distributed to all stations. Enable Wired Equivalency Setup (WEP) to encrypt transmissions passing between wireless clients and the access point.
  • Page 49 Using the HP Web Browser Interface Tasks for Your First HP Web Browser Interface Session Figure 4-6. Security Settings 4-15...

  • Page 50: Online Help For The Hp Web Browser Interface

    Using the HP Web Browser Interface Tasks for Your First HP Web Browser Interface Session Online Help for the HP Web Browser Interface Online Help is available for the web browser interface. You can use it by clicking on the question mark button in the upper-right corner of any of the web browser interface screens.

  • Page 51: Status Reporting Features

    Using the HP Web Browser Interface Status Reporting Features Status Reporting Features Browser elements covered in this section include: The AP Status window (below) ■ ■ Station status (page 4-19) ■ Event logs (page 4-20) The Status bar (page 4-21) ■...
  • Page 52 Using the HP Web Browser Interface Status Reporting Features AP System Configuration. The AP System Configuration table displays the basic system configuration settings: ■ System Up Time: Length of time the access point has been up. MAC Address: The physical layer address for this device. ■...

  • Page 53: Station Status

    Using the HP Web Browser Interface Status Reporting Features Speed-Duplex: The operating speed and duplex mode of the access ■ point’s RJ-45 Ethernet interface. Station Status The Station Status window shows the wireless clients currently associated with the access point. Figure 4-9.

  • Page 54: Event Logs

    Using the HP Web Browser Interface Status Reporting Features association procedure allows the wireless system to track the location of each mobile client, and ensures that frames destined for each client are forwarded to the appropriate access point. ■ Forwarding Allowed: If 802.1x is being used shows if the station has passed 802.1x authentication and is now allowed to forward traffic to the access point.

  • Page 55: The Status Bar

    Using the HP Web Browser Interface Status Reporting Features The Event Logs table displays the following information: ■ Log Time: The time the log message was generated. Event Level: The logging level associated with this message. For a ■ description of the various levels, see “Enabling System Logging” on page 5-17.
  • Page 56 Using the HP Web Browser Interface Status Reporting Features 4-22...

  • Page 57: Access Point Configuration

    Access Point Configuration Contents Overview ........... . . 5-2 Modifying System Management Access .

  • Page 58: Overview

    Access Point Configuration Overview Modifying Radio Settings ........5-37 Web: Modifying the Radio Working Mode and Settings .

  • Page 59: Modifying System Management Access

    Access Point Configuration Modifying System Management Access Modifying System Management Access Management access to the access point’s web and CLI interface is controlled through a single user name and password. You can also gain additional in-band access security by using control filters (see “Setting up Filter Control” on page 5-32).

  • Page 60: Cli: Setting User Names And Passwords

    Access Point Configuration Modifying System Management Access Figure 5-1. The Change Password Window CLI: Setting User Names and Passwords CLI Commands Used in This Section Command Syntax CLI Reference Page username <name> page 6-12 [no] password <password> page 6-13 This example shows how to set a new user name and password. HP420(config)#username bob HP420(config)#password hp HP420(config)#...

  • Page 61: Modifying System Information

    Access Point Configuration Modifying System Information Modifying System Information The access point’s system information parameters can be left at their default settings. However, modifying these parameters can help you to more easily distinguish one device from another in your network. You should set a Service Set Identification (SSID) to identify the wireless network service provided by the access point.

  • Page 62: Cli: Setting The System Name And Ssid

    Access Point Configuration Modifying System Information Figure 5-2. The System Information Window CLI: Setting the System Name and SSID CLI Commands Used in This Section Command Syntax CLI Reference Page interface <ethernet | wireless g> page 6-53 system name <name> page 6-12 ssid <string>...
  • Page 63 Access Point Configuration Modifying System Information To set the SSID to “RD-AP#3” and display it, enter the CLI commands shown in the following example. HP420(config)#interface wireless g Enter Wireless configuration commands, one per line. HP420(if-wireless g)#ssid RD-AP#3 HP420(if-wireless g)#show Wireless Interface Information =========================================================== ----------------Identification----------------------------- Description...
  • Page 64 Access Point Configuration Modifying System Information To display the configured system name, use the show system command, as shown in the following example. HP420#show system System Information ============================================================ Serial Number : A252014354 System Up time : 0 days, 1 hours, 28 minutes, 9 seconds System Name : AP420 System Location...

  • Page 65: Configuring Ip Settings

    Access Point Configuration Configuring IP Settings Configuring IP Settings Configuring the access point with an IP address expands your ability to manage the access point and use its features. A number of access point features depend on IP addressing to operate. N o t e You can use the web browser interface to access IP addressing only if the access point already has an IP address that is reachable through your network.
  • Page 66 Access Point Configuration Configuring IP Settings • Primary and Secondary DNS Address: The IP address of Domain Name Servers on the network. A DNS maps numerical IP addresses to domain names and can be used to identify network hosts by familiar names instead of the IP addresses.

  • Page 67: Cli: Configuring Ip Settings Statically Or Via Dhcp

    Access Point Configuration Configuring IP Settings Figure 5-3. The IP Configuration Window CLI: Configuring IP Settings Statically or via DHCP CLI Commands Used in This Section Command Syntax CLI Reference Page interface <ethernet | wireless g> page 6-53 [no] ip address <ip-address> <netmask> <gateway> page 6-54 [no] ip dhcp page 6-55 dns primary-server <server-address>...
  • Page 68 Access Point Configuration Configuring IP Settings The following example shows how to enable the DHCP client. HP420(config)#interface ethernet Enter Ethernet configuration commands, one per line. HP420(if-ethernet)#ip dhcp HP420(if-ethernet)# To set the access point’s IP parameters manually, you must first disable the DHCP client.

  • Page 69: Configuring Snmp

    Access Point Configuration Configuring SNMP Configuring SNMP You can use a network management application such as HP OpenView to manage the access point via the Simple Network Management Protocol (SNMP) from a network management station. To implement SNMP manage­ ment, the access point must have an IP address and subnet mask, configured either manually or dynamically.
  • Page 70 Access Point Configuration Configuring SNMP Trap Destination Community Name: The community string sent with ■ the notification operation. (Maximum length: 23 characters) To Enable SNMP and Set Parameters: Select the Configuration tab. Click the [ button. SNMP] Select Enable to enable SNMP management. Type text strings to replace the default community names for read-only and read/write access.

  • Page 71: Cli: Setting Snmp Parameters

    Access Point Configuration Configuring SNMP Figure 5-4. The SNMP Window CLI: Setting SNMP Parameters CLI Commands Used in This Section Command Syntax CLI Reference Page [no] snmp-server enable server page 6-27 [no] snmp-server community <string> [ro | rw] page 6-25 [no] snmp-server host <host_ip_address | page 6-28 host_name>...
  • Page 72 Access Point Configuration Configuring SNMP SNMP management on the access point is enabled by default. To disable SNMP management, type the following command: HP420(config)#no snmp-server enable server The following example shows how to enable SNMP, configure the community strings, and set the location and contact parameters. HP420(config)#snmp-server enable server HP420(config)#snmp-server community alpha rw HP420(config)#snmp-server community beta ro...

  • Page 73: Enabling System Logging

    Access Point Configuration Enabling System Logging Enabling System Logging The access point supports a logging process that can control error messages saved to memory or sent to a Syslog server. The logged messages serve as a valuable tool for isolating access point and network problems. The system allows you to limit the messages that are logged by specifying a minimum severity level.

  • Page 74: Web: Setting Logging Parameters

    Access Point Configuration Enabling System Logging Web: Setting Logging Parameters The System Servers window on the Administration tab enables system logs and Syslog server details to be configured for the access point. The web interface enables you to modify these parameters: ■...

  • Page 75: Cli: Setting Logging Parameters

    Access Point Configuration Enabling System Logging Figure 5-5. Setting Logging Parameters CLI: Setting Logging Parameters CLI Commands Used in This Section Command Syntax CLI Reference Page [no] logging on page 6-15 [no] logging host <host_name | host_ip_address> page 6-15 [no] logging console page 6-16 logging level <Alert | Critical | Error | Warning | page 6-16...
  • Page 76 Access Point Configuration Enabling System Logging The following example shows how to enable logging, set the minimum severity level of messages to be logged, and send messages to the console. HP420(config)#logging on HP420(config)#logging level critical HP420(config)#logging console HP420(config)# The following example shows how to configure the access point to send logging messages to a Syslog server.

  • Page 77: Configuring Sntp

    Access Point Configuration Configuring SNTP Configuring SNTP Simple Network Time Protocol (SNTP) allows the access point to set its internal clock based on periodic updates from a time server (SNTP or NTP). Maintaining an accurate time on the access point enables the system log to record meaningful dates and times for event entries.
  • Page 78 Access Point Configuration Configuring SNTP Enable Daylight Saving: The access point provides a way to automati­ ■ cally adjust the system clock for Daylight Saving Time (DST) changes. To use this feature you define the month and date to begin and to end the change from standard time.

  • Page 79: Cli: Setting Sntp Parameters

    Access Point Configuration Configuring SNTP Figure 5-6. Setting SNTP Parameters CLI: Setting SNTP Parameters CLI Commands Used in This Section Command Syntax CLI Reference Page [no] sntp-server enable page 6-20 sntp-server ip <1 | 2> <ip> page 6-19 sntp-server date-time page 6-20 [no] sntp-server daylight-saving page 6-21...
  • Page 80 Access Point Configuration Configuring SNTP The following example shows how to enable SNTP, configure primary and secondary time server IP addresses, set the time zone, and enable Daylight Saving. HP420(config)#sntp-server enable HP420(config)#sntp-server ip 1 10.1.0.19 HP420(config)#sntp-server ip 2 10.1.2.233 HP420(config)#sntp-server timezone -8 HP420(config)#sntp-server daylight-saving Enter Daylight saving from which month<1-12>: 3 and which day<1-31>: 31...

  • Page 81: Configuring Ethernet Interface Parameters

    Access Point Configuration Configuring Ethernet Interface Parameters Configuring Ethernet Interface Parameters The access point’s Ethernet interface can be configured to use auto-negotia­ tion to set the operating speed and duplex mode. When auto-negotiation is disabled, the operating speed and duplex mode must be manually set to match that of the connected device.

  • Page 82: Cli: Setting Ethernet Interface Parameters

    Access Point Configuration Configuring Ethernet Interface Parameters Figure 5-7. Setting Ethernet Interface Parameters CLI: Setting Ethernet Interface Parameters CLI Commands Used in This Section Command Syntax CLI Reference Page interface <ethernet | wireless g> page 6-53 [no] shutdown page 6-56 speed-duplex <auto | 10MH | 10MF | 100MF | 100MH>...
  • Page 83 Access Point Configuration Configuring Ethernet Interface Parameters The following example shows how to disable the Ethernet interface, force the setting to 100 Mbps full duplex, and then re-enable it. HP420(config)#interface ethernet Enter Ethernet configuration commands, one per line. HP420(if-ethernet)#shutdown HP420(if-ethernet)#speed-duplex 100mf HP420(if-ethernet)#no shutdown HP420(if-ethernet)# To display the current Ethernet interface status from the Exec level, use the...

  • Page 84: Configuring Radius Client Authentication

    Access Point Configuration Configuring RADIUS Client Authentication Configuring RADIUS Client Authentication Remote Authentication Dial-in User Service (RADIUS) is an authentication protocol that uses software running on a central server to control access to RADIUS-aware devices on the network. An authentication server contains a database of user credentials for each user that requires access to the network.
  • Page 85 Access Point Configuration Configuring RADIUS Client Authentication • Retransmit Attempts: The number of times the access point tries to resend a request to the RADIUS server before authentication fails. (Range: 1 - 30) ■ Secondary Radius Server Setup: Configure a secondary RADIUS server to provide a backup in case the primary server fails.

  • Page 86: Cli: Setting Radius Server Parameters

    Access Point Configuration Configuring RADIUS Client Authentication Figure 5-8. The Radius Setup Window CLI: Setting RADIUS Server Parameters CLI Commands Used in This Section Command Syntax CLI Reference Page radius-server address [secondary] <host_ip_address | host_name> page 6-35 radius-server [secondary] port <port_number> page 6-35 radius-server [secondary] key <key_string>...
  • Page 87 Access Point Configuration Configuring RADIUS Client Authentication The following example shows how to configure the primary RADIUS server parameters, including the IP address, UDP port number, secret key, timeout, and retransmit attempts. HP420(config)#radius-server address 10.1.2.25 HP420(config)#radius-server port 1812 HP420(config)#radius-server key green HP420(config)#radius-server timeout 10 HP420(config)#radius-server retransmit 5 HP420(config)#...

  • Page 88: Setting Up Filter Control

    Access Point Configuration Setting up Filter Control Setting up Filter Control The access point can employ VLAN ID and network traffic frame filtering to control access to network resources and increase security. Access and Frame Filtering. You can prevent communications between wireless clients associated to the access point, only allowing traffic between clients and the wired network.

  • Page 89: Web: Enabling Vlan Support And Setting Filters

    Access Point Configuration Setting up Filter Control When VLAN filtering is enabled, the access point must also have 802.1x authentication enabled (see page 5-57) and a RADIUS server configured (see page 5-28). Wireless clients must also support 802.1x client software to be assigned to a specific VLAN.
  • Page 90 Access Point Configuration Setting up Filter Control To Enable VLAN Support: Select the Security tab. Click the [ button. Shared Key Setup] Set the Authentication Type Setup to Open System. Click the [Apply Changes] button. Click the [ button. Authentication] Under 802.1x Setup, select Required.

  • Page 91: Cli: Enabling Vlan Support And Setting Filters

    Access Point Configuration Setting up Filter Control Figure 5-9. The Filter Control Window CLI: Enabling VLAN Support and Setting Filters CLI Commands Used in This Section Command Syntax CLI Reference Page [no] vlan enable page 6-79 native-vlanid <vlan_id> page 6-79 [no] filter local-bridge page 6-47 [no] filter ap-manage...
  • Page 92 Access Point Configuration Setting up Filter Control The following example shows how to set the native VLAN ID and enable VLAN support. Note that to enable or disable VLAN support, you must reboot the access point. HP420(config)#native-vlanid 5 HP420(config)#vlan enable Reboot system now? <y/n>: The following example shows how to enable filtering for management access and wireless-to-wireless communications.

  • Page 93: Modifying Radio Settings

    Access Point Configuration Modifying Radio Settings Modifying Radio Settings The access point can operate in three standard modes, IEEE 802.11b only, 802.11g only, or a mixed 802.11b/802.11g mode. N o t e Both the IEEE 802.11g and 802.11b standards operate within the 2.4 GHz band. In a wireless LAN environment there can often be interference from other 2.4 GHz devices, such as cordless phones.
  • Page 94 Access Point Configuration Modifying Radio Settings N o t e If you are using the worldwide product, J8131A, before you can configure the radio settings the Country Setting must be set using the CLI. See “Using the CLI to Set the Country Code” on page 5-41. The web interface enables you to modify these parameters: ■...
  • Page 95 Access Point Configuration Modifying Radio Settings after every second beacon. Using smaller DTIM intervals delivers broad- cast/multicast frames in a more timely manner, causing stations in Power Save mode to wake up more often and drain power faster. Using higher DTIM values reduces the power used by stations in Power Save mode, but delays the transmission of broadcast/multicast frames.

  • Page 96: Cli: Modifying The Radio Working Mode And Settings

    Access Point Configuration Modifying Radio Settings Figure 5-10. Port/Radio Settings Window CLI: Modifying the Radio Working Mode and Settings CLI Commands Used in This Section Command Syntax CLI Reference Page country <country_code> page 6-9 interface <ethernet | wireless g> page 6-53 radio-mode <b | g | b+g>...
  • Page 97 Access Point Configuration Modifying Radio Settings Command Syntax CLI Reference Page dtim-period <interval> page 6-63 fragmentation-length <length> page 6-64 rts-threshold <threshold> page 6-65 transmit-power <signal-strength> page 6-70 max-association <count> page 6-70 [no] shutdown page 6-75 show interface wireless g page 6-75 Using the CLI to Set the Country Code.
  • Page 98 Access Point Configuration Modifying Radio Settings HP420#country ? WORD Country code: AL-ALBANIA, DZ-ALGERIA, AR-ARGENTINA, AM-ARMENIA, AU-AUSTRALIA, AT-AUSTRIA, AZ-AZERBAIJAN, BH-BAHRAIN, BY-BELARUS, BE-BELGIUM, BZ-BELIZE, BO-BOLVIA, BR-BRAZIL, BN-BRUNEI_DARUSSALAM, BG-BULGARIA, CA-CANADA, CL-CHILE, CN-CHINA, CO-COLOMBIA, CR-COSTA_RICA, HR-CROATIA, CY-CYPRUS, CZ-CZECH_REPUBLIC, DK-DENMARK, DO-DOMINICAN_REPUBLIC, EC-ECUADOR, EG-EGYPT, EE-ESTONIA, FI-FINLAND, FR-FRANCE, GE-GEORGIA, DE-GERMANY, GR-GREECE, GT-GUATEMALA, HK-HONG_KONG, HU-HUNGARY, IS-ICELAND, IN-INDIA, ID-INDONESIA, IR-IRAN, IE-IRELAND, IL-ISRAEL, IT-ITALY, JP-JAPAN, JO-JORDAN, KZ-KAZAKHSTAN,...
  • Page 99 Access Point Configuration Modifying Radio Settings Using the CLI to Configure Radio Settings. The following example shows how to enable and disable the radio, as well as configure other radio parameters. HP420(config)#interface wireless g Enter Wireless configuration commands, one per line. HP420(if-wireless g)#shutdown HP420(if-wireless g)#speed 24 HP420(if-wireless g)#channel 9...
  • Page 100 Access Point Configuration Modifying Radio Settings To display the current radio settings from the Exec level, use the show interface wireless g command, as shown in the following example. HP420#show interface wireless g Wireless Interface Information =========================================================== ----------------Identification----------------------------- Description : Enterprise 802.11g Access Point SSID : Enterprise Wireless AP Radio mode...

  • Page 101: Configuring Wireless Security

    Access Point Configuration Configuring Wireless Security Configuring Wireless Security The access point is configured by default as an “open system,” which broad- casts a beacon signal including the configured SSID. Wireless clients can read the SSID from the beacon, and automatically reset their SSID to allow imme­ diate connection to the nearest access point.
  • Page 102 Access Point Configuration Configuring Wireless Security network by requiring an 802.1x client application to submit user credentials for authentication. The 802.1x standard uses the Extensible Authentication Protocol (EAP) to pass user credentials (either digital certificates, usernames and passwords, or other) from the client to the RADIUS server. Client authen­ tication is then verified on the RADIUS server before the access point grants client access to the network.
  • Page 103 Access Point Configuration Configuring Wireless Security TKIP starts with a master (temporal) key for each user session and then mathematically generates other keys to encrypt each data packet. TKIP provides further data encryption enhancements by including a message integrity check for each packet and a re-keying mechanism, which peri­ odically changes the master key.

  • Page 104: Web: Configuring Wpa Settings

    Access Point Configuration Configuring Wireless Security Table 5-1. Summary of Wireless Security Security Mechanism Client Support Implementation Considerations WEP Built-in support on all 802.11b and • Provides only weak security 802.11g devices • Requires manual key management WEP with 802.1x Requires 802.1x client support in • Provides dynamic key rotation for improved WEP system or by add-in software...
  • Page 105 Access Point Configuration Configuring Wireless Security • WPA Pre-shared Key: The WPA mode for small networks that uses a common password string that is manually distributed. If this mode is selected, be sure to also specify the key string. ■ Multicast Cipher Mode: Selects an encryption method for the global key used for multicast and broadcast traffic, which is supported by all wireless clients.
  • Page 106 Access Point Configuration Configuring Wireless Security Click the button. [Apply Changes] Click the [ button. Authentication] 10. Under 802.1x Setup, select Required. 11. If there are clients in the service area that are not WPA-enabled, enter time periods for refreshing the session and broadcast encryption keys, and for re-authenticating the client.

  • Page 107: Cli: Configuring Wpa Settings

    Access Point Configuration Configuring Wireless Security Figure 5-11. WPA Settings Window CLI: Configuring WPA Settings CLI Commands Used in This Section Command Syntax CLI Reference Page interface <ethernet | wireless g> page 6-53 authentication <open | shared> page 6-66 [no] 802.1x <supported | required> page 6-40 wpa-clients <required | supported>...
  • Page 108 Access Point Configuration Configuring Wireless Security Command Syntax CLI Reference Page wpa-preshared-key <type> <value> page 6-74 show interface wireless g page 6-75 show station page 6-77 Using the CLI to Configure WPA. To configure the access point to sup- port only WPA-enabled clients, be sure to set the access point to “open system” and set 802.1x authentication to “required.”...

  • Page 109: Web: Configuring Mac Address Authentication

    Access Point Configuration Configuring Wireless Security Web: Configuring MAC Address Authentication The access point can be configured to authenticate client MAC addresses against a database stored locally on the access point or remotely on a RADIUS server. Client MAC addresses in the local database can be specified as allowed or denied access the network.
  • Page 110 Access Point Configuration Configuring Wireless Security • Local MAC: The MAC address of the associating station is compared against the local database stored on the access point. The Local MAC Authentication section enables the local database to be set up. The access point supports up to 1024 MAC addresses.

  • Page 111: Cli: Configuring Mac Address Authentication

    Access Point Configuration Configuring Wireless Security Set the Permission to Allowed. 8. Click the [ ] button. The new entry appears in the MAC Authentication Update Table. Repeat steps 6 to 8 for each client that is authorized to access the network. Figure 5-12.
  • Page 112 Access Point Configuration Configuring Wireless Security The following example shows how to configure MAC address authentication using the access point’s local database. The example shows three client MAC addresses that are permitted to access the network. All other MAC addresses are denied access.

  • Page 113: Web: Configuring Ieee 802.1X

    Access Point Configuration Configuring Wireless Security Web: Configuring IEEE 802.1x The access point supports IEEE 802.1x (802.1x) access control for wireless clients. This control feature prevents unauthorized access to the network by requiring an 802.1x client application to submit user credentials for authenti­ cation.
  • Page 114 Access Point Configuration Configuring Wireless Security Broadcast Key Refresh Rate: Sets the interval at which the broadcast ■ keys are refreshed for stations using 802.1x dynamic keying. (Range: 0 - 1440 minutes; Default: 0 = disabled) ■ Session Key Refresh Rate: The interval at which the access point refreshes unicast session keys for associated clients.

  • Page 115: Cli: Configuring Ieee 802.1X

    Access Point Configuration Configuring Wireless Security Figure 5-13. The Authentication Window 802.1x Setup CLI: Configuring IEEE 802.1x CLI Commands Used in This Section Command Syntax CLI Reference Page interface <ethernet | wireless g> page 6-53 authentication <open | shared> page 6-66 [no] 802.1x <supported | required>...
  • Page 116 Access Point Configuration Configuring Wireless Security The following example shows how to configure 802.1x authentication to be required by all clients, as well as setting broadcast and session key refresh rates and a re-authentication timeout. HP420(config)#interface wireless g HP420(if-wireless g)#authentication open HP420(if-wireless g)#end HP420(config)#802.1x required HP420(config)#802.1x broadcast-key-refresh-rate 5...

  • Page 117: Web: Setting Up Wep Shared-Keys

    Access Point Configuration Configuring Wireless Security Web: Setting up WEP Shared-Keys Setting up shared keys enables the basic IEEE 802.11 Wired Equivalent Privacy (WEP) on the access point to prevent unauthorized access to the network. If you choose to use WEP shared keys instead of an open system, be sure to define at least one static WEP key for user authentication and data encryption.
  • Page 118 Access Point Configuration Configuring Wireless Security • Alphanumeric: Enter keys as 5 alphanumeric characters for 64 bit keys, 13 alphanumeric characters for 128 bit keys, or 16 alphanumeric characters for 152 bit keys. ■ Transmit Key Select: Selects the key number to use for encryption. To Configure WEP Shared Keys: Select the Security tab.

  • Page 119: Cli: Setting Up Wep Shared-Keys

    Access Point Configuration Configuring Wireless Security Figure 5-14. Shared Key Setup Window CLI: Setting up WEP Shared-Keys CLI Commands Used in This Section Command Syntax CLI Reference Page interface <ethernet | wireless g> page 6-53 authentication <open | shared> page 6-66 [no] closed-system page 6-59 [no] encryption <key-length>...
  • Page 120 Access Point Configuration Configuring Wireless Security Command Syntax CLI Reference Page [no] key <index> <size> <type> <value> page 6-68 transmit-key <index> page 6-69 show interface wireless g page 6-75 The following example shows how to set up WEP shared keys that are used for client authentication and data encryption.
  • Page 121 Access Point Configuration Configuring Wireless Security The following example shows how to display the current WEP shared key configuration on the access point from the Exec level. HP420#show interface wireless g Wireless Interface Information =========================================================== ----------------Identification----------------------------- Description : Enterprise 802.11g Access Point SSID : Enterprise Wireless AP Radio mode...
  • Page 122 Access Point Configuration Configuring Wireless Security 5-66...

  • Page 123: Command Line Reference

    Command Line Reference Contents Overview ........... . . 6-2 General Commands .

  • Page 124: Overview

    Command Line Reference Overview Overview This chapter describes the commands provided by the CLI. The CLI commands can be broken down into the functional groups shown below. Command Group Description Page General Basic commands for entering configuration mode, restarting the system, or quitting the CLI System Controls user name, password, system logs, browser Management...

  • Page 125: General Commands

    Command Line Reference General Commands General Commands Command Function Mode Page configure Activates global configuration mode Exec Returns to the previous configuration mode GC, IC exit Returns to the Exec mode, or exits the CLI ping Sends ICMP echo request packets to another node Exec on the network reset Restarts the system...

  • Page 126: End

    Command Line Reference General Commands This command returns to the previous configuration mode. Default Setting None Command Mode Global Configuration, Interface Configuration Example This example shows how to return to the Configuration mode from the Ethernet Interface Configuration mode: HP420(if-ethernet)#end HP420(config)# exit This command returns to the Exec mode or exits the configuration program.

  • Page 127: Ping

    Command Line Reference General Commands ping This command sends ICMP echo request packets to another node on the network. Syntax ping <host_name | ip_address> • host_name - Alias of the host. ip_address - IP address of the host. • Default Setting None Command Mode Exec...

  • Page 128: Reset

    Command Line Reference General Commands reset This command restarts the system or restores the factory default settings. Syntax reset <board | configuration> • board - Reboots the system. configuration - Resets the configuration settings to the factory • defaults, and then reboots the system. Default Setting None Command Mode...

  • Page 129: Show Line

    Command Line Reference General Commands Example In this example, the show history command lists the contents of the command history buffer: HP420#show history config exit show history HP420# show line This command displays the console port’s configuration settings. Command Mode Exec Example The console port settings are fixed at the values shown below.

  • Page 130: System Management Commands

    Command Line Reference System Management Commands System Management Commands These commands are used to configure the user name, password, system logs, browser management options, clock settings, and a variety of other system information. Command Function Mode Page Country Setting Sets the country code for correct radio operation country Sets the access point country code Exec...

  • Page 131: Country

    Command Line Reference System Management Commands Command Function Mode Page logging facility- Sets the facility type for remote logging of syslog 6-17 type messages show logging Displays the state of logging Exec 6-18 System Clock Sets the system clock via an NTP/SNTP server sntp-server ip Specifies one or more time servers 6-19...
  • Page 132 Command Line Reference System Management Commands Table 6-1. Access Point Country Codes Country Code Country Code Country Code Country Code Albania Dominican Repulic Kuwait Qatar Algeria Ecuador Latvia Romania Argentina Egypt Lebanon Russia Armenia Estonia Liechtenstein Saudia Arabia Australia Finland Lithuania Singapore Austria...

  • Page 133: Prompt

    Command Line Reference System Management Commands Command Mode Exec Command Usage • The access point’s Country Code must be set before the radio can be enabled. • The available Country Code settings can be displayed by using the country ? command. •...

  • Page 134: System Name

    Command Line Reference System Management Commands Example HP420(config)#prompt RD2 RD2(config)# system name This command specifies or modifies the system name for this device. Syntax system name <name> name - The name of this host. (Maximum length: 32 characters) Default Setting Enterprise AP Command Mode Global Configuration...

  • Page 135: Password

    Command Line Reference System Management Commands Example HP420(config)#username bob HP420(config)# password After initially logging onto the system, you should set the password. Remember to record it in a safe place. Use the no form to reset the default password. Syntax password <password>...

  • Page 136: Ip Http Server

    Command Line Reference System Management Commands Command Mode Global Configuration Command Usage To avoid using common reserved TCP port numbers below 1024, the configurable range is restricted to between 1024 and 65535. However, the default port number is 80. To reset the default port number, use the no ip http port command.

  • Page 137: Logging On

    Command Line Reference System Management Commands logging on This command controls logging of error messages, i.e., sending debug or error messages to memory. The no form disables the logging process. Syntax logging on no logging Default Setting None Command Mode Global Configuration Command Usage The logging process controls error messages saved to memory.

  • Page 138: Logging Console

    Command Line Reference System Management Commands Example HP420(config)#logging host 10.1.0.3 HP420(config)# logging console This command initiates logging of error messages to the console. Use the no form to disable logging to the console. Syntax logging console no logging console Default Setting Disabled Command Mode Global Configuration...

  • Page 139: Logging Facility-Type

    Command Line Reference System Management Commands Command Usage Messages sent include the selected level down to the Alert level. Level Argument Description Alerts Immediate action needed Critical Critical conditions (for example, memory allocation, or free memory error - resource exhausted) Error Error conditions (for example, invalid input, default used) Warning...

  • Page 140: Show Logging

    Command Line Reference System Management Commands Command Usage The command specifies the facility type tag sent in Syslog messages. (See RFC 3164.) This type has no effect on the kind of messages reported by the access point. However, it may be used by the Syslog server to sort messages or to store messages in the corresponding database.

  • Page 141: Sntp-Server Ip

    Command Line Reference System Management Commands sntp-server ip This command sets the IP address of the servers to which SNTP time requests are issued. Use this command with no arguments to clear all time servers from the current list. Syntax sntp-server ip <1 | 2>...

  • Page 142: Sntp-Server Enable

    Command Line Reference System Management Commands sntp-server enable This command enables SNTP client requests for time synchronization with NTP or SNTP time servers specified by the sntp-server ip command. Use the no form to disable SNTP client requests. Syntax sntp-server enable no sntp-server enable Default Setting Disabled...

  • Page 143: Sntp-Server Daylight-Saving

    Command Line Reference System Management Commands Example This example sets the system clock to 17:37 June 19, 2003. HP420#sntp-server date-time Enter Year<1970-2100>: 2003 Enter Month<1-12>: 6 Enter Day<1-31>: 19 Enter Hour<0-23>: 17 Enter Min<0-59>: 37 HP420# Related Commands sntp-server enable (page 6-20) sntp-server daylight-saving This command sets the start and end dates for daylight savings time.

  • Page 144: Sntp-Server Timezone

    Command Line Reference System Management Commands Example This sets daylight savings time to be used from March 31st to October 31st. HP420(config)#sntp-server daylight-saving Enter Daylight saving from which month<1-12>: 3 and which day<1-31>: 31 Enter Daylight saving end to which month<1-12>: 10 and which day<1-31>: 31 HP420(config)# sntp-server timezone...

  • Page 145: Show Sntp

    Command Line Reference System Management Commands show sntp This command displays the current time and configuration settings for the SNTP client. Command Mode Exec Example HP420#show sntp SNTP Information ========================================================= Service State : Enabled SNTP (server 1) IP : 137.92.140.80 SNTP (server 2) IP : 192.43.244.18 Current Time...

  • Page 146: Show Version

    Command Line Reference System Management Commands Example HP420#show system System Information ============================================================ Serial Number : 0000000001 System Up time : 0 days, 0 hours, 1 minutes, 3 seconds System Name : Enterprise AP System Location System Contact : Contact System Country Code : NA - North America MAC Address : 00-30-F1-81-83-12 IP Address...

  • Page 147: Snmp Commands

    Command Line Reference SNMP Commands SNMP Commands Controls access to this access point from management stations using the Simple Network Management Protocol (SNMP), as well as the hosts that will receive trap messages. Command Function Mode Page snmp-server Sets up the community access string to permit access 6-25 community to SNMP commands...

  • Page 148: Snmp-Server Contact

    Command Line Reference SNMP Commands Default Setting • public - Read-only access. Authorized management stations are only able to retrieve MIB objects. • private - Read/write access. Authorized management stations are able to both retrieve and modify MIB objects. Command Mode Global Configuration Command Usage If you enter a community string without the ro or rw option, the default is...

  • Page 149: Snmp-Server Enable Server

    Command Line Reference SNMP Commands Related Commands snmp-server location (page 6-29) snmp-server enable server This command enables SNMP management access and also enables this device to send SNMP traps (i.e., notifications). Use the no form to disable SNMP service and trap messages. Syntax snmp-server enable server no snmp-server enable server...

  • Page 150: Snmp-Server Host

    Command Line Reference SNMP Commands snmp-server host This command specifies the recipient of an SNMP notification. Use the no form to remove the specified host. Syntax snmp-server host <host_ip_address | host_name> <community-string> no snmp-server host • host_ip_address - IP of the host (the targeted recipient). host_name - Name of the host.

  • Page 151: Snmp-Server Location

    Command Line Reference SNMP Commands snmp-server location This command sets the system location string. Use the no form to remove the location string. Syntax snmp-server location <text> no snmp-server location text - String that describes the system location. (Maximum length: 20 characters) Default Setting None Command Mode...

  • Page 152: Show Snmp

    Command Line Reference Flash/File Commands show snmp This command displays the SNMP configuration settings. Command Mode Exec Example HP420#show snmp SNMP Information ============================================ Service State : Enable Community (ro) : ***** Community (rw) : ***** Location : WC-19 Contact : Paul Traps : Enabled Host Name/IP...

  • Page 153: Bootfile

    Command Line Reference Flash/File Commands bootfile This command specifies the software image used to start up the system. Syntax bootfile <filename> filename - Name of the configuration file or image name. Default Setting None Command Mode Exec Command Usage • Use the dir command to see the eligible file names.
  • Page 154 Command Line Reference Flash/File Commands Default Setting None Command Mode Exec Command Usage • The system prompts for data required to complete the copy command. • Only a configuration file can be uploaded to an FTP/TFTP server, but every type of file can be downloaded to the access point. •...

  • Page 155: Delete

    Command Line Reference Flash/File Commands delete This command deletes a file or image. Syntax delete filename filename - Name of the configuration file or image name. Default Setting None Command Mode Exec C a u t i o n Beware of deleting application images from flash memory. At least one appli­ cation image is required in order to boot the access point.

  • Page 156: Radius Client

    Command Line Reference RADIUS Client Command Usage File information is shown below: Column Heading Description File Name The name of the file. Type (2) Operation Code and (5) Configuration file File Size The length of the file in bytes. Example The following example shows how to display all file information: HP420#dir File Name...

  • Page 157: Radius-Server Address

    Command Line Reference RADIUS Client Command Function Mode Page radius-server Sets the number of retries 6-36 retransmit radius-server Sets the interval between sending authentication 6-37 timeout requests show radius Shows the current RADIUS settings Exec 6-38 radius-server address This command specifies the primary and secondary RADIUS servers. Syntax radius-server address [secondary] <host_ip_address | host_name>...

  • Page 158: Radius-Server Key

    Command Line Reference RADIUS Client Default Setting 1812 Command Mode Global Configuration Example HP420(config)#radius-server port 49153 HP420(config)# radius-server key This command sets the RADIUS encryption key. Syntax radius-server [secondary] key <key_string> secondary - Secondary server. • • key_string - Encryption key used to authenticate logon access for client.

  • Page 159: Radius-Server Timeout

    Command Line Reference RADIUS Client number_of_retries - Number of times the access point will try to • authenticate logon access via the RADIUS server. (Range: 1 - 30) Default Setting Command Mode Global Configuration Example HP420(config)#radius-server retransmit 5 HP420(config)# radius-server timeout This command sets the interval between transmitting authentication requests to the RADIUS server.

  • Page 160: Show Radius

    Command Line Reference RADIUS Client show radius This command displays the current settings for the RADIUS server. Default Setting None Command Mode Exec Example HP420#show radius Radius Server Information ======================================== : 192.168.1.25 Port : 181 : ***** Retransmit : 5 Timeout : 10 ========================================...

  • Page 161: 802.1X Port Authentication

    Command Line Reference 802.1x Port Authentication 802.1x Port Authentication The access point supports IEEE 802.1x (802.1x) access control for wireless clients. This control feature prevents unauthorized access to the network by requiring an 802.1x client application to submit user credentials for authenti­ cation.
  • Page 162 Command Line Reference 802.1x Port Authentication 802.1x This command configures 802.1x as optionally supported or as required for wireless clients. Use the no form to disable 802.1x support. Syntax 802.1x <supported | required> no 802.1x • supported - Authenticates clients that initiate the 802.1x authentica­ tion process.

  • Page 163: 802.1X Broadcast-Key-Refresh-Rate

    Command Line Reference 802.1x Port Authentication 802.1x broadcast-key-refresh-rate This command sets the interval at which the broadcast keys are refreshed for stations using 802.1x dynamic keying. Syntax 802.1x broadcast-key-refresh-rate <rate> rate - The interval at which the access point rotates broadcast keys. (Range: 0 - 1440 minutes) Default Setting 0 (Disabled)

  • Page 164: 802.1X Session-Timeout

    Command Line Reference 802.1x Port Authentication Default Setting 0 (Disabled) Command Mode Global Configuration Command Usage Session keys are unique to each client, and are used to authenticate a client connection, and correlate traffic passing between a specific client and the access point. Example HP420(config)#802.1x session-key-refresh-rate 5 HP420(config)#...

  • Page 165: Address Filter Default

    Command Line Reference 802.1x Port Authentication address filter default This command sets filtering to allow or deny listed MAC addresses. Syntax address filter default <allowed | denied> • allowed - Only MAC addresses entered as “denied” in the address filtering table are denied. denied - Only MAC addresses entered as “allowed”...

  • Page 166: Address Filter Delete

    Command Line Reference 802.1x Port Authentication Command Mode Global Configuration Command Mode • The access point supports up to 1024 MAC addresses. • An entry in the address table may be allowed or denied access depending on the global setting configured for the address filter default command.

  • Page 167: Mac-Authentication Server

    Command Line Reference 802.1x Port Authentication mac-authentication server This command sets address filtering to be performed with local or remote options. Use the no form to disable MAC address authentication. Syntax mac-authentication server [local | remote] local - Authenticate the MAC address of wireless clients with the •...

  • Page 168: Show Authentication

    Command Line Reference 802.1x Port Authentication Command Mode Global Configuration Example HP420(config)#mac-authentication session-timeout 1 HP420(config)# show authentication This command shows all MAC address and 802.1x authentication settings, as well as the MAC address filter table. Command Mode Exec Example HP420#show authentication Authentication Information ========================================================= MAC Authentication Server...

  • Page 169: Filtering Commands

    Command Line Reference Filtering Commands Filtering Commands The commands described in this section are used to filter communications between wireless clients, control access to the management interface from wireless clients, and filter traffic using specific Ethernet protocol types. Command Function Mode Page filter local-bridge Disables communication between wireless clients...

  • Page 170: Filter Ap-Manage

    Command Line Reference Filtering Commands Example HP420(config)#filter local-bridge HP420(config)# filter ap-manage This command prevents wireless clients from accessing the management interface on the access point. Use the no form to disable this filtering. Syntax filter ap-manage no filter ap-manage Default Disabled Command Mode Global Configuration...

  • Page 171: Filter Ethernet-Type Protocol

    Command Line Reference Filtering Commands Command Usage This command is used in conjunction with the filter ethernet-type protocol command to determine which Ethernet protocol types are to be filtered. Example HP420(config)#filter ethernet-type enable HP420(config)# Related Commands filter ethernet-type protocol (page 6-49) filter ethernet-type protocol This command sets a filter for a specific Ethernet type.

  • Page 172: Show Filters

    Command Line Reference Filtering Commands Default None Command Mode Global Configuration Command Usage Use the filter ethernet-type enable command to enable filtering for Ethernet types specified in the filtering table, or the no filter ethernet-type enable command to disable all filtering based on the filtering table. Example HP420(config)#filter ethernet-type protocol ARP HP420(config)#...

  • Page 173: Interface Commands

    Command Line Reference Interface Commands Interface Commands The commands described in this section configure connection parameters for the Ethernet interface and wireless interface. Command Function Mode Page General Interface interface Enters specified interface configuration mode GC 6-53 Ethernet Interface dns primary-server Specifies the primary name server IC-E 6-53...
  • Page 174 Command Line Reference Interface Commands Command Function Mode Page rts-threshold Sets the packet size threshold at which an RTS IC-W 6-65 must be sent to the receiving station prior to the sending station starting communications authentication Defines the 802.11 authentication type allowed IC-W 6-66 by the access point encryption...

  • Page 175: Interface

    Command Line Reference Interface Commands interface This command configures an interface type and enters interface configuration mode. Syntax interface <ethernet | wireless g> ethernet - Interface for wired network. • wireless g - Interface for wireless clients. • Default Setting None Command Mode Global Configuration...

  • Page 176: Ip Address

    Command Line Reference Interface Commands Command Usage The primary and secondary name servers are queried in sequence. Example This example specifies two domain-name servers. HP420(if-ethernet)#dns primary-server 192.168.1.55 HP420(if-ethernet)#dns secondary-server 10.1.0.55 HP420(if-ethernet)# Related Commands show interface ethernet (page 6-57) ip address This command sets the IP address for the (10/100Base-TX) Ethernet interface.

  • Page 177: Ip Dhcp

    Command Line Reference Interface Commands ip dhcp command. Valid IP addresses consist of four numbers, 0 to 255, separated by periods. Anything other than this format will not be accepted by the configuration program. Example HP420(config)#interface ethernet Enter Ethernet configuration commands, one per line. HP420(if-ethernet)#ip address 192.168.1.2 255.255.255.0 192.168.1.253 HP420(if-ethernet)#...

  • Page 178: Shutdown

    Command Line Reference Interface Commands Example HP420(config)#interface ethernet Enter Ethernet configuration commands, one per line. HP420(if-ethernet)#ip dhcp HP420(if-ethernet)# Related Commands ip address (page 6-54) shutdown This command disables the Ethernet interface. To restart a disabled interface, use the no form. Syntax shutdown no shutdown...

  • Page 179: Speed-Duplex

    Command Line Reference Interface Commands speed-duplex This command configures the speed and duplex mode of the Ethernet inter- face when auto-negotiation is disabled. Use the no form to restore the default. Syntax speed-duplex <auto | 10MH | 10MF | 100MH | 100MF> auto - autonegotiate the speed and duplex mode •...

  • Page 180: Radio-Mode

    Command Line Reference Interface Commands Command Mode Exec Example HP420#show interface ethernet Ethernet Interface Information ======================================== IP Address : 192.168.1.1 Subnet Mask : 255.255.255.0 Default Gateway : 192.168.1.253 Primary DNS : 192.168.1.55 Secondary DNS : 10.1.0.55 Speed-duplex : 100Base-TX Half Duplex Admin status : Up Operational status...

  • Page 181: Description

    Command Line Reference Interface Commands description This command adds a description to the wireless interface. Use the no form to remove the description. The wireless interface description is displayed when using the show interface wireless g command from the Exec level. Syntax description <string>...

  • Page 182: Speed

    Command Line Reference Interface Commands Command Usage When closed system is enabled, the access point will not include its SSID in beacon messages. Nor will it respond to probe requests from clients that do not include a fixed SSID. Example HP420(if-wireless g)#closed-system HP420(if-wireless g)# speed...

  • Page 183: Channel

    Command Line Reference Interface Commands channel This command configures the radio channel through which the access point communicates with wireless clients. Syntax channel <channel | auto> channel - Manually sets the radio channel used for communications • with wireless clients. –...

  • Page 184: Ssid

    Command Line Reference Interface Commands ssid This command configures the Service Set IDentifier (SSID). Syntax ssid <string> string - The name of a basic service set supported by the access point. (Range: 1 - 32 characters) Default Setting Enterprise Wireless AP Command Mode Interface Configuration (Wireless) Command Usage...

  • Page 185: Dtim-Period

    Command Line Reference Interface Commands Command Usage The beacon signals allow wireless clients to maintain contact with the access point. They may also carry power-management information. Example HP420(if-wireless g)#beacon-interval 150 HP420(if-wireless g)# dtim-period This command configures the rate at which stations in sleep mode must wake up to receive broadcast/multicast transmissions.

  • Page 186: Fragmentation-Length

    Command Line Reference Interface Commands Example HP420(if-wireless g)#dtim-period 100 HP420(if-wireless g)# fragmentation-length This command configures the minimum packet size that can be fragmented when passing through the access point. Syntax fragmentation-length <length> length - Minimum packet size for which fragmentation is allowed. (Range: 256-2346 bytes) Default Setting 2346...

  • Page 187: Rts-Threshold

    Command Line Reference Interface Commands rts-threshold This command sets the packet size threshold at which a Request to Send (RTS) signal must be sent to the receiving station prior to the sending station starting communications. Syntax rts-threshold <threshold> threshold - Threshold packet size for which to send an RTS. (Range: 0-2347 bytes) Default Setting 2347...

  • Page 188: Authentication

    Command Line Reference Interface Commands authentication This command defines the 802.11 authentication type used by the access point. Syntax authentication <open | shared> • open - Accepts the client without verifying its identity using a shared key. shared - Authentication is based on a shared key that has been •...

  • Page 189: Encryption

    Command Line Reference Interface Commands encryption This command defines whether or not WEP encryption is used to provide privacy for wireless communications. Use the no form to disable encryption. Syntax encryption <key-length> no encryption key-length - Size of encryption key. (Options: 64, 128, or 152 bits) Default Setting disabled Command Mode...

  • Page 190: Key

    Command Line Reference Interface Commands This command sets the keys used for WEP encryption. Use the no form to delete a configured key. Syntax key <index> <size> <type> <value> no key <index> • index - Key index. (Range: 1-4) size - Key size. (Options: 64, 128, or 152 bits) •...

  • Page 191: Transmit-Key

    Command Line Reference Interface Commands Related Commands authentication (page 6-66) key (page 6-68) transmit-key This command sets the index of the key to be used for encrypting data frames broadcast or multicast from the access point to wireless clients. Syntax transmit-key <index>...

  • Page 192: Transmit-Power

    Command Line Reference Interface Commands transmit-power This command adjusts the power of the radio signals transmitted from the access point. Syntax transmit-power <signal-strength> signal-strength - Signal strength transmitted from the access point. (Options: full, half, quarter, eighth, min) Default Setting full Command Mode Interface Configuration (Wireless)

  • Page 193: Multicast-Cipher

    Command Line Reference Interface Commands Example HP420(if-wireless g)#max-association 32 HP420(if-wireless g)# multicast-cipher This command defines the cipher algorithm used for broadcasting and multi- casting when using Wi-Fi Protected Access (WPA) security. Syntax multicast-cipher <AES | TKIP | WEP> AES - Advanced Encryption Standard •...

  • Page 194: Wpa-Clients

    Command Line Reference Interface Commands just the unicast keys, but the broadcast keys as well. TKIP is a replacement for WEP that removes the predictability that intruders relied on to determine the WEP key. • AES has been designated by the National Institute of Standards and Technology as the successor to the Data Encryption Standard (DES) encryption algorithm, and will be used by the U.S.

  • Page 195: Wpa-Mode

    Command Line Reference Interface Commands Enterprise-level User Authentication via 802.1x and EAP To strengthen user authentication, WPA uses 802.1x and the Extensible Authentication Protocol (EAP). Used together, these protocols provide strong user authentication via a central RADIUS authentication server that authenticates each user on the network before they join it. WPA also employs “mutual authentication”...

  • Page 196: Wpa-Preshared-Key

    Command Line Reference Interface Commands When the WPA mode is set to pre-shared-key, the key must first be • generated and distributed to all wireless clients before they can successfully associate with the access point. Example HP420(if-wireless g)#wpa-mode pre-shared-key HP420(if-wireless g)# Related Commands wpa-clients (page 6-72) wpa-preshared-key (page 6-74)

  • Page 197: Shutdown

    Command Line Reference Interface Commands Related Commands wpa-clients (page 6-72) wpa-mode (page 6-73) shutdown This command disables the wireless interface. Use the no form to enable the interface. Syntax shutdown no shutdown Default Setting Interface enabled Command Mode Interface Configuration (Wireless) Example HP420(if-wireless g)#shutdown HP420(if-wireless g)#...
  • Page 198 Command Line Reference Interface Commands Example HP420#show interface wireless g Wireless Interface Information =========================================================== ----------------Identification----------------------------- Description : Enterprise 802.11g Access Point SSID : Enterprise Wireless AP Radio mode : 802.11b + 802.11g Channel : 11 (AUTO) Status : Enabled ----------------802.11 Parameters-------------------------- Transmit Power : FULL (14 dBm) Max Station Data Rate...

  • Page 199: Show Station

    Command Line Reference IAPP Command show station This command shows the wireless clients associated with the access point. The "Station Address" displayed is the client’s MAC address. Command Mode Exec Example HP420#show station 802.11g Station Table Station Address : 00-04-E2-41-C2-9D Authenticated : TRUE Associated...

  • Page 200: Vlan Commands

    Command Line Reference VLAN Commands Command Usage The current 802.11 standard does not specify the signaling required between access points in order to support clients roaming from one access point to another. In particular, this can create a problem for clients roaming between access points from different vendors.

  • Page 201: Vlan

    Command Line Reference VLAN Commands vlan This command enables VLAN-tag support for all traffic. Use the no form to disable VLANs. Syntax vlan enable no vlan Default Disabled Command Mode Global Configuration Example HP420(config)#vlan enable Reboot system now? <y/n>: y native-vlanid This command configures the native VLAN ID for the access point.
  • Page 202 Command Line Reference VLAN Commands Example HP420(config)#native-vlanid 3 HP420(config)# 6-80...

  • Page 203: Contents

    File Transfers Contents Overview ........... . A-2 Downloading Access Point Software .

  • Page 204: A File Transfers

    File Transfers Overview Overview You can download new access point software and upload or download con- figuration files. These features are useful for acquiring periodic access point software upgrades and for storing or retrieving a switch configuration. This appendix includes the following information: ■...

  • Page 205: Downloading Access Point Software

    File Transfers Downloading Access Point Software Downloading Access Point Software HP periodically provides access point software updates through the HP ProCurve website (http://www.hp.com/go/hpprocurve). For more information, see the support and warranty booklet shipped with the access point. After you acquire a new access point software file, you can use one of the following methods for downloading the software code to the access point.

  • Page 206: Web: Tftp/Ftp Software Download To The Access Point

    File Transfers Downloading Access Point Software Before you use the procedure, do the following: ■ Obtain the IP address of the TFTP or FTP server on which the access point software file has been stored. If VLANs are configured on the access point, determine the name of the ■...
  • Page 207 File Transfers Downloading Access Point Software To Download New Code Using FTP or TFTP: Select the Administration tab. Click the [ button. Software Upgrade] 3. Under Software Upgrade Remote, select FTP or TFTP for the server you are using. 4. In the text field New Software File, specify the file name of the software code on the FTP or TFTP server.

  • Page 208: Cli: Tftp/Ftp Software Download To The Access Point

    File Transfers Downloading Access Point Software CLI: TFTP/FTP Software Download to the Access Point CLI Commands Used in This Section Command Syntax CLI Reference Page copy <ftp | tftp> file page 6-31 page 6-33 reset <board | configuration> page 6-6 The following example shows how to download new code to the access point using a TFTP server.
  • Page 209 File Transfers Downloading Access Point Software The access point is properly connected to your network and has already ■ been configured with a compatible IP address and subnet mask. Before you use the procedure, do the following: ■ Store or locate the access point software file on the local computer (for example, hp420-2022.bin).

  • Page 210: Transferring Configuration Files

    File Transfers Transferring Configuration Files Figure A-2. Local Software Upgrade Transferring Configuration Files CLI Commands Used in This Section Command Syntax CLI Reference Page copy config <ftp | tftp> page 6-31 copy <ftp | tftp> file page 6-31 page 6-33 reset <board | configuration>...
  • Page 211 File Transfers Transferring Configuration Files The following example shows how to upload the configuration file to a TFTP server. HP420#copy config tftp TFTP Source file name:syscfg TFTP Server IP:192.168.1.19 HP420# The following example shows how to download a configuration file to the access point using a TFTP server.
  • Page 212 File Transfers Transferring Configuration Files A-10...
  • Page 213 Index Numerics 802.1x authentication … 5-45, 6-39 hardware version, displaying … 6-24 HP web browser interface … 2-4 address filtering … 5-46 Advanced Encryption Standard … 5-47 IAPP … 6-77 AES … 5-47 IEEE 802.11f … 6-77 authentication using MAC addresses … 5-53 IEEE 802.1x …...
  • Page 214 enabling traps … 6-27 trap manager … 6-28 password … 4-7, 4-8 SNTP … 5-21 administrator setting … 6-12 software creating … 4-7 displaying version … 6-24 delete … 4-9 downloading … 6-31 if you lose the password … 4-9 SSID …...
  • Page 215 features … 2-4 first-time tasks … 4-7 main screen … 4-5, 4-17, 4-19, 4-20 overview … 4-5, 4-17, 4-19, 4-20 Overview window … 4-5, 4-17, 4-19, 4-20 password lost … 4-9 password, setting … 4-7 screen elements … 4-5, 4-17 security …...

Table of Contents