Page 1 420 www.hp.com/go/hpprocurve...
Page 3 HP ProCurve Wireless Access Point 420 May 2004 Management and Configuration Guide...
Page 4 Packard. performance, or use of this material. The only warranties for HP products and services are set Publication Number forth in the express warranty statements accompanying such products and services. Nothing herein should be 5990-6006 construed as constituting an additional warranty.
Page 5: Table Of Contents
Advantages of Using the CLI ........2-3 Advantages of Using the HP Web Browser Interface ... . . 2-4 3 Using the Command Line Interface (CLI) Contents .
Page 6 Configuring Security Settings ....... . 4-13 Online Help for the HP Web Browser Interface ....4-16 Status Reporting Features .
Page 7 Web: Setting User Names and Passwords ..... . . 5-3 CLI: Setting User Names and Passwords ......5-4 Modifying System Information .
Page 8 CLI: Configuring WPA Settings ....... 5-60 Web: Configuring MAC Address Authentication ....5-62 CLI: Configuring MAC Address Authentication .
Page 9 sntp-server enable ......... . 6-20 sntp-server date-time .
Page 10 mac-authentication session-timeout ......6-45 show authentication ........6-46 Filtering Commands .
Page 11 multicast-cipher ..........6-73 wpa-clients .
Page 12 — This page is intentionally unused. —...
Page 13: Contents
Getting Started Contents Introduction ..........1-2 Conventions .
Page 14: Getting Started
“Related Publications” on page 1-4. The Product Documentation CD-ROM shipped with the access point includes a copy of this guide. You can also download a copy from the HP ProCurve website, http://www.hp.com/go/hpprocurve. (See “Getting Documentation From the Web” on page 1-5.)
Page 15: Command Prompts
Syntax: radius-server address [secondary] <host_ip_address | host_name> Command Prompts In the default configuration, your access point displays the following CLI prompt: HP ProCurve Access Point 420# To simplify recognition, this guide uses HP420 to represent command prompt. For example: HP420# (You can use the prompt command to change the text in the CLI prompt.)
Page 16: Related Publications
IP addressing, as well as describ- ing the LED indications for correct operation and trouble analysis. HP provides a PDF version of this guide on the Product Documentation CD-ROM shipped with the access point. You can also download a copy from the HP ProCurve website.
Page 17: Getting Documentation From The Web
Go to the HP ProCurve website at http://www.hp.com/go/hpprocurve Click on Technical support. Click on Product manuals. Click on the product for which you want to view or download a manual. Figure 1-2. Finding Product Manuals on the HP ProCurve Website...
Page 18: Sources For More Information
IP Addressing. If you just want to give the access point an IP address so that it can communicate on your network, HP recommends that you use the CLI to quickly configure IP addressing. To do so, do one of the following: Enter config at the CLI Exec level prompt.
Page 19 Manager password, and (optionally) configure other basic features. Interpreting LED behavior. ■ For the latest version of the Installation and Getting Started Guide and other documentation for your access point, visit to the HP ProCurve website. (Refer to “Getting Documentation From the Web” on page 1-5.)
Page 20 — This page is intentionally unused. —...
Page 21: Selecting A Management Interface
Advantages of Using the CLI ........2-3 Advantages of Using the HP Web Browser Interface ... . . 2-4...
Page 22: Overview
(chapters 4 and 5), and how to use these interfaces to configure and monitor the access point. For information on how to access the web browser interface Help, refer to “Online Help for the HP Web Browser Interface” on page 4-16.
Page 23: Advantages Of Using The Cli
Selecting a Management Interface Advantages of Using the CLI Advantages of Using the CLI Exec Level HP420# Global Configuration Level HP420(config)# Context Configuration Levels (Ethernet, wireless) HP420(<context>)# Figure 2-1. Command Prompt Examples Provides access to the complete set of the access point configuration ■...
Page 24: Advantages Of Using The Hp Web Browser Interface
Selecting a Management Interface Advantages of Using the HP Web Browser Interface Advantages of Using the HP Web Browser Interface Figure 2-2. Example of the HP Web Browser Interface ■ Easy access to the access point from anywhere on the network ■...
Page 25 Using the Command Line Interface (CLI) Contents Overview ........... . . 3-2 Accessing the CLI .
Page 26: Using The Command Line Interface (Cli)
Using the Command Line Interface (CLI) Overview Overview The CLI is a text-based command interface for configuring and monitoring the access point. The CLI gives you access to the access point’s full set of commands while providing the same password protection that is used in the web browser interface.
Page 27 HP420#_ C a u t i o n HP strongly recommends that you configure a Manager password. If a Man- ager password is not configured, the access point is not password-protected, and anyone having in-band or out-of-band access to the access point may be able to compromise access point and network security.
Page 28: Privilege Level Operation
Using the Command Line Interface (CLI) Using the CLI Privilege Level Operation Manager Privileges 1. Exec Level 2. Global Configuration Level 3. Context Configuration Level Figure 3-2. Access Sequence for Privilege Levels Exec Privileges Exec privileges allow you to examine the current configuration, perform system-level actions that do not require saving changes, and move between the three levels of access: Exec, Global Configuration, and Context Configu- ration.
Page 29 Using the Command Line Interface (CLI) Using the CLI The Context level is useful, for example, if you want to execute several commands directed at the same interface. To select this level, enter the specific context at the Global Configuration level prompt. For example, to select the context level for the Ethernet interface, you would enter the following command and see the indicated result: HP420(config)#interface ethernet...
Page 30: How To Move Between Levels
Using the Command Line Interface (CLI) Using the CLI How To Move Between Levels Change in Levels Example of Prompt, Command, and Result Exec level HP420#config HP420(config)# Global configuration level Global configuration HP420(config)#interface ethernet level HP420(if-ethernet)# to a Context configuration level Move from any level HP420(if-ethernet)#end...
Page 31: Listing Commands And Command Options
Using the Command Line Interface (CLI) Using the CLI Listing Commands and Command Options At any privilege level you can: ■ List all of the commands available at that level List the options for a specific command ■ Listing Commands Available at Any Privilege Level At a given privilege level you can list and execute the commands that level offers.
Page 32 Using the Command Line Interface (CLI) Using the CLI Typing ? at the Configuration level produces this listing: HP420(config)#? Configure commands: 802.1x Set 802.1x address Set address Return to previous mode exit Exit to the EXEC mode filter Bridge protocol filtering help Description of the help system iapp...
Page 33: Command Option Displays
Using the Command Line Interface (CLI) Using the CLI the word for the CLI to distinguish it from other possibilities). For example, at the Global Configuration level, if you press immediately after typing [Tab] "u", the CLI displays the command that begins with "u". For example: HP420(config)#u [Tab] HP420(config)#username...
Page 34: Configuration Commands And The Context Configuration Modes
Using the Command Line Interface (CLI) Using the CLI Configuration Commands and the Context Configuration Modes You can execute basic configuration commands in the global configuration mode. However, you must use a context mode to execute context-specific commands. The configuration options include interface (ethernet or wireless) context modes: Ethernet Context .
Page 35 Using the Command Line Interface (CLI) Using the CLI Wireless Context . Includes wireless-specific commands that apply only to the wireless interface. The prompt for this mode includes the identity of the wireless interface: Command executed at configuration HP420(config)#interface wireless g level to enter wireless context.
Page 36: Cli Control And Editing
Using the Command Line Interface (CLI) CLI Control and Editing CLI Control and Editing Keystrokes Function [Ctrl] [A] Jumps to the first character of the command line. or [<] Moves the cursor back one character. [Ctrl] [B] [Ctrl] [C] Terminates a task and displays the command prompt. [Ctrl] [E] Jumps to the end of the current command line.
Page 37: Using The Hp Web Browser Interface
Configuring Security Settings ....... . 4-13 Online Help for the HP Web Browser Interface ....4-16 Status Reporting Features .
Page 38: Overview
Using the HP Web Browser Interface Overview Overview The HP web browser interface built into the access point lets you easily access the access point from a browser-based PC on your network. This lets you do the following: Make configuration changes to the access point ■...
Page 39: General Features
Using the HP Web Browser Interface General Features General Features The access point includes these web browser interface features: Access Point Configuration: • System identification and service set identifier • IP settings via manual configuration or DHCP • RADIUS client identification •...
Page 40: Starting A Web Browser Interface Session With The Access Point
Using the HP Web Browser Interface Starting a Web Browser Interface Session with the Access Point Starting a Web Browser Interface Session with the Access Point You can start a web browser session using a standalone web browser on a network connection from a PC in the following ways: •...
Page 41: Description Of Browser Interface
Using the HP Web Browser Interface Description of Browser Interface N o t e : IP management can be limited to access from the Ethernet interface. For more on this feature, see “Setting up Filter Control” on page 5-32. Type the IP address (or DNS name) of the access point in the browser Location or Address field and press .
Page 42: Support Url
Using the HP Web Browser Interface Description of Browser Interface Active Tab Tab Bar World Wide Web site for Hewlett-Packard’s networking products Figure 4-1. The Home Page Support URL The home page for the access point’s web browser interface is the Support tab.
Page 43: Tasks For Your First Hp Web Browser Interface Session
Using the HP Web Browser Interface Tasks for Your First HP Web Browser Interface Session Tasks for Your First HP Web Browser Interface Session The first time you access the web browser interface, there are a number of basic tasks that you should perform: ■...
Page 44 Using the HP Web Browser Interface Tasks for Your First HP Web Browser Interface Session Figure 4-2. The Change Password Window Click in the appropriate box in the Change Password menu and enter a user name or password. You will be required to repeat the password string in the confirmation box.
Page 45: If You Lose The User Name Or Password
Using the HP Web Browser Interface Tasks for Your First HP Web Browser Interface Session If You Lose the User Name or Password If you lose the user name or password, you can clear them by pressing the Reset button on the back of the access point for at least five seconds. This action deletes the password and resets the user name to the factory default settings for all of the access point’s interfaces.
Page 46: Setting The Radio Channel
Using the HP Web Browser Interface Tasks for Your First HP Web Browser Interface Session Figure 4-3. Setting the SSID Setting the Radio Channel The access point’s radio channel settings are limited by local regulations, which determine the number of channels that are available. You can manually set the access point’s radio channel or allow it to automatically select an...
Page 47 Using the HP Web Browser Interface Tasks for Your First HP Web Browser Interface Session The access point uses the configured radio channel to communicate with wireless clients. When multiple access points are deployed in the same area, be sure to choose a channel separated by at least five channels to avoid having the channels interfere with each other.
Page 48: Configuring Tcp/Ip Settings
Using the HP Web Browser Interface Tasks for Your First HP Web Browser Interface Session Configuring TCP/IP Settings You can use the web browser interface to manage the access point only if it already has an IP address that is reachable through your network. You can set an initial IP address for the access point by using the CLI interface.
Page 49: Configuring Security Settings
Using the HP Web Browser Interface Tasks for Your First HP Web Browser Interface Session Figure 4-5. IP Configuration Configuring Security Settings The access point is configured by default as an “open system,” which broad- casts a beacon signal including the configured SSID. Wireless clients can read the SSID from the beacon, and automatically reset their SSID to allow imme- diate connection to the nearest access point.
Page 50 Using the HP Web Browser Interface Tasks for Your First HP Web Browser Interface Session Set the Authentication Type to Shared Key to require authentication based on a shared key that has been distributed to all stations. Enable Wired Equivalency Setup (WEP) to encrypt transmissions passing between wireless clients and the access point.
Page 51 Using the HP Web Browser Interface Tasks for Your First HP Web Browser Interface Session Figure 4-6. Security Settings 4-15...
Page 52: Online Help For The Hp Web Browser Interface
Using the HP Web Browser Interface Tasks for Your First HP Web Browser Interface Session Online Help for the HP Web Browser Interface Online Help is available for the web browser interface. You can use it by clicking on the question mark button in the upper-right corner of any of the web browser interface screens.
Page 53: Status Reporting Features
Using the HP Web Browser Interface Status Reporting Features Status Reporting Features Browser elements covered in this section include: The AP Status window (below) ■ ■ Station status (page 4-19) ■ Event logs (page 4-20) The Status bar (page 4-21) ■...
Page 54 Using the HP Web Browser Interface Status Reporting Features AP System Configuration. The AP System Configuration table displays the basic system configuration settings: ■ System Up Time: Length of time the access point has been up. MAC Address: The physical layer address for this device.
Page 55: Station Status
Using the HP Web Browser Interface Status Reporting Features Speed-Duplex: The operating speed and duplex mode of the access ■ point’s RJ-45 Ethernet interface. Station Status The Station Status window shows the wireless clients currently associated with the access point.
Page 56: Event Logs
Using the HP Web Browser Interface Status Reporting Features association procedure allows the wireless system to track the location of each mobile client, and ensures that frames destined for each client are forwarded to the appropriate access point. ■ Forwarding Allowed: If 802.1x is being used shows if the station has passed 802.1x authentication and is now allowed to forward traffic to the...
Page 57: The Status Bar
Using the HP Web Browser Interface Status Reporting Features The Event Logs table displays the following information: ■ Log Time: The time the log message was generated. Event Level: The logging level associated with this message. For a ■ description of the various levels, see “Enabling System Logging” on page 5-17.
Page 58 — This page is intentionally unused. —...
Page 59: Access Point Configuration
Access Point Configuration Contents Overview ........... . . 5-2 Modifying System Management Access .
Page 60: Overview
Access Point Configuration Overview Modifying Radio Settings ........5-37 Web: Modifying the Radio Working Mode and Settings .
Page 61: Modifying System Management Access
5-32). C a u t i o n HP strongly recommends that you configure a new Manager password and not use the default. If a Manager password is not configured, then the access point is not password-protected, and anyone having in-band or out-of-band access to the access point may be able to compromise access point and network security.
Page 62: Cli: Setting User Names And Passwords
CLI: Setting User Names and Passwords CLI Commands Used in This Section Command Syntax CLI Reference Page username <name> page 6-12 [no] password <password> page 6-13 This example shows how to set a new user name and password. HP420(config)#username bob HP420(config)#password hp HP420(config)#...
Page 63: Modifying System Information
Access Point Configuration Modifying System Information Modifying System Information The access point’s system information parameters can be left at their default settings. However, modifying these parameters can help you to more easily distinguish one device from another in your network. You should set a Service Set Identification (SSID) to identify the wireless network service provided by the access point.
Page 64: Cli: Setting The System Name And Ssid
Access Point Configuration Modifying System Information Figure 5-2. The System Information Window CLI: Setting the System Name and SSID CLI Commands Used in This Section Command Syntax CLI Reference Page interface <ethernet | wireless g> page 6-53 system name <name> page 6-12 ssid <string>...
Page 65 Access Point Configuration Modifying System Information To set the SSID to “RD-AP#3” and display it, enter the CLI commands shown in the following example. HP420(config)#interface wireless g Enter Wireless configuration commands, one per line. HP420(if-wireless g)#ssid RD-AP#3 HP420(if-wireless g)#show Wireless Interface Information =========================================================== ----------------Identification----------------------------- Description...
Page 66 Access Point Configuration Modifying System Information To display the configured system name, use the show system command, as shown in the following example. HP420#show system System Information ============================================================ Serial Number : A252014354 System Up time : 0 days, 1 hours, 28 minutes, 9 seconds System Name : AP420 System Location...
Page 67: Configuring Ip Settings
Access Point Configuration Configuring IP Settings Configuring IP Settings Configuring the access point with an IP address expands your ability to manage the access point and use its features. A number of access point features depend on IP addressing to operate. N o t e You can use the web browser interface to access IP addressing only if the access point already has an IP address that is reachable through your network.
Page 68 Access Point Configuration Configuring IP Settings • Primary and Secondary DNS Address: The IP address of Domain Name Servers on the network. A DNS maps numerical IP addresses to domain names and can be used to identify network hosts by familiar names instead of the IP addresses.
Page 69: Cli: Configuring Ip Settings Statically Or Via Dhcp
Access Point Configuration Configuring IP Settings Figure 5-3. The IP Configuration Window CLI: Configuring IP Settings Statically or via DHCP CLI Commands Used in This Section Command Syntax CLI Reference Page interface <ethernet | wireless g> page 6-53 [no] ip address <ip-address> <netmask> <gateway> page 6-54 [no] ip dhcp page 6-55 dns primary-server <server-address>...
Page 70 Access Point Configuration Configuring IP Settings The following example shows how to enable the DHCP client. HP420(config)#interface ethernet Enter Ethernet configuration commands, one per line. HP420(if-ethernet)#ip dhcp HP420(if-ethernet)# To set the access point’s IP parameters manually, you must first disable the DHCP client.
Page 71: Configuring Snmp
Access Point Configuration Configuring SNMP Configuring SNMP You can use a network management application such as HP OpenView to manage the access point via the Simple Network Management Protocol (SNMP) from a network management station. To implement SNMP manage- ment, the access point must have an IP address and subnet mask, configured either manually or dynamically.
Page 72 Access Point Configuration Configuring SNMP Trap Destination Community Name: The community string sent with ■ the notification operation. (Maximum length: 23 characters) To Enable SNMP and Set Parameters: Select the Configuration tab. Click the [ button. SNMP] Select Enable to enable SNMP management. Type text strings to replace the default community names for read-only and read/write access.
Page 73: Cli: Setting Snmp Parameters
Access Point Configuration Configuring SNMP Figure 5-4. The SNMP Window CLI: Setting SNMP Parameters CLI Commands Used in This Section Command Syntax CLI Reference Page [no] snmp-server enable server page 6-27 [no] snmp-server community <string> [ro | rw] page 6-25 [no] snmp-server host <host_ip_address | page 6-28 host_name>...
Page 74 Access Point Configuration Configuring SNMP SNMP management on the access point is enabled by default. To disable SNMP management, type the following command: HP420(config)#no snmp-server enable server The following example shows how to enable SNMP, configure the community strings, and set the location and contact parameters. HP420(config)#snmp-server enable server HP420(config)#snmp-server community alpha rw HP420(config)#snmp-server community beta ro...
Page 75: Enabling System Logging
Access Point Configuration Enabling System Logging Enabling System Logging The access point supports a logging process that can control error messages saved to memory or sent to a Syslog server. The logged messages serve as a valuable tool for isolating access point and network problems. The system allows you to limit the messages that are logged by specifying a minimum severity level.
Page 76: Web: Setting Logging Parameters
Access Point Configuration Enabling System Logging Web: Setting Logging Parameters The System Servers window on the Administration tab enables system logs and Syslog server details to be configured for the access point. The web interface enables you to modify these parameters: ■...
Page 77: Cli: Setting Logging Parameters
Access Point Configuration Enabling System Logging Figure 5-5. Setting Logging Parameters CLI: Setting Logging Parameters CLI Commands Used in This Section Command Syntax CLI Reference Page [no] logging on page 6-15 [no] logging host <host_name | host_ip_address> page 6-15 [no] logging console page 6-16 logging level <Alert | Critical | Error | Warning | page 6-16...
Page 78 Access Point Configuration Enabling System Logging The following example shows how to enable logging, set the minimum severity level of messages to be logged, and send messages to the console. HP420(config)#logging on HP420(config)#logging level critical HP420(config)#logging console HP420(config)# The following example shows how to configure the access point to send logging messages to a Syslog server.
Page 79: Configuring Sntp
Access Point Configuration Configuring SNTP Configuring SNTP Simple Network Time Protocol (SNTP) allows the access point to set its internal clock based on periodic updates from a time server (SNTP or NTP). Maintaining an accurate time on the access point enables the system log to record meaningful dates and times for event entries.
Page 80 Access Point Configuration Configuring SNTP Enable Daylight Saving: The access point provides a way to automati- ■ cally adjust the system clock for Daylight Saving Time (DST) changes. To use this feature you define the month and date to begin and to end the change from standard time.
Page 81: Cli: Setting Sntp Parameters
Access Point Configuration Configuring SNTP Figure 5-6. Setting SNTP Parameters CLI: Setting SNTP Parameters CLI Commands Used in This Section Command Syntax CLI Reference Page [no] sntp-server enable page 6-20 sntp-server ip <1 | 2> <ip> page 6-19 sntp-server date-time page 6-20 [no] sntp-server daylight-saving page 6-21...
Page 82 Access Point Configuration Configuring SNTP The following example shows how to enable SNTP, configure primary and secondary time server IP addresses, set the time zone, and enable Daylight Saving. HP420(config)#sntp-server enable HP420(config)#sntp-server ip 1 10.1.0.19 HP420(config)#sntp-server ip 2 10.1.2.233 HP420(config)#sntp-server timezone -8 HP420(config)#sntp-server daylight-saving Enter Daylight saving from which month<1-12>: 3 and which day<1-31>: 31...
Page 83: Configuring Ethernet Interface Parameters
Access Point Configuration Configuring Ethernet Interface Parameters Configuring Ethernet Interface Parameters The access point’s Ethernet interface can be configured to use auto-negotia- tion to set the operating speed and duplex mode. When auto-negotiation is disabled, the operating speed and duplex mode must be manually set to match that of the connected device.
Page 84: Cli: Setting Ethernet Interface Parameters
Access Point Configuration Configuring Ethernet Interface Parameters Figure 5-7. Setting Ethernet Interface Parameters CLI: Setting Ethernet Interface Parameters CLI Commands Used in This Section Command Syntax CLI Reference Page interface <ethernet | wireless g> page 6-53 [no] shutdown page 6-56 speed-duplex <auto | 10MH | 10MF | 100MF | 100MH>...
Page 85 Access Point Configuration Configuring Ethernet Interface Parameters The following example shows how to disable the Ethernet interface, force the setting to 100 Mbps full duplex, and then re-enable it. HP420(config)#interface ethernet Enter Ethernet configuration commands, one per line. HP420(if-ethernet)#shutdown HP420(if-ethernet)#speed-duplex 100mf HP420(if-ethernet)#no shutdown HP420(if-ethernet)# To display the current Ethernet interface status from the Exec level, use the...
Page 86: Configuring Radius Client Authentication
Access Point Configuration Configuring RADIUS Client Authentication Configuring RADIUS Client Authentication Remote Authentication Dial-in User Service (RADIUS) is an authentication protocol that uses software running on a central server to control access to RADIUS-aware devices on the network. An authentication server contains a database of user credentials for each user that requires access to the network.
Page 87 Access Point Configuration Configuring RADIUS Client Authentication • Retransmit Attempts: The number of times the access point tries to resend a request to the RADIUS server before authentication fails. (Range: 1 - 30) ■ Secondary Radius Server Setup: Configure a secondary RADIUS server to provide a backup in case the primary server fails.
Page 88: Cli: Setting Radius Server Parameters
Access Point Configuration Configuring RADIUS Client Authentication Figure 5-8. The Radius Setup Window CLI: Setting RADIUS Server Parameters CLI Commands Used in This Section Command Syntax CLI Reference Page radius-server address [secondary] <host_ip_address | host_name> page 6-35 radius-server [secondary] port <port_number> page 6-35 radius-server [secondary] key <key_string>...
Page 89 Access Point Configuration Configuring RADIUS Client Authentication The following example shows how to configure the primary RADIUS server parameters, including the IP address, UDP port number, secret key, timeout, and retransmit attempts. HP420(config)#radius-server address 10.1.2.25 HP420(config)#radius-server port 1812 HP420(config)#radius-server key green HP420(config)#radius-server timeout 10 HP420(config)#radius-server retransmit 5 HP420(config)#...
Page 90: Setting Up Filter Control
Access Point Configuration Setting up Filter Control Setting up Filter Control The access point can employ VLAN ID and network traffic frame filtering to control access to network resources and increase security. Access and Frame Filtering. You can prevent communications between wireless clients associated to the access point, only allowing traffic between clients and the wired network.
Page 91: Web: Enabling Vlan Support And Setting Filters
Access Point Configuration Setting up Filter Control When VLAN filtering is enabled, the access point must also have 802.1x authentication enabled (see page 5-66) and a RADIUS server configured (see page 5-28). Wireless clients must also support 802.1x client software to be assigned to a specific VLAN.
Page 92 Access Point Configuration Setting up Filter Control To Enable VLAN Support: Select the Security tab. Click the [ button. Shared Key Setup] Set the Authentication Type Setup to Open System. Click the [Apply Changes] button. Click the [ button. Authentication] Under 802.1x Setup, select Required.
Page 93: Cli: Enabling Vlan Support And Setting Filters
Access Point Configuration Setting up Filter Control Figure 5-9. The Filter Control Window CLI: Enabling VLAN Support and Setting Filters CLI Commands Used in This Section Command Syntax CLI Reference Page [no] vlan enable page 6-82 native-vlanid <vlan_id> page 6-82 [no] filter local-bridge page 6-47 [no] filter ap-manage...
Page 94 Access Point Configuration Setting up Filter Control The following example shows how to set the native VLAN ID and enable VLAN support. Note that to enable or disable VLAN support, you must reboot the access point. HP420(config)#native-vlanid 5 HP420(config)#vlan enable Reboot system now? <y/n>: The following example shows how to enable filtering for management access and wireless-to-wireless communications.
Page 95: Modifying Radio Settings
Access Point Configuration Modifying Radio Settings Modifying Radio Settings The access point can operate in three standard modes, IEEE 802.11b only, 802.11g only, or a mixed 802.11b/802.11g mode. N o t e Both the IEEE 802.11g and 802.11b standards operate within the 2.4 GHz band. In a wireless LAN environment there can often be interference from other 2.4 GHz devices, such as cordless phones.
Page 96: Web: Modifying The Radio Working Mode And Settings
Access Point Configuration Modifying Radio Settings Web: Modifying the Radio Working Mode and Settings The Port/Radio Settings window on the Configuration tab provides the basic settings for the access point’s radio operation. The access point’s radio channel settings are limited by local regulations, which determine the number of channels that are available.
Page 97 Access Point Configuration Modifying Radio Settings Data Beacon Rate: The rate at which stations in sleep mode must wake ■ up to receive broadcast/multicast transmissions. Known also as the Delivery Traffic Indication Map (DTIM) interval, it indicates how often the MAC layer forwards broadcast/multicast traffic, which is necessary to wake up stations that are using Power Save mode.
Page 98: Cli: Modifying The Radio Working Mode And Settings
Access Point Configuration Modifying Radio Settings Click the button. [Apply Changes] Figure 5-10. Port/Radio Settings Window CLI: Modifying the Radio Working Mode and Settings CLI Commands Used in This Section Command Syntax CLI Reference Page country <country_code> page 6-9 interface <ethernet | wireless g> page 6-53 radio-mode <b | g | b+g>...
Page 99 Access Point Configuration Modifying Radio Settings Command Syntax CLI Reference Page multicast-data-rate <speed> page 6-61 channel <channel | auto> page 6-62 beacon-interval <interval> page 6-63 dtim-period <interval> page 6-64 fragmentation-length <length> page 6-65 rts-threshold <threshold> page 6-66 transmit-power <signal-strength> page 6-72 max-association <count>...
Page 100 Access Point Configuration Modifying Radio Settings HP420#country ? WORD Country code: AL-ALBANIA, DZ-ALGERIA, AR-ARGENTINA, AM-ARMENIA, AU-AUSTRALIA, AT-AUSTRIA, AZ-AZERBAIJAN, BH-BAHRAIN, BY-BELARUS, BE-BELGIUM, BZ-BELIZE, BO-BOLVIA, BR-BRAZIL, BN-BRUNEI_DARUSSALAM, BG-BULGARIA, CA-CANADA, CL-CHILE, CN-CHINA, CO-COLOMBIA, CR-COSTA_RICA, HR-CROATIA, CY-CYPRUS, CZ-CZECH_REPUBLIC, DK-DENMARK, DO-DOMINICAN_REPUBLIC, EC-ECUADOR, EG-EGYPT, EE-ESTONIA, FI-FINLAND, FR-FRANCE, GE-GEORGIA, DE-GERMANY, GR-GREECE, GT-GUATEMALA, HK-HONG_KONG, HU-HUNGARY, IS-ICELAND, IN-INDIA, ID-INDONESIA, IR-IRAN, IE-IRELAND, IL-ISRAEL, IT-ITALY, JP-JAPAN, JO-JORDAN, KZ-KAZAKHSTAN,...
Page 101 Access Point Configuration Modifying Radio Settings Using the CLI to Configure Radio Settings. The following example shows how to enable and disable the radio, as well as configure other radio parameters. HP420(config)#interface wireless g Enter Wireless configuration commands, one per line. HP420(if-wireless g)#shutdown HP420(if-wireless g)#speed 24 HP420(if-wireless g)#multicast-data-rate 2...
Page 102 Access Point Configuration Modifying Radio Settings To display the current radio settings from the Exec level, use the show interface wireless g command, as shown in the following example. HP420#show interface wireless g Wireless Interface Information =========================================================== ----------------Identification----------------------------- Description : Enterprise 802.11g Access Point SSID : Enterprise Wireless AP Radio mode...
Page 103: Web: Setting The Antenna Mode And Transmit Power Control
Access Point Configuration Modifying Radio Settings Web: Setting the Antenna Mode and Transmit Power Control Limits The Port/Radio Settings window on the Configuration tab provides access to the configuration settings for external antennas. C a u t i o n An improper combination of transmit power and antenna gain may result in an EIRP power level in excess of the legally imposed limit.
Page 104 Access Point Configuration Modifying Radio Settings 802.11g Transmit Power Control (TPC) Settings (%) External Antenna FCC/IC EU/ETSI Japan Taiwan 7 dBi Indoor/Outdoor Directional, J8443A 8 dBi Outdoor Omni, J8444A — — — 11 dBi Indoor/Outdoor wide angle — — — directional, J8446A* * Use of this antenna in the EU/ETSI region or Taiwan requires an additional insertion loss of 2 dB for this radio mode.
Page 105 Access Point Configuration Modifying Radio Settings • Mid Channel: The percentage of full power allowed for middle radio channels. • High Channel: The percentage of full power allowed for high radio channels. Antenna Mode: Sets the operation mode for the antenna type currently ■...
Page 106: Cli: Setting The Antenna Mode And Transmit Power Control Limits
Access Point Configuration Modifying Radio Settings Figure 5-11. Antenna Mode and Port/Radio Settings Window CLI: Setting the Antenna Mode and Transmit Power Control Limits CLI Commands Used in This Section Command Syntax CLI Reference Page interface <ethernet | wireless g> page 6-53 antenna-mode <diversity | single>...
Page 107 Access Point Configuration Modifying Radio Settings Using the CLI to Set the Antenna Mode. The following example shows how to set the antenna mode for the access point when using a non-diversity antenna. HP420(config)#interface wireless g Enter Wireless configuration commands, one per line. HP420(if-wireless g)#antenna-mode single HP420(if-wireless g)# Using the CLI to Set the Transmit Power Control Limits.
Page 108 Access Point Configuration Modifying Radio Settings You can use the show command to display the current radio settings from the wireless interface configuration level. HP420(if-wireless g)#show Wireless Interface Information =========================================================== ----------------Identification----------------------------- Description : Enterprise 802.11g Access Point SSID : Enterprise Wireless AP Radio mode : 802.11b + 802.11g Channel...
Page 109: Configuring Wireless Security
Access Point Configuration Configuring Wireless Security Configuring Wireless Security The access point is configured by default as an “open system,” which broad- casts a beacon signal including the configured SSID. Wireless clients can read the SSID from the beacon, and automatically reset their SSID to allow imme- diate connection to the nearest access point.
Page 110 Access Point Configuration Configuring Wireless Security network by requiring an 802.1x client application to submit user credentials for authentication. The 802.1x standard uses the Extensible Authentication Protocol (EAP) to pass user credentials (either digital certificates, usernames and passwords, or other) from the client to the RADIUS server. Client authen- tication is then verified on the RADIUS server before the access point grants client access to the network.
Page 111 Access Point Configuration Configuring Wireless Security TKIP starts with a master (temporal) key for each user session and then mathematically generates other keys to encrypt each data packet. TKIP provides further data encryption enhancements by including a message integrity check for each packet and a re-keying mechanism, which peri- odically changes the master key.
Page 112 Access Point Configuration Configuring Wireless Security Table 5-1. Summary of Wireless Security Security Mechanism Client Support Implementation Considerations Built-in support on all 802.11b and • Provides only weak security 802.11g devices • Requires manual key management WEP with 802.1x Requires 802.1x client support in •...
Page 113 Access Point Configuration Configuring Wireless Security Table 5-1. Summary of Wireless Security Configuration Configuring Encryption in the HP ProCurve Wireless Access Point 420 Encryption Methods and CLI Privilege Level and Commands*** Additional Notes Process Requirements WPA Dynamic ONLY Global Configuration Level RADIUS server required.
Page 114 * The AP 420 supports the following Extensible Authentication Protocol (EAP) methods: MD5, TLS, TTLS and PEAP ** Please refer to the table “Configuring MAC Authentication in the HP ProCurve Wireless Access Point 420" *** To start, the access point is in the factory default configuration.
Page 115: Web: Configuring Wpa Settings
Access Point Configuration Configuring Wireless Security Configuring MAC Authentication in the HP ProCurve Wireless Access Point 420 Local MAC MAC Authentication Settings RADIUS Comments Authentication Authentication Authentication MAC Address Permission Mode System Default Deny Allow Local MAC Local MAC Allow...
Page 116 Access Point Configuration Configuring Wireless Security Multicast Cipher Mode: Selects an encryption method for the global ■ key used for multicast and broadcast traffic, which is supported by all wireless clients. • WEP: WEP is the first generation security protocol used to encrypt data crossing the wireless medium using a fairly short key.
Page 117 Access Point Configuration Configuring Wireless Security Click the button. [Apply Changes] 10. Click the [ button. WPA Settings] 11. Under WPA Configuration Mode, select Required if you want only WPA- enabled clients to connect to the network. If you want some clients to connect that are not WPA-enabled, leave this check box clear.
Page 118: Cli: Configuring Wpa Settings
Access Point Configuration Configuring Wireless Security Figure 5-12. WPA Settings Window CLI: Configuring WPA Settings CLI Commands Used in This Section Command Syntax CLI Reference Page interface <ethernet | wireless g> page 6-53 authentication <open | shared> page 6-67 [no] encryption <key-length> page 6-68 [no] 802.1x <supported | required>...
Page 119 Access Point Configuration Configuring Wireless Security Command Syntax CLI Reference Page multicast-cipher <AES | TKIP | WEP> page 6-73 wpa-psk-type <type> page 6-76 wpa-preshared-key <type> <value> page 6-76 show interface wireless g page 6-78 show station page 6-80 Using the CLI to Configure WPA. To configure the access point to sup- port only WPA-enabled clients, be sure to set the access point to “open system”...
Page 120: Web: Configuring Mac Address Authentication
Access Point Configuration Configuring Wireless Security Using the CLI to Configure WPA-PSK Mode. To configure the access point to operate in WPA-PSK mode, be sure to set the access point to “open system” and set 802.1x authentication to “disable.” The following example shows how to configure access point security for WPA- PSK mode.
Page 121 Access Point Configuration Configuring Wireless Security Use IEEE 802.1x authentication for networks with a larger number of ■ users and where security is the most important issue. A RADIUS server is required in the wired network to control the user credentials (digital certificates, smart cards, passwords, or other) of wireless clients.
Page 122 Access Point Configuration Configuring Wireless Security MAC Authentication Table: Displays current entries in the local MAC ■ database. To Configure MAC Authentication Using a Local Database: Select the Security tab. Click the [ button. Authentication] Set MAC Authentication to Local MAC. Under Local MAC authentication, set System Default to Deny.
Page 123: Cli: Configuring Mac Address Authentication
Access Point Configuration Configuring Wireless Security CLI: Configuring MAC Address Authentication CLI Commands Used in This Section Command Syntax CLI Reference Page mac-authentication server [local | remote] page 6-45 address filter default <allowed | denied> page 6-43 address filter entry <mac-address> <allowed | denied> page 6-43 address filter delete <mac-address>...
Page 124: Web: Configuring Ieee 802.1X
Access Point Configuration Configuring Wireless Security The following example shows how to display the current authentication configuration on the access point from the Exec level. HP420#show authentication Authentication Information ========================================================= MAC Authentication Server : REMOTE MAC Auth Session Timeout Value : 1 secs 802.1x : SUPPORTED Broadcast Key Refresh Rate...
Page 125 Access Point Configuration Configuring Wireless Security The Authentication window on the Security tab enables 802.1x to be configured for the access point. The web interface enables you to modify these parameters: 802.1x Setup. You can enable 802.1x as optionally supported or as required to enhance the security of the wireless network.
Page 126 Access Point Configuration Configuring Wireless Security Select the Security tab. Click the [ button. Shared Key Setup] Set the Authentication Type Setup to Open System. Click the button. [Apply Changes] Click the [ Authentication] button. 10. Under 802.1x Setup, select Required. 11.
Page 127: Cli: Configuring Ieee 802.1X
Access Point Configuration Configuring Wireless Security CLI: Configuring IEEE 802.1x CLI Commands Used in This Section Command Syntax CLI Reference Page interface <ethernet | wireless g> page 6-53 authentication <open | shared> page 6-67 [no] 802.1x <supported | required> page 6-40 802.1x broadcast-key-refresh-rate <rate>...
Page 128: Web: Setting Up Wep Shared-Keys
Access Point Configuration Configuring Wireless Security The following example shows how to display the current 802.1x configuration on the access point from the Exec level. HP420#show authentication Authentication Information ========================================================= MAC Authentication Server : LOCAL MAC Auth Session Timeout Value : 0 secs 802.1x : REQUIRED Broadcast Key Refresh Rate...
Page 129 Access Point Configuration Configuring Wireless Security Authentication Type Setup: Sets the access point to communicate with ■ clients using pre-configured static shared keys or as an open system that accepts network access attempts from any client. • Open System: Select this option if you plan to use WPA or 802.1x as a security mechanism.
Page 130: Cli: Setting Up Wep Shared-Keys
Access Point Configuration Configuring Wireless Security Click the button. [Apply Changes] Figure 5-15. Shared Key Setup Window CLI: Setting up WEP Shared-Keys CLI Commands Used in This Section Command Syntax CLI Reference Page interface <ethernet | wireless g> page 6-53 authentication <open | shared>...
Page 131 Access Point Configuration Configuring Wireless Security Command Syntax CLI Reference Page [no] key <index> <size> <type> <value> page 6-69 transmit-key <index> page 6-70 show interface wireless g page 6-78 The following example shows how to set up WEP shared keys that are used for client authentication and data encryption.
Page 132 Access Point Configuration Configuring Wireless Security The following example shows how to display the current WEP shared key configuration on the access point from the Exec level. HP420#show interface wireless g Wireless Interface Information =========================================================== ----------------Identification----------------------------- Description : Enterprise 802.11g Access Point SSID : Enterprise Wireless AP Radio mode...
Page 133: Command Line Reference
Command Line Reference Contents Overview ........... . . 6-2 General Commands .
Page 134: Overview
Command Line Reference Overview Overview This chapter describes the commands provided by the CLI. The CLI commands can be broken down into the functional groups shown below. Command Group Description Page General Basic commands for entering configuration mode, restarting the system, or quitting the CLI System Controls user name, password, system logs, browser Management...
Page 135: General Commands
Command Line Reference General Commands General Commands Command Function Mode Page configure Activates global configuration mode Exec Returns to the previous configuration mode GC, IC exit Returns to the Exec mode, or exits the CLI ping Sends ICMP echo request packets to another node Exec on the network reset...
Page 136: End
Command Line Reference General Commands This command returns to the previous configuration mode. Default Setting None Command Mode Global Configuration, Interface Configuration Example This example shows how to return to the Configuration mode from the Ethernet Interface Configuration mode: HP420(if-ethernet)#end HP420(config)# exit This command returns to the Exec mode or exits the configuration program.
Page 137: Ping
Command Line Reference General Commands ping This command sends ICMP echo request packets to another node on the network. Syntax ping <host_name | ip_address> • host_name - Alias of the host. ip_address - IP address of the host. • Default Setting None Command Mode Exec...
Page 138: Reset
Command Line Reference General Commands reset This command restarts the system or restores the factory default settings. Syntax reset <board | configuration> • board - Reboots the system. configuration - Resets the configuration settings to the factory • defaults, and then reboots the system. Default Setting None Command Mode...
Page 139: Show Line
Command Line Reference General Commands Example In this example, the show history command lists the contents of the command history buffer: HP420#show history config exit show history HP420# show line This command displays the console port’s configuration settings. Command Mode Exec Example The console port settings are fixed at the values shown below.
Page 140: System Management Commands
Command Line Reference System Management Commands System Management Commands These commands are used to configure the user name, password, system logs, browser management options, clock settings, and a variety of other system information. Command Function Mode Page Country Setting Sets the country code for correct radio operation country Sets the access point country code Exec...
Page 141: Country
Command Line Reference System Management Commands Command Function Mode Page logging facility- Sets the facility type for remote logging of syslog 6-17 type messages show logging Displays the state of logging Exec 6-18 System Clock Sets the system clock via an NTP/SNTP server sntp-server ip Specifies one or more time servers 6-19...
Page 142 Command Line Reference System Management Commands Table 6-1. Access Point Country Codes Country Code Country Code Country Code Country Code Albania Dominican Repulic Kuwait Qatar Algeria Ecuador Latvia Romania Argentina Egypt Lebanon Russia Armenia Estonia Liechtenstein Saudia Arabia Australia Finland Lithuania Singapore Austria...
Page 143: Prompt
This command customizes the CLI prompt. Use the no form to restore the default prompt. Syntax prompt <string> no prompt string - Any alphanumeric string to use for the CLI prompt. (Maximum length: 255 characters) Default Setting HP ProCurve Access Point 420 Command Mode Global Configuration 6-11...
Page 144: System Name
Command Line Reference System Management Commands Example HP420(config)#prompt RD2 RD2(config)# system name This command specifies or modifies the system name for this device. Syntax system name <name> name - The name of this host. (Maximum length: 32 characters) Default Setting Enterprise AP Command Mode Global Configuration...
Page 145: Password
Command Line Reference System Management Commands Example HP420(config)#username bob HP420(config)# password After initially logging onto the system, you should set the password. Remember to record it in a safe place. Use the no form to reset the default password. Syntax password <password>...
Page 146: Ip Http Server
Command Line Reference System Management Commands Command Mode Global Configuration Command Usage To avoid using common reserved TCP port numbers below 1024, the configurable range is restricted to between 1024 and 65535. However, the default port number is 80. To reset the default port number, use the no ip http port command.
Page 147: Logging On
Command Line Reference System Management Commands logging on This command controls logging of error messages, i.e., sending debug or error messages to memory. The no form disables the logging process. Syntax logging on no logging Default Setting None Command Mode Global Configuration Command Usage The logging process controls error messages saved to memory.
Page 148: Logging Console
Command Line Reference System Management Commands Example HP420(config)#logging host 10.1.0.3 HP420(config)# logging console This command initiates logging of error messages to the console. Use the no form to disable logging to the console. Syntax logging console no logging console Default Setting Disabled Command Mode Global Configuration...
Page 149: Logging Facility-Type
Command Line Reference System Management Commands Command Usage Messages sent include the selected level down to the Alert level. Level Argument Description Alerts Immediate action needed Critical Critical conditions (for example, memory allocation, or free memory error - resource exhausted) Error Error conditions (for example, invalid input, default used) Warning...
Page 150: Show Logging
Command Line Reference System Management Commands Command Usage The command specifies the facility type tag sent in Syslog messages. (See RFC 3164.) This type has no effect on the kind of messages reported by the access point. However, it may be used by the Syslog server to sort messages or to store messages in the corresponding database.
Page 151: Sntp-Server Ip
Command Line Reference System Management Commands sntp-server ip This command sets the IP address of the servers to which SNTP time requests are issued. Use this command with no arguments to clear all time servers from the current list. Syntax sntp-server ip <1 | 2>...
Page 152: Sntp-Server Enable
Command Line Reference System Management Commands sntp-server enable This command enables SNTP client requests for time synchronization with NTP or SNTP time servers specified by the sntp-server ip command. Use the no form to disable SNTP client requests. Syntax sntp-server enable no sntp-server enable Default Setting Disabled...
Page 153: Sntp-Server Daylight-Saving
Command Line Reference System Management Commands Example This example sets the system clock to 17:37 June 19, 2003. HP420#sntp-server date-time Enter Year<1970-2100>: 2003 Enter Month<1-12>: 6 Enter Day<1-31>: 19 Enter Hour<0-23>: 17 Enter Min<0-59>: 37 HP420# Related Commands sntp-server enable (page 6-20) sntp-server daylight-saving This command sets the start and end dates for daylight savings time.
Page 154: Sntp-Server Timezone
Command Line Reference System Management Commands Example This sets daylight savings time to be used from March 31st to October 31st. HP420(config)#sntp-server daylight-saving Enter Daylight saving from which month<1-12>: 3 and which day<1-31>: 31 Enter Daylight saving end to which month<1-12>: 10 and which day<1-31>: 31 HP420(config)# sntp-server timezone...
Page 155: Show Sntp
Command Line Reference System Management Commands show sntp This command displays the current time and configuration settings for the SNTP client. Command Mode Exec Example HP420#show sntp SNTP Information ========================================================= Service State : Enabled SNTP (server 1) IP : 137.92.140.80 SNTP (server 2) IP : 192.43.244.18 Current Time...
Page 156: Show Version
Command Line Reference System Management Commands Example HP420#show system System Information ============================================================ Serial Number : 0000000001 System Up time : 0 days, 0 hours, 1 minutes, 3 seconds System Name : Enterprise AP System Location System Contact : Contact System Country Code : NA - North America MAC Address : 00-30-F1-81-83-12 IP Address...
Page 157: Snmp Commands
Command Line Reference SNMP Commands SNMP Commands Controls access to this access point from management stations using the Simple Network Management Protocol (SNMP), as well as the hosts that will receive trap messages. Command Function Mode Page snmp-server Sets up the community access string to permit access 6-25 community to SNMP commands...
Page 158: Snmp-Server Contact
Command Line Reference SNMP Commands Default Setting • public - Read-only access. Authorized management stations are only able to retrieve MIB objects. • private - Read/write access. Authorized management stations are able to both retrieve and modify MIB objects. Command Mode Global Configuration Command Usage If you enter a community string without the ro or rw option, the default is...
Page 159: Snmp-Server Enable Server
Command Line Reference SNMP Commands Related Commands snmp-server location (page 6-29) snmp-server enable server This command enables SNMP management access and also enables this device to send SNMP traps (i.e., notifications). Use the no form to disable SNMP service and trap messages. Syntax snmp-server enable server no snmp-server enable server...
Page 160: Snmp-Server Host
Command Line Reference SNMP Commands snmp-server host This command specifies the recipient of an SNMP notification. Use the no form to remove the specified host. Syntax snmp-server host <host_ip_address | host_name> <community-string> no snmp-server host • host_ip_address - IP of the host (the targeted recipient). host_name - Name of the host.
Page 161: Snmp-Server Location
Command Line Reference SNMP Commands snmp-server location This command sets the system location string. Use the no form to remove the location string. Syntax snmp-server location <text> no snmp-server location text - String that describes the system location. (Maximum length: 20 characters) Default Setting None Command Mode...
Page 162: Show Snmp
Command Line Reference Flash/File Commands show snmp This command displays the SNMP configuration settings. Command Mode Exec Example HP420#show snmp SNMP Information ============================================ Service State : Enable Community (ro) : ***** Community (rw) : ***** Location : WC-19 Contact : Paul Traps : Enabled Host Name/IP...
Page 163: Bootfile
Command Line Reference Flash/File Commands bootfile This command specifies the software file used to start up the system. Syntax bootfile <filename> filename - Name of the software or configuration file. Default Setting None Command Mode Exec Command Usage • Use the dir command to see the eligible file names. Example HP420#bootfile hp420-2.bin HP420#...
Page 164 • HP recommends not changing the name of a software file when downloading a new software. This name helps to quickly identify the software revision that the file contains.
Page 165: Delete
Command Line Reference Flash/File Commands delete This command deletes a software or configuration file. Syntax delete filename filename - Name of the configuration or software file. Default Setting None Command Mode Exec C a u t i o n Beware of deleting software files from flash memory. At least one software file is required in order to boot the access point.
Page 166: Radius Client
Command Line Reference RADIUS Client Command Usage File information is shown below: Column Heading Description File Name The name of the file. Type (2) Software and (5) Configuration file File Size The length of the file in bytes. Example The following example shows how to display all file information: HP420#dir File Name Type...
Page 167: Radius-Server Address
Command Line Reference RADIUS Client Command Function Mode Page radius-server Sets the number of retries 6-36 retransmit radius-server Sets the interval between sending authentication 6-37 timeout requests show radius Shows the current RADIUS settings Exec 6-38 radius-server address This command specifies the primary and secondary RADIUS servers. Syntax radius-server address [secondary] <host_ip_address | host_name>...
Page 168: Radius-Server Key
Command Line Reference RADIUS Client Default Setting 1812 Command Mode Global Configuration Example HP420(config)#radius-server port 49153 HP420(config)# radius-server key This command sets the RADIUS encryption key. Syntax radius-server [secondary] key <key_string> secondary - Secondary server. • key_string - Encryption key used to authenticate logon access for •...
Page 169: Radius-Server Timeout
Command Line Reference RADIUS Client number_of_retries - Number of times the access point will try to • authenticate logon access via the RADIUS server. (Range: 1 - 30) Default Setting Command Mode Global Configuration Example HP420(config)#radius-server retransmit 5 HP420(config)# radius-server timeout This command sets the interval between transmitting authentication requests to the RADIUS server.
Page 170: Show Radius
Command Line Reference RADIUS Client show radius This command displays the current settings for the RADIUS server. Default Setting None Command Mode Exec Example HP420#show radius Radius Server Information ======================================== : 192.168.1.25 Port : 181 : ***** Retransmit Timeout : 10 ======================================== Radius Secondary Server Information ========================================...
Page 171: 802.1X Port Authentication
Command Line Reference 802.1x Port Authentication 802.1x Port Authentication The access point supports IEEE 802.1x (802.1x) access control for wireless clients. This control feature prevents unauthorized access to the network by requiring an 802.1x client application to submit user credentials for authenti- cation.
Page 172 Command Line Reference 802.1x Port Authentication 802.1x This command configures 802.1x as optionally supported or as required for wireless clients. Use the no form to disable 802.1x support. Syntax 802.1x <supported | required> no 802.1x • supported - Authenticates clients that initiate the 802.1x authentica- tion process.
Page 173: 802.1X Broadcast-Key-Refresh-Rate
Command Line Reference 802.1x Port Authentication 802.1x broadcast-key-refresh-rate This command sets the interval at which the broadcast keys are refreshed for stations using 802.1x dynamic keying. Syntax 802.1x broadcast-key-refresh-rate <rate> rate - The interval at which the access point rotates broadcast keys. (Range: 0 - 1440 minutes) Default Setting 0 (Disabled)
Page 174: 802.1X Session-Timeout
Command Line Reference 802.1x Port Authentication Default Setting 0 (Disabled) Command Mode Global Configuration Command Usage Session keys are unique to each client, and are used to authenticate a client connection, and correlate traffic passing between a specific client and the access point. Example HP420(config)#802.1x session-key-refresh-rate 5 HP420(config)#...
Page 175: Address Filter Default
Command Line Reference 802.1x Port Authentication address filter default This command sets filtering to allow or deny listed MAC addresses. Syntax address filter default <allowed | denied> • allowed - Only MAC addresses entered as “denied” in the address filtering table are denied. denied - Only MAC addresses entered as “allowed”...
Page 176: Address Filter Delete
Command Line Reference 802.1x Port Authentication Command Mode Global Configuration Command Mode • The access point supports up to 1024 MAC addresses. • An entry in the address table may be allowed or denied access depending on the global setting configured for the address filter default command.
Page 177: Mac-Authentication Server
Command Line Reference 802.1x Port Authentication mac-authentication server This command sets address filtering to be performed with local or remote options. Use the no form to disable MAC address authentication. Syntax mac-authentication server [local | remote] local - Authenticate the MAC address of wireless clients with the •...
Page 178: Show Authentication
Command Line Reference 802.1x Port Authentication Command Mode Global Configuration Example HP420(config)#mac-authentication session-timeout 1 HP420(config)# show authentication This command shows all MAC address and 802.1x authentication settings, as well as the MAC address filter table. Command Mode Exec Example HP420#show authentication Authentication Information ========================================================= MAC Authentication Server...
Page 179: Filtering Commands
Command Line Reference Filtering Commands Filtering Commands The commands described in this section are used to filter communications between wireless clients, control access to the management interface from wireless clients, and filter traffic using specific Ethernet protocol types. Command Function Mode Page filter local-bridge Disables communication between wireless clients...
Page 180: Filter Ap-Manage
Command Line Reference Filtering Commands Example HP420(config)#filter local-bridge HP420(config)# filter ap-manage This command prevents wireless clients from accessing the management interface on the access point. Use the no form to disable this filtering. Syntax filter ap-manage no filter ap-manage Default Disabled Command Mode Global Configuration...
Page 181: Filter Ethernet-Type Protocol
Command Line Reference Filtering Commands Command Usage This command is used in conjunction with the filter ethernet-type protocol command to determine which Ethernet protocol types are to be filtered. Example HP420(config)#filter ethernet-type enable HP420(config)# Related Commands filter ethernet-type protocol (page 6-49) filter ethernet-type protocol This command sets a filter for a specific Ethernet type.
Page 182: Show Filters
Command Line Reference Filtering Commands Default None Command Mode Global Configuration Command Usage Use the filter ethernet-type enable command to enable filtering for Ethernet types specified in the filtering table, or the no filter ethernet-type enable command to disable all filtering based on the filtering table. Example HP420(config)#filter ethernet-type protocol ARP HP420(config)#...
Page 183: Interface Commands
Command Line Reference Interface Commands Interface Commands The commands described in this section configure connection parameters for the Ethernet interface and wireless interface. Command Function Mode Page General Interface interface Enters specified interface configuration mode GC 6-53 Ethernet Interface dns primary-server Specifies the primary name server IC-E 6-53...
Page 184 Command Line Reference Interface Commands Command Function Mode Page dtim-period Configures the rate at which stations in sleep IC-W 6-64 mode must wake up to receive broadcast/ multicast transmissions fragmentation-length Configures the minimum packet size that can IC-W 6-65 be fragmented rts-threshold Sets the packet size threshold at which an RTS IC-W...
Page 185: Interface
Command Line Reference Interface Commands interface This command configures an interface type and enters interface configuration mode. Syntax interface <ethernet | wireless g> ethernet - Interface for wired network. • wireless g - Interface for wireless clients. • Default Setting None Command Mode Global Configuration...
Page 186: Ip Address
Command Line Reference Interface Commands Command Usage The primary and secondary name servers are queried in sequence. Example This example specifies two domain-name servers. HP420(if-ethernet)#dns primary-server 192.168.1.55 HP420(if-ethernet)#dns secondary-server 10.1.0.55 HP420(if-ethernet)# Related Commands show interface ethernet (page 6-57) ip address This command sets the IP address for the (10/100Base-TX) Ethernet interface.
Page 187: Ip Dhcp
Command Line Reference Interface Commands ip dhcp command. Valid IP addresses consist of four numbers, 0 to 255, separated by periods. Anything other than this format will not be accepted by the configuration program. Example HP420(config)#interface ethernet Enter Ethernet configuration commands, one per line. HP420(if-ethernet)#ip address 192.168.1.2 255.255.255.0 192.168.1.253 HP420(if-ethernet)#...
Page 188: Shutdown
Command Line Reference Interface Commands Example HP420(config)#interface ethernet Enter Ethernet configuration commands, one per line. HP420(if-ethernet)#ip dhcp HP420(if-ethernet)# Related Commands ip address (page 6-54) shutdown This command disables the Ethernet interface. To restart a disabled interface, use the no form. Syntax shutdown no shutdown...
Page 189: Speed-Duplex
Command Line Reference Interface Commands speed-duplex This command configures the speed and duplex mode of the Ethernet inter- face when auto-negotiation is disabled. Use the no form to restore the default. Syntax speed-duplex <auto | 10MH | 10MF | 100MH | 100MF> auto - autonegotiate the speed and duplex mode •...
Page 190: Radio-Mode
Command Line Reference Interface Commands Command Mode Exec Example HP420#show interface ethernet Ethernet Interface Information ======================================== IP Address : 192.168.1.1 Subnet Mask : 255.255.255.0 Default Gateway : 192.168.1.253 Primary DNS : 192.168.1.55 Secondary DNS : 10.1.0.55 Speed-duplex : 100Base-TX Half Duplex Admin status : Up Operational status...
Page 191: Antenna-Mode
Command Line Reference Interface Commands antenna-mode This command sets the antenna mode for the access point. Syntax antenna-mode <diversity | single> • diversity - A diversity antenna system includes two identical antenna elements that are both used to transmit and receive radio signals. The access point’s antennas are diversity antennas.
Page 192: Closed-System
Command Line Reference Interface Commands Example HP420(config)#interface wireless g HP420(if-wireless g)#description RD-AP#3 HP420(if-wireless g)# closed-system This command closes access to clients without a pre-configured SSID. Use the no form to disable this feature. Syntax closed-system no closed-system Default Setting Disabled Command Mode Interface Configuration (Wireless) Command Usage...
Page 193: Multicast-Data-Rate
Command Line Reference Interface Commands Default Setting 54 Mbps Command Mode Interface Configuration (Wireless) Command Usage The maximum transmission distance is affected by the data rate. The lower the data rate, the longer the transmission distance. Example HP420(if-wireless g)#speed 6 HP420(if-wireless g)# multicast-data-rate This command configures the maximum data rate at which the access point...
Page 194: Channel
Command Line Reference Interface Commands channel This command configures the radio channel through which the access point communicates with wireless clients. Syntax channel <channel | auto> channel - Manually sets the radio channel used for communications • with wireless clients. –...
Page 195: Ssid
Command Line Reference Interface Commands ssid This command configures the Service Set IDentifier (SSID). Syntax ssid <string> string - The name of a basic service set supported by the access point. (Range: 1 - 32 characters) Default Setting Enterprise Wireless AP Command Mode Interface Configuration (Wireless) Command Usage...
Page 196: Dtim-Period
Command Line Reference Interface Commands Command Usage The beacon signals allow wireless clients to maintain contact with the access point. They may also carry power-management information. Example HP420(if-wireless g)#beacon-interval 150 HP420(if-wireless g)# dtim-period This command configures the rate at which stations in sleep mode must wake up to receive broadcast/multicast transmissions.
Page 197: Fragmentation-Length
Command Line Reference Interface Commands Example HP420(if-wireless g)#dtim-period 100 HP420(if-wireless g)# fragmentation-length This command configures the minimum packet size that can be fragmented when passing through the access point. Syntax fragmentation-length <length> length - Minimum packet size for which fragmentation is allowed. (Range: 256-2346 bytes) Default Setting 2346...
Page 198: Rts-Threshold
Command Line Reference Interface Commands rts-threshold This command sets the packet size threshold at which a Request to Send (RTS) signal must be sent to the receiving station prior to the sending station starting communications. Syntax rts-threshold <threshold> threshold - Threshold packet size for which to send an RTS. (Range: 0-2347 bytes) Default Setting 2347...
Page 199: Authentication
Command Line Reference Interface Commands authentication This command defines the 802.11 authentication type used by the access point. Syntax authentication <open | shared> • open - Accepts the client without verifying its identity using a shared key. shared - Authentication is based on a shared key that has been •...
Page 200: Encryption
Command Line Reference Interface Commands encryption This command defines whether or not shared-key encryption is used to provide privacy for wireless communications. Use the no form to disable encryption. Syntax encryption <key-length> no encryption key-length - Size of encryption key. (Options: 64, 128, or 152 bits) Default Setting disabled Command Mode...
Page 201: Key
Command Line Reference Interface Commands This command sets the keys used for WEP encryption. Use the no form to delete a configured key. Syntax key <index> <size> <type> <value> no key <index> • index - Key index. (Range: 1-4) size - Key size. (Options: 64, 128, or 152 bits) •...
Page 202: Transmit-Key
Command Line Reference Interface Commands Related Commands authentication (page 6-67) key (page 6-69) transmit-key This command sets the index of the key to be used for encrypting data frames broadcast or multicast from the access point to wireless clients. Syntax transmit-key <index>...
Page 203: Transmit-Limits
Command Line Reference Interface Commands transmit-limits This command sets the reduction in transmit power required for an external antenna to conform with local regulations. Syntax transmit-limits <low> <middle> <high> low - The percentage of full power allowed for low radio channels. (Options: 100, 90, 80, 70, 63, 56, 50, 45, 40, 35, 32, 28, 25, 22, 20, 18, 16, 14, 13, 11, 10) middle - The percentage of full power allowed for middle radio chan-...
Page 204: Transmit-Power
Command Line Reference Interface Commands transmit-power This command adjusts the power of the radio signals transmitted from the access point. Syntax transmit-power <signal-strength> signal-strength - Signal strength transmitted from the access point. (Options: full, half, quarter, eighth, min) Default Setting full Command Mode Interface Configuration (Wireless)
Page 205: Multicast-Cipher
Command Line Reference Interface Commands Example HP420(if-wireless g)#max-association 32 HP420(if-wireless g)# multicast-cipher This command defines the cipher algorithm used for broadcasting and multi- casting when using Wi-Fi Protected Access (WPA) security. Syntax multicast-cipher <AES | TKIP | WEP> AES - Advanced Encryption Standard •...
Page 206: Wpa-Clients
Command Line Reference Interface Commands just the unicast keys, but the broadcast keys as well. TKIP is a replacement for WEP that removes the predictability that intruders relied on to determine the WEP key. • AES has been designated by the National Institute of Standards and Technology as the successor to the Data Encryption Standard (DES) encryption algorithm, and will be used by the U.S.
Page 207: Wpa-Mode
Command Line Reference Interface Commands Enterprise-level User Authentication via 802.1x and EAP To strengthen user authentication, WPA uses 802.1x and the Extensible Authentication Protocol (EAP). Used together, these protocols provide strong user authentication via a central RADIUS authentication server that authenticates each user on the network before they join it. WPA also employs “mutual authentication”...
Page 208: Wpa-Psk-Type
Command Line Reference Interface Commands When the WPA mode is set to pre-shared-key, the key must first be • generated and distributed to all wireless clients before they can successfully associate with the access point. Example HP420(if-wireless g)#wpa-mode pre-shared-key HP420(if-wireless g)# Related Commands wpa-clients (page 6-74) wpa-preshared-key (page 6-76)
Page 209: Shutdown
Command Line Reference Interface Commands type - Input format. (Options: ASCII, HEX) • value - The key string. • For ASCII input, type a string between 8 and 63 alphanumeric – characters. For HEX input, type exactly 64 hexadecimal digits. –...
Page 210: Show Interface Wireless G
Command Line Reference Interface Commands Example HP420(if-wireless g)#shutdown HP420(if-wireless g)# show interface wireless g This command displays the status for the wireless interface. Command Mode Exec 6-78...
Page 211 Command Line Reference Interface Commands Example HP420#show interface wireless g Wireless Interface Information =========================================================== ----------------Identification----------------------------- Description : Enterprise 802.11g Access Point SSID : Enterprise Wireless AP Radio mode : 802.11b only Channel Status : Enabled ----------------802.11 Parameters-------------------------- Transmit Power : HALF (18 dBm) Max Station Data Rate : 24Mbps Multicast Data Rate...
Page 212: Show Station
Command Line Reference IAPP Command show station This command shows the wireless clients associated with the access point. The "Station Address" displayed is the client’s MAC address. Command Mode Exec Example HP420#show station 802.11g Station Table Station Address : 00-04-E2-41-C2-9D Authenticated : TRUE Associated...
Page 213: Vlan Commands
Command Line Reference VLAN Commands Command Usage The current 802.11 standard does not specify the signaling required between access points in order to support clients roaming from one access point to another. In particular, this can create a problem for clients roaming between access points from different vendors.
Page 214: Vlan
Command Line Reference VLAN Commands vlan This command enables VLAN-tag support for all traffic. Use the no form to disable VLANs. Syntax vlan enable no vlan Default Disabled Command Mode Global Configuration Example HP420(config)#vlan enable Reboot system now? <y/n>: y native-vlanid This command configures the native VLAN ID for the access point.
Page 215 Command Line Reference VLAN Commands Example HP420(config)#native-vlanid 3 HP420(config)# 6-83...
Page 216 — This page is intentionally unused. —...
Page 217 File Transfers Contents Overview ........... . A-2 Downloading Access Point Software .
Page 218: A File Transfers
File Transfers Overview Overview You can download new access point software and upload or download con- figuration files. These features are useful for acquiring periodic access point software upgrades and for storing or retrieving a switch configuration. This appendix includes the following information: ■...
Page 219: Downloading Access Point Software
The access point configuration is contained in a separate file that can also be transferred, for example, for archive purposes or to be used in another access point of the same model. HP recommends that you save a copy of the configuration file before upgrading your access point software. See “Transfer- ring Configuration Files”...
Page 220: Web: Tftp/Ftp Software Download To The Access Point
File Transfers Downloading Access Point Software The TFTP or FTP server is accessible to the access point through IP. ■ Before you use the procedure, do the following: ■ Obtain the IP address of the TFTP or FTP server on which the access point software file has been stored.
Page 221 File Transfers Downloading Access Point Software Restore Factory Settings: Click the Restore button to reset the access ■ point’s configuration settings to the factory defaults and reboot the system. ■ Reset Access Point: Click the Reset button to reboot the system. To Download New Software Using FTP or TFTP: Select the Administration tab.
Page 222: Cli: Tftp/Ftp Software Download To The Access Point
File Transfers Downloading Access Point Software Figure A-1. Remote Software Upgrade CLI: TFTP/FTP Software Download to the Access Point CLI Commands Used in This Section Command Syntax CLI Reference Page copy <ftp | tftp> file page 6-31 page 6-33 reset <board | configuration> page 6-6...
Page 223 File Transfers Downloading Access Point Software The following example shows how to download new software to the access point using a TFTP server. HP420#copy tftp file 1. Application image 2. Config file 3. Boot block image Select the type of download<1,2,3>: [1]:1 TFTP Source file name:hp420-2037.bin TFTP Server IP:10.1.0.9...
Page 224: Using The Web Interface To Download Software From The Local
■ A software file for the access point has been stored on the local computer. (The access point software file is typically available from the HP ProCurve website at http://www.hp.com/go/hpprocurve.) The access point is properly connected to your network and has already ■...
Page 225 File Transfers Downloading Access Point Software To Download New Code: Select the Administration tab. Click the [ button. Software Upgrade] Under Software Upgrade Local, in the text field New Software File, specify the path and file name of the software on the local computer. You can use button to find the file.
Page 226: Transferring Configuration Files
File Transfers Transferring Configuration Files Transferring Configuration Files CLI Commands Used in This Section Command Syntax CLI Reference Page copy config <ftp | tftp> page 6-31 copy <ftp | tftp> file page 6-31 page 6-33 reset <board | configuration> page 6-6 Using the CLI commands described in this section, you can copy access point configuration files to and from an FTP or TFTP server.
Page 227 File Transfers Transferring Configuration Files The following example shows how to download a configuration file to the access point using a TFTP server. After downloading the configuration file, you must reboot the access point. HP420#copy tftp file 1. Application image 2.
Page 228 — This page is intentionally unused. —...
Page 229 Index Numerics 802.1x authentication … 5-51, 6-39 hardware version, displaying … 6-24 HP web browser interface … 2-4 address filtering … 5-52 Advanced Encryption Standard … 5-53 IAPP … 6-80 AES … 5-53 IEEE 802.11f … 6-80 antenna mode, setting … 5-45, 6-59 IEEE 802.1x …...
Page 230 enabling traps … 6-27 trap manager … 6-28 password … 4-7, 4-8 SNTP … 5-21 administrator setting … 6-12 software creating … 4-7 displaying version … 6-24 delete … 4-9 downloading … 6-31 if you lose the password … 4-9 SSID …...
Page 231 features … 2-4 first-time tasks … 4-7 main screen … 4-5, 4-17, 4-19, 4-20 overview … 4-5, 4-17, 4-19, 4-20 Overview window … 4-5, 4-17, 4-19, 4-20 password lost … 4-9 password, setting … 4-7 screen elements … 4-5, 4-17 security …...
Page 233 Technical information in this document is subject to change without notice. ©Copyright 2002, 2004 Hewlett-Packard Development Company, L.P. Reproduction, adaptation, or translation without prior written permission is prohibited except as allowed under the copyright laws. Printed in Taiwan May 2004 Manual Part Number 5990-6006 *5990-6006*...

HP procurve 420 Management And Configuration Manual

1 Getting Started

Introduction

Conventions

Related Publications

Getting Documentation from the Web

Sources for more Information

Need Only a Quick Start

2 Selecting a Management Interface

Contents

Overview

Understanding Management Interfaces

Advantages of Using the CLI

Advantages of Using the HP Web Browser Interface

3 Using the Command Line Interface (CLI)

Overview

Accessing the CLI

Using the CLI

CLI Control and Editing

4 Using the HP Web Browser Interface

Contents

Overview

General Features

Starting a Web Browser Interface Session with the Access Point

Description of Browser Interface

Tasks for Your First HP Web Browser Interface Session

Status Reporting Features

5 Access Point Configuration

Contents

Overview

Modifying System Management Access

Modifying System Information

Configuring IP Settings

Configuring SNMP

Enabling System Logging

Configuring SNTP

Configuring Ethernet Interface Parameters

Configuring RADIUS Client Authentication

Setting up Filter Control

Modifying Radio Settings

Configuring Wireless Security

6 Command Line Reference

Contents

Overview

General Commands

System Management Commands

SNMP Commands

Flash/File Commands

RADIUS Client

Filtering Commands

Interface Commands

IAPP Command

VLAN Commands

A File Transfers

Overview

Downloading Access Point Software

Transferring Configuration Files

Quick Links

Related Manuals for HP procurve 420

Summary of Contents for HP procurve 420