System information

ManualsBrandsProCurve ManualsComputer equipment420

hp procurve

wireless access point 420

management and

configuration guide

www.hp.com/go/hpprocurve

Summary of content (363 pages)

PAGE 1
management and configuration guide hp procurve wireless access point 420 www.hp.
PAGE 2
PAGE 3
HP ProCurve Wireless Access Point 420 May 2005 Management and Configuration Guide
PAGE 4
© Copyright 2005 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. This document contains proprietary information, which is protected by copyright. No part of this document may be photocopied, reproduced, or translated into another language without the prior written consent of HewlettPackard.
PAGE 5
Contents 1 Getting Started Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2 Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2 Command Syntax Statements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2 Command Prompts . . . . . . .
PAGE 6
Using the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-4 Command Level at Logon . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-4 Command Level Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-6 Operator Privileges . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-6 Manager Privileges . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 7
The Status Bar . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-24 Neighbor AP Detection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Web: Configuring AP Detection . . . . . . . . . . . . . . . . . . . . . . . . . . . Web: Viewing Detected Neighbor APs . . . . . . . . . . . . . . . . . . . . . CLI: Configuring AP Detection . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 8
Configuring SNTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-45 Web: Setting SNTP Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-45 CLI: Setting SNTP Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-47 Configuring Ethernet Interface Parameters . . . . . . . . . . . . . . . . . . . . . . . . 5-49 Web: Setting Ethernet Interface Parameters . . . . . . . . . . . . . . . . . . . .
PAGE 9
CLI: Creating an SSID Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-24 Web: Modifying SSID Interface Settings . . . . . . . . . . . . . . . . . . . . . . . 6-25 CLI: Modifying SSID Interface Settings . . . . . . . . . . . . . . . . . . . . . . . . 6-27 7 Wireless Security Configuration Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 10
management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-13 username-admin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-14 password-admin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-14 user add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-15 user del . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 11
sntp-server daylight-saving . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-36 sntp-server timezone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-37 show sntp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-38 SNMP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-39 snmp-server community . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 12
RADIUS Accounting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-67 radius-accounting-server enable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-67 radius-accounting-server address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-68 radius-accounting-server port-accounting . . . . . . . . . . . . . . . . . . . . . . 8-68 radius-accounting-server key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 13
Wireless Interface Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-93 interface wireless g . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-94 ssid add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-95 ssid . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-96 ssid-name . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 14
Neighbor AP Detection Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-124 ap-detection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-124 ap-detection duration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-125 ap-detection interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-126 ap-detection first-scan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 15
1 Getting Started Contents Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2 Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2 Command Syntax Statements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2 Command Prompts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-3 Screen Simulations . . . . . . . . . . . . . . .
PAGE 16
Getting Started Introduction Introduction This Management and Configuration Guide is intended to support the following access points: ■ HP ProCurve Wireless Access Point 420 na ■ HP ProCurve Wireless Access Point 420 ww This guide describes how to use the command line interface (CLI) and web browser interface to configure, manage, and monitor access point operation. A troubleshooting chapter is also included.
PAGE 17
Getting Started Conventions ■ Italics indicate variables for which you must supply a value when executing the command.
PAGE 18
Getting Started Related Publications Related Publications Installation and Getting Started Guide. Use the Installation and Getting Started Guide shipped with your access point to prepare for and perform the physical installation. This guide also steps you through connecting the access point to your network and assigning IP addressing, as well as describ ing the LED indications for correct operation and trouble analysis.
PAGE 19
Getting Started Getting Documentation From the Web Getting Documentation From the Web 1. Go to the HP ProCurve website at http://www.hp.com/go/hpprocurve 2. Click on Technical support. 3. Click on Product manuals. 4. Click on the product for which you want to view or download a manual. 3 2 4 Figure 1-2.
PAGE 20
Getting Started Sources for More Information Sources for More Information ■ If you need information on specific features in the HP Web Browser Interface (hereafter referred to as the “web browser interface”), use the online help available for the web browser interface. For more information on web browser Help options, refer to “Online Help for the HP Web Browser Interface” on page 4-7.
PAGE 21
Getting Started Need Only a Quick Start? ■ Quickly assigning an IP address, subnet mask, and gateway, set a Manager password, and (optionally) configure other basic features. ■ Interpreting LED behavior. For the latest version of the Installation and Getting Started Guide and other documentation for your access point, visit to the HP ProCurve website. (Refer to “Getting Documentation From the Web” on page 1-5.
PAGE 22
— This page is intentionally unused.
PAGE 23
2 Selecting a Management Interface Contents Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-2 Understanding Management Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-2 Advantages of Using the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-3 Advantages of Using the HP Web Browser Interface . . . . . . . . . . . . . . . . .
PAGE 24
Selecting a Management Interface Overview Overview This chapter describes the following: ■ Access Point management interfaces ■ Advantages of using each interface type Understanding Management Interfaces Management interfaces enable you to reconfigure the access point and to monitor its status and performance.
PAGE 25
Selecting a Management Interface Advantages of Using the CLI Advantages of Using the CLI HP420# Exec Level HP420(config)# Global Configuration Level HP420()# Context Configuration Levels (Ethernet, wireless) Figure 2-1. Command Prompt Examples ■ Provides access to the complete set of the access point configuration features. ■ Offers out-of-band access, through the RS-232 connection, or in-band access using Telnet or Secure Shell.
PAGE 26
Selecting a Management Interface Advantages of Using the HP Web Browser Interface Advantages of Using the HP Web Browser Interface Figure 2-2.
PAGE 27
3 Using the Command Line Interface (CLI) Contents Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-2 Accessing the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-2 Direct Console Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-2 Telnet Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 28
Using the Command Line Interface (CLI) Overview Overview The CLI is a text-based command interface for configuring and monitoring the access point. The CLI gives you access to the access point’s full set of commands while providing the same password protection that is used in the web browser interface. Accessing the CLI The CLI is accessed through the access point console.
PAGE 29
Using the Command Line Interface (CLI) Accessing the CLI Telnet Access To access the console through a Telnet session, first make sure the access point is configured with an IP address and that it is reachable from the PC that is running the Telnet session (for example, use a ping command to the access point’s IP address). Start the Telnet program on the PC using the access point’s IP address (or DNS name). telnet 10.11.12.195 [Enter] Example of an IP address.
PAGE 30
Using the Command Line Interface (CLI) Using the CLI Using the CLI The CLI commands are organized into the following levels: Note 1. Exec 2. Global Configuration 3. Context Configuration CLI commands are not case-sensitive. The access point supports two user account types, Manager and Operator. When a CLI session is opened with an Operator user account, only a limited number of commands are available.
PAGE 31
Using the Command Line Interface (CLI) Using the CLI When you log onto the access point CLI, you will be prompted to enter an account user name and password. For example: Ready Username: admin Password: Password Prompt Figure 3-1.
PAGE 32
Using the Command Line Interface (CLI) Using the CLI Command Level Operation Manager Privileges 1. Exec Level 2. Global Configuration Level 3. Context Configuration Level Figure 3-2. Access Sequence for Command Levels Operator Privileges Operator privileges only allow you to examine the current configuration and verify connectivity from the Exec level. A ">" character delimits the Operator prompt. For example: HP420>_ Operator prompt.
PAGE 33
Using the Command Line Interface (CLI) Using the CLI ■ Context Configuration level: Enables you to make configuration changes in a specific context, such as the Ethernet interface or the wireless interface. The prompt for the Context Configuration level includes the system name and the selected context. For example: HP420(if-ethernet)# HP420(if-wireless-g)# The Context level is useful, for example, if you want to execute several commands directed at the same interface.
PAGE 34
Using the Command Line Interface (CLI) Using the CLI How To Move Between Levels Change in Levels Example of Prompt, Command, and Result Exec level to Global configuration level HP420#config HP420(config)# Global configuration HP420(config)#interface ethernet level HP420(if-ethernet)# to a Context configuration level Move from any level HP420(if-ethernet)#end to the preceding level HP420(config)#end HP420# Move from any level to the Exec level HP420(if-ethernet)#exit HP420# —or— HP420(config)#exit HP4
PAGE 35
Using the Command Line Interface (CLI) Using the CLI Listing Commands and Command Options At any command level you can: ■ List all of the commands available at that level ■ List the options for a specific command Listing Commands Available at Any Command Level At a given command level you can list and execute the commands that level offers.
PAGE 36
Using the Command Line Interface (CLI) Using the CLI Typing ? at the Global Configuration level produces this listing: HP420(config)#? Configure commands: 802.1x end exit filter help iapp interface logging management management-vlanid no prompt radius-accounting-server show snmp-server snmpv3 sntp-server svp system vlan HP420(config)# Set 802.
PAGE 37
Using the Command Line Interface (CLI) Using the CLI Command Option Displays Conventions for Command Option Displays. When you use the CLI to list options for a particular command, you will see one or more of the following conventions to help you interpret the command data: ■ Braces (< >) indicate a required choice. ■ Square brackets ([]) indicate optional elements. ■ Vertical bars (|) separate alternative, mutually exclusive options in a command. Listing Command Options.
PAGE 38
Using the Command Line Interface (CLI) Using the CLI Configuration Commands and the Context Configuration Modes You can execute basic configuration commands in the global configuration mode. However, you must use a context mode to execute context-specific commands. The configuration options include management and interface (ethernet or wireless) context modes: Management Context . Includes specific commands that apply only to management access to the access point.
PAGE 39
Using the Command Line Interface (CLI) Using the CLI Ethernet Context . Includes interface-specific commands that apply only to the Ethernet interface. The prompt for this mode includes the identity of the Ethernet interface: HP420(config)#interface ethernet Command executed at configuration level for entering Ethernet interface context. HP420(if-ethernet)# Resulting prompt showing Ethernet interface context. HP420(if-ethernet)#? Lists the commands you can use in the Ethernet interface context.
PAGE 40
Using the Command Line Interface (CLI) Using the CLI Wireless Context . Includes wireless-specific commands that apply globally to the wireless interface. The prompt for this mode includes the identity of the wireless interface: HP420(config)#interface wireless g Command executed at configuration level to enter wireless context. HP420(if-wireless-g)# Resulting prompt showing wireless context. HP420(if-wireless-g)#? Lists commands you can use in the wireless context.
PAGE 41
Using the Command Line Interface (CLI) Using the CLI Wireless SSID Context . Includes specific commands that apply only to the SSID wireless interface. The prompt for this mode includes the identity of the wireless interface: HP420(config)#interface wireless g Command executed at configuration level to enter wireless context. HP420(if-wireless-g)#ssid index 1 Command executed at wireless context level to enter SSID wireless context.
PAGE 42
Using the Command Line Interface (CLI) CLI Control and Editing CLI Control and Editing 3-16 Keystrokes Function [Ctrl] [A] Jumps to the first character of the command line. [Ctrl] [B] or [<] Moves the cursor back one character. [Ctrl] [D] Deletes the character at the cursor. [Ctrl] [E] Jumps to the end of the current command line. [Ctrl] [F] or [>] Moves the cursor forward one character. [Ctrl] [I] Completes the current command word (same as using [Tab]).
PAGE 43
Using the Command Line Interface (CLI) CLI Control and Editing Keystrokes Function [Esc] [Y] * Recalls the next buffer entry in the delete buffer. [Ctrl] [H], [Delete], or Deletes the first character to the left of the cursor in the command line. [Backspace] * Multiple keystrokes using the ESc key require it to be released before each keystroke.
PAGE 44
Using the Command Line Interface (CLI) CLI Control and Editing — This page is intentionally unused.
PAGE 45
4 Using the HP Web Browser Interface Contents Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-2 General Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-3 Starting a Web Browser Interface Session with the Access Point . . . . . . . 4-4 Description of Browser Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-5 The Home Page . . . . . . . . . . . . . . .
PAGE 46
Using the HP Web Browser Interface Overview Overview The HP web browser interface built into the access point lets you easily access the access point from a browser-based PC on your network.
PAGE 47
Using the HP Web Browser Interface General Features • Neighbor access point detection (page 4-24) General Features The access point includes these web browser interface features: Access Point Configuration: • System identification • IP settings via manual configuration or DHCP • RADIUS accounting server identification • Filter control between wireless clients, between wireless clients and the management interface, or for specified protocol types • SNMP community strings, trap managers, and SNMPv
PAGE 48
Using the HP Web Browser Interface Starting a Web Browser Interface Session with the Access Point Starting a Web Browser Interface Session with the Access Point You can start a web browser session using a standalone web browser on a network connection from a PC in the following ways: • Directly connected to your network • Connected through remote access to your network This procedure assumes that you have a supported web browser installed on your PC or workstation, and that an IP address has been confi
PAGE 49
Using the HP Web Browser Interface Description of Browser Interface Note: Access point management can be limited to access from the Ethernet inter face. For more on this feature, see “Setting up Filter Control” on page 5-58. Type the IP address (or DNS name) of the access point in the browser Location or Address field and press [Enter]. (It is not necessary to include http://.) 10.11.12.195 [Enter] Example of an IP address. HP420 [Enter] Example of a DNS-type name.
PAGE 50
Using the HP Web Browser Interface Description of Browser Interface Active Tab Tab Bar World Wide Web site for Hewlett-Packard’s networking products Figure 4-1. The Home Page Support URL The home page for the access point’s web browser interface is the Support tab. This page provides the following URL: http://www.hp.com/go/hpprocurve which is the World Wide Web site for Hewlett-Packard’s networking products.
PAGE 51
Using the HP Web Browser Interface Description of Browser Interface Online Help for the HP Web Browser Interface Online Help is available for the web browser interface. You can use it by clicking on the question mark button in the upper-right corner of any of the web browser interface screens. The Help Button Figure 4-2.
PAGE 52
Using the HP Web Browser Interface Tasks for Your First HP Web Browser Interface Session Tasks for Your First HP Web Browser Interface Session The first time you access the web browser interface, there are a number of basic tasks that you should perform: ■ Set the Manager user name and password ■ Set the SNMP community names ■ Set the primary Service Set Identifier (SSID) ■ Enable radio communications and select a channel ■ Change TCP/IP settings ■ Set radio security options Changing the Manage
PAGE 53
Using the HP Web Browser Interface Tasks for Your First HP Web Browser Interface Session Figure 4-4. The User Window 2. In the Edit Existing User section, click in the Username box for “admin” and enter a new user name. Then, click in the Password box to enter a new password. Both the user name and password can be from 3 to 16 printable ASCII characters. 3. Note Click on [Update] to activate the user name and password.
PAGE 54
Using the HP Web Browser Interface Tasks for Your First HP Web Browser Interface Session If You Lose the User Name or Password If you lose the Manager user name or password, you can clear them by pressing the Reset button on the back of the access point for at least five seconds. This action deletes the password and resets the user name to the factory default settings for all of the access point’s interfaces.
PAGE 55
Using the HP Web Browser Interface Tasks for Your First HP Web Browser Interface Session To change the default community names for SNMP v1 or v2c management access, follow these steps: 1. Select the Configuration tab. 2. Click the [SNMP] button. 3. For SNMP State, select Enable to enable SNMP management. 4. For SNMPv3 Only, select Disable to enable access from SNMP v1 and v2c clients. 5. Type text strings to replace the default community names for read-only and read/write access. 6.
PAGE 56
Using the HP Web Browser Interface Tasks for Your First HP Web Browser Interface Session Setting the Primary SSID A Service Set IDentifier (SSID) is a recognizable text string that identifies a wireless network. All wireless clients that want to connect to a network through an access point must set their SSIDs to match that of the access point. The Access Point 420 supports up to eight SSID interfaces.
PAGE 57
Using the HP Web Browser Interface Tasks for Your First HP Web Browser Interface Session Setting the Radio Channel The access point’s radio channel settings are limited by local regulations, which determine the number of channels that are available. You can manually set the access point’s radio channel or allow it to automatically select an unoccupied channel.
PAGE 58
Using the HP Web Browser Interface Tasks for Your First HP Web Browser Interface Session 4. For the Radio Status, clear the Shutdown box to enable radio communica tions. 5. Select the radio channel from the scroll-down box, or mark the Enable radio button for Auto Channel Select. 6. Click the [Apply Changes] button to save the settings. Figure 4-8.
PAGE 59
Using the HP Web Browser Interface Tasks for Your First HP Web Browser Interface Session Note 3. If you select to use a static IP address, you must manually enter the IP address and subnet mask. 4. If a management station exists on another network segment, enter the IP address of a gateway that can route traffic between these segments. 5. Enter the IP address for the primary and secondary DNS servers to be used for host-name to IP address resolution. 6. Click the [Apply Changes] button.
PAGE 60
Using the HP Web Browser Interface Tasks for Your First HP Web Browser Interface Session Configuring Security Settings The Primary SSID is configured as “open system” by default and secondary SSIDs are all “closed system.” Secondary SSIDs cannot be configured as “open system.” The Primary SSID can be configured as “closed system,” if the user wants. Wireless clients can read the Primary SSID from the access point’s beacon frame.
PAGE 61
Using the HP Web Browser Interface Tasks for Your First HP Web Browser Interface Session Figure 4-10.
PAGE 62
Using the HP Web Browser Interface Status Reporting Features Status Reporting Features Browser elements covered in this section include: ■ The AP Status window (below) ■ Station status (page 4-21) ■ Event logs (page 4-23) ■ The Status bar (page 4-24) ■ Neighbor AP Detection (page 4-24) The AP Status Window The AP Status window displays basic system configuration settings, as well as the settings for the wireless interface. The following figure identifies the various parts of the AP Status window.
PAGE 63
Using the HP Web Browser Interface Status Reporting Features AP System Configuration. The AP System Configuration table displays the basic system configuration settings: ■ System Up Time: Length of time the access point has been up. ■ MAC Address: The physical layer address for the Ethernet port interface. ■ System Name: Name assigned to this system. ■ System Contact: Administrator responsible for the system. ■ DHCP Status: Shows if IP configuration is via a DHCP server.
PAGE 64
Using the HP Web Browser Interface Status Reporting Features Figure 4-12. AP Wireless and Ethernet Interface Status AP Wireless Configuration. The AP Wireless Configuration table displays the following wireless settings for each SSID interface: 4-20 ■ No.: The index number of a configured SSID interface. ■ SSID: The service set identifier that identifies this SSID interface. ■ Radio: Indicates if the access point is operating in 802.11b, 802.11g, or mixed (b &g) mode.
PAGE 65
Using the HP Web Browser Interface Status Reporting Features AP Ethernet Configuration. The AP Ethernet Configuration table displays the following ethernet interface settings: ■ IP Subnet Mask: The mask that identifies the host address bits used for routing to specific subnets. ■ Primary DNS Server: The IP address of the primary Domain Name Server on the network. ■ Secondary DNS Server: The IP address of the secondary Domain Name Server on the network.
PAGE 66
Using the HP Web Browser Interface Status Reporting Features any client attempting to connect to the access point without verifying its identity. The shared-key approach uses Wired Equivalent Privacy (WEP) to verify client identity by distributing a shared key to stations before attempting authentication. 4-22 ■ Associated: Shows if the station has been successfully associated with the access point.
PAGE 67
Using the HP Web Browser Interface Status Reporting Features Note The Key Type may appear as “static-wep” for dynamic types and some of the pre-shared types until Forwarding Allowed is changed to “TRUE.” This is a transient state. • VLAN ID: Displays the VLAN ID assigned to the client when VLAN support is enabled. Event Log The Event Log window shows the log messages generated by the access point and stored in memory. Figure 4-14.
PAGE 68
Using the HP Web Browser Interface Status Reporting Features The Status Bar The Status Bar is displayed in the upper left corner of the web browser interface screen. Figure 4-15 shows an expanded view of the status bar. Status Indicator Status Description Product Name Figure 4-15. Example of the Status Bar The Status bar consists of three objects: ■ Status Indicator. Indicates, by icon, the radio status of the access point. • Green: Indicates the radio is active.
PAGE 69
Using the HP Web Browser Interface Status Reporting Features The table of neighbor APs can be viewed from the AP List window on the AP Detection tab. Web: Configuring AP Detection To configure access point detection, use the Settings window on the AP Detection tab. The web interface enables you to modify these parameters: ■ Disable: There are no AP detection scans, either dedicated, periodic, or instant. (This is the default setting.
PAGE 70
Using the HP Web Browser Interface Status Reporting Features 4. If needed, specify a time delay before scanning starts. 5. Click the [Apply Changes] button. Figure 4-16.
PAGE 71
Using the HP Web Browser Interface Status Reporting Features Web: Viewing Detected Neighbor APs After AP detection scanning, use the AP List window on the AP Detection tab to view the table of detected neighbor access points. Figure 4-17. The AP Detection List Window The neighbor AP table displays the following information: ■ BSSID: The Basic Service Set Identifier (wireless MAC address) of the detected access point. ■ SSID: The configured Service Set Identifier.
PAGE 72
Using the HP Web Browser Interface Status Reporting Features ■ Network Type: Indicates if the access point is part of an Infrastructure or Ad Hoc network. ■ Security: The configured encryption being used by the access point. ■ Life Time: The time that the access point entry has existed in the neighbor AP table. This parameter is only displayed when the dedicated scan mode is used.
PAGE 73
Using the HP Web Browser Interface Status Reporting Features The following example shows how to start and stop dedicated scanning. HP420(if-wireless-g)#ap-detection enable dedicated HP420(if-wireless-g)#ap-detection disable HP420(if-wireless-g)# To display the current AP detection configuration, enter the CLI command shown in the following example. HP420#show ap-detection config 802.
PAGE 74
Using the HP Web Browser Interface Status Reporting Features To display the current database of detected neighbor APs, enter the CLI command shown in the following example.
PAGE 75
5 General System Configuration Contents Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-2 Modifying Management User Names and Passwords . . . . . . . . . . . . . . . . . 5-3 Web: Setting User Names and Passwords . . . . . . . . . . . . . . . . . . . . . . . 5-3 CLI: Setting User Names and Passwords . . . . . . . . . . . . . . . . . . . . . . . . 5-5 Setting Management Access Controls . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 76
General System Configuration Overview Web: Setting Ethernet Interface Parameters . . . . . . . . . . . . . . . . . . . . 5-49 CLI: Setting Ethernet Interface Parameters . . . . . . . . . . . . . . . . . . . . . 5-50 Configuring RADIUS Accounting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-52 Web: Setting RADIUS Accounting Server Parameters . . . . . . . . . . . . 5-53 CLI: Setting RADIUS Accounting Server Parameters . . . . . . . . . . . . . 5-55 Setting up Filter Control . . . . .
PAGE 77
General System Configuration Modifying Management User Names and Passwords Modifying Management User Names and Passwords Management access to the access point’s Web and CLI interface is controlled through user names and passwords. A Manager user name and password allows full read/write privileges for the Web and CLI. An Operator user name and password can also be configured. The Operator is restricted to read-only access. A maximum of only two users can be configured, one Manager and one Operator.
PAGE 78
General System Configuration Modifying Management User Names and Passwords • ■ WEB & CLI Operator: Allows the user Web and CLI access. Action: Use the [Create] button to add an Operator user name and pass word. Use the [Update] button to change details for an existing user. The [Remove] button can delete a configured Operator. Note that the Manager (Administrator) account cannot be deleted form the system. To Create a New Operator User Name and Password: 1. Select the Administration tab. 2.
PAGE 79
General System Configuration Modifying Management User Names and Passwords Figure 5-1.
PAGE 80
General System Configuration Modifying Management User Names and Passwords This example shows how to create a new Operator name and password. HP420(config)#management Enter management commands, one per line. HP420(config-mgmt)#user add web operator chris chrispass HP420(config-mgmt)# The following example shows how to change the Manager (Administrator) user name and password. HP420(config)#management Enter management commands, one per line.
PAGE 81
General System Configuration Setting Management Access Controls Setting Management Access Controls To provide more security for the access point, management interfaces that are not required can be disabled. This includes the Web, Telnet, and Secure Shell (SSH), as well as the serial console port and Reset button. Note The access point’s serial port and Reset button cannot be disabled at the same time. When the Reset button is disabled, it is not possible to disable the serial port. HTTP and HTTPS.
PAGE 82
General System Configuration Setting Management Access Controls Web: Configuring Management Controls The Management window on the Administration tab enables management access controls to be configured. The web interface enables you to modify these parameters: ■ Reset Button: Enables or disables the access point’s Reset button. ■ Serial: Enables or disables management access through the access point’s serial console port. ■ HTTP: Enables or disables management access through a Web browser interface.
PAGE 83
General System Configuration Setting Management Access Controls Figure 5-2.
PAGE 84
General System Configuration Setting Management Access Controls Command Syntax CLI Reference Page [no] https port page 8-23 [no] cli telnet page 8-17 [no] ssh enable page 8-18 ssh port page 8-19 show system page 8-25 The following example shows how to enter management configuration con text and disable the access point’s Reset button.
PAGE 85
General System Configuration Setting Management Access Controls To display the current status for management access controls, use the show system command from the Exec level.
PAGE 86
General System Configuration Modifying System Information Modifying System Information The access point’s system name can be left at its default setting. However, modifying this parameter can help you to more easily distinguish one device from another in your network. Note You should also set the primary Service Set Identification (SSID) to identify the wireless network service provided by the access point. See “Setting the Radio Working Mode” on page 6-6.
PAGE 87
General System Configuration Modifying System Information Figure 5-3. The System Information Window CLI: Setting the System Name CLI Commands Used in This Section Command Syntax CLI Reference Page system name page 8-13 show system page 8-25 The following example shows how to set the system name.
PAGE 88
General System Configuration Modifying System Information To display the configured system name, use the show system command, as shown in the following example. HP420#show system System Information ============================================================ Serial Number : TW347QB099 System Up time : 0 days, 6 hours, 45 minutes, 21 seconds System Name : AP420 System Location : System Contact : Contact System Country Code : NA - North America MAC Address : 00-0D-9D-C6-98-7E IP Address : 192.168.1.
PAGE 89
General System Configuration Configuring IP Settings Configuring IP Settings Configuring the access point with an IP address expands your ability to manage the access point and use its features. A number of access point features depend on IP addressing to operate. Note You can use the web browser interface to access IP addressing only if the access point already has an IP address that is reachable through your network.
PAGE 90
General System Configuration Configuring IP Settings • Primary and Secondary DNS Address: The IP address of Domain Name Servers on the network. A DNS maps numerical IP addresses to domain names and can be used to identify network hosts by familiar names instead of the IP addresses. To Enable the DHCP Client: 1. Select the Configuration tab. 2. Click the [IP Configuration] button. 3. Select Obtain the IP Address from the DHCP Server. 4. Click the [Apply Changes] button.
PAGE 91
General System Configuration Configuring IP Settings Figure 5-4.
PAGE 92
General System Configuration Configuring IP Settings The following example shows how to enable the DHCP client. HP420(config)#interface ethernet Enter Ethernet configuration commands, one per line. HP420(if-ethernet)#ip dhcp HP420(if-ethernet)# To set the access point’s IP parameters manually, you must first disable the DHCP client. The following example shows how to disable the DHCP client and then specify an IP address, subnet mask, default gateway, and DNS server addresses.
PAGE 93
General System Configuration Configuring SNMP Configuring SNMP You can use a network management application such as HP ProCurve Manager to manage the access point via the Simple Network Management Protocol (SNMP) from a network management station. To implement SNMP manage ment, the access point must have an IP address and subnet mask, configured either manually or dynamically. You can configure the access point to respond to SNMP requests and generate SNMP traps.
PAGE 94
General System Configuration Configuring SNMP ■ SNMPv3: Enables access for SNMPv3 clients. Access for SNMPv3 clients is enabled by default. ■ SNMPv3 Only: Allows access for SNMPv3 clients only. Access for SNMP v1 and v2c clients is disabled. ■ Location: A text string that describes the system location. (Maximum length: 255 characters) ■ Contact: A text string that describes the system contact.
PAGE 95
General System Configuration Configuring SNMP Figure 5-5.
PAGE 96
General System Configuration Configuring SNMP SNMP management on the access point is enabled by default. To disable SNMP management, type the following command: HP420(config)#no snmp-server enable server The following example shows how to enable SNMP, configure the community strings, and set the location and contact parameters.
PAGE 97
General System Configuration Configuring SNMP To display the current SNMP settings from the Exec level, use the show snmpserver command, as shown in the following example. HP420#show snmp-server SNMP Information ============================================== Service State : Enable Community (ro) : ***** Community (rw) : ***** Location : 2F-R19 Contact : Paul Version Filter : Enable SNMPv1, SNMPv2c : Disable SNMPv3 EngineId :00:00:00:0b:00:00:00:0d:9d:c6:98:7e EngineBoots:12 Trap Destinations: 1: 0.0.0.
PAGE 98
General System Configuration Configuring SNMP Web: Configuring SNMP v3 Users The SNMP window on the Configuration tab also enables the configuration of SNMP v3 users and the engine ID. An SNMP v3 engine is an independent SNMP agent that resides on the access point and is identified by an ID number. This engine protects against message replay, delay, and redirection. The engine ID is also used in combination with user passwords to generate the security keys for authenticating and encrypting SNMP v3 packets.
PAGE 99
General System Configuration Configuring SNMP Note SNMPv3 Users must be assigned to groups that have the same security levels. If a user who has “AuthPriv” security (uses authentication and encryption) is assigned to a read-only (RO) group, the user will not be able to access the database. An AuthPriv user must be assigned to the RWPriv group with the AuthPriv security level. See “snmpv3 user” on page 8-47 for more information. To Configure SNMP v3 Users: 1. Select the Configuration tab. 2.
PAGE 100
General System Configuration Configuring SNMP Figure 5-6.
PAGE 101
General System Configuration Configuring SNMP Using the CLI to Set an Engine ID. A new engine ID can be specified by entering 5 to 32 hexadecimal characters using the format xx:xx:xx:xx (for example, 1a:2b:3c:4d:00:ff). To set a new engine ID, type the following command: HP420(config)#snmp-server engine-id 1a:2b:3c:4d:5e:6f:70 Using the CLI to Configure SNMP v3 Users.
PAGE 102
General System Configuration Configuring SNMP ■ 5-28 • UDP Port – The UDP port that is used on the receiving management station for trap messages. • SNMP User – The defined SNMP v3 user that is to receive trap messages. (Note that SNMP v3 users must first be defined.) • Assigned Filter – The name of a user-defined trap filter that is applied to the target. If no filter is assigned to the target, all traps are sent. SNMP Trap Filters: Configures SNMP v3 trap filters.
PAGE 103
General System Configuration Configuring SNMP Figure 5-7. Creating SNMP v3 Trap Targets and Filters To Create SNMP Trap Targets: 1. Select the Configuration tab. 2. Click the [SNMP Trap] button. 3. Click the [New] button under under SNMP Targets. 4. In the SNMP Target Address window, type a name for the Target ID. 5. Specify the IP address of the receiving management station and the UDP port used. 6. Type the SNMP v3 user name of the trap receiver.
PAGE 104
General System Configuration Configuring SNMP 8. Click the [Apply Changes] button to return to the SNMP Trap window where the new target ID appears in the SNMP Targets list. Figure 5-8. Creating SNMP Trap Targets To Create SNMP Trap Filters: 5-30 1. Select the Configuration tab. 2. Click the [SNMP Trap] button. 3. Click on the [New] button under SNMP Trap Filters.
PAGE 105
General System Configuration Configuring SNMP Figure 5-9. Creating SNMP Trap Filters 4. In the SNMP Notification New Filter window, type a name for the filter. 5. Specify a MIB subtree OID to filter. 6. Select the filter type, either Exclude or Include. MIB objects in the filter set to Include are sent to the receiving target and objects set to Exclude are not sent. By default, all traps are sent to configured targets. 7. Click the [Apply Changes] button to return to the SNMP Trap window. 8.
PAGE 106
General System Configuration Configuring SNMP Figure 5-10.
PAGE 107
General System Configuration Configuring SNMP The following example creates a filter ID “trapfilter” that sends only dot11StationAssociation and dot11StationReAssociation traps to the assigned receiving target. By default all traps are sent, so you must first “exclude” all trap objects. You can then “include” the required trap objects to send to the target. Note that the filter entries are applied in the sequence that they are defined. HP420(config)#snmpv3 filter trapfilter exclude .
PAGE 108
General System Configuration Configuring SNMP 5-34 • sysSystemUp – The access point is up and running. (Object ID: 1.3.6.1.4.1.11.2.14.11.6.4.1.1.7.4.2.17) • sysSystemDown – The access point is about to shutdown and reboot. (Object ID: 1.3.6.1.4.1.11.2.14.11.6.4.1.1.7.4.2.18) • sysRadiusServerChanged – The access point has changed from the primary RADIUS server to the secondary, or from the secondary to the primary. (Object ID: 1.3.6.1.4.1.11.2.14.11.6.4.1.1.7.4.2.
PAGE 109
General System Configuration Configuring SNMP • localMacAddrAuthFail – A client station has failed authentication with the local MAC address database on the access point. (Object ID: 1.3.6.1.4.1.11.2.14.11.6.4.1.1.7.4.2.12) • iappStationRoamedFrom – A client station has roamed from another access point (identified by its IP address). (Object ID: 1.3.6.1.4.1.11.2.14.11.6.4.1.1.7.4.2.13) • iappStationRoamedTo – A client station has roamed to another access point (identified by its IP address).
PAGE 110
General System Configuration Configuring SNMP • vlanEnableStatusSet – VLAN support on the access point has been enabled or disabled. (Object ID: 1.3.6.1.4.1.11.2.14.11.6.4.1.1.7.4.2.30) • vlanUntaggedSet – VLAN support on the access point has been set to untagged. (Object ID: 1.3.6.1.4.1.11.2.14.11.6.4.1.1.7.4.2.31) • mgntVlanIdSet – The access point’s management VLAN ID has been changed. (Object ID: 1.3.6.1.4.1.11.2.14.11.6.4.1.1.7.4.2.
PAGE 111
General System Configuration Configuring SNMP 4. Under Trap Configuration, check or clear the required traps, or use the [Enable All Traps] or [Disable All Traps] buttons to select or unselect all supported traps. 5. Click the [Apply Changes] button. Figure 5-11.
PAGE 112
General System Configuration Configuring SNMP To send SNMP v1 and v2c traps to a management station, specify the host IP address using the snmp-server host command and enable specific traps using the snmp-server trap command. HP420(config)#snmp-server HP420(config)#snmp-server HP420(config)#snmp-server HP420(config)#snmp-server HP420# host host trap trap 1 192.168.1.10 private 2 192.168.1.
PAGE 113
General System Configuration Configuring SNMP dot1xSupplicantAuthenticated possibleRogueApDetected httpsEnableStatusSet cliTelnetPortEnableStatusSet resetButtonEnableStatusSet vlanUntaggedSet ssidPrimarySet apScanEnableStatusSet adHocDetected hpdot11BeaconTransmissionOk radiusAcctEnableStatusSet Enabled Enabled Enabled Enabled Enabled Enabled Enabled Enabled Enabled Enabled Enabled wirelessExternalAntenna httpEnableStatusSet cliSerialPortEnableStatusSet snmpVersionFilterSet vlanEnableStatusSet mgntVlanId
PAGE 114
General System Configuration Enabling System Logging Enabling System Logging The access point supports a logging process that can control error messages saved to memory or sent to a Syslog server. The logged messages serve as a valuable tool for isolating access point and network problems. The system allows you to limit the messages that are logged by specifying a minimum severity level. The following table lists the error message levels from the most severe (Emergency) to least severe (Debug).
PAGE 115
General System Configuration Enabling System Logging Web: Setting Logging Parameters The System Servers window on the Administration tab enables system logs and Syslog server details to be configured for the access point. The web interface enables you to modify these parameters: Note ■ System Log Setup: Enables the logging of error messages. ■ Server (1 to 4): Enables the sending of log messages to Syslog server hosts. Up to four Syslog servers are supported on the access point.
PAGE 116
General System Configuration Enabling System Logging Figure 5-12.
PAGE 117
General System Configuration Enabling System Logging The following example shows how to enable logging, set the minimum severity level of messages to be logged, and send messages to the console. HP420(config)#logging on HP420(config)#logging level critical HP420(config)#logging console HP420(config)# The following example shows how to configure the access point to send logging messages to a Syslog server. The CLI also provides a command to specify the facility type tag sent in Syslog messages.
PAGE 118
General System Configuration Enabling System Logging To display logging messages stored in access point memory, use the show event-log command, as shown in the following example. HP420#show event-log Mar 29 15:13:45 Notice: 802.11g:SSID 1 ::Station Authenticated: 00-09-5b-a3-c6-98 Mar 29 15:13:21 Information: 802.11g:SSID 8 ::Interface Enabled Mar 29 15:13:21 Information: 802.11g:SSID 7 ::Interface Enabled Mar 29 15:13:21 Information: 802.11g:SSID 6 ::Interface Enabled Mar 29 15:13:21 Information: 802.
PAGE 119
General System Configuration Configuring SNTP Configuring SNTP Simple Network Time Protocol (SNTP) allows the access point to set its internal clock based on periodic updates from a time server (SNTP or NTP). Maintaining an accurate time on the access point enables the system log to record meaningful dates and times for event entries. If the clock is not set, the access point will only record the time from the factory default set at the last bootup.
PAGE 120
General System Configuration Configuring SNTP ■ Enable Daylight Saving: The access point provides a way to automati cally adjust the system clock for Daylight Saving Time (DST) changes. To use this feature you define the month and date to begin and to end the change from standard time. During this period the system clock is set back by one hour. To Set SNTP Parameters: 5-46 1. Select the Administration tab. 2. Click the [System Servers] button. 3. For SNTP Server, select Enable. 4.
PAGE 121
General System Configuration Configuring SNTP Figure 5-13.
PAGE 122
General System Configuration Configuring SNTP The following example shows how to enable SNTP, configure primary and secondary time server IP addresses, set the time zone, and enable Daylight Saving. HP420(config)#sntp-server enable HP420(config)#sntp-server ip 1 10.1.0.19 HP420(config)#sntp-server ip 2 10.1.2.
PAGE 123
General System Configuration Configuring Ethernet Interface Parameters Configuring Ethernet Interface Parameters The access point’s Ethernet interface can be configured to use auto-negotiation to set the operating speed and duplex mode. When auto-negotiation is disabled, the operating speed and duplex mode must be manually set to match that of the connected device. Auto-negotiation is enabled by default. Note When using auto-negotiation, be sure that the attached device supports IEEE 802.
PAGE 124
General System Configuration Configuring Ethernet Interface Parameters Figure 5-14.
PAGE 125
General System Configuration Configuring Ethernet Interface Parameters To display the current Ethernet interface status from the Exec level, use the show interface ethernet command, as shown in the following example. HP420#show interface ethernet Ethernet Interface Information =========================================================== IP Address : 10.1.0.1 Subnet Mask : 255.255.255.0 Default Gateway : 0.0.0.0 Primary DNS : 0.0.0.0 Secondary DNS : 0.0.0.
PAGE 126
General System Configuration Configuring RADIUS Accounting Configuring RADIUS Accounting Remote Authentication Dial-in User Service (RADIUS) Accounting is an extension to the RADIUS authentication protocol that uses a central server to log user activity on the network. A RADIUS Accounting server runs software that receives user-session information from the access point.
PAGE 127
General System Configuration Configuring RADIUS Accounting RADIUS Accounting Attribute Description Acct-Terminate-Cause Specifies how the session was terminated User-Name Contains the user’s identity Class Sent by the server to the client in an Access-Accept message NAS Identifier Hard coded identifier of the RADIUS Accounting client Acct-Interim-Interval Indicates the number of seconds between each interim update in seconds for the given session Web: Setting RADIUS Accounting Server Parameters
PAGE 128
General System Configuration Configuring RADIUS Accounting ■ Secondary Server Setup: Configure a secondary RADIUS Accounting server to provide a backup in case the primary server fails. The access point uses the secondary server if the primary server fails or becomes inaccessible. Once the access point switches over to the secondary server, it periodically attempts to establish communication again with primary server.
PAGE 129
General System Configuration Configuring RADIUS Accounting Figure 5-15.
PAGE 130
General System Configuration Configuring RADIUS Accounting Command Syntax CLI Reference Page radius-accounting-server [secondary] retransmit page 8-69 radius-accounting-server [secondary] timeout page 8-70 radius-accounting-server [secondary] timeout-interim page 8-71 show radius page 8-65 The following example shows how to configure the primary RADIUS Account ing server parameters, including the IP address, UDP port number, secret key,
PAGE 131
General System Configuration Configuring RADIUS Accounting To display the current RADIUS server settings from the Exec level, use the show radius command, as shown in the following example. HP420#show radius 11g Radius Authentication Server Information ============================================================================ ssid IP Port Retransmit Timeout Mac-format Vlan-format ============================================================================ 1 (P)0.0.0.0 1812 3 5 NO_DELIMITER HEX 1 (S)0.0.
PAGE 132
General System Configuration Setting up Filter Control Setting up Filter Control The access point can employ network traffic frame filtering to control access to network resources and increase security. You can prevent communications between wireless clients associated to the access point, only allowing traffic between clients and the wired network.
PAGE 133
General System Configuration Setting up Filter Control • Enable: Access point filters Ethernet protocol types based on the configuration of protocol types in the filter table. If a protocol has its status set to “ON,” the protocol is not forwarded by the access point. To Set Local and Management Filters: 1. Select the Configuration tab. 2. Click the [Filter Control] button. 3. To enable IAPP support, set IAPP to enable. 4.
PAGE 134
General System Configuration Setting up Filter Control Figure 5-16.
PAGE 135
General System Configuration Setting up Filter Control The following example shows how to enable IAPP support on the access point. HP420(config)#iapp HP420(config)# The following example shows how to enable filtering for management access and wireless-to-wireless communications. HP420(config)#filter local-bridge HP420(config)#filter ap-manage HP420(config)# The following example shows how to enable protocol filtering, preventing the access point from forwarding Novell IPX frames.
PAGE 136
General System Configuration Configuring VLAN Support Configuring VLAN Support A VLAN is a group of network nodes that can be located anywhere in the network, but communicate as though they belong to the same physical segment. In large networks, VLANs are used to organize network nodes to reflect departmental (such as Marketing or R&D) or usage groups (such as guests). The VLANs are defined by software in switches and other devices across the enterprise network.
PAGE 137
General System Configuration Configuring VLAN Support which can be the management VLAN or the default VLAN of any configured SSID interface. Traffic passed to the wired network from the untagged VLAN does not include a VLAN tag. Similarly, traffic received from the wired network must be tagged with a known VLAN ID, either an assigned client VLAN ID, a default VLAN ID, or the management VLAN ID.
PAGE 138
General System Configuration Configuring VLAN Support ■ Management VLAN Tagging: Specifies if the management VLAN is a tagged or untagged VLAN. • Tagged: Management traffic is sent tagged with the VLAN ID. Received management traffic must be tagged with the VLAN ID. • Untagged: Management traffic is sent untagged. Received manage ment traffic that is untagged is accepted for access point manage ment.
PAGE 139
General System Configuration Configuring VLAN Support CLI: Enabling VLAN Support CLI Commands Used in This Section Command Syntax CLI Reference Page [no] vlan enable page 8-130 management-vlanid page 8-132 show system page 8-25 The following example shows how to set the management VLAN ID and enable VLAN support. Note that to enable or disable VLAN support, you must reboot the access point.
PAGE 140
General System Configuration Configuring VLAN Support The following example shows how to display the current VLAN status for the access point. HP420#show system System Information =========================================================== Serial Number : TW347QB099 System Up time : 0 days, 6 hours, 10 minutes, 25 seconds System Name : Enterprise AP System Location : System Contact : Contact System Country Code : NA - North America MAC Address : 00-0D-9D-C6-98-7E IP Address : 192.168.1.1 Subnet Mask : 255.
PAGE 141
6 Wireless Interface Configuration Contents Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-2 Setting the Country Code . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-3 CLI: Setting the Country Code . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-3 Setting the Radio Working Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 142
Wireless Interface Configuration Overview Overview The Access Point 420 supports up to eight Service Set IDentifier (SSID) interfaces per physical radio interface. Most radio parameters apply globally to all configured SSID interfaces. For each SSID interface, different security settings, VLAN assignments, and other parameters can be applied.
PAGE 143
Wireless Interface Configuration Setting the Country Code Setting the Country Code The correct country code must be set for the country in which you operate the access point so that it uses the correct authorized radio channels for wireless network devices. The country code can only be set using the CLI. The Country Code must be set before configuring other radio settings. This setting affects the radio channels that are available.
PAGE 144
Wireless Interface Configuration Setting the Country Code HP420#country ? WORD Country code: AL-ALBANIA, DZ-ALGERIA, AR-ARGENTINA, AM-ARMENIA, AU-AUSTRALIA, AT-AUSTRIA, AZ-AZERBAIJAN, BH-BAHRAIN, BY-BELARUS, BE-BELGIUM, BZ-BELIZE, BO-BOLVIA, BR-BRAZIL, BN-BRUNEI_DARUSSALAM, BG-BULGARIA, CA-CANADA, CL-CHILE, CN-CHINA, CO-COLOMBIA, CR-COSTA_RICA, HR-CROATIA, CY-CYPRUS, CZ-CZECH_REPUBLIC, DK-DENMARK, DO-DOMINICAN_REPUBLIC, EC-ECUADOR, EG-EGYPT, EE-ESTONIA, FI-FINLAND, FR-FRANCE, GE-GEORGIA, DE-GERMANY, GR-GRE
PAGE 145
Wireless Interface Configuration Setting the Country Code To display the access point’s current country code setting, use the show system command from the Exec level. HP420#show system System Information =========================================================== Serial Number : TW347QB099 System Up time : 0 days, 6 hours, 10 minutes, 25 seconds System Name : Enterprise AP System Location : System Contact : Contact System Country Code : GB - UNITED KINGDOM MAC Address : 00-0D-9D-C6-98-7E IP Address : 192.
PAGE 146
Wireless Interface Configuration Setting the Radio Working Mode Setting the Radio Working Mode The access point can operate in three standard modes, IEEE 802.11b only, 802.11g only, or a mixed 802.11b/802.11g mode. Note Both the IEEE 802.11g and 802.11b standards operate within the 2.4 GHz band. In a wireless LAN environment there can often be interference from other 2.4 GHz devices, such as cordless phones.
PAGE 147
Wireless Interface Configuration Setting the Radio Working Mode Web: Setting the Radio Working Mode The Port/Radio Settings window on the Configuration tab provides the setting for the access point’s radio working mode. Note If you are using the worldwide product, J8131A, before you can configure the radio settings the Country Setting must be set using the CLI. See “Setting the Country Code” on page 6-3.
PAGE 148
Wireless Interface Configuration Setting the Radio Working Mode Figure 6-1. Setting the Radio Working Mode CLI: Setting the Radio Working Mode CLI Commands Used in This Section Command Syntax CLI Reference Page interface wireless g page 8-94 radio-mode page 8-99 show interface wireless g page 8-111 The following example shows how to set the working mode for the access point to 802.11g-only mode. HP420(config)#interface wireless g Enter Wireless configuration commands, one per line.
PAGE 149
Wireless Interface Configuration Setting the Radio Working Mode To display the current radio mode setting from the Exec level, use the show interface wireless g command, as shown in the following example. HP420#show interface wireless g Wireless Interface Common Information ============================================================ ----------------Identification-----------------------------Description : Guest Access Radio mode : 802.
PAGE 150
Wireless Interface Configuration Configuring Radio Settings Configuring Radio Settings The access point’s radio channel settings are limited by local regulations, which determine the number of channels that are available. You can manually set the access point’s radio channel or allow it to automatically select an unoccupied channel. The access point uses the configured radio channel to communicate with wireless clients.
PAGE 151
Wireless Interface Configuration Configuring Radio Settings ■ Multicast Data Rate: The maximum data rate at which the access point transmits multicast and broadcast traffic. ■ Beacon Interval: The rate at which beacon frames are transmitted from the access point. The beacon frames allow wireless clients to maintain contact with the access point. They may also carry power-management information.
PAGE 152
Wireless Interface Configuration Configuring Radio Settings access point. Individual SSID interfaces do not have a limit. Therefore, if one interface has the maximum number of clients associated, other SSID interfaces will not be able to associate any clients. ■ ■ Slot Time: Sets the basic unit of time the access point uses for calculating waiting times before data is transmitted. • Short: Sets the slot time to short (9 microseconds).
PAGE 153
Wireless Interface Configuration Configuring Radio Settings Figure 6-2.
PAGE 154
Wireless Interface Configuration Configuring Radio Settings Note Command Syntax CLI Reference Page rts-threshold page 8-105 slot-time [short | long | auto] page 8-106 preamble [long | shortorlong] page 8-107 transmit-power page 8-108 max-association page 8-109 [no] shutdown page 8-110 show interface wireless g page 8-111 You must set the Country Code and radio mode before configuring other radio settings.
PAGE 155
Wireless Interface Configuration Configuring Radio Settings To display the current radio settings from the Exec level, use the show interface wireless g command, as shown in the following example. HP420#show interface wireless g Wireless Interface Common Information ============================================================ ----------------Identification-----------------------------Description : RD-AP#3 Radio mode : 802.
PAGE 156
Wireless Interface Configuration Modifying Antenna Settings Modifying Antenna Settings When using an external antenna with the access point, you must configure the radio for the type of external antenna that is attached; either diversity or single. Also, the access point’s transmit power must be limited to conform to local regulations. Use the regional settings for each optional antenna and radio mode as provided in the Transmit Power Control tables below.
PAGE 157
Wireless Interface Configuration Modifying Antenna Settings 802.11g Transmit Power Control (TPC) Settings (%) External Antenna FCC/IC EU/ETSI Japan Taiwan L M H L M H L M H L M H 2 dBi Indoor Diversity, J8442A 100 100 100 100 100 100 100 100 100 100 100 100 5 dBi Indoor/Outdoor Omni, J8441A 71 100 71 79 79 79 100 100 100 71 100 71 6.
PAGE 158
Wireless Interface Configuration Modifying Antenna Settings Web: Setting the Antenna Mode and Transmit Power Control Limits The Port/Radio Settings window on the Configuration tab provides access to the configuration settings for external antennas. The web interface enables you to modify these parameters: ■ ■ Transmit Limits: Sets the reduction in transmit power required for the external antenna to conform with local regulations.
PAGE 159
Wireless Interface Configuration Modifying Antenna Settings Figure 6-3. Antenna Mode and Port/Radio Settings Window CLI: Setting the Antenna Mode and Transmit Power Control Limits CLI Commands Used in This Section Command Syntax CLI Reference Page interface wireless g page 8-94 antenna-mode page 8-99 transmit-limits page 8-107 show interface wireless g page 8-111 Using the CLI to Set the Antenna Mode.
PAGE 160
Wireless Interface Configuration Modifying Antenna Settings Using the CLI to Set the Transmit Power Control Limits. The follow ing example shows how to set the transmit power control limits when using an external antenna with the access point. If using the 6.
PAGE 161
Wireless Interface Configuration Modifying Antenna Settings You can use the show command to display the current radio settings from the wireless interface configuration level. HP420(if-wireless-g)#show Wireless Interface Common Information ============================================================ ----------------Identification-----------------------------Description : RD-AP#3 Radio mode : 802.
PAGE 162
Wireless Interface Configuration Managing Multiple SSID Interfaces Managing Multiple SSID Interfaces A Service Set IDentifier (SSID) is a recognizable text string that identifies a wireless network. Wireless clients that want to connect to a network through an access point must set their SSIDs to match that of the access point. Multiple SSID interfaces enable wireless traffic to be separated for different user groups using a single access point that services one area.
PAGE 163
Wireless Interface Configuration Managing Multiple SSID Interfaces ■ ■ Add: Creates a new SSID interface and sets these parameters: • Index: Specifies the index number of the SSID interface. (Range: 1-8) • SSID Name: Sets the SSID name for the interface. • SSID Description: Adds a description to the SSID interface. • VLAN ID: Sets the default VLAN ID for the SSID interface. The default VLAN ID must be unique for each interface. • VLAN Tagging: Sets the default VLAN as tagged.
PAGE 164
Wireless Interface Configuration Managing Multiple SSID Interfaces 4. Enter a unique name for the SSID interface. 5. Add a description for the SSID interface. 6. Assign a default VLAN ID and indicate if is a tagged or untagged VLAN. 7. Click the [Apply Changes] button. Figure 6-5.
PAGE 165
Wireless Interface Configuration Managing Multiple SSID Interfaces The following example shows how to create an SSID interface, add a descrip tion, and set it as the primary interface. HP420(config)#interface wireless g Enter Wireless configuration commands, one per line.
PAGE 166
Wireless Interface Configuration Managing Multiple SSID Interfaces ■ Closed System: Prevents the access point does from including the primary interface SSID in beacon frames. Clients with a configured SSID of "any" are not able to associate with the access point. Closed system only applies to the primary SSID interface. Secondary SSID interfaces are always closed, since they are never advertised in beacon frames. To Modify SSID Interface Settings: 1. Select the Wireless Interfaces tab. 2.
PAGE 167
Wireless Interface Configuration Managing Multiple SSID Interfaces CLI: Modifying SSID Interface Settings CLI Commands Used in This Section Command Syntax CLI Reference Page interface wireless g page 8-94 [no] ssid page 8-96 ssid-name page 8-96 [no] description page 8-97 [no] enable page 8-110 vlan-id page 8-132 [no] closed-system page 8-98 show ssid page 8-112 The following example shows h
PAGE 168
Wireless Interface Configuration Managing Multiple SSID Interfaces ----------------Security------------------------------------------------Closed System : ENABLED 802.11 Authentication : OPEN WPA clients : DISABLED 802.1x : DISABLED PMKSA Lifetime : 720 min Encryption : DISABLED Pre-Authentication : Disabled Authentication Type : OPEN ----------------Radius Authentication Server----------------------------Radius Primary Server Information IP : 0.0.0.
PAGE 169
7 Wireless Security Configuration Contents Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-2 Wireless Security Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-3 Using the Security Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-11 Web: Setting Security Wizard Options . . . . . . . . . . . . . . . . . . . . . . . . . 7-11 CLI: Configuring Security Settings . . .
PAGE 170
Wireless Security Configuration Overview Overview This Chapter describes how to: 7-2 ■ Configure wireless security using the Security Wizard ■ Configure RADIUS client authentication ■ Configure MAC address authentication
PAGE 171
Wireless Security Configuration Wireless Security Overview Wireless Security Overview The access point is configured by default as an “open system,” which broad casts a beacon frame including the configured primary SSID. If a wireless client has a configured SSID of “any,” it can read the SSID from the beacon and use it to allow immediate connection to the access point.
PAGE 172
Wireless Security Configuration Wireless Security Overview network by requiring an 802.1X client application to submit user credentials for authentication. The 802.1X standard uses the Extensible Authentication Protocol (EAP) to pass user credentials (either digital certificates, usernames and passwords, or other) from the client to the RADIUS server. Client authen tication is then verified on the RADIUS server before the access point grants client access to the network. The 802.
PAGE 173
Wireless Security Configuration Wireless Security Overview starts with a master (temporal) key for each user session and then mathematically generates other keys to encrypt each data packet. TKIP provides further data encryption enhancements by including a message integrity check for each packet and a re-keying mechanism, which peri odically changes the master key.
PAGE 174
Wireless Security Configuration Wireless Security Overview Table 7-1. ■ WPA2 Mixed-Mode: WPA2 defines a transitional mode of operation for networks moving from WPA security to WPA2. WPA2 Mixed Mode allows both WPA and WPA2 clients to associate to a common SSID interface. In mixed mode, the unicast encryption cipher (TKIP or AES-CCMP) is negotiated for each client. The access point advertises it’s supported encryption ciphers in beacon frames and probe responses.
PAGE 175
Wireless Security Configuration Wireless Security Overview Security Mechanism Client Support Implementation Considerations MAC Address Filtering Uses the MAC address of client network card • Provides only weak user authentication • Management of authorized MAC addresses • Can be combined with other methods for improved security • Optional configured RADIUS server WPA with 802.
PAGE 176
Wireless Security Configuration Wireless Security Overview Table 7-1. Summary of Wireless Security Configuration Configuring Encryption in the HP ProCurve Wireless Access Point 420 Encryption Methods and Process SSID Interface Level Commands*** Additional Requirements Notes No Security security-suite 1 1. Configure Security Suite wizard option 1 WPA with 802.1X ONLY 1. Define MAC authentication method 2. Configure RADIUS server* 3.
PAGE 177
Wireless Security Configuration Wireless Security Overview Configuring Encryption in the HP ProCurve Wireless Access Point 420 Encryption Methods and Process SSID Interface Level Commands*** Additional Requirements Notes WEP Static ONLY 1. Define MAC authentication method 2. Configure Security Suite wizard option 2 (encryption only) or as shared-key (includes authentication) 3.
PAGE 178
Wireless Security Configuration Wireless Security Overview Table 7-2.
PAGE 179
Wireless Security Configuration Using the Security Wizard Using the Security Wizard The Security Suite window is available from the Wireless Interfaces SSID Configuration window and provides wireless security configuration for the SSID interface using a “wizard.” The security wizard offers a choice of ten options.
PAGE 180
Wireless Security Configuration Using the Security Wizard Note WEP has been found to be seriously flawed and cannot be recommended for a high level of network security. For more robust wireless security, the access point provides Wi-Fi Protected Access (WPA) for improved data encryption and user authentication. Caution When one SSID interface is configured to use TKIP encryption and another SSID interface is configured for static WEP encryption using Key index 1, MIC failure may occur. ■ ■ ■ 7-12 3.
PAGE 181
Wireless Security Configuration Using the Security Wizard ■ 6. WPA (AES-802.1x): Use WPA with 802.1X for user authentication and to dynamically distribute encryption keys to clients. Sets the multicast encryption cipher as AES, which must be supported on all wireless clients. Requires a RADIUS server to be configured and available in the wired network. The 802.1X parameters for reauthentication and key refresh can also be configured. • ■ 7. WPA (TKIP-802.1x): Use WPA with 802.
PAGE 182
Wireless Security Configuration Using the Security Wizard – – ■ 7-14 WPA2: Clients using WPA2 only are supported. WPA-WPA2: Clients using WPA or WPA2 are supported. Manual Configuration (CLI): Use the CLI to manually configure a specific security setting other than those provided by the wizard. The current configuration of security parameters is displayed in the Web interface window. • Authentication: Indicates the basic 802.
PAGE 183
Wireless Security Configuration Using the Security Wizard • Cipher: Indicates the encryption method used for multicast (and broadcast) and unicast traffic. – tkip-tkip: Using TKIP keys for both multicast and unicast encryption. – aes-aes: Using AES keys for both multicast and unicast encryp tion. – tkip-aes: WPA and WPA2 clients negotiate the use of either TKIP or AES keys for unicast encryption. TKIP keys are used for multicast encryption.
PAGE 184
Wireless Security Configuration Using the Security Wizard To Configure Static WEP Shared Keys: Note The four WEP keys are common to all SSID interfaces. Only one key index can be assigned to an SSID interface, so there can be a maximum of only four SSID interfaces using static WEP shared keys. 1. From the Wireless Interfaces SSID Configuration window, click the [Security Suite] button. 2. Select wizard option 2. Static WEP. 3. Select the key length to be used by all clients, 64, 128, or 152 bit. 4.
PAGE 185
Wireless Security Configuration Using the Security Wizard 1. From the Wireless Interfaces SSID Configuration window, click the [Security Suite] button. 2. Select wizard option 6. WPA (AES-802.1x), 7. WPA (TKIP-802.1x), or 9. WPA (TKIP-AES-802.1x), as required. 3. Select WPA, WPA2, or WPA-WPA2 support, as required. 4. Click the [Apply Changes] button. 5. Click the Radius Server link. 6. Configure parameters for the primary RADIUS server and, optionally, a secondary RADIUS server.
PAGE 186
Wireless Security Configuration Using the Security Wizard Figure 7-1.
PAGE 187
Wireless Security Configuration Using the Security Wizard Figure 7-2. The Advanced Settings Window CLI: Configuring Security Settings CLI Commands Used in This Section Command Syntax CLI Reference Page interface wireless g page 8-94 [no] ssid page 8-96 transmit-key-wep page 8-115 security-suite page 8-117 <802.1x-disabled | 802.1x-required | 802.
PAGE 188
Wireless Security Configuration Using the Security Wizard Command Syntax CLI Reference Page 802.1x session-key-refresh-rate page 8-73 802.
PAGE 189
Wireless Security Configuration Using the Security Wizard Using the CLI to Configure Static WEP Shared Keys. The following example shows how to configure an SSID interface to use static WEP keys for authentication and encryption. The security-suite shared-key command must be used first to enable 802.11 shared-key authentication and enable encryp tion. Other WEP key parameters can then be configured. HP420(config)#interface wireless g Enter Wireless configuration commands, one per line.
PAGE 190
Wireless Security Configuration Using the Security Wizard The following example shows how to configure access point security for WPA PSK mode. Supported clients must be WPA-enabled and configured with the same pre-shared key.
PAGE 191
Wireless Security Configuration Using the Security Wizard Using the CLI to Configure WPA with 802.1X. To configure the access point to support only WPA-enabled clients, use the security-suite command wizard option 6 for AES encryption, option 7 for TKIP encryption, or option 9 for WPA2 auto-negotiation. (Also requires RADIUS server configuration.) HP420(if-wireless-g-ssid-1)#security-suite 6 wpa HP420(if-wireless-g-ssid-1)#802.1x broadcast-key-refreshrate 5 HP420(if-wireless-g-ssid-1)#802.
PAGE 192
Wireless Security Configuration Using the Security Wizard Using the CLI to Configure Mixed Mode Static WEP Keys and WPAPSK. The following example shows how to manually configure access point security to support static WEP users as well as WPA-PSK clients. HP420(if-wireless-g-ssid-1)#security-suite open-system wpasupported 802.
PAGE 193
Wireless Security Configuration Configuring RADIUS Client Authentication Configuring RADIUS Client Authentication Remote Authentication Dial-in User Service (RADIUS) is an authentication protocol that uses software running on a central server to control access to RADIUS-aware devices on the network. An authentication server contains a database of user credentials for each user that requires access to the network. A primary RADIUS server must be specified for the access point to implement IEEE 802.1X (802.
PAGE 194
Wireless Security Configuration Configuring RADIUS Client Authentication When setting up VLAN IDs for each user on the RADIUS server, be sure to use the RADIUS attributes and values as indicated in the following table.
PAGE 195
Wireless Security Configuration Configuring RADIUS Client Authentication • Retransmit Attempts: The number of times the access point tries to resend a request to the RADIUS server before authentication fails. (Range: 1 - 30) ■ Secondary Radius Server Setup: Configure a secondary RADIUS server to provide a backup in case the primary server fails. The access point uses the secondary server if the primary server fails or becomes inaccessible.
PAGE 196
Wireless Security Configuration Configuring RADIUS Client Authentication Figure 7-3.
PAGE 197
Wireless Security Configuration Configuring RADIUS Client Authentication Command Syntax CLI Reference Page radius-authentication-server mac-format radius-authentication-server vlan-format page 8-65 show radius page 8-65 The following example shows how to configure the primary RADIUS server parameters, including the IP address, UDP port number, secret key, timeout, retransmit attempts, and the MAC address and VLAN ID forma
PAGE 198
Wireless Security Configuration Configuring RADIUS Client Authentication To display the current RADIUS server settings from the Exec level, use the show radius command, as shown in the following example. HP420#show radius 11g Radius Authentication Server Information ============================================================================ ssid IP Port Retransmit Timeout Mac-format Vlan-format ============================================================================ 1 (P)10.1.2.
PAGE 199
Wireless Security Configuration Configuring MAC Address Authentication Configuring MAC Address Authentication The access point can be configured to authenticate client MAC addresses against a database stored locally on the access point or remotely on a RADIUS server. Client MAC addresses in the local database can be specified as allowed or denied access to the network. This enables the access point to control which devices can associate with the access point.
PAGE 200
Wireless Security Configuration Configuring MAC Address Authentication If you choose to configure RADIUS MAC authentication and 802.1X together, the RADIUS MAC address authentication occurs before 802.1X authentica tion. If the RADIUS MAC authentication is successful, 802.1X authentication is performed. When RADIUS MAC authentication fails, 802.1X authentication is not performed. Note The access point does not support a security combination of RADIUS MAC authentication and WPA with 802.
PAGE 201
Wireless Security Configuration Configuring MAC Address Authentication • ■ MAC Address: Adds the specified MAC addresses into the local MAC database. Enter six pairs of hexadecimal digits separated by hyphens, for example, 00-90-D1-12-AB-89. MAC Authentication Table: Displays current entries in the local MAC database. • Index: The number of the entry in the database table. • MAC Address: Physical address of a client.
PAGE 202
Wireless Security Configuration Configuring MAC Address Authentication Figure 7-4.
PAGE 203
Wireless Security Configuration Configuring MAC Address Authentication Configuring Local MAC Authentication. The following example shows how to configure MAC address authentication using the access point’s local database. The example shows three client MAC addresses that are permitted to access the network. All other MAC addresses are denied access.
PAGE 204
Wireless Security Configuration Configuring MAC Address Authentication Displaying MAC Authentication Settings. The following example shows how to display the current authentication configuration on the access point from the Exec level. HP420#show authentication 11g 802.1x Authentication Information ============================================================================ ssid 802.
PAGE 205
Wireless Security Configuration Configuring MAC Address Authentication Active MAC Address Filter List in each SSID Index MAC Address 12345678 ===== ================= ======== 1 00-08-3a-15-6c-32 A 2 00-12-34-56-78-9a A HP420# 7-37
PAGE 206
Wireless Security Configuration Configuring MAC Address Authentication — This page is intentionally unused.
PAGE 207
8 Command Line Reference Contents Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-2 General Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-4 System Management Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-9 System Logging Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-28 System Clock Commands . . . . . . . . . . .
PAGE 208
Command Line Reference Overview Overview This chapter describes the commands provided by the CLI. The CLI commands can be broken down into the functional groups shown below.
PAGE 209
Command Line Reference Overview The access mode shown in the following tables is indicated by these abbrevi ations: GC (Global Configuration), IC-E (Ethernet Interface Configuration), IC-W (Wireless Interface Configuration), and IC-W-S (SSID Wireless Inter face Configuration).
PAGE 210
Command Line Reference General Commands General Commands Command Function Mode Page configure Activates global configuration mode Exec 8-4 end Returns to the previous configuration mode GC, IC 8-5 exit Returns to the Exec mode, or exits the CLI any 8-5 ping Sends ICMP echo request packets to another node Exec on the network 8-6 reset Restarts the system Exec 8-7 show history Shows the command history buffer Exec 8-7 show line Shows the configuration settings for the console port
PAGE 211
Command Line Reference General Commands end This command returns to the previous configuration mode. Default Setting None Command Mode Global Configuration, Interface Configuration Example This example shows how to return to the Configuration mode from the Ethernet Interface Configuration mode: HP420(if-ethernet)#end HP420(config)# exit This command returns to the Exec mode or exits the configuration program.
PAGE 212
Command Line Reference General Commands ping This command sends ICMP echo request packets to another node on the network. Syntax ping • host_name - Alias of the host. • ip_address - IP address of the host. Default Setting None Command Mode Exec Command Usage • Use the ping command to see if another site on the network can be reached.
PAGE 213
Command Line Reference General Commands reset This command restarts the system or restores the factory default settings. Syntax reset • board - Reboots the system. • configuration - Resets the configuration settings to the factory defaults, and then reboots the system. Default Setting None Command Mode Exec Command Usage When the system is restarted, it will always run the Power-On Self-Test.
PAGE 214
Command Line Reference General Commands Example In this example, the show history command lists the contents of the command history buffer: HP420#show history config exit show history HP420# show line This command displays the console port’s configuration settings. Command Mode Exec Example The console port settings are fixed at the values shown below.
PAGE 215
Command Line Reference System Management Commands System Management Commands These commands are used to configure the user name, password, system logs, browser management options, clock settings, and a variety of other system information.
PAGE 216
Command Line Reference System Management Commands Command Function Mode Page http port Specifies the port to be used by the Web browser interface MC 8-21 http server Allows the access point to be monitored or configured from a browser MC 8-22 https port Specifies the port number used for a secure HTTP connection to the access point’s Web interface MC 8-23 https server Enables the secure HTTP server on the access point MC 8-23 svp Enables Spectralink Voice Priority (SVP) support MC 8-2
PAGE 217
Command Line Reference System Management Commands Table 8-1.
PAGE 218
Command Line Reference System Management Commands Command Mode Exec Command Usage • The access point’s Country Code must be set before the radio can be enabled. • The available Country Code settings can be displayed by using the country ? command. • The Country Codes US (United States) and CA (Canada) are effec tively the same setting and are both implemented as NA (North America). • Setting the Country Code requires a system reboot.
PAGE 219
Command Line Reference System Management Commands Command Mode Global Configuration Example HP420(config)#prompt RD2 RD2(config)# system name This command specifies or modifies the system name for this device. Syntax system name name - The name of this host. (Maximum length: 32 characters) Default Setting Enterprise AP Command Mode Global Configuration Example HP420(config)#system name HP420 Access Point HP420(config)# management This command enters Management Configuration mode.
PAGE 220
Command Line Reference System Management Commands Example HP420#configure HP420(config)#management HP420(config-mgmt)# username-admin This command configures the Manager (administrator) user name for manage ment access. Syntax username-admin name - The name of the administrator. (Length: 3-16 characters, case sensitive.
PAGE 221
Command Line Reference System Management Commands Command Mode Management Configuration Example HP420(config-mgmt)#password-admin hp420ap HP420(config-mgmt)# user add This command configures a user name account for management access. Syntax user add • cli - Allows the user CLI access only. • web - Allows the user Web access only. • cli+web - Allows the user CLI and Web access. • privilege - The privilege level of the user.
PAGE 222
Command Line Reference System Management Commands Example HP420(config-mgmt)#user add web operator david davepass HP420(config-mgmt)# user del This command removes a user account from the access point. Syntax user del name - The name of the user to remove. (Length: 3-16 characters, case sensitive.) Default Setting none Command Mode Management Configuration Example HP420(config-mgmt)#user del david HP420(config-mgmt)# user pwd This command changes the password for an existing user.
PAGE 223
Command Line Reference System Management Commands Example HP420(config-mgmt)#user pwd david davenewpwd HP420(config-mgmt)# cli serial This command configures management access through the serial console port. Use the no form to disable management access through the console port. Syntax cli serial enable no cli serial Default Setting Enabled Command Mode Management Configuration Command Usage The access point’s serial port and reset button cannot be disabled at the same time.
PAGE 224
Command Line Reference System Management Commands Default Setting Status: Enabled Maximum Sessions: 4 Command Mode Management Configuration Example HP420(config-mgmt)#cli telnet session 2 HP420(config-mgmt)#cli telnet enable HP420(config-mgmt)# ssh enable This command enables the Secure Shell server. Use the no form to disable the server. Syntax ssh enable no ssh Default Setting Enabled Command Mode Management Configuration Command Usage 8-18 • The access point supports Secure Shell version 2.0 only.
PAGE 225
Command Line Reference System Management Commands Example HP420(config-mgmt)#ssh enable HP420(config-mgmt)# ssh port This command sets the Secure Shell server port. Syntax ssh port port-number - The TCP port used by the SSH server. (Range: 1-65535) Default Setting 22 Command Mode Management Configuration Example HP420(config-mgmt)#ssh port 1124 HP420(config-mgmt)# snmpv3 This command enables management access for SNMPv3 and SNMP v1/v2 clients.
PAGE 226
Command Line Reference System Management Commands Command Mode Management Configuration Command Usage • Use the snmpv3 only command to disable access for SNMP v1 and v2c clients. • Use the no snmpv3 only command to enable access for SNMP v1 and v2c clients. • Use the snmpv3 enable command to enable access for SNMP v3 clients. • Use the no snmpv3 enable command to disable access for SNMP v3 clients.
PAGE 227
Command Line Reference System Management Commands Example HP420(config-mgmt)#reset-button enable HP420(config-mgmt)# show users This command displays the current configured users for the system.
PAGE 228
Command Line Reference System Management Commands Command Usage To avoid using common reserved TCP port numbers below 1024, the configurable range is restricted to between 1024 and 65535. However, the default port number is 80. To reset the default port number, use the no ip http port command. Example HP420(config-mgmt)#http port 49153 HP420(config-mgmt)# Related Commands http server (page 8-22) http server This command allows this device to be monitored or configured from a browser.
PAGE 229
Command Line Reference System Management Commands https port Use this command to specify the TCP port number used for HTTPS/SSL connection to the access point’s Web interface. Use the no form to restore the default port. Syntax ip https port no ip https port port_number – The TCP port used for HTTPS/SSL. (Range: 443, 1024-65535) Default Setting 443 Command Mode Management Configuration Command Usage • You cannot configure the HTTP and HTTPS servers to use the same port.
PAGE 230
Command Line Reference System Management Commands Default Setting Enabled Command Mode Management Configuration Command Usage • Both the HTTP and HTTPS service can be enabled independently.
PAGE 231
Command Line Reference System Management Commands Command Usage • When enabled, the access point identifies voice traffic by the Spec traLink Radio Protocol identifier in the IP header of the frame. The system requires support of SVP-enabled VoIP wireless phones and a SpectraLink NetLink SVP Server on the wired network. • The number of SVP-enabled wireless phones that can be supported simultaneously by a single access point has a theoretical limit of seven.
PAGE 232
Command Line Reference System Management Commands Example HP420#show system System Information =========================================================== Serial Number : TW347QB099 System Up time : 0 days, 6 hours, 10 minutes, 25 seconds System Name : Enterprise AP System Location : System Contact : Contact System Country Code : NA - North America MAC Address : 00-0D-9D-C6-98-7E IP Address : 192.168.1.1 Subnet Mask : 255.255.255.0 Default Gateway : 192.168.1.
PAGE 233
Command Line Reference System Management Commands Example HP420#show version Software Version Boot Rom Version Hardware version HP420# : v2.1.0.0B12 : v3.0.6 : R02 show hardware This command displays the hardware version for the system.
PAGE 234
Command Line Reference System Logging Commands System Logging Commands These commands are used to configure system logging on the access point.
PAGE 235
Command Line Reference System Logging Commands Example HP420(config)#logging on HP420(config)# logging host This command specifies Syslog server hosts that will receive logging messages. Use the no form to remove a Syslog server host. Syntax logging host <1 | 2 | 3 | 4> [udp_port] no logging host <1 | 2 | 3 | 4> • 1 - First syslog server. • 2 - Second syslog server. • 3 - Third syslog server. • 4 - Fourth syslog server. • host_name - The name of a syslog server.
PAGE 236
Command Line Reference System Logging Commands Default Setting Disabled Command Mode Global Configuration Example HP420(config)#logging console HP420(config)# logging level This command sets the minimum severity level for event logging. Syntax logging level Default Setting Informational Command Mode Global Configuration Command Usage Messages sent include the selected level down to the Emergency level.
PAGE 237
Command Line Reference System Logging Commands Example HP420(config)#logging level alert HP420(config)# logging facility-type This command sets the facility type for remote logging of Syslog messages. Syntax logging facility-type type - A number that indicates the facility used by the Syslog server to dispatch log messages to an appropriate service. (Range: 16-23) Default Setting 16 Command Mode Global Configuration Command Usage The command specifies the facility type tag sent in Syslog messages.
PAGE 238
Command Line Reference System Logging Commands Example HP420(config)#logging clear HP420(config)# show event-log This command displays log messages stored in the access point’s memory.
PAGE 239
Command Line Reference System Logging Commands Example HP420#show logging Logging Information ============================================ Syslog State : Disabled Logging Console State : Disabled Logging Level : Informational Logging Facility Type : 16 Servers 1: 0.0.0.0, UDP Port: 514, State: Disabled 2: 0.0.0.0, UDP Port: 514, State: Disabled 3: 0.0.0.0, UDP Port: 514, State: Disabled 4: 0.0.0.
PAGE 240
Command Line Reference System Clock Commands System Clock Commands These commands are used to configure SNTP and system clock settings on the access point.
PAGE 241
Command Line Reference System Clock Commands Command Usage When SNTP client mode is enabled using the sntp-server enable command, the sntp-server ip command specifies the time servers from which the access point polls for time updates. The access point will poll the time servers in the order specified until a response is received. Example HP420(config)#sntp-server ip 1 10.1.0.
PAGE 242
Command Line Reference System Clock Commands Related Commands sntp-server ip (page 8-34) show sntp (page 8-38) sntp-server date-time This command sets the system clock. Default Setting 00:14:00, January 1, 1970 Command Mode Global Configuration Example This example sets the system clock to 17:37 June 19, 2003.
PAGE 243
Command Line Reference System Clock Commands Command Mode Global Configuration Command Usage The command sets the system clock back one hour during the specifiedperiod. Example This sets daylight savings time to be used from March 31st to October 31st.
PAGE 244
Command Line Reference System Clock Commands Example HP420(config)#sntp-server timezone +8 HP420(config)# show sntp This command displays the current time and configuration settings for the SNTP client. Command Mode Exec Example HP420#show sntp SNTP Information ========================================================= Service State : Enabled SNTP (server 1) IP : 137.92.140.80 SNTP (server 2) IP : 192.43.244.
PAGE 245
Command Line Reference SNMP Commands SNMP Commands The access point includes an agent that supports Simple Network Manage ment Protocol (SNMP) versions 1, 2c, and 3. Access to the agent using SNMP v1 and v2c is controlled by community strings. To communicate with the access point, a management station must first submit a valid community string for authentication.
PAGE 246
Command Line Reference SNMP Commands snmp-server community This command defines the community access string for the Simple Network Management Protocol. Use the no form to remove the specified community string. Syntax snmp-server community [ro | rw] no snmp-server community • string - Community string that acts like a password and permits access to the SNMP protocol. (Maximum length: 32 characters, case sensitive) • ro - Specifies read-only access.
PAGE 247
Command Line Reference SNMP Commands snmp-server contact This command sets the system contact string. Use the no form to remove the system contact information. Syntax snmp-server contact no snmp-server contact string - String that describes the system contact.
PAGE 248
Command Line Reference SNMP Commands Command Usage • This command enables both authentication failure notifications and link up-down notifications. • The snmp-server host command specifies the host device that will receive SNMP notifications. Example HP420(config)#snmp-server enable server HP420(config)# Related Commands snmp-server host (page 8-42) snmp-server host This command specifies the recipient of an SNMP notification. Use the no form to remove the specified host.
PAGE 249
Command Line Reference SNMP Commands Command Usage The snmp-server host command is used in conjunction with the snmp-server enable server command to enable SNMP notifications. Example HP420(config)#snmp-server host 1 10.1.19.23 batman HP420(config)# Related Commands snmp-server enable server (page 8-41) snmp-server trap This command enables the access point to send specific SNMP traps (i.e., notifications) to SNMP v1 and v2c hosts and v3 targets. Use the no form to disable specific trap messages.
PAGE 250
Command Line Reference SNMP Commands – – – – – – – – – – – – – – – – – – – – – 8-44 hpdot11StationRequestFail - A client station has failed associa tion, re-association, or authentication. dot1xAuthFail - A 802.1X client station has failed RADIUS authen tication. dot1xAuthNotInitiated - A client station did not initiate 802.1X authentication. dot1xAuthSuccess - An 802.1X client station has been success fully authenticated by the RADIUS server.
PAGE 251
Command Line Reference SNMP Commands – – – – – – – – – – – sysRadiusServerChanged - The access point has changed from the primary RADIUS server to the secondary, or from the secondary to the primary. sysSystemDown - The access point is about to shutdown and reboot. sysSystemUp - The access point is up and running. vlanEnableStatusSet - VLAN support on the access point has been enabled or disabled. vlanUntaggedSet - VLAN support on the access point has been set to untagged.
PAGE 252
Command Line Reference SNMP Commands snmp-server location This command sets the system location string. Use the no form to remove the location string. Syntax snmp-server location no snmp-server location text - String that describes the system location.
PAGE 253
Command Line Reference SNMP Commands Command Usage • This command is used in conjuction with the snmpv3 user command. • Entering this command invalidates the engine ID that is currently configured. • If the engine ID is deleted or changed, all SNMP users will be cleared. You will need to reconfigure all existing users. Example HP420(config)#snmpv3 engine-id 1a:2b:3c:4d:00:ff HP420(config)# snmpv3 user This command configures the SNMP v3 users that are allowed to manage the access point.
PAGE 254
Command Line Reference SNMP Commands 8-48 • The access point enables SNMP v3 users to be assigned to three pre defined groups. Other groups cannot be defined. The available groups are: – RO - A read-only group using no authentication and no data encryption. Users in this group use no security, either authenti cation or encryption, in SNMP messages they send to the agent. This is the same as SNMP v1 or SNMP v2c. – RWAuth - A read/write group using authentication, but no data encryption.
PAGE 255
Command Line Reference SNMP Commands Example HP420(config)#snmpv3 user User Name<1-32> :chris Group Name<1-32> :RWPriv Authtype(md5,none):md5 Passphrase<8-32>:a good secret Privacy(des,none) :des Passphrase<8-32>:a very good secret HP420(config)# snmpv3 targets This command configures SNMP v3 notification targets. Use the no form to delete an SNMP v3 target.
PAGE 256
Command Line Reference SNMP Commands • The SNMP v3 user name that is specfied in the target must first be configured using the snmpv3 user command. Example HP420(config)#snmpv3 targets mytraps 192.168.1.33 chris HP420(config)# snmpv3 filter This command configures SNMP v3 notification filters. Use the no form to delete an SNMP v3 filter or remove a subtree from a filter.
PAGE 257
Command Line Reference SNMP Commands Example This example creates a filter "trapfilter" that will send only the hpdot11StationAssociation trap to the assigned receiving target. HP420(config)#snmpv3 filter trapfilter exclude .1 HP420(config)#snmpv3 filter trapfilter include .1.3.6.1.4.1.11.2.14.11.6.4.1.1.7.4.2.1 HP420(config)# snmpv3 filter-assignments This command assigns SNMP v3 notification filters to targets. Use the no form to remove an SNMP v3 filter assignment.
PAGE 258
Command Line Reference SNMP Commands show snmpv3 This command displays the SNMP v3 users, trap targets, filter assignments and settings.
PAGE 259
Command Line Reference SNMP Commands show snmp-server This command displays the SNMP configuration settings. Command Mode Exec Example HP420#show snmp-server SNMP Information ============================================== Service State : Enable Community (ro) : ***** Community (rw) : ***** Location : WC-19 Contact : Paul Version Filter : Enable SNMPv1, SNMPv2c : Disable SNMPv3 EngineId :00:00:00:0b:00:00:00:0d:9d:c6:98:7e EngineBoots:13 Trap Destinations: 1: 192.168.1.10, 2: 192.168.1.19, 3: 0.0.0.0, 4: 0.
PAGE 260
Command Line Reference Flash/File Commands ssidPrimarySet apScanEnableStatusSet adHocDetected hpdot11BeaconTransmissionOk radiusAcctEnableStatusSet Enabled Enabled Enabled Enabled Enabled apScanDoneAndNewApDetected apScanNow hpdot11BeaconTransmissionFail sshEnableStatusSet qosSvpEnableStatusSet Enabled Enabled Enabled Enabled Enabled ============================================= HP420# Flash/File Commands These commands are used to manage the system software or configuration files.
PAGE 261
Command Line Reference Flash/File Commands Command Mode Exec Command Usage Use the dir command to see the eligible file names. Example HP420#bootfile hp420-2.bin HP420# copy This command copies a boot file or software file between an FTP/TFTP server and the access point’s flash memory. It also allows you to upload a copy of the configuration file from the access point’s flash memory to an FTP/TFTP server.
PAGE 262
Command Line Reference Flash/File Commands Command Usage • The system prompts for data required to complete the copy command. • Only a configuration file can be uploaded to an FTP/TFTP server, but every type of file can be downloaded to the access point. • HP recommends not changing the name of a software file when downloading a new software. This name helps to quickly identify the software revision that the file contains.
PAGE 263
Command Line Reference Flash/File Commands delete This command deletes a software or configuration file. Syntax delete filename - Name of the configuration or software file. Default Setting None Command Mode Exec Caution Beware of deleting software files from flash memory. At least one software file is required in order to boot the access point.
PAGE 264
Command Line Reference Flash/File Commands Command Usage File information is shown below: Column Heading Description File Name The name of the file. Type (2) Software and (5) Configuration file File Size The length of the file in bytes. Example The following example shows how to display all file information: HP420#dir File Name Type ----------------------------dflt-img.bin 2 hp420-2100B07.bin 2 syscfg 5 syscfg_bak 5 Boot Rom Version : v3.0.2 Software Version : v2.1.0.
PAGE 265
Command Line Reference Flash/File Commands Example HP420#show bootfile Bootfile Information =================================== Bootfile : hp420-2100B12.bin =================================== HP420# show text-config-file This command displays the current configuration file in a readable text format. Default Setting None Command Mode Exec Example HP420#show text-config-file ## This file is generated automatically by hp Access Point 420.
PAGE 266
Command Line Reference Flash/File Commands [management] cli-prompt=hp420 vlan-enable=false management-vlan-id=1 management-vlan-tagging=false iapp-enable=true svp-supported=false reset-button=true serial-console=true . . . . HP420# show text-config-error This command displays any error messages from the last text format config uration file download.
PAGE 267
Command Line Reference RADIUS Authentication RADIUS Authentication Remote Authentication Dial-in User Service (RADIUS) is a logon authentica tion protocol that uses software running on a central server to control access for RADIUS-aware devices to the network. An authentication server contains a database of user credentials for each wireless client that requires access to the network. RADIUS client configuration is required for each SSID wireless interface to support MAC authentication and IEEE 802.1X.
PAGE 268
Command Line Reference RADIUS Authentication Default Setting None Command Mode SSID Wireless Interface Configuration Example HP420(if-wireless-g-ssid-1)#radius-authentication-server address 192.168.1.25 HP420(if-wireless-g-ssid-1)# radius-authentication-server port This command sets the RADIUS server network port. Syntax radius-authentication-server [secondary] port • secondary - Secondary server. • port_number - RADIUS server UDP port used for authentication messages.
PAGE 269
Command Line Reference RADIUS Authentication • key_string - Encryption key used to authenticate logon access for client. Do not use blank spaces in the string. (Maximum length: 20 characters) Default Setting DEFAULT Command Mode SSID Wireless Interface Configuration Example HP420(if-wireless-g-ssid-1)#radius-authentication-server key green HP420(if-wireless-g-ssid-1)# radius-authentication-server retransmit This command sets the number of retries.
PAGE 270
Command Line Reference RADIUS Authentication radius-authentication-server timeout This command sets the interval between transmitting authentication requests to the RADIUS server. Syntax radius-authentication-server [secondary] timeout • secondary - Secondary server. • number_of_seconds - Number of seconds the access point waits for a reply before resending a request.
PAGE 271
Command Line Reference RADIUS Authentication Example HP420(if-wireless-g-ssid-1)#radius-authentication-server mac-format multi-colon HP420(if-wireless-g-ssid-1)# radius-authentication-server vlan-format This command sets the format for specifying VLAN IDs on the RADIUS server. Syntax radius-authentication-server vlan-format • hex - Enter VLAN IDs as a hexadecimal number. • ascii - Enter VLAN IDs as an ASCII string.
PAGE 272
Command Line Reference RADIUS Authentication Example HP420#show radius 11g Radius Authentication Server Information ============================================================================ ssid IP Port Retransmit Timeout Mac-format Vlan-format ============================================================================ 1 (P)192.168.1.10 1812 3 5 MULTI_DASH ASCII 1 (S)192.168.1.19 1812 3 5 MULTI_DASH ASCII 2 (P)0.0.0.0 1812 3 5 NO_DELIMITER HEX 2 (S)0.0.0.0 1812 3 5 NO_DELIMITER HEX 3 (P)0.0.0.
PAGE 273
Command Line Reference RADIUS Accounting RADIUS Accounting The access point provides configuration for RADIUS Accounting servers that can receive user-session accounting information from the access point. RADIUS Accounting can be used to provide valuable information on user activity in the network.
PAGE 274
Command Line Reference RADIUS Accounting Command Mode Global Configuration Example HP420(config)#radius-accounting-server enable HP420(config)# radius-accounting-server address This command specifies the primary and secondary RADIUS Accounting servers. Syntax radius-accounting-server [secondary] address • secondary - Secondary server. • host_ip_address - IP address of server. • host_name - Host name of server.
PAGE 275
Command Line Reference RADIUS Accounting • secondary - Secondary server. • port_number - RADIUS server UDP port used for authentication messages. (Range: 0 or 1024-65535) Default Setting 1813 Command Mode Global Configuration Example HP420(config)#radius-accounting-server port-accounting 49153 HP420(config)# radius-accounting-server key This command sets the RADIUS Accounting server encryption key. Syntax radius-accounting-server [secondary] key • secondary - Secondary server.
PAGE 276
Command Line Reference RADIUS Accounting Syntax radius-accounting-server [secondary] retransmit • secondary - Secondary server. • number_of_retries - Number of times the access point will try to authenticate logon access via the RADIUS server.
PAGE 277
Command Line Reference RADIUS Accounting radius-accounting-server timeout-interim This command sets the interval between transmitting accounting updates to the RADIUS Accounting server. Syntax radius-accounting-server [secondary] timeout-interim • secondary - Secondary server. • number_of_seconds - Number of seconds the access point waits between transmitting accounting updates.
PAGE 278
Command Line Reference 802.1X Authentication 802.1X Authentication The access point supports IEEE 802.1X (802.1X) access control for wireless clients. This control feature prevents unauthorized access to the network by requiring an 802.1X client application to submit user credentials for authenti cation. Client authentication is then verified by a RADIUS server using EAP (Extensible Authentication Protocol) before the access point grants client access to the network. The 802.
PAGE 279
Command Line Reference 802.1X Authentication Command Mode SSID Wireless Interface Configuration Command Usage • The access point uses EAPOL (Extensible Authentication Protocol Over LANs) packets to pass dynamic unicast session and broadcast keys to wireless clients. The 802.1x broadcast-key-refresh-rate command specifies the interval after which the broadcast keys are changed. The 802.1x session-key-refresh-rate command specifies the interval after which unicast session keys are changed.
PAGE 280
Command Line Reference 802.1X Authentication Example HP420(if-wireless-g-ssid-1)#802.1x session-key-refresh-rate 5 HP420(if-wireless-g-ssid-1)# 802.1x session-timeout This command sets the time period after which a connected client must be reauthenticated. Syntax 802.1x session-timeout seconds - The number of seconds. (Range: 0-65535) Default 0 (Disabled) Command Mode SSID Wireless Interface Configuration Example HP420(if-wireless-g-ssid-1)#802.
PAGE 281
Command Line Reference 802.1X Authentication Default None Command Mode Global Configuration Command Usage The access point currently only supports EAP-MD5 CHAP for 802.1X supplicant authentication. Example HP420(config)#802.1x supplicant user AP420 dot1xpass HP420(config)# 802.1x supplicant This command enables the access point to operate as an 802.1X supplicant for authentication. Use the no form to disable 802.1X authentication of the access point. Syntax 802.1x supplicant no 802.
PAGE 282
Command Line Reference 802.1X Authentication show authentication This command shows all MAC address and 802.1X authentication settings, as well as the MAC address filter table. Command Mode Exec Example HP420#show authentication 11g 802.1x Authentication Information ============================================================================ ssid 802.
PAGE 283
Command Line Reference 802.
PAGE 284
Command Line Reference MAC Address Authentication MAC Address Authentication Use these commands to define MAC authentication on the access point. For local MAC authentication, first define the default filtering policy using the address filter default command. Then enter the MAC addresses to be filtered, indicating if they are active or inactive. For RADIUS MAC authentication, the MAC addresses and filtering policy must be configured on the RADIUS server.
PAGE 285
Command Line Reference MAC Address Authentication Example HP420(if-wireless-g-ssid-1)#mac-access permission denied HP420(if-wireless-g-ssid-1)# Related Commands mac-access entry (page 8-79) show authentication (page 8-76) mac-access entry This command enters or removes MAC address from the filter table. Syntax mac-access entry mac-address - Physical address of a client. Enter six pairs of hexa decimal digits separated by hyphens, e.g., 00-90-D1-12-AB-89.
PAGE 286
Command Line Reference MAC Address Authentication Related Commands mac-access permission (page 8-78) show authentication (page 8-76) mac-authentication server This command sets address filtering to be performed with local or remote options. Use the no form to disable MAC address authentication. Syntax mac-authentication server [local | remote] • local - Authenticate the MAC address of wireless clients with the local authentication database during 802.11 association.
PAGE 287
Command Line Reference MAC Address Authentication mac-authentication session-timeout This command sets the interval at which associated clients will be reauthen ticated with the RADIUS server authentication database. Use the no form to disable reauthentication. Syntax mac-authentication session-timeout seconds - Re-authentication interval.
PAGE 288
Command Line Reference Filtering Commands Filtering Commands The commands described in this section are used to filter communications between wireless clients, control access to the management interface from wireless clients, and filter traffic using specific Ethernet protocol types.
PAGE 289
Command Line Reference Filtering Commands Example HP420(config)#filter local-bridge HP420(config)# filter ap-manage This command prevents wireless clients from accessing the management interface on the access point. Use the no form to disable this filtering.
PAGE 290
Command Usage This command is used in conjunction with the filter ethernet-type protocol command to determine which Ethernet protocol types are to be filtered. Example HP420(config)#filter ethernet-type enable HP420(config)# Related Commands filter ethernet-type protocol (page 8-84) filter ethernet-type protocol This command sets a filter for a specific Ethernet type. Use the no form to disable filtering for a specific Ethernet type.
PAGE 291
Command Line Reference Filtering Commands Default None Command Mode Global Configuration Command Usage Use the filter ethernet-type enable command to enable filtering for Ethernet types specified in the filtering table, or the no filter ethernet-type enable command to disable all filtering based on the filtering table.
PAGE 292
Command Line Reference Ethernet Interface Commands Ethernet Interface Commands The commands described in this section configure connection parameters for the Ethernet interface.
PAGE 293
Command Line Reference Ethernet Interface Commands dns server This command specifies the address for the primary or secondary domain name server to be used for name-to-address resolution. Syntax dns primary-server dns secondary-server • primary-server - Primary server used for name resolution. • secondary-server - Secondary server used for name resolution. • server-address - IP address of domain-name server.
PAGE 294
Command Line Reference Ethernet Interface Commands ip address This command sets the IP address for the (10/100Base-TX) Ethernet interface. Use the no form to restore the default IP address. Syntax ip address no ip address • ip-address - IP address • netmask - Network mask for the associated IP subnet. This mask identifies the host address bits used for routing to specific subnets. • gateway - IP address of the default gateway Default Setting IP address: 192.168.1.
PAGE 295
Command Line Reference Ethernet Interface Commands ip dhcp This command enables the DHCP client for the access point. Use the no form to disable the DHCP client. Syntax ip dhcp no ip dhcp Default Setting Enabled Command Mode Interface Configuration (Ethernet) Command Usage • You must assign an IP address to this device to gain management access over the network or to connect to existing IP subnets.
PAGE 296
Command Line Reference Ethernet Interface Commands shutdown This command disables the Ethernet interface. To restart a disabled interface, use the no form. Syntax shutdown no shutdown Default Setting Interface enabled Command Mode Interface Configuration (Ethernet) Command Usage This command allows you to disable the Ethernet interface due to abnormal behavior (e.g., excessive collisions), and re-enable it after the problem has been resolved.
PAGE 297
Command Line Reference Ethernet Interface Commands Default Setting Auto-negotiation Command Mode Interface Configuration (Ethernet) Command Usage If auto-negotiation is disabled, the speed and duplex mode must be configured to match the setting of the attached device. Example The following example configures the Ethernet interface to 100 Mbps, halfduplex operation. HP420(if-ethernet)#speed-duplex 100mh HP420(if-ethernet)# show interface ethernet This command displays the status for the Ethernet interface.
PAGE 298
Command Line Reference Ethernet Interface Commands Example HP420#show interface ethernet Ethernet Interface Information ======================================== IP Address : 192.168.1.1 Subnet Mask : 255.255.255.0 Default Gateway : 192.168.1.253 Primary DNS : 192.168.1.55 Secondary DNS : 10.1.0.
PAGE 299
Command Line Reference Wireless Interface Commands Wireless Interface Commands The commands described in this section configure global parameters for the wireless interface.
PAGE 300
Command Line Reference Wireless Interface Commands Command Function Mode Page preamble Sets the length of the signal preamble at the start of a data transmission IC-W 8-107 transmit-limits Sets the reduction in transmit power required IC-W for an external antenna to conform with local regulations 8-107 transmit-power Adjusts the power of the radio signals transmitted from the access point IC-W 8-108 max-association Configures the maximum number of clients that IC-W can be associated with th
PAGE 301
Command Line Reference Wireless Interface Commands ssid add This command adds an Service Set Identifier (SSID) interface. Syntax ssid add • index - Specifies the index number of the SSID interface. (Range: 1-8) • name - Specifies the SSID of the interface. (1 - 32 alphanumeric characters) Default Setting None Command Mode Interface Configuration (Wireless) Command Usage • The maximum number of supported SSID interfaces is 8.
PAGE 302
Command Line Reference Wireless Interface Commands ssid This command enters SSID interface configuration mode for configuring parameters for an SSID interface. Use the no form to remove an SSID interface. Syntax [no] ssid • index - Specifies the index number of the SSID interface. (Range: 1-8) • name - Specifies the SSID of the interface.
PAGE 303
Command Line Reference Wireless Interface Commands Default Setting Enterprise Wireless AP Command Mode SSID Wireless Interface Configuration Command Usage Each SSID interface name on the access point must be unique. Example HP420(if-wireless-g-ssid-RD-AP#3)#ssid RD-AP#4 HP420(if-wireless-g-ssid-RD-AP#4)# primary This command sets the SSID interface as the primary. Command Mode SSID Wireless Interface Configuration Command Usage Only one SSID interface on the access point can be the primary.
PAGE 304
Command Line Reference Wireless Interface Commands string - Comment or a description for this interface. (Range: 1-80 characters) Default Setting Enterprise 802.11g Access Point Command Mode Interface Configuration (Wireless) Example HP420(if-wireless-g)#description RD-AP#3 HP420(if-wireless-g)# closed-system This command closes access to clients without a pre-configured SSID. Use the no form to disable this feature.
PAGE 305
Command Line Reference Wireless Interface Commands radio-mode This command sets the working mode for the wireless interface. Syntax radio-mode • b - b-only mode: Both 802.11b and 802.11g clients can communicate with the access point, but 802.11g clients can only transfer data at 802.11b standard rates (up to 11 Mbps). • g - g-only mode: Only 802.11g clients can communicate with the access point. • b+g - b & g mixed mode: Both 802.11b and 802.
PAGE 306
Command Line Reference Wireless Interface Commands Default Setting Diversity Command Mode Interface Configuration (Wireless) Example HP420(if-wireless g)#antenna-mode single HP420(if-wireless g)# speed This command configures the maximum data rate at which a station can connect to the access point. Syntax speed speed - Maximum access speed allowed for wireless clients. (Options: 1, 2, 5.
PAGE 307
Command Line Reference Wireless Interface Commands multicast-data-rate This command configures the maximum data rate at which the access point transmits multicast and broadcast traffic. Syntax multicast-data-rate speed - Maximum rate allowed for multicast data. (Options: 1, 2, 5.5, 11 Mbps for b-only and b+g modes; 1, 2, 5.
PAGE 308
Command Line Reference Wireless Interface Commands Interface Configuration (Wireless) Command Usage • The available channel settings are limited by local regulations, which determine the number of channels that are available. • When multiple access points are deployed in the same area, be sure to choose a channel separated by at least five channels to avoid having the channels interfere with each other. You can deploy up to three access points in the same area (e.g., channels 1, 6, 11).
PAGE 309
Command Line Reference Wireless Interface Commands dtim-period This command configures the rate at which stations in sleep mode must wake up to receive broadcast/multicast transmissions. Syntax dtim-period interval - Interval between the beacon frames that transmit broadcast or multicast traffic.
PAGE 310
Command Line Reference Wireless Interface Commands fragmentation-length This command configures the minimum packet size that can be fragmented when passing through the access point. Syntax fragmentation-length length - Minimum packet size for which fragmentation is allowed. (Range: 256-2346 bytes) Default Setting 2346 Command Mode Interface Configuration (Wireless) Command Usage • If the packet size is smaller than the preset fragment size, the packet will not be fragmented.
PAGE 311
Command Line Reference Wireless Interface Commands rts-threshold This command sets the packet size threshold at which a Request to Send (RTS) signal must be sent to the receiving station prior to the sending station starting communications. Syntax rts-threshold threshold - Threshold packet size for which to send an RTS.
PAGE 312
Command Line Reference Wireless Interface Commands slot-time This command sets the basic unit of time the access point uses for calculating waiting times before data is transmitted. Syntax slot-time [short | long | auto] • short - Sets the slot time to short (9 microseconds). • long - Sets the slot time to long (20 microseconds). • auto - Sets the slot time according to the capability of clients that are currently associated.
PAGE 313
Command Line Reference Wireless Interface Commands preamble This command sets the length of the signal preamble that is used at the start of a data transmission. Syntax preamble [long | short-or-long] • long - Sets the preamble to long. • short-or-long - Sets the preamble according to the capability of clients that are currently asscociated. Uses a short preamble if all associated clients can support it, otherwise a long preamble is used.
PAGE 314
Command Line Reference Wireless Interface Commands middle - The percentage of full power allowed for middle radio chan nels. (Options: 100, 90, 80, 70, 63, 56, 50, 45, 40, 35, 32, 28, 25, 22, 20, 18, 16, 14, 13, 11, 10) high - The percentage of full power allowed for high radio channels.
PAGE 315
Command Line Reference Wireless Interface Commands Command Usage • The min keyword indicates minimum power. • The longer the transmission distance, the higher the transmission power required. Example HP420(if-wireless g)#transmit-power 50% HP420(if-wireless g)# max-association This command configures the maximum number of clients that can be asso ciated with the access point at the same time. Syntax max-association count - Maximum number of associated stations.
PAGE 316
Command Line Reference Wireless Interface Commands shutdown This command disables the radio interface. Use the no form to enable the interface. Syntax shutdown no shutdown Default Setting v2.0.37 software or earlier: Interface enabled v2.0.38 software or later: Interface disabled Command Mode Interface Configuration (Wireless) Example HP420(if-wireless g)#shutdown HP420(if-wireless g)# enable This command enables an SSID interface. Use the no form to disable the interface.
PAGE 317
Command Line Reference Wireless Interface Commands show interface wireless g This command displays the status for the wireless interface. Command Mode Exec Example HP420#show interface wireless g Wireless Interface Common Information ========================================================================= ----------------Identification------------------------------------------Description : Enterprise 802.11g Access Point Radio mode : 802.11b + 802.
PAGE 318
Command Line Reference Wireless Interface Commands show ssid This command displays the status for an SSID interface. Syntax show ssid • index - Specifies the index number of the SSID interface. (Range: 1-8) • name - Specifies the SSID of the interface.
PAGE 319
Command Line Reference Wireless Interface Commands ----------------Radius Authentication Server----------------------------Radius Primary Server Information IP : 0.0.0.0 Port : 1812 Key : ***** Retransmit : 3 Timeout : 5 Radius MAC Address Format : NO_DELIMITER Radius VLAN ID Format : HEX Radius Secondary Server Information IP : 0.0.0.
PAGE 320
Command Line Reference Wireless Interface Commands show station This command shows the wireless clients associated with the access point. The "Station Address" displayed is the client’s MAC address. Command Mode Exec Example HP420#show station 802.
PAGE 321
Command Line Reference Wireless Security Commands Wireless Security Commands The commands described in this section configure parameters for wireless security on SSID interfaces.
PAGE 322
Command Line Reference Wireless Security Commands – For 152-bit keys, use 16 alphanumeric characters or 32 hexa decimal digits. Default Setting No WEP keys defined. Command Mode SSID Wireless Interface Configuration Command Usage • Up to four WEP keys can be defined on the access point, each identified by a key index number. • Only one WEP key can be applied to an SSID interface, and only then if a key index is open.
PAGE 323
Command Line Reference Wireless Security Commands security-suite This command defines the mechanisms employed by the access point for wireless security. Syntax security-suite security-suite open-system <802.1x-disabled | 802.1x-required | 802.
PAGE 324
Command Line Reference Wireless Security Commands • 802.1x-required - 802.1X is always used for authentication. The access point uses WPA and/or dynamic WEP keys for security. • 802.1x-supported - 802.1X can be used by clients initiating authenti cation. The access point uses WPA and/or static or dynamic WEP keys for security. • psk - WPA pre-shared key is used for security. • wep - Static or dynamic WEP keys are used for multicast encryption. • wep-tkip - WPA with 802.
PAGE 325
Command Line Reference Wireless Security Commands • WPA enables the access point to support different unicast encryption keys for each client. However, the global encryption key for multicast and broadcast traffic must be the same for all clients. This command can set the encryption type that is used for multicast and unicast traffic. • WPA2 defines a transitional mode of operation for networks moving from WPA security to WPA2.
PAGE 326
Command Line Reference Wireless Security Commands wpa-preshared-key This command defines a Wi-Fi Protected Access (WPA) pre-shared key. Syntax wpa-preshared-key • type - Input format. (Options: ASCII, HEX) • value - The key string. – For ASCII input, type a string between 8 and 63 alphanumeric characters. – For HEX input, type exactly 64 hexadecimal digits.
PAGE 327
Command Line Reference Wireless Security Commands pre-authentication enable This command enables WPA2 preauthentication for fast secure roaming. Use the no form to disable preauthentication. Syntax pre-authentication enable no pre-authentication Default Setting Disabled Command Mode SSID Wireless Interface Configuration Command Usage • Each time a client roams to another access point it has to be fully reauthenticated.
PAGE 328
Command Line Reference Wireless Security Commands pmksa-lifetime This command sets the time for aging out cached WPA2 Pairwise Master Key Security Association (PMKSA) information for fast roaming. Syntax pmksa-lifetime minutes - The time for aging out PMKSA information.
PAGE 329
Command Line Reference Wireless Security Commands show wep-key This command displays the cuurent WEP key index settings.
PAGE 330
Command Line Reference Neighbor AP Detection Commands Neighbor AP Detection Commands The access point can be configured to periodically scan all radio channels and find other access points within range. Alternatively, the access point can scan continuously in a dedicated mode with no clients supported. A database of nearby access points is maintained where detected APs can be identified.
PAGE 331
Command Line Reference Neighbor AP Detection Commands Command Mode Interface Configuration (Wireless) Command Usage • First set the scan duration and interval before enabling scanning. • While the access point scans a channel for neighbor APs, wireless clients will not be able to connect to the access point. Therefore, frequent scanning or scans of a long duration will degrade the access point’s performance. If more extensive scanning is required, use the dedicated scanning mode.
PAGE 332
Command Line Reference Neighbor AP Detection Commands • A long scan duration time will detect more access points in the area, but causes more disruption to client access. Example HP420(if-wireless g)#ap-detection duration 200 HP420(if-wireless g)# ap-detection interval This command sets the time between each AP detection scan. Syntax ap-detection interval minutes - The time between each AP detection scan.
PAGE 333
Command Line Reference Neighbor AP Detection Commands Command Mode Interface Configuration (Wireless) Example HP420(if-wireless g)#ap-detection first-scan 30 HP420(if-wireless g)# ap-detection instant-scan This command starts an immediate AP detection scan on the radio interface. Default Setting Disabled Command Mode Interface Configuration (Wireless) Command Usage Note that ap-detection instant-scan does not work when AP Detection is disabled.
PAGE 334
Command Line Reference Neighbor AP Detection Commands Example HP420#show ap-detection config 802.11g Channel : Rogue AP Setting ============================================================ Rogue AP Detection : Disabled Rogue AP Scan Interval : 720 minutes Rogue AP Scan Duration : 350 milliseconds Rogue AP First Scan Delay : 0 minutes HP420# show ap-detection table This command displays the current detected AP database.
PAGE 335
Command Line Reference IAPP Command IAPP Command The command described in this section enables the protocol signaling required to ensure the successful handover of wireless clients roaming between different IEEE 802.11f-compliant access points. The IEEE 802.11f protocol can ensure successful roaming between access points in a multivendor environment. iapp This command enables the protocol signaling required to hand over wireless clients roaming between different 802.11f-compliant access points.
PAGE 336
Command Line Reference VLAN Commands VLAN Commands The access point can enable the support of VLAN-tagged traffic passing between wireless clients and the wired network. Up to 64 VLAN IDs can be mapped to specific wireless clients, allowing users to remain within the same VLAN as they move around a campus site. When VLANs are enabled on the access point, a VLAN ID (a number between 1 and 4094) can be assigned to each client after successful authentication using IEEE 802.1X and a central RADIUS server.
PAGE 337
Command Line Reference VLAN Commands • static - Clients are assigned to the default VLAN ID of the associated SSID interface. VLAN assignment from a RADIUS server is not allowed. • dynamic - VLAN IDs are assigned from a RADIUS server, if config ured. Otherwise, clients are assigned to the default VLAN ID of the associated SSID interface. Default Disabled Command Mode Global Configuration Command Usage When VLAN support is enabled or disabled on the access point, the system requires a reboot.
PAGE 338
Command Line Reference VLAN Commands Command Usage • The management VLAN is for managing the access point through remote management tools, such as the web interface, SNMP, SSH, or Telnet. The access point only accepts management traffic that is tagged with the specified management VLAN ID.
PAGE 339
Command Line Reference VLAN Commands server. If a user does not have a configured VLAN ID, the access point assigns the user to the default VLAN ID (a number between 1 and 4094) of the associated SSID interface. • The default VLAN for each SSID interface must be unique. • The access point supports only one untagged VLAN. If the SSID interface default VLAN is set to untagged, other SSID interface default VLANs and the management VLAN must be set to tagged.
PAGE 340
Command Line Reference VLAN Commands — This page is intentionally unused.
PAGE 341
A File Transfers Contents Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-2 Downloading Access Point Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-3 General Software Download Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-3 Using TFTP or FTP To Download Software from a Server . . . . . . . . A-4 Web: TFTP/FTP Software Download to the Access Point . . . . .
PAGE 342
File Transfers Overview Overview You can download new access point software and upload or download con figuration files. These features are useful for acquiring periodic access point software upgrades and for storing or retrieving a switch configuration. This appendix includes the following information: A-2 ■ Downloading access point software (page A-3) ■ Procedure for upgrading software from v2.0.x to v 2.1.
PAGE 343
File Transfers Downloading Access Point Software Downloading Access Point Software HP periodically provides access point software updates through the HP ProCurve website (http://www.hp.com/go/hpprocurve). For more information, see the support and warranty booklet shipped with the access point. After you acquire a new access point software file, you can use one of the following methods for downloading the software code to the access point. Important! Upgrading to version 2.1.x software from previous 2.0.
PAGE 344
File Transfers Downloading Access Point Software Using TFTP or FTP To Download Software from a Server This procedure assumes that: ■ A software file for the access point has been stored on a TFTP or FTP server accessible to the access point. (The access point software file is typically available from the HP ProCurve website at http://www.hp.com/go/ hpprocurve.) ■ The access point is properly connected to your network and has already been configured with a compatible IP address and subnet mask.
PAGE 345
File Transfers Downloading Access Point Software • File Type: Specifies the the file type to upload or download: – Application: A software code file. – Config: An access point configuration file in binary format. – Text Config: An access point configuration file in a readable text format. • Server Type: Specifies an FTP or TFTP server. • Server IP: The IP address or host name of the FTP or TFTP server. • File Name: Specifies the name of the software file on the server.
PAGE 346
File Transfers Downloading Access Point Software Figure A-1.
PAGE 347
File Transfers Downloading Access Point Software The following example shows how to download new software to the access point using a TFTP server. HP420#copy tftp file 1. Application image 2. Config file 3. Boot block image 4. Text Config file Select the type of download<1-4>: [1]:1 TFTP Source file name:hp420-2100B14.bin TFTP Server IP:192.168.1.
PAGE 348
File Transfers Downloading Access Point Software If you typed “n” to continue using the current configuration settings, you must type reset board to reboot the access point and activate the downloaded software. Using the Web Interface To Download Software From the Local Computer This procedure assumes that: ■ A software file for the access point has been stored on the local computer. (The access point software file is typically available from the HP ProCurve website at http://www.hp.com/go/hpprocurve.
PAGE 349
File Transfers Downloading Access Point Software 3. Under HTTP, in the text field New Firmware File, specify the path and file name of the software on the local computer. You can use the [Browse] button to find the file. 4. Click the [Start Upgrade] button. 5. When the download is complete, restart the access point by clicking on the [Reboot] button. Alternatively, you can reset the access point defaults and reboot the system by clicking on the [Reset] button. Figure A-2.
PAGE 350
File Transfers Upgrade Procedure for v2.1.x Software Upgrade Procedure for v2.1.x Software To upgrade the access point software from v2.0.x to v2.1.x requires a special procedure that is different from a normal upgrade. It is important to follow the exact procedure provided in this section to successfully download and run the v2.1.x software. Due to the increased size of the v2.1.x runtime software file, the access point requires an upgrade of both the boot code file and the default software (dfltimg.
PAGE 351
File Transfers Upgrade Procedure for v2.1.x Software CLI: Version 2.1.x Software Upgrade using TFTP/FTP The v2.1.x software upgrade can only be performed using the CLI, either through a direct console connection or Telnet, or using SNMP. The upgrading of the boot code cannot be performed using the web interface. Note the following points before starting the upgrade procedure: ■ Make sure the access point is running a v2.0.x software version. ■ Place all the v2.1.
PAGE 352
File Transfers Upgrade Procedure for v2.1.x Software 2. After a successful download, the prompt “Do you want to use NEW CONFIG SETTINGS? [n]:” appears. Type “n” to retain the current access point configuration. (Typing “y” restores factory default settings and reboots the access point.) 3. Reboot the access point. HP420#reset board Reboot system now? : y 4. Download the upgrade boot code file, bootrom306.bin. HP420#copy tftp file 1. Application image 2. Config file 3.
PAGE 353
File Transfers Upgrade Procedure for v2.1.x Software 6. After a successful download, the prompt “Do you want to reset to FACTORY DEFAULT SETTINGS? [n]:” appears. Type “n” to retain the current access point configuration. (Typing “y” restores factory default settings and reboots the access point.) 7. Download the upgrade v2.1.x software file, hp420-2100Bxx.bin. HP420#copy tftp file 1. Application image 2. Config file 3.
PAGE 354
File Transfers Transferring Configuration Files Transferring Configuration Files Using the Web user interface and CLI commands described in this section, you can copy access point configuration files to and from an FTP or TFTP server. The configuration files can be saved in a binary or readable text format. When you copy the access point configuration file to an FTP/TFTP server, that file can later be downloaded to the access point to restore the system config uration.
PAGE 355
File Transfers Transferring Configuration Files ■ Reboot Access Point: Click the [Reboot] button to reboot the system. To Upload a Configuration File to a FTP or TFTP Server: 1. Click the [Software Upgrade] button on the Administration tab. 2. Under Remote, select Upload for the Direction. 3. Select Config or Text Config for the File Type. 4. For the Server Type, select FTP or TFTP for the server you are using. 5.
PAGE 356
File Transfers Transferring Configuration Files Figure A-3.
PAGE 357
File Transfers Transferring Configuration Files The following example shows how to upload the configuration file to a TFTP server. HP420#copy config tftp text TFTP Source file name:hp420-config.txt TFTP Server IP:192.168.1.19 HP420# The following example shows how to download a configuration file to the access point using a TFTP server. After downloading the configuration file, you must reboot the access point. HP420#copy tftp file 1. Application image 2. Config file 3. Boot block image 4.
PAGE 358
File Transfers Transferring Configuration Files — This page is intentionally unused.
PAGE 359
Index Numerics H 802.
PAGE 360
OS download using TFTP … A-4 quick start … 1-6 serial port configuring … 8-9, 8-28, 8-34 serial port enable … 8-17 Service Set Identification … 5-12 setup screen … 1-6 Simple Network Time Protocol … 5-45 SNMP … 8-39 community string … 8-40 enabling traps … 8-41 trap manager … 8-42 SNMPv3 enable … 8-19 SNTP … 5-45 software displaying version … 8-26 downloading … 8-55 SSID … 5-12 SSL … 5-7, 8-23 startup files creating … 8-55 setting … 8-54 status, port … 4-19 switch software See OS.
PAGE 361
W web agent enabled … 4-8 web agent, advantages … 2-4 web browser interface access parameters … 4-8 disable access … 4-8 enabling … 4-4 features … 2-4 first-time tasks … 4-8 main screen … 4-5, 4-18, 4-21, 4-23 overview … 4-5, 4-18, 4-21, 4-23 Overview window … 4-5, 4-18, 4-21, 4-23 password lost … 4-10 password, setting … 4-8 screen elements … 4-5 security … 4-8 standalone … 4-4 status bar … 4-24 system requirements … 4-4 WEP … 7-3 Wi-Fi Protected Access … 7-4, 7-5 Wired Equivalent Privacy … 7-3 working mod
PAGE 362
PAGE 363
Technical information in this document is subject to change without notice. ©Copyright 2005 Hewlett-Packard Development Company, L.P. Reproduction, adaptation, or translation without prior written permission is prohibited except as allowed under the copyright laws.