Page 1
HP ProCurve Wireless Access Point 520wl User Guide - For Software Version 2.4.5...
Page 2
The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty.
Regulatory Information Safety Information Documentation reference symbol. If the product is marked with this symbol, refer to the product documentation to get more information about the product. WARNING A WARNING in the manual denotes a hazard that can cause injury or death. CAUTION A CAUTION in the manual denotes a hazard that can damage the equipment.
Informations concernant la sécurité Symbole de référence à la documentation. Si le produit est marqué de ce symbole, reportez-vous à la documentation du produit afin d'obtenir des informations plus détaillées. WARNING Dans la documentation, un WARNING indique un danger susceptible d'entraîner des dommages corporels ou la mort.
Hinweise zur Sicherheit Symbol für Dokumentationsverweis. Wenn das Produkt mit diesem Symbol markiert ist, schlagen Sie bitte in der Produktdokumentation nach, um mehr Informationen über das Produkt zu erhalten. WARNING Eine WARNING in der Dokumentation symbolisiert eine Gefahr, die Verletzungen oder sogar Todesfälle verursachen kann.
Considerazioni sulla sicurezza Simbolo di riferimento alla documentazione. Se il prodotto è contrassegnato da questo simbolo, fare riferimento alla documentazione sul prodotto per ulteriori informazioni su di esso. WARNING La dicitura WARNINGdenota un pericolo che può causare lesioni o morte. CAUTION La dicituraCAUTION denota un pericolo che può...
Consideraciones sobre seguridad Símbolo de referencia a la documentación. Si el producto va marcado con este símbolo, consultar la documentación del producto a fin de obtener mayor información sobre el producto. WARNING Una WARNING en la documentación señala un riesgo que podría resultar en lesiones o la muerte. CAUTION Una CAUTION en la documentación señala un riesgo que podría resultar en averías al equipo.
EMC Regulatory Statements Notice for U.S.A. Manufacturer’s FCC Declaration of Conformity Statement Tested to Comply with FCC Standards Product No: J8133A Manufacturer:Hewlett-Packard Company 3000 Hanover Street Palo Alto, CA 94304-1185 USA Phone:650-857-1501 For questions regarding this declaration, contact the Product Regulations Manager at the above address or phone number.
Manufacturer's Name: Hewlett-Packard Company Manufacturer's Address: 8000 Foothills Blvd. Roseville, CA 95747-5502 U.S.A. declares, that the product Product Name: HP Procurve Wireless Enterprise Access Point 520wl Product Number(s): J8133A Regulatory Model: WA1010 Product Options: J8134A, J8136A, J8149A, J8430A conforms to the following Product Specifications:...
Notice for Japan Notice for Korea Regulatory Model Identification Number For regulatory identification purposes, this product has been assigned a Regulatory Model Number (RMN). The RMN for your product is WA1010. The RMN should not be confused with the marketing name (Wireless Enterprise Access Point 520wl) or the Product Number (J8133A).
Easy installation and operation Over-the-air encryption of data High speed network links For the 520wl to be fully operational, at least one HP ProCurve Wireless AP Card, either the 150wl (802.11b), 160wl (802.11a), or 170wl (802.11g) must be installed. NOTE:...
802.11 MIB Enterprise MIB HP provides these MIB files on the 520wl CD and through the HP ProCurve website at http://www.hp.com/go/hpprocurve. You need to compile one or more of the above MIBs into your SNMP program’s database before you can manage the 520wl. Refer to the documentation that came with your SNMP manager for instructions on how to compile MIBs.
SNMPv3 Secure Management SNMPv3 is one of two available secure management options on the AP; the other secure management option is HTTPS (HTTP connection over Secure Socket Layer). SNMPv3 is based on the existing SNMP framework, but addresses security requirements for device and network management. The security threats addressed by Secure Management are: Modification of information: An entity could alter an in-transit message generated by an authorized entity in such a way as to effect unauthorized management operations, including the setting of object values.
802.11b/g compared to 802.11a Networks The 520wl supports 802.11 wireless connectivity through the use of 802.11a-compliant 5 GHz, 802.11b-compliant 2.4 GHz, and 802.11g-compliant 2.4 GHz radio technology. The IEEE 802.11a standard adds support for a high-speed wireless physical layer in the 5 GHz band using Orthogonal Frequency Division Multiplexing (OFDM). The standard requires support for data rates of 6, 12, 24, and 54 Mbps.
Page 23
AP System Naming Convention WiFi Protected Access (WPA) This feature is only available when using an HP ProCurve Wireless 802.11b AP Card 150WL. In addition, this feature will only give information for ORiNOCO/Agere/Lucent based clients. WPA is supported only in the HP ProCurve Wireless 802.11g AP Card 170WL.
Page 24
DFS. See “ Frequency Selection (DFS) channel for your country manually. channel for your country manually. .” Use the table below and the HP Use the table below and the HP ProCurve Wireless Products ProCurve Wireless Products Regulatory and Radio Approvals...
The 520wl is designed to support both 2.4 GHz (IEEE 802.11b), 2.4 GHz (IEEE 802.11g), and 5 GHz (IEEE 802.11a) AP Cards. The HP ProCurve Wireless 802.11a Access Point Kit 160wl has an antenna adapter which snaps into place on the existing wall mounting bracket. Because of the antenna adapter, only one 160wl card can be installed in the AP.
Getting Started In This Chapter • Prerequisites • Product Package • System Requirements • Hardware Installation • Hardware Installation • Initialization • Download the Latest Software • Additional Hardware Features Prerequisites Before installing an AP, you need to gather certain network information. The following section identifies the information you need.
A 10Base-T Ethernet or 100Base-TX Fast Ethernet switch or hub. • At least one radio card designed for the AP: an HP ProCurve Wireless 802.11a Access Point Kit 160wl, 802.11b Access Point card 150wl, or 802.11g Access Point card 170wl.
Getting Started Hardware Installation Follow these steps to install your AP: 1. Clip the power supply into the mounting bracket. 2. Plug the AC power cord into the power supply. Figure 2-1 Install the power supply 3. Slide the AP module onto the mounting bracket. Ensure it is properly seated. It mounts over the power supply. 4.
Page 30
Getting Started Figure 2-3 Slide an AP Card into the AP 5. Slide an AP Card (not included in the kit) into slot A or B of the AP. 6. Connect the unit to a power source, such as a wall outlet. 7.
Page 31
11. Configure and test the unit. See Initialization for details. 12. Download the latest software to the unit, if necessary. HP provides access point software updates through the HP ProCurve website at http://www.hp.com/go/hpprocurve. See Download the Latest Software for details.
ScanTool ScanTool is a software utility that is included on the 520wl CD and through the HP ProCurve website at http://www.hp.com/go/hpprocurve. ScanTool allows you to find the IP address of an Access Point by referencing the MAC address in a Scan List, or to assign an IP address if one has not been assigned.
Page 33
Getting Started NOTE If your computer has more than one network adapter installed, you will be prompted to select the adapter that you want ScanTool to use before the Scan List appears. If prompted, select an adapter and click OK. You can change your adapter setting at any time by clicking the Select Adapter button on the Scan List screen.
Getting Started Set IP Address Type to Static. Enter a static IP Address for the AP in the field provided. You must assign the unit a unique address that is valid on your IP subnet. Contact your network administrator if you need assistance selecting an IP address for the unit.
Getting Started Figure 2-8 Enter Network Password Screen Setup Wizard The first time you connect to an AP’s HTTP interface, the Setup Wizard launches automatically. The Setup Wizard provides step-by-step instructions for how to configure the Access Point’s basic operating parameter, such as Network Name, IP parameters, system parameters, and management passwords.
Page 36
Getting Started • Navigation Panel: The Setup Wizard provides a navigation panel on the left-hand side of the screen. Click the link that corresponds to the parameters you want to configure to be taken to that particular configuration screen. Note that clicking a link in the navigation panel will not submit any changes you made to the unit’s configuration on the current page.
Page 37
Getting Started — Frequency Channel: When Auto Channel Select is enabled, this field is read-only and displays the Access Point’s current operating channel. When Auto Channel Select is disabled, you can specify the Access Point’s operating channel. If you decide to manually set the unit’s channel, ensure that nearby devices do not use the same frequency (unless you are setting up a WDS).
Page 38
Getting Started — Multicast Rate: Sets the rate at which Multicast messages are sent. This value is related to the Distance Between APs parameter (described previously). The table below displays the possible Multicast Rates based on the Distance between APs. See Multicast Rate for more information.
11. When finished, click Reboot on the Summary screen to restart the AP and apply your changes. Download the Latest Software HP periodically releases updated software for the AP on its Web site at http://www.hp.com/go/hpprocurve. HP recommends that you check the Web site for the latest updates after you have installed and initialized the unit.
There is one 802.11b card and the other card slot is protected with the metal faceplate provided in your kit. NOTE The HP ProCurve Wireless 802.11a Access Point Kit160wl is not approved in accordance with UL-2043 for use in a plenum. The Access Point using a power supply, should not be plenum mounted. Use Active Ethernet to power the units mounted in a plenum environment.
Getting Started PC Card not present Related Topics The Setup Wizard helps you configure the basic AP settings required to get the unit up and running. The AP supports many other configuration and management options. The remainder of this user guide describes these options in detail. –...
Status Information System Status System Status is the first screen to appear each time you connect to the HTTP interface. You can also return to this screen by clicking the Status button. Figure 3-1 System Status Screen Each section of the System Status screen provides the following information: –...
Advanced Configuration In This Chapter • Configuring the AP Using the HTTP/HTTPS Interface. • System: Configure specific system information such as system name and contact information. • Network: Configure IP settings, DNS client, DHCP server, and Link Integrity. • Interfaces: Configure the Access Point’s interfaces: Wireless and Ethernet.
Page 44
Advanced Configuration Figure 4-1 Enter Network Password Screen 5. Click the Configure button located on the left-hand side of the screen. Figure 4-2 Configure Main Screen 6. Click the tab that corresponds to the parameter you want to configure. For example, click Network to configure the Access Point’s TCP/IP settings.
Advanced Configuration System You can configure and view the following parameters within the System Configuration screen: • Name: The name assigned to the AP. Refer to the Dynamic DNS Support Access Point System Naming Convention sections for rules on naming the AP. •...
Advanced Configuration Network The Network category contains three sub-categories. – IP Configuration – DHCP Server – Link Integrity IP Configuration You can configure and view the following parameters within the IP Configuration screen: NOTE You must reboot the Access Point in order for any changes to the Basic IP or DNS Client parameters take effect.
Advanced Configuration DHCP Server If your network does not have a DHCP Server, you can configure the AP as a DHCP server to assign dynamic IP addresses to Ethernet nodes and wireless clients. CAUTION Make sure there are no other DHCP servers on the network and do not enable the DHCP server without checking with your network administrator first, as it could bring down the whole network.
Advanced Configuration You can configure and view the following parameters within the DHCP Server Configuration screen: • Enable DHCP Server: Place a check mark in the box provided to enable DHCP Server functionality. NOTE You cannot enable the DHCP Server functionality unless there is at least one IP Pool Table Entry configured. •...
Advanced Configuration Figure 4-4 Link Integrity Configuration Screen Interfaces From the Interfaces tab, you configure the Access Point’s operational mode, power control settings, wireless interface settings and Ethernet settings. You may also configure a Wireless Distribution System for AP-to-AP communications. For the wireless interface configuration, refer to the wireless parameters below that correspond to your radio type.
• • 12.5% NOTE TX Power Control is only supported on the HP ProCurve Wireless 802.11g AP Card 170wl. Configuring TX Power Control 1. Click Configure > Interfaces > Operational Mode. 2. Select Enable Transmit Power Control. 3. Select the transmit power level for interface A from the Wireless-A: Transmit Power Level drop-down menu.Select the transmit power level for interface B from the Wireless-B: Transmit Power Level drop-down menu.
Advanced Configuration Wireless (802.11a) You can configure and view the following parameters within the Wireless Interface Configuration screen for an 802.11a AP: NOTE You must reboot the Access Point before any changes to these parameters take effect. • Physical Interface Type: For an 802.11a AP, this field reports: “802.11a (OFDM 5 GHz).” OFDM stands for Orthogonal Frequency Division Multiplexing;...
Advanced Configuration If you are using an 802.11a AP in Europe, keep in mind the following: • DFS is not a configurable parameter. It is always enabled and cannot be disabled. • You cannot manually select the device’s operating channel; you must let DFS select the channel. •...
AP loads. This feature is enabled by default; it helps distribute the wireless load between APs. This feature is only available when using an HP ProCurve Wireless 802.11b AP Card 150wl. In addition, this feature will only give information for ORiNOCO/Agere/Lucent based clients.
Advanced Configuration Coverage The number of Access Points in a set area determines the network coverage for that area. A large number of Access Points covering a small area is a high-density cell. A few Access Points, or even a single unit, covering the same small area would result in a low-density cell, even though in both cases the actual area did not change —...
Page 55
The Distance Between APs must be set before the Multicast Rate, because when you select the Distance Between APs, the appropriate range of Multicast values automatically populates the drop-down menu. This feature is only available when using an HP ProCurve Wireless 802.11b AP Card 150wl. 4-13...
Advanced Configuration Wireless (802.11b/g) You can configure the following radio parameters for an 802.11b/g AP: NOTE You must reboot the Access Point before any changes to these parameters take effect. • Operational Mode: An 802.11b/g wireless interface can be configured to operate in the following modes: –...
Advanced Configuration • Closed System: Check this box to allow only clients configured with the Access Point’s specific Network Name to associate with the Access Point. When enabled, a client configured with the Network Name "ANY” cannot connect to the AP. This option is disabled by default. Wireless Distribution System (WDS) A Wireless Distribution System (WDS) creates a link between two 802.11a, 802.11b, or 802.11b/g APs over their radio interfaces.
For best results, HP recommends that you configure the Ethernet setting to match the speed and transmission mode of the device the Access Point is connected to (such as a hub or switch). If in doubt, leave this setting at its default, auto-speed-auto-duplex.
Password field and the Confirm field. The default password is “public”. NOTE For security purposes HP recommends changing ALL PASSWORDS from the default “public” immediately, to restrict access to your network devices to authorized personnel. If you lose or forget your password settings,...
Advanced Configuration Services You can configure the following management services: NOTE You must reboot the Access Point if you change the HTTP Port or Telnet Port. Secure Management Secure Management allows the use of encrypted and authenticated communication protocols such as SNMPv3, and Secure Socket Link (SSL), to manage the Access Point.
Page 61
Advanced Configuration Figure 4-9 Management Services Configuration Screen HTTPS Access (Secure Socket Layer) The user can access the AP in a secure fashion using Secure Socket Layer (SSL) over port 443. The AP supports SSLv3 with a 128-bit encryption certificate maintained by the AP for secure communications between the AP and the HTTP client.
Flow Control: Select either None (default) or Xon/Xoff (software controlled) data flow control. NOTE To avoid potential problems when communicating with the AP through the serial port, HP recommends that you leave the Flow Control setting at None (the default value).
Advanced Configuration Automatic Configuration The Automatic Configuration feature which allows an AP to be automatically configured by downloading a specific configuration file from a TFTP server during the boot up process. Automatic Configuration is disabled by default. The configuration process for Automatic Configuration varies depending on whether the AP is configured for dynamic or static IP.
Page 64
Advanced Configuration Figure 4-10 Automatic Configuration Screen Set up Automatic Configuration for Dynamic IP Perform the following procedure to enable and set up Automatic Configuration when you have a dynamic IP address for the TFTP server by way of DHCP. The Configuration filename and the TFTP server IP address are contained in the DHCP response when the AP gets its IP address dynamically from the DHCP server.
Page 65
Advanced Configuration Figure 4-11 DHCP Options: Setting the Boot Server Host Name 4. Add the Boot Server Hostname and Boot Filename parameters to the Active Options list. 5. Set the value of the Boot Server Hostname Parameter to the hostname or IP Address of the TFTP server. For example: 11.0.0.7.
Advanced Configuration Filtering The Access Point’s Packet Filtering features help control the amount of traffic exchanged between the wired and wireless networks. There are four sub-categories under the Filtering heading. – Ethernet Protocol – Static MAC – Advanced – TCP/UDP Port Ethernet Protocol The Ethernet Protocol Filter blocks or forwards packets based on the Ethernet protocols they support.
Page 67
Advanced Configuration the Mask at the bit level. However, for most users, you do not need to think in terms of bits. It should be sufficient to create a filter using only the hexadecimal digits 0 and F in the Mask (where 0 is any value and F is the value specified in the MAC address).
Page 68
Advanced Configuration Prevent Two Specific Devices from Communicating Configure the following settings to prevent the Wired Server and Wireless Client 1 from communicating: • Wired MAC Address: 00:40:F4:1C:DB:6A • Wired Mask: FF:FF:FF:FF:FF:FF • Wireless MAC Address: 00:02:2D:51:94:E4 • Wireless Mask: FF:FF:FF:FF:FF:FF Result: Traffic between the Wired Server and Wireless Client 1 is blocked.
Advanced Configuration Advanced You can configure the following advanced filtering options: • Enable Proxy ARP: Place a check mark in the box provided to allow the Access Point to respond to Address Resolution Protocol (ARP) requests for wireless clients. When enabled, the AP answers ARP requests for wireless stations without actually forwarding them to the wireless network.
Advanced Configuration Alarms This category has three sub-categories. – Groups – Alarm Host Table – Syslog Groups There are seven alarm groups that can be enabled or disabled by way of the Web interface. Place a check mark in the box provided to enable a specific group.
Advanced Configuration • Operational Alarms Trap Name Description oriTrapWatchDogTimerExpired This trap is generated when the software watch dog timer expires. This indicates that a problem has occurred with one or more software modules and the AP will reboot automatically. Trap Severity Level: Critical oriTrapRADIUSServerNotResponding This trap is generated when no response is received from the RADIUS server(s) for authentication requests sent from the...
Advanced Configuration • Image Alarms Trap Name Description oriTrapZeroSizeImage This trap is generated when a zero size image is loaded on the AP. Trap Severity Level: Major oriTrapInvalidImage This trap is generated when an invalid image is loaded in the Access Point. Trap Severity Level: Major oriTrapImageTooLarge This trap is generated when the image loaded in the AP exceeds the size...
Advanced Configuration Alarm Host Table To add an entry and enable the AP to send SNMP trap messages to a Trap Host, click Add, and then specify the IP Address and Password for the Trap Host. • IP Address: Enter the Trap Host IP Address. •...
For more information on Spanning Tree protocol, please see Section 8.0 of the IEEE 802.1d standard. The Spanning Tree configuration options are advanced settings. HP recommends that you leave these parameters at their default values unless you are familiar with the Spanning Tree protocol.
Advanced Configuration Storm Threshold Storm Threshold is an advanced Bridge setup option that you can use to protect the network against data overload by: • Specifying a maximum number of frames per second as received from a single network device (identified by its MAC address).
Advanced Configuration Security The AP provides several security features to protect your network from unauthorized access. • Authentication and Encryption Modes • MAC Access • Rogue Access Point Detection (RAD) Authentication and Encryption Modes The AP supports the following Security features: •...
Page 77
(IEEE 802.11i is also referred to as "WPA2" and will be available in 2004.) NOTE For Dual-radio APs: WPA is available for APs an HP ProCurve Wireless 802.11g AP Card 170wl only. WPA is a replacement for Wired Equivalent Privacy (WEP), the encryption technique specified by the original 802.11 standard.
Advanced Configuration WPA provides the following new security measures not available with WEP: • Improved packet encryption using the Temporal Key Integrity Protocol (TKIP) and the Michael Message Integrity Check (MIC). • Per-user, per-session dynamic encryption keys: – Each client uses a different key to encrypt and decrypt unicast packets exchanged with the AP –...
Page 79
Advanced Configuration Authentication Mode Setting Authentication Method Employed Encryption Method Employed None None None or manually configured Static WEP settings (from Configure > Security > Encryption screen) 802.1x 802.1x Dynamic WEP Keying Mixed 802.1x or None (depends on a client's Dynamic WEP Keying or Static WEP (depends configuration) on client's configuration)
Page 80
Enable WPA Mode NOTE For Dual-radio APs: WPA is available for APs an HP ProCurve Wireless 802.11g AP Card 170wl only. 1. Click Configure > Security > Authentication. 2. Set Authentication Mode to WPA. 3. Enter a Re-keying Interval.
— Enter a phrase in the PSK Pass Phrase field. The AP will automatically generate a Pre-Shared Key based on the phrase you enter. Enter between 8 and 63 characters; HP recommends using a pass phrase of at least 13 characters, including both numbers and upper and lower case letters, to ensure that the generated key cannot be easily deciphered by network infiltrators.
Advanced Configuration Rogue Access Point Detection (RAD) The Rogue AP Detection (RAD) feature provides an additional security level for wireless LAN deployments. RAD detects unauthorized Access Points in the coverage area. When enabled, the Access Point scans the coverage area and identifies all active Access Points.
Page 84
Advanced Configuration An example network deployment is shown. The Trusted AP has Rogue Access Detection enabled and the trap host is configured to be the management station. The Trusted AP on detecting the Rogue AP will send a trap to the management station with the Channel and BSSID of the Rogue Access Point.
Advanced Configuration RADIUS The AP communicates with a network’s RADIUS server to provide the following features: – MAC Access Control by way of RADIUS Authentication – RADIUS Authentication with 802.1x – RADIUS Accounting The network administrator can configure multiple RADIUS Authentication Servers for different Authentication types. The current available authentication types are EAP/802.1x authentication and MAC-based authentication.You can configure two separate sets of Primary and Secondary RADIUS Servers for each of the two supported Authentication types, 802.1x EAP Based authentication and MAC based authentication.
Advanced Configuration 6. Select a Server Addressing Format type (IP Address or Name). • If you want to identify RADIUS servers by name, you must configure the AP as a DNS Client. See DNS Client for details. 7. Enter the server’s IP address or name in the field provided. 8. Enter the port number which the AP and the server will use to communicate.
Page 87
Advanced Configuration 4. If you want to configure a back-up RADIUS server, place a check mark in the box labeled Enable Backup EAP/802.1x Authentication Server. 5. Select a Server Addressing Format type (IP Address or Name). • If you want to identify RADIUS servers by name, you must configure the AP as a DNS Client. See DNS Client for details.
Advanced Configuration RADIUS Accounting Using an external RADIUS server, the AP can track and record the length of client sessions on the access point by sending RADIUS accounting messages per RFC2866. When a wireless client is successfully authenticated, RADIUS accounting is initiated by sending an “Accounting Start” request to the RADIUS server. When the wireless client session ends, an “Accounting Stop”...
VLAN membership. NOTE 16 VLAN/SSID pairs are available for APs with an HP ProCurve Wireless 802.11g AP Card 170wl only. VLAN Overview Virtual Local Area Networks (VLANs) are logical groupings of network hosts. Defined by software settings, other VLAN members or resources appear (to clients) to be on the same physical segment, no matter where they are attached on the logical LAN or WAN segment.
Page 90
Advanced Configuration VLANs now extend as far as the reach of the access point signal. Clients can be segmented into wireless sub-networks by way of SSID and VLAN assignment. A Client can access the network by connecting to an AP configured to support its assigned SSID/VLAN.
(based on model type). NOTE 16 VLAN/SSID pairs are available for APs with an HP ProCurve Wireless 802.11g AP Card 170wl only. The AP matches packets transmitted or received to a network name with the associated VLAN. Traffic received by a VLAN is only sent on the wireless interface associated with that same VLAN.
4. Add one or more new SSID/VLAN entries. Follow these steps: NOTE 16 VLAN/SSID pairs are available for APs with an HP ProCurve Wireless 802.11g AP Card 170wl only. Click Add to create a new SSID/VLAN entry. Enter a Network Name (SSID), between 2 and 31 characters, in the field provided.
Advanced Configuration CAUTION Once a VLAN Management ID is configured and is equivalent to one of the VLAN User IDs on the AP, all members of that User VLAN will have management access to the AP. Be careful to restrict VLAN membership to those with legitimate access to the AP.
Monitor Information In This Chapter • Version: Provides version information for the Access Point’s system components. • ICMP: Displays statistics for Internet Control Message Protocol packets sent and received by the AP. • IP/ARP Table: Displays the AP’s IP Address Resolution table. •...
Monitor Information Version From the HTTP interface, click the Monitor button and select the Version tab. The list displayed provides you with information that may be pertinent when calling Technical Support. With this information, your Technical Support representative can verify compatibility issues and make sure the latest software are loaded. This screen displays the following information for each Access Point component: •...
Monitor Information ICMP This tab provides statistical information for both received and transmitted messages directed to the AP. Not all ICMP traffic on the network is counted in the ICMP (Internet Control Message Protocol) statistics. Figure 5-3 ICMP Monitoring Screen IP/ARP Table This tab provides information based on the Address Resolution Protocol (ARP), which relates MAC Address and IP Addresses.
Monitor Information Learn Table This tab displays information relating to network bridging. It reports the MAC address for each node that the device has learned is on the network and the interface on which the node was detected. There can be up 10,000 entries in the Learn Table.
Monitor Information RADIUS This tab provides RADIUS authentication, EAP/802.1x authentication, and accounting information for both the Primary and Backup RADIUS servers. NOTE RADIUS authentication and accounting must be enabled for this information to be valid. Figure 5-7 RADIUS Monitoring Screen...
Monitor Information Interfaces This tab displays statistics for the Ethernet and wireless interfaces. The Operational Status can be up, down, or testing. Figure 5-8 Wireless Interface Monitoring...
The devices start by exchanging packets at the 11 Mbits/sec rate but fall back to the slower rates if necessary. NOTE This feature is only available when using an HP ProCurve Wireless 802.11b AP Card 150wl. In addition, this feature will only give information for ORiNOCO/Agere/Lucent based clients. Follow these steps to perform a Link Test: 1.
Page 101
Monitor Information • Noise (dBm): The strength of the noise detected at the receiver reported in dBm (decibels referenced to 1 milliwatt). The displayed value is the running average since the start of the test and is reported as a negative number.
Monitor Information Station Statistics This tab displays information on wireless clients attached to the AP and on Wireless Distribution System links. Enabling and Viewing Station Statistics To enable the monitoring of Stations Statistics, perform the following procedure: 1. Click on the Monitor tab on the left on the web page. 2.
Page 103
Monitor Information • MAC Protocol: The MAC protocol for this wireless client (or WDS link partner). The possible values are 802.11a, 802.11b, 802.11g • Signal / Noise: The Signal /Noise Level measured at the AP when frames are received from the associated wireless station (or WDS link partner) •...
Commands In This Chapter • Logging into the HTTP Interface • Introduction to File Transfer via TFTP or HTTP: Describes the available file transfer methods. • Update AP via TFTP: Download files from a TFTP server to the AP. • Update AP via HTTP: Download files to the AP from HTTP.
Page 105
Commands Figure 6-1 Enter Network Password Screen 5. Click the Commands button located on the left-hand side of the screen. Figure 6-2 Commands Main Screen 6. Click the tab that corresponds to the command you want to issue. For example, click Reboot to restart the unit.
Commands Introduction to File Transfer via TFTP or HTTP There are two methods of transferring files to or from the AP, TFTP or HTTP (or HTTPS if enabled). The following procedures describe downloading Configuration, AP Image, Bootloader, Private Key, and Certificate files to the AP: •...
File Name: Enter the name of the file to be downloaded (including the file extension). – Copy the updated AP Image file to the TFTP server’s root folder. The default AP Image is located at c:/Program Files/HP/AP_520wl/. • File Type: Select the proper file type. Choices include: –...
Commands Update AP via HTTP Use the Update AP via HTTP tab to download Configuration, AP Image, Bootloader files, and Certificate and Private Key files to the AP. Once on the Update AP screen, click on the via HTTP tab. Figure 6-4 Update AP via HTTP Command Screen The Update AP via HTTP tab shows version information and allows you to enter HTTP information as described...
Page 109
Commands Figure 6-5 Warning Message Click OK to continue with the operation or Cancel to abort the operation. NOTE An HTTP file transfer using SSL may take extra time. If the operation completes successfully the following screen appears. Figure 6-6 Update AP Successful If the operation did not complete successfully the following screen appears, and the reason for the failure is displayed.
Commands Retrieve File via TFTP Use the Retrieve File via TFTP tab to upload Configuration files from the AP to the TFTP server. The TFTP server must be running and configured to point to the directory to which you want to copy the uploaded file. We suggest you assign the file a meaningful name, which may include version or location information.
Commands Retrieve File via HTTP Use the Retrieve File via HTTP tab to retrieve the configuration file from the AP. Click on the Retrieve Config File button to initiate this operation. Figure 6-9 Retrieve File via HTTP Command Screen A confirmation message gets displayed that asks if the user wants to proceed with retrieving the configuration file. Click OK to continue with the operation or Cancel to abort the operation.
Page 112
Commands Figure 6-11 File Download Dialog Box On clicking the Save button the following Save As window displays, where the user is prompted to choose the filename and location where the Configuration file is to be downloaded. Select an appropriate filename and location and click OK.
Commands Reboot Use the Reboot tab to save configuration changes (if any) and reset the AP. Entering a value of 0 (zero) seconds causes an immediate reboot. Note that Reset, described below, does not save configuration changes. CAUTION Rebooting the AP will cause all users who are currently connected to lose their connection to the network until the AP has completed the restart process and resumed operation.
Commands Reset Use the Reset tab to restore the AP to factory default conditions. The AP may also be reset from the RESET button located on the side of the unit. Since this will reset the Access Point’s current IP address, a new IP address must be assigned.
To open Help, click the Help button on any display screen. During initialization, the AP on-line help files are downloaded to the default location: c:/Program Files/HP/AP_520wl/Help/English/index.htm. NOTE Use the forward slash character ("/") rather than the backslash character ("\") when configuring the Help Link location.
Troubleshooting In This Chapter • Troubleshooting Concepts • Symptoms and Solutions • Recovery Procedures • Related Applications NOTE This section helps you locate problems related to the AP device setup. For details about RADIUS, TFTP, serial communication programs (such as HyperTerminal), Telnet applications, or web browsers, please refer to the documentation that came with the application for assistance.
Troubleshooting Symptoms and Solutions Connectivity Issues Connectivity issues include any problem that prevents you from powering up or connecting to the AP. AP Unit Will Not Boot - No LED Activity 1. Make sure your power source is operating. 2. Make sure all cables are connected to the AP correctly. 3.
HTML Help Files Do Not Appear 1. Verify that the HTML Help files are installed in the default directory: C:/Program Files/HP/AP_520wl/Help/English/Index.htm 2. If the Help files are not located in this folder, contact your network administrator to find out where the Help files are located on your server.
AP. NOTE 16 VLAN/SSID pairs are available APs with an HP ProCurve Wireless 802.11g AP Card 170wl only. VLAN Workgroups The correct VLAN assignment can be verified by pinging the AP to ensure connectivity, by pinging the switch to ensure VLAN properties, and by pinging hosts past the switch to confirm the switch is functional.
Troubleshooting I have just configured the Management ID and now I can't manage the AP? – Check to ensure your password is correct. If your password is incorrect or all inbound packets do NOT have the correct tag, then a manual override is necessary. CAUTION The manual override process disconnects all users and resets all values to factory defaults.
Troubleshooting Reset to Factory Default Procedure Use this procedure to reset the network configuration values, including the Access Point’s IP address and subnet mask. The current AP Image is not deleted. Follow this procedure if you forget the Access Point’s password: 1.
Page 122
Download Procedure Follow these steps to use ScanTool to download a software image to an Access Point with a missing image: 1. Download the latest software from http://www.hp.com/go/hpprocurve. 2. Copy the latest software updates to your TFTP server. 3. Launch ScanTool.
Download Procedure 1. Download the latest software from http://www.hp.com/go/hpprocurve. 2. Copy the latest software updates to your TFTP server’s default directory. 3. Use a straight-through serial cable to connect the Access Point’s serial port to your computer’s serial port.
Troubleshooting 7. Enter only the following statements: [Device name]> set ipaddrtype static [Device name]> set ipaddr [Device name]> set ipsubmask [Device name]> set tftpipaddr [Device name]> set tftpfilename [Device name]>...
Page 125
Troubleshooting Follow these steps to assign the AP an IP address: 1. Open your terminal emulation program (like HyperTerminal) and set the following connection properties: • Com Port: • Baud rate: 9600 •...
Troubleshooting Related Applications RADIUS Authentication Server If you enabled RADIUS Authentication on the AP, make sure that your network’s RADIUS servers are operational. Otherwise, clients will not be able to log in. There are several reasons the authentication server services might be unavailable, here are two typical things to check: •...
Specifications • Software Features • Hardware Specifications • Radio Specifications Software Features The tables below compare the software features available depending on the card type in the Access Point: • Number of Stations per BSS • Management Functions • Advanced Bridging Functions •...
Specifications Medium Access Control (MAC) Functions Feature 802.11b 802.11a 802.11b/g Automatic Channel Selection (ACS) Dynamic Frequency Selection (DFS) Closed System Feature TX Power Control Available with 802.11a upgrade kit. Not available with 5Ghz upgrade kit. Note 1: A user cannot manually select a channel for products sold in Europe; these products require automatic channel selection using Dynamic Frequency Selection (DFS).
Distance between APs Interference Robustness SpectraLink VoIP Support 1 This feature is only available when using an HP ProCurve Wireless 802.11b AP Card 150wl. In addition, this feature will only give information for ORiNOCO/Agere?Lucent based clients. Hardware Specifications Physical Specifications HP 520wl Unit Dimensions (H x W x L) = 6.5 x 18.5 x 26 cm (2.5 x 7.25 x 10.25 in.)
Specifications Ethernet Interface 10/100 Base-TX, RJ-45 female socket Serial Port Interface Standard RS-232C interface with DB-9, female connector Active Ethernet Interface Category 5, foiled, twisted pair cables must be used to ensure compliance with FCC Part 15, subpart B, Class B requirements Standard 802.3af pin assignments HTTP Interface •...
Specifications Frequency Channel ID ETSI ASIA Band (GHz) (GHz) (GHz) (GHz) (GHz) (GHz) Lower Band — — 5.170 — — — (36 = default) 5.180 5.180 — 5.180 — — — — 5.190 — — — 5.200 5.200 — 5.200 —...
Page 132
Specifications 802.11b Channel Frequencies The available 802.11b channels vary by regulatory domain and/or country. 802.11b radio certification is available in the following regions: — FCC - U.S./Canada, Mexico, and Australia — ETSI - Most of Europe, including the United Kingdom and some Eastern block countries —...
Page 133
Specifications 802.11g Channel Frequencies The available 802.11g channels vary by regulatory domain and/or country. 802.11g radio certification is available in the following regions: — FCC - U.S./Canada, Mexico, and Australia — ETSI - Europe, including the United Kingdom, China, and South Korea —...
Page 134
Specifications 802.11b Range 11 Mbits/s 5.5 Mbits/s 2 Mbits/s 1 Mbits/s Open Office 142 m 177 m 219 m 272 m (466 ft.) (581 ft.) (718 ft.) (892 ft.) Semi-Open Office 98 m 122 m 151 m 187 m (322 ft.) (400 ft.) (495 ft.) (614 ft.)
Page 135
Specifications 802.11b/g Range Mbits/s Mbits/s Mbits/s Mbits/s Mbits/s Mbits/s Mbits/s Mbits/s Mbits/s Mbits/s Mbits/s Mbits/s Open 56 m 69 m 107 m 164 m 219 m 272 m 292 m 314 m 204 m 236 m 253 m 338 m Office (184 ft.) (226 ft.)
Page 136
ASCII Character Chart You can configure WEP Encryption Keys in either Hexadecimal or ASCII format. Hexadecimal digits are 0-9 and A-F (not case sensitive). ASCII characters are 0-9, A-F, a-f (case sensitive), and punctuation marks. Each ASCII character corresponds to two hexadecimal digits. The table below lists the ASCII characters that you can use to configure WEP Encryption Keys.
Command Line Interface (CLI) This section describes the AP’s Command Line (CLI) Interface. CLI commands can be used to initialize, configure, and manage the Access Point. – CLI commands may be entered in real time through a keyboard or submitted with CLI scripts. –...
Command Line Interface (CLI) • Image File - The Access Point software executed from RAM. To update an Access Point you typically download a new Image File. This file is often referred to as the “AP Image”. • Parameter - A fundamental network value that can be displayed and may be changeable. For example, the Access Point must have a unique IP Address and the Wireless interface must be assigned an SSID.
Command Line Interface (CLI) Bootloader CLI The Bootloader CLI is a minimal subset of the normal CLI used to perform initial configuration of the AP. This interface is only accessible by way of the serial interface if the AP does not contain a software image or a download image command over TFTP has failed.
Command Line Interface (CLI) CLI Command Types This guide divides CLI Commands into two categories: Operational and Parameter Controls. Operational CLI Commands These commands affect Access Point behavior, such as downloading, rebooting, and so on. After entering commands (and parameters, if any) press the Enter key to execute the Command Line. Operational commands include: •...
Page 141
Command Line Interface (CLI) Figure C-4 Result of “s?” CLI command Example 3. Display parameters for set and show Example 3a allows you to see every possible parameter for the set (or show) commands. Notice from example 3a that the list is very long. Example 3b shows how to display a subset of the parameters based on initial parameter letters. Example 3a.
Page 142
Command Line Interface (CLI) Example 4. Display Prompts for Successive Parameters Enter the command, a space, and then ?. Then, when the parameter prompt appears, enter the parameter value. Result: The parameter is changed and a new CLI line is echoed with the new value (in the first part of the following example, the value is the IP Address of the TFTP server).
Page 143
Command Line Interface (CLI) Figure C-8 Results of “help” CLI command 2. Complete command description and command usage can be provided by: [Device-Name]>help [Device-Name]> help history Shows content of Command History Buffer. The Command History Buffer stores command statements entered in the current session.
Command Line Interface (CLI) upload Uploads a text-based configuration file from the AP to the TFTP Server. Executing upload with the asterisk character (“*”) will make use of the previously set/stored TFTP parameters. Executing upload without parameters will display command help and usage information. 1. Syntax to upload a file: [Device-Name]>upload ...
Command Line Interface (CLI) Configuring Objects that Require Reboot Certain objects supported by the Access Point require a device reboot in order for the changes to take effect. In order to inform the end-user of this behavior, the CLI provides informational messages when the user has configured an object that requires a reboot.
Page 146
Command Line Interface (CLI) Example 3 - Modify a table entry or row Use the index to be modified and the table elements you would like to modify. For example, suppose the IP Access Table has one entry and you wanted to modify the IP address: [Device-Name]>set mgmtipaccesstbl 1 ipaddr 10.0.0.11 You can also modify several elements in the table entry.
Command Line Interface (CLI) Example 6 - Show Individual and Table Parameters 1. View a single parameter. Syntax: [Device-Name]>show Example: [Device-Name]> show ipaddr Result: Displays the Access Point IP address. Figure C-11 Result of “show ipaddr” CLI Command 2.
Command Line Interface (CLI) Using Strings Since there are several string objects supported by the AP, a string delimiter is required for the strings to be interpreted correctly by the command line parser. For this CLI implementation, the single quote or double quote character can be used at the beginning and at the end of the string.
Command Line Interface (CLI) NOTE We recommend changing your default passwords immediately. To perform this operation using CLI commands, refer to Change Passwords. Set Basic Configuration Parameters using CLI Commands There are a few basic configuration parameters that you may want to setup right away when you receive the AP. For example: –...
Command Line Interface (CLI) [Device-Name]>set snmpv3privpasswd (SNMPv3 privacy password) [Device-Name]>reboot 0 CAUTION We strongly urge you to change the default passwords to restrict access to your network devices to authorized personnel. If you lose or forget your password settings, you can always perform the Reset to Factory Default Procedure.
Page 151
Command Line Interface (CLI) Enable and Configure TX Power Control for the Wireless Interface(s) The TX Power Control feature lets the user configure the transmit power level of the card in the AP at one of four levels: • 100% of the maximum transmit power level of the card •...
Command Line Interface (CLI) Figure C-14 Result of “show wifsec” CLI Command Download an AP Configuration File from your TFTP Server Begin by starting your TFTP program. It must be running and configured to transmit and receive. [Device-Name]>set tftpfilename tftpfiletype config tftpipaddr ...
Command Line Interface (CLI) Other Network Settings There are other configuration settings that you may want to set for the AP. Some of them are listed below. – Configure the AP as a DHCP Server – Configure the DNS Client –...
Command Line Interface (CLI) Maintain Client Connections using Link Integrity [Device-Name]>show linkinttbl (this shows the current links) [Device-Name]>set linkinttbl <1-5 (depending on what table row you wish to address)> ipaddr [Device-Name]>set linkintpollint ...
Command Line Interface (CLI) Set the Distance Between APs (802.11b Only) [Device-Name]>set wif distaps [Device-Name]>reboot 0 NOTE The distance between APs should not be approximated. It is calculated by means of a manual Site Survey, in which an AP is set up and clients are tested throughout the area to determine signal strength and coverage, and local limits such as physical interference are investigated.
Command Line Interface (CLI) Configure Intra BSS [Device-Name]>set intrabssoptype Configure MAC Access Control Setup MAC (Address) Access Control [Device-Name]>set macaclstatus enable [Device-Name]>set macacloptype [Device-Name]>reboot 0 Add an Entry to the MAC Access Control Table [Device-Name]>set macacltbl macaddr status enable [Device-Name]>show macacltbl Disable or Delete an Entry in the MAC Access Control Table [Device-Name]>set macacltbl ...
Command Line Interface (CLI) Set RADIUS Parameters Configure RADIUS Authentication server [Device-Name]>set radiustbl status enable seraddrfmt ipaddr port ssecret responsetm <1 to 10 seconds> maxretx <0 to 4 times> [Device-Name]>show radiustbl Figure C-17 Results of “show radiustbl”...
Page 159
Command Line Interface (CLI) Figure C-18 Result of “show radius” CLI Command Configure RADIUS Accounting server [Device-Name]>set radacctbl status seraddrfmt ipaddr port ssecret responsetm <1 to 4 seconds> maxretx <1 to 10 times> [Device-Name]>show radacctbl Figure C-19 Results of “show radacctbl”...
Command Line Interface (CLI) – DHCP Server Parameters - Enable or disable dynamic host configuration – Link Integrity Parameters - Monitor link status • Interface Parameters - Configure Wireless and Ethernet settings – Wireless Interface Parameters — Wireless Distribution System (WDS) Parameters - Configure the WDS partnerships –...
Page 162
Command Line Interface (CLI) System Parameters Name Type Values Access CLI Parameter System Group system Name DisplayString User Defined sysname Location DisplayString User Defined sysloc Contact Name DisplayString User Defined sysctname Contact E-mail DisplayString User Defined sysctemail Contact Phone DisplayString User Defined sysctphone max 254 characters...
Page 163
Command Line Interface (CLI) Inventory Management Information Name Type Values Access CLI Parameter System Inventory Management Subgroup sysinvmgmt Component Table Subgroup sysinvmgmtcmptbl Component Interface Table Subgroup sysinvmgmtcmpiftbl NOTE � The inventory management commands display advanced information about the AP’s installed components. You may be asked to report this information to a representative if you contact customer support.
Command Line Interface (CLI) DHCP Server Parameters Name Type Values Access CLI Parameter DHCP Server Group dhcp DHCP Server Status Integer enable (1) (default) dhcpstatus disable (2) delete (3) Gateway IP Address IpAddress User Defined dhcpgw Primary DNS IP Address IpAddress User Defined dhcppridnsipaddr Secondary DNS IP...
Command Line Interface (CLI) Link Integrity Parameters Name Type Values Access CLI Parameter Link Integrity Group linkint Link Integrity Status Integer enable linkintstatus disable (default) Link Integrity Poll Integer 500 - 15000 ms linkintpollint Interval (in increments of 500ms) 500 ms (default) Link Integrity Poll Integer 0 - 255...
Page 166
Command Line Interface (CLI) Interface Parameters Wireless Interface Parameters The wireless interface group parameter is wif. For Dual-radio APs, Slot A uses table index 3 and Slot B uses table index 4. Common Parameters to 802.11a, 802.11b, and 802.11b/g APs Name Type Values...
Page 167
Command Line Interface (CLI) 802.11b Only Parameters Name Type Values Access CLI Parameter Distance between APs Integer large (default) distaps medium small minicell microcell Interference Robustness Integer enable (default) interrobust disable Operating Frequency Channel Integer 1 - 14; available channels channel vary by regulatory domain/country;...
Page 168
Command Line Interface (CLI) 802.11b/g Only Parameters Name Type Values Access CLI Parameter Wireless Operational Mode Integer dot11b-only mode dot11g-only dot11bg (default) dot11g-wifi Operating Frequency Channel Integer 1 - 14; available channel channels vary by regulatory domain/country; see 802.11g Channel Frequencies Supported Data Rates Octet String...
Page 169
Command Line Interface (CLI) Ethernet Interface Parameters Name Type Values Access CLI Parameter Ethernet Interface Group ethernet Speed Integer 10halfduplex etherspeed 10fullduplex 10autoduplex 100halfduplex 100fullduplex autohalfduplex autoautoduplex (default) MAC Address PhyAddress ethermacaddr Management Parameters Secure Management Parameters Name Type Values Access CLI Parameter Secure Management...
Write-only sslpassphrase Passphrase NOTE � The default path for the Help files is c:/Program Files/HP/AP_520wl/Help/English/index.htm. (Use the forward slash character ("/") rather than the backslash character ("\") when configuring the Help Link location.) The AP Help information is available in English.
Command Line Interface (CLI) Auto Configuration Parameters These parameters relate to the Auto Configuration feature which allows an AP to be automatically configured by downloading a specific configuration file from a TFTP server during the boot up process. Name Type Values Access CLI Parameter...
Page 172
Command Line Interface (CLI) Filtering Parameters Ethernet Protocol Filtering Parameters Name Type Values Access CLI Parameter Ethernet Filtering Group etherflt Filtering Interface Interface Bitmask 0 or 2 - no interfaces etherfltifbitmask Bitmask (disable) 1 or 3 - Ethernet 4 or 6 - Wireless A 8 or 10 - Wireless B 12 = Wireless A &...
Command Line Interface (CLI) Proxy ARP Parameters Name Type Values Access CLI Parameter Proxy ARP Group parp Status Integer enable parpstatus disable (default) IP ARP Filtering Parameters Name Type Values Access CLI Parameter IP ARP Filtering Group iparp Status Integer enable iparpfltstatus disable (default)
Page 174
Command Line Interface (CLI) Port Number Octet String User Defined portnum (there are also 4 pre-defined protocols: Index 1: NetBios Name Service – 137, Index 2: NetBios Datagram Service – 138, Index 3: NetBios Session Service – 139, Index 4: SNMP Service –...
Command Line Interface (CLI) Priority Integer 0 – 255 priority 128 (default) Path Cost Integer 1 – 65535 pathcost 100 (default) State Integer disable state blocking listening learning forwarding broken Status Integer enable status disable Storm Threshold Parameters Name Type Values Access CLI Parameter...
Page 177
Command Line Interface (CLI) Security Parameters For Dual-radio APs: WPA is available for APs with an HP ProCurve Wireless 802.11g AP Card 170wl. Name Type Values Access CLI Parameter Security Table secconfigtbl Index Integer 3 (Single-radio APs) index 3 or 4 (Dual-radio APs)
Page 178
RADIUS Parameters Primary and Backup RADIUS Server Table Parameters The HP ProCurve Wireless Access Point uses RADIUS authentication and/or accounting support a primary and backup RADIUS server for MAC-based authentication and a primary and backup RADIUS server for EAP/802.1x authentication. The configuration parameters and statistics are the same for both primary and backup servers.
Page 179
Command Line Interface (CLI) MAC Address Format Integer dashdelimited (default) radmacaddrformat colondelimited singledashdelimited no delimiter RADIUS Accounting Integer enable radaccstatus Status disable (default) Accounting Inactivity Integer32 0 – 2147483647 radaccinactivetmr Timer minutes; default is 5 min. RADIUS Authentication NOTE � Use a server name only if you have enabled the DNS Client functionality.
Management ID VlanId -1 (untagged) vlanmgmtid or 1-4094 VLAN ID Table NOTE � 16 VLAN/SSID pairs are available for APs with an HP ProCurve Wireless 802.11g AP Card 170wl only. Name Type Values Access CLI Parameter VLAN ID Table Table...
Command Line Interface (CLI) Other Parameters IAPP Parameters Name Type Values Access CLI Parameter IAPP Group iapp IAPP Status Integer enable (default) iappstatus disable Periodic Announce Integer iappannint Interval (seconds) 120 (default) Announce Response Integer 2 seconds iappannresp Time Handover Time-out Integer 410 ms iapphandtout...
Page 182
Closed Wireless System parameter ... C-31 40-bit encryption ... 4-34 Command History Buffer ... C-7 520wl HP ProCurve Wireless Command Line Interface (CLI) 64-bit encryption ... 2-10, 2-12, 4-34 changing IP addresses with ... 7-10 802.11 wireless connectivity ... 1-4, 4-34 command types described ...
Page 183
Index H� DNS servers ... 4-3 DTIM values ... 4-9 HP ProCurve Wireless Access Point 520wl Deferred Traffic Indicator Map (DTIM) ... 4-9 assigning IP addresses to ... 2-6, 2-7, 7-10 Distance Between APs parameter ... 4-11 backing up configurations for ... C-16 Distance Between Cells parameter ...