Page 1 Management and Configuration Guide ProCurve Wireless Access Point 530 www.procurve.com...
Page 3 ProCurve Wireless Access Point 530 Management and Configuration Guide...
Page 4 Packard. performance, or use of this material. The only warranties for HP products and services are set Publication Number forth in the express warranty statements accompanying such products and services. Nothing herein should be 5991-2193 construed as constituting an additional warranty.
Page 5: Table Of Contents
Advantages of Using the CLI ........2-5 Advantages of Using the ProCurve Access Point 530 Browser Interface . 2-6 3 Using the Command Line Interface (CLI) Contents .
Page 6 Password Security ......... . . 3-6 Logging In .
Page 7 Changing the Management Password ......4-24 If You Lose the Password ....... . 4-26 Rebooting or Resetting the Access Point .
Page 8 CLI: Enabling & Disabling SNMPv3 ......5-39 Web: Managing SNMPv3 Users ....... 5-40 CLI: Managing SNMPv3 Users .
Page 9 CLI: Setting the Radio Working Mode ......6-11 Configuring the Radio Channel and Other Basic Settings ..6-12 Web: Configuring Basic Radio Settings .
Page 10 Encryption ..........7-8 Wired Equivalent Privacy (WEP) .
Page 11 The Web-Auth Process ........7-57 Associating with the AP-530 ......7-57 URL Intercept .
Page 12 CLI: Configuring QoS Parameters ......8-8 sFlow ............8-12 Flow Sampling by the sFlow Agent .
Page 13 show ........... . . 9-14 terminal .
Page 14 snmpv3 enable ..........9-46 snmpv3 user-name .
Page 15 MAC Lockout ..........9-75 lockout-mac .
Page 16 ssid ........... . . 9-103 description .
Page 17 wpa-allowed | wpa2-allowed ....... . 9-132 wpa-pre-shared-key ........9-133 wpa-cipher-tkip .
Page 18 enable (wds) ..........9-160 wds-ssid .
Page 19 Overview ........... . . B-3 System Management .
Page 20 Airport Case 2 – With RF Group Name ......C-5 Settings ..........C-5 Decisions: AP #1 .
Page 21: Getting Started
Getting Started...
Page 22 Getting Started Contents Overview ............1-3 Conventions .
Page 23: Overview
This guide describes how to use the command line interface (CLI) and Web browser interface to configure, manage, and monitor access point operation. The ProCurve Wireless Access Point 530 is referenced as the Access Point 530 or AP 530 throughout the remainder of this document.
Page 24: Command Prompts
ProCurve Access Point 530# Commands typed by the user are shown in boldface. In some cases, brief command-output sequences appear outside a numbered figure. For example: ProCurve Access Point 530(ethernet)# ip address 192.168.1.2 255.255.255.0 192.168.1.253 ProCurve Access Point 530(ethernet)# dns primary-server...
Page 25: Related Publications
Getting Started Related Publications Related Publications Installation and Getting Started Guide. Use the Installation and Getting Started Guide shipped with your access point to prepare for and perform the physical installation. That guide also steps you through the process of connecting the access point to your network and assigning IP addressing, as well as describes the LED indications for correct operation and trouble analysis.
Page 26: Getting Documentation From The Web
Getting Started Getting Documentation From the Web Getting Documentation From the Web N o t e : You will need the Adobe® Acrobat® Reader to view, print, and/or copy the product documentation. 1. Go to the ProCurve Networking Web site at www.procurve.com.
Page 27: Need Just A Quick Start
If you just want to give the access point an IP address so that it can commu- nicate on your network, HP recommends that you use the CLI to quickly configure IP addressing. To do so, do one of the following: Log in to the CLI interface using the default username and password (“admin and admin”).
Page 28: To Set Up And Install The Access Point In Your Network
Getting Started Need Just a Quick Start? To Set Up and Install the Access Point in Your Network I m p o r t a n t ! Use the Installation and Getting Started Guide shipped with your access point for the following: ■...
Page 29: Selecting A Management Interface
Selecting a Management Interface...
Page 30: Contents
Advantages of Using the CLI ........2-5 Advantages of Using the ProCurve Access Point 530 Browser Interface . 2-6...
Page 31: Overview
Selecting a Management Interface Overview Overview This chapter describes the following: Access Point management interfaces ■ ■ Advantages of using each interface type...
Page 32: Understanding Management Interfaces
Selecting a Management Interface Understanding Management Interfaces Understanding Management Interfaces The Access Point 530 management interfaces enable you to reconfigure the access point and to monitor its status and performance. Interface types include: ■ CLI—a command line interface offering the full set of access point commands through the VT-100/ANSI console built into the access point.
Page 33: Advantages Of Using The Cli
Selecting a Management Interface Advantages of Using the CLI Advantages of Using the CLI Manager Exec Level ProCurve Access Point 530# Global Configuration Level ProCurve Access Point 530(config)# Interface Configuration Levels ProCurve Access Point 530()# Context-specific configurations, such as (ethernet, wds1, radio1, radio1-wlan1).
Page 34: Advantages Of Using The Procurve Access Point 530 Browser Interface
Advantages of Using the ProCurve Access Point 530 Browser Interface Advantages of Using the ProCurve Access Point 530 Browser Interface Figure 2-2. Example of the ProCurve Access Point 530 Browser Interface ■ Easy access to the access point from anywhere on the network.
Page 35: Using The Command Line Interface (Cli)
Using the Command Line Interface (CLI)
Page 36: Contents
Using the Command Line Interface (CLI) Contents Contents Contents ............3-2 Overview .
Page 37: Overview
Using the Command Line Interface (CLI) Overview Overview The Command Line Interface (CLI) is a text-based command interface for configuring and monitoring the access point. The CLI gives you access to the access point’s full set of commands while providing the same password protection that is used in the Web browser interface.
Page 38: Accessing The Cli
Direct Console Access To connect a console directly to the access point, use a null-modem cable or an HP serial cable, part number 5184-1894 (shipped with many HP ProCurve switches) Connect the serial cable between a VT-100 terminal or a PC terminal emulator and the access point’s Console port.
Page 39: Telnet Access
Using the Command Line Interface (CLI) Accessing the CLI When correctly connected to the access point, press to initiate the [Enter] console session. For more information on connecting to the access point’s Console port, refer to the Installation and Getting Started Guide. N o t e The default Static IP address is 192.168.1.10.
Page 40: Using The Cli
CLI command modes. C a u t i o n HP strongly recommends that you configure a Manager password. If a Manager password is not configured, the access point is not password- protected, and anyone having in-band or out-of-band access to the access point may be able to compromise access point and network security.
Page 41: Logging In
After entry of the user name, you will be prompted for the password. The default password is admin. For example: ProCurve AP-530: admin Password Prompt Password: Figure 3-1. Example of CLI Log-On Screen with Password When you successfully log onto the CLI, you will see the following command prompt: ProCurve Access Point 530#...
Page 42: Command Levels
The prompt for the Manager Exec level contains only the system name and the "#" delimiter. For example: ProCurve Acess Point 530 # Global Configuration Level Global Configuration level gives access to commands for configuring the access point’s software features, plus all the commands available at the lower...
Page 43: Context-Specific Configuration Levels
■ Ethernet Configuration: To enter the Ethernet configuration context, enter the interface ethernet command at the Exec prompt. For example: ProCurve Acess Point 530(config)# interface ethernet ProCurve Acess Point 530(ethernet)# ■ WDS Configuration: To enter the WDS configuration context for WDS...
Page 44: Moving Between Command Levels
Example of Prompt, Command, and Result Manager Exec level ProCurve Acess Point 530# config ProCurve Acess Point 530(config)# Global configuration level Global Configuration level ProCurve Acess Point 530(config)# interface ethernet to a ProCurve Acess Point 530(ethernet)# Context Configuration level Move from any level to the...
Page 45: Options For Getting Help In The Cli
Global Configuration level, you can display Global Configuration commands plus all the commands available at the lower Manager Exec level. For example, typing "?" at the Manager Exec level produces this listing: ProCurve Access Point 530# ? configure Enter the Configuration context.
Page 46 Using the Command Line Interface (CLI) Using the CLI Typing ? at the Global Configuration level produces this listing: ProCurve Access Point 530(config)# ? ap-authentication Configure username/password this access point uses to au thenticate to the network. buttons Enable/disable the ability to clear the password(s) and/ or configuration(s) via the buttons on this device.
Page 47: Completing The Current Command
For example, at the Global Configuration level, if you press immediately [Tab] after typing "s", the CLI displays the command that begins with "s". For example: ProCurve Acess Point 530(config)# s[Tab] show snmp-server snmpv3 sntp Use Shorthand Entries. The CLI accepts abbreviated commands and options as long as they contain enough characters to be distinguished from any other currently available commands or options.
Page 48: Displaying Available Command Options
You can display a reminder of the options available for the current command by entering "?" or the [Tab] key in place of the next option. For example, to see the command options for configuring SNMP: ProCurve Access Point 530(config)# snmp-server ? community Add/remove an SNMP community.
Page 49: Cli Control And Editing
Using the Command Line Interface (CLI) CLI Control and Editing CLI Control and Editing Keystrokes Function [Ctrl] [A] Jumps to the first character of the command line. or [<] Moves the cursor back (to the left) one character. [Ctrl] [B] Terminates a task if one is running and displays the command line.
Page 50 Using the Command Line Interface (CLI) CLI Control and Editing — This page is intentionally unused. — 3-16...
Page 51: Using The Procurve Web Browser Interface
Using the ProCurve Web Browser Interface...
Page 52: Contents
Using the ProCurve Web Browser Interface Contents Contents Overview ............4-3 Starting a Web Browser Interface Session with the Access Point .
Page 53: Overview
Using the ProCurve Web Browser Interface Overview Overview The Access Point 530 Web browser interface lets you easily access the access point from a browser-based PC on your network. This chapter covers the following: Starting a Web browser interface session ■...
Page 54: Starting A Web Browser Interface Session With The Access Point
Using the ProCurve Web Browser Interface Starting a Web Browser Interface Session with the Access Point Starting a Web Browser Interface Session with the Access Point You can start a Web browser session using a standalone Web browser on a network connection from a PC in the following ways: •...
Page 55 Using the ProCurve Web Browser Interface Starting a Web Browser Interface Session with the Access Point N o t e Access point management can be limited to access from the Ethernet inter- face. For more on this feature, see “Setting Up Filter Control” on page 5-55 Type the IP address (or DNS name) of the access point in the browser Location .
Page 56: Description Of The Web Interface
Using the ProCurve Web Browser Interface Description of the Web Interface Description of the Web Interface Subjects covered in this section include: The Home Page ■ ■ The Support Page ■ Online Help The Home Page The home page is the entry point for the Web browser interface. The following figure identifies the various parts of the screen.
Page 57: Support Page
Using the ProCurve Web Browser Interface Description of the Web Interface Support Page The support page for the access point’s Web browser interface is accessed through the Support option in the upper-right corner of any of the Web browser interface screens. You can also access support using the Technical Support option through the left-menu bar: http://www.procurve.com The support page provides key information regarding your access point,...
Page 58: Using The Help In The Browser Interface
Using the ProCurve Web Browser Interface Description of the Web Interface Using the Help in the Browser Interface Clicking on the Help option in the upper-right corner of any of the Web browser interface screens displays a pop-up window displaying details about the page you are viewing.
Page 59: Web Interface Screens
Using the ProCurve Web Browser Interface Web Interface Screens Web Interface Screens The four menu sashes at the left side of the Web interface contain the four main screen groups: Device Information ■ ■ Network Setup Management ■ Special Features. ■...
Page 60: Device Information Group
Device Information Group The Device Information sash is the first logical group available on the Web- interface menu. This sash provides access to the following screens: • Device Information (Access Point 530 Home Page) • Wireless Stations • AP/LAN Statistics •...
Page 61: Device Information Summary
Using the ProCurve Web Browser Interface Web Interface Screens Device Information Summary The Device Information summary screen is primarily informational, but also serves as the configuration screen for basic system information (as described in “Web: Setting the System Name, Location, and Contact” on page 5-15). Figure 4-6.
Page 62: Wireless Stations Screen
Using the ProCurve Web Browser Interface Web Interface Screens Wireless Stations Screen Accessed through the Wireless Stations option on the Device Information sash, the Wireless Stations screen displays radio and network station status details. Figure 4-7. The Wireless Stations Screen The Wireless Stations screen displays client stations associated with a partic- ular access point.
Page 63 Using the ProCurve Web Browser Interface Web Interface Screens when the access point is using "wpa-psk" security on the WLAN. If the WLAN is set to “static-wep” or “no-security”, this parameter displays “n/ a” as it does not apply. ■ Received Packets: Indicates total packets received by this access point.
Page 64: Ap/Lan Statistics Screen
Using the ProCurve Web Browser Interface Web Interface Screens AP/LAN Statistics Screen Accessed through the AP/LAN Statistics option on the Device Information sash, the AP/LAN Statistics screen displays transmit/receive details. Figure 4-8. The AP/LAN Statistics Screen The AP/LAN Statistics screen displays the following information: ■...
Page 65: Wireless Statistics Screen
Using the ProCurve Web Browser Interface Web Interface Screens Wireless Statistics Screen Accessed through the Wireless Statistics option on the Device Information sash, the Wireless Statistics screen displays transmit/receive details. Figure 4-9. The Wireless Statistics Screen The Wireless Statistics screen displays dual radio information: ■...
Page 66 Using the ProCurve Web Browser Interface Web Interface Screens Receive Total Packets: Indicates total packets received over the radio ■ or WDS link. ■ Transmit Total Bytes: Indicates total bytes sent over the radio or WDS link. Receive Total Bytes: Indicates total bytes received over the radio or ■...
Page 67: Event Log Screen
Using the ProCurve Web Browser Interface Web Interface Screens Event Log Screen Accessed through the Wireless Statistics option on the Device Information sash, the Wireless Statistics screen displays transmit/receive details. Figure 4-10. The Event Log Screen The Event Log tab displays the following information: ■...
Page 68: Network Setup Group
Using the ProCurve Web Browser Interface Web Interface Screens Network Setup Group The Network Setup sash is the second logical group available on the Web- interface menu. Once accessed, it defaults to the Network Setup screen. This group provides access to the following screens: •...
Page 69: Network Setup Summary
Using the ProCurve Web Browser Interface Web Interface Screens Network Setup Summary Accessed through the Network Setup sash, the Network Setup screen displays the Ethernet and radio features within the network setup group. Figure 4-11. The Network Setup Summary Screen The Network Setup screen summarizes: Ethernet: details basic Ethernet parameters.
Page 70: Management Group
Using the ProCurve Web Browser Interface Web Interface Screens Management Group The Management sash is the third logical group available on the Web interface menu. Once accessed, it defaults to the Management screen. This group provides access to the following screens: •...
Page 71: Management Summary
Using the ProCurve Web Browser Interface Web Interface Screens Management Summary Accessed through the Management sash, the Management screen displays a summary of access point management settings. Figure 4-12. The Management Summary Screen The Management screen summarizes: Software Version: Displays the version of the running software. ■...
Page 72: Special Features Group
Using the ProCurve Web Browser Interface Web Interface Screens Special Features Group The Special Features sash is the fourth logical group available on the Web interface menu. Once accessed, it defaults to the Special Features screen. This group provides access to the following screens: •...
Page 73: Special Features Summary
Using the ProCurve Web Browser Interface Web Interface Screens Special Features Summary Accessed through the Special Features sash, the Special Features screen displays a summary of special feature statistics. Figure 4-13. The Special Features Summary Screen The Special Features screen summarizes: QoS: Indicates if Quality of Service packet prioritization (also referred to ■...
Page 74: Tasks For Your First Procurve Web Browser Interface Session
Using the ProCurve Web Browser Interface Tasks for Your First ProCurve Web Browser Interface Session Tasks for Your First ProCurve Web Browser Interface Session The ProCurve AP530 Installation and Getting Started Guide includes instructions for a minimal initial configuration using the CLI on a console attached to the access point.
Page 75 Using the ProCurve Web Browser Interface Tasks for Your First ProCurve Web Browser Interface Session N o t e If you want security beyond that achieved with user names and passwords, you can disable access to the either the or the CLI and limit management access to, for example, only the Web browser interface, only the CLI via the console port, Telnet, or SSH.
Page 76: If You Lose The Password
Using the ProCurve Web Browser Interface Tasks for Your First ProCurve Web Browser Interface Session The Manager user name and password control access to both the CLI and the Web browser management interfaces for the access point. You are prompted to supply the user name and password every time you try to access the access point through either of these interfaces.
Page 77 Using the ProCurve Web Browser Interface Tasks for Your First ProCurve Web Browser Interface Session Figure 4-15. Setting SNMP Community Names To Change A Default SNMP Community Name: Click Management > SNMP and select the Settings tab. To activate the SNMP feature on the access point, click SNMPv1/v2c Enabled.
Page 78: Setting The Radio Mode And Channel
Using the ProCurve Web Browser Interface Tasks for Your First ProCurve Web Browser Interface Session Setting the Radio Mode and Channel The access point’s radio channel settings are limited by local regulations, which determine the number of channels that are available. You can manually set the access point’s radio channel or allow it to automatically select an unoccupied channel.
Page 79: Configuring Tcp/Ip Settings
Using the ProCurve Web Browser Interface Tasks for Your First ProCurve Web Browser Interface Session To Set Radio Mode and Channel:. Select Network Setup > Radio. Using the Radio drop-down, select the radio (1 or 2) you want to configure. To enable the radio, click the Status On button.
Page 80 Using the ProCurve Web Browser Interface Tasks for Your First ProCurve Web Browser Interface Session To Set IP Parameters i: Select Network Setup > Ethernet. To set a dynamic connection, select DHCP in the Connection Type drop- down. To set a manual connection, select Static IP in the Connection Type drop- down.
Page 81: Setting Wlan Ssid And Security Settings
Using the ProCurve Web Browser Interface Tasks for Your First ProCurve Web Browser Interface Session Setting WLAN SSID and Security Settings Wireless stations can read the SSIDs from the access point’s beacon frame. If the “closed system” option is selected when configuring the access point, the SSID is not broadcast in the beacon frame.
Page 82 Using the ProCurve Web Browser Interface Tasks for Your First ProCurve Web Browser Interface Session Figure 4-18. The WLANs Screen 4-32...
Page 83 Using the ProCurve Web Browser Interface Tasks for Your First ProCurve Web Browser Interface Session Figure 4-19. Configuring WLAN Security To Configure WEP Security: Select Network Setup > WLANs. Check the Radio 1 box, and the SSID name and VLAN ID fields populate with defaults.
Page 84 Using the ProCurve Web Browser Interface Tasks for Your First ProCurve Web Browser Interface Session WEP is the security protocol initially specified in the IEEE 802.11 standard for wireless communications. While WEP provides a margin of security for environments with light network traffic, it is not sufficient for enterprise use where highly-sensitive data is transmitted.
Page 85: General System Configuration
General System Configuration...
Page 86 General System Configuration Contents Overview ............5-4 AP Network Configuration Checklist .
Page 87 General System Configuration CLI: Setting Logging Parameters ......5-45 Configuring the Time (SNTP) ........5-48 Web: Setting SNTP Parameters .
Page 88: Overview
General System Configuration Overview Overview This Chapter describes how to: Secure your access point ■ Modify system management passwords ■ ■ Set management access controls ■ View and modify access point system information Configure IP, SNMP, SNTP, RADIUS Accounting, and VLAN parameters ■...
Page 89: Ap Network Configuration Checklist
Network Installation & Security Configuration Summary Physical Security Using a Kensington Lock. See the ProCurve AP 530 Installation and Getting Started Guide. Using back panel covers to hide access to buttons and cable connections. See the ProCurve AP 530 Installation and Getting Started Guide.
Page 90: Modifying Management Passwords
“Setting Up Filter Control” on page 5-55 C a u t i o n HP strongly recommends that you configure a new Manager password and not use the default. If a Manager password is not configured, then the access point is not password-protected, and anyone having in-band or out-of-band access to the access point may be able to compromise access point and network security.
Page 91 General System Configuration Modifying Management Passwords Figure 5-1. Creating a Password To Create a Password: Click Management > AP Access and select the Password tab. In the Current Password field, enter the current password. In the New Password field, enter a new password. Note: The password is case sensitive and must be at least 1 character and at most 32 characters long.
Page 92: Cli: Setting The Management Password
32 characters long. However, only the first 8 characters of the password are used; character number 9 and above are ignored at log in. ProCurve Access Point 530# configure ProCurve Access Point 530(config)# password manager 9gY2dV7G ProCurve Access Point 530(config)#...
Page 93: Setting Management Access Controls
General System Configuration Setting Management Access Controls Setting Management Access Controls To provide more security for the access point, management interfaces that are not required can be disabled. This includes the Web, Telnet, and Secure Shell (SSH), as well as the serial console port and Reset button. N o t e The access point’s serial port and Reset button cannot be disabled at the same time.
Page 94: Web: Configuring Access Controls
General System Configuration Setting Management Access Controls Web: Configuring Access Controls The AP Access screen configures access to management interfaces and button. The Web interface enables you to modify these parameters: CLI Access ■ Serial Interface: Enables or disables management access through the access point’s serial console port.
Page 95 General System Configuration Setting Management Access Controls Figure 5-2. Configuring Access Controls To Configure Access Control Settings: Click Management > AP Access and select the Access tab. As required, enable or disable the serial, Telnet, or SSH interfaces. N o t e If using SSH for secure access to the CLI over a network connection, you may want to disable the Telnet server.
Page 96: Cli: Configuring Management Controls
N o t e Enter management commands, one per line. ProCurve Access Point 530# configure ProCurve Access Point 530(config)# no console ProCurve Access Point 530(config)# show console ------------------------------------------------------------ CLI Access: Serial Interface...
Page 97 The following example demonstrates the no ssh command to disable the serial SSH port, and the show ssh command to display the current status. ProCurve Access Point 530# configure ProCurve Access Point 530(config)# no ssh ProCurve Access Point 530(config)# show ssh SSH Status...
Page 98 General System Configuration Setting Management Access Controls To display the current status for management access controls, use the show system command. ProCurve Access Point 530# show system Serial Number TW633VV01D System Name HP-AP-200 System Up Time 23 hours 17 mins 11 secs...
Page 99: Modifying System Information
System Name: An alias for the access point only, enabling the device to be uniquely identified on the network. Setting must be at least 1 character and a maximum of 63 characters long . (The default is ProCurve AP-530.) Location: The access point’s assigned location. (The default is not set.) ■...
Page 100 General System Configuration Modifying System Information Figure 5-3. Configuring System Information To Configure System Information: Select Device Information in the navigation bar. Type a name to uniquely identify the access point in the System Name field. Type a location to identify where the access point it located in the Location field.
Page 101: Cli: Setting The System Name
N o t e Enter management commands, one per line. ProCurve Access Point 530# configure ProCurve Access Point 530(config)# hostname ProCurve-AP530 ProCurve Access Point 530(config)# To display the configured system name, use the show system-information command.
Page 102 General System Configuration Modifying System Information ProCurve Access Point 530# show system-information Serial Number TW633VV01D System Name HP-AP-200 System Up Time 23 hours 18 mins 37 secs System Location 2FS17 System Country Code Software Version WA.02.00.0412 Ethernet MAC Address 00:14:C2:A5:6A:B3 IP Address 192.168.15.200...
Page 103: Configuring Ethernet Settings
General System Configuration Configuring Ethernet Settings Configuring Ethernet Settings Configuring the access point with an IP address expands your ability to manage the access point and use its features. A number of access point features depend on IP addressing to operate. N o t e You can use the Web browser interface to access IP addressing only if the access point already has an IP address that is reachable through your network.
Page 104 General System Configuration Configuring Ethernet Settings Note: After changing the speed/duplex setting, the access point reboots. ■ Connection Type: Allows selection of a static or DHCP setting. • DHCP: DHCP is the default. The IP address, subnet mask, default gateway, and Domain Name Server (DNS) addresses are dynamically assigned to the access point’s DHCP client by the network DHCP server.
Page 105 General System Configuration Configuring Ethernet Settings Figure 5-4. Configuring IP Settings To Enable the DHCP Client i: Select Network Setup > Ethernet. To configure the VLAN (untagged), enter a value in the VLAN field. To set the mode and speed of data transmission, select Speed/Duplex in the drop-down.
Page 106 General System Configuration Configuring Ethernet Settings If a management station exists on another network segment, enter the IP address of a gateway that can route traffic between these segments. This is a required field. To set dynamic DNS nameservers, click the Dynamic button. To set the nameservers manually, click Manual.
Page 107: Cli: Configuring Ip Settings Statically Or Via Dhcp
Enter ethernet commands, one per line. ProCurve Access Point 530# configure ProCurve Access Point 530(config)# interface ethernet ProCurve Access Point 530(ethernet)# ip address dhcp ProCurve Access Point 530(ethernet)# N o t e To ensure the access point doesn’t overwrite the static IP address, you must first disable the DHCP client with the ‘no ip address dhcp’...
Page 108 General System Configuration Configuring Ethernet Settings ProCurve Access Point 530# configure ProCurve Access Point 530(config)# interface ethernet ProCurve Access Point 530(ethernet)# no ip address dhcp ProCurve Access Point 530(ethernet)# ip address 192.168.1.105 255.255.255.2 ProCurve Access Point 530(ethernet)# ip default-gateway 192.168.1.1 ProCurve Access Point 530(ethernet)# exit ProCurve Access Point 530(config)# dns primary 204.127.202.0...
Page 109: Configuring Snmp
General System Configuration Configuring SNMP Configuring SNMP You can use a network management application such as the ProCurve Manager to manage the access point via the Simple Network Management Protocol (SNMP) from a network management station. Simple Network Management Protocol (SNMP) is an industry standard protocol for managing network devices, such as hubs, bridges, and switches.
Page 110: Mib Support
General System Configuration Configuring SNMP MIB Support The Access Point 530 supports the following Management Information Bases (MIBs): Read-Only Support Read-Write Support IEEE802dot11-MIB HP-PROCURVE-WLAN-SMI HP-PROCURVE-WLAN-TC RFC1155-SMI HP-PROCURVE-WLAN-SYSTEM- MIB II (RFC 1213) RFC-1215 HP-PROCURVE-WLAN-AP-MIB SNMPv2-SMI (RFC2578) HP-PROCURVE-NOTIFY-MIB SNMPv2-TC (RFC2579) SNMPv2-CONF (RFC2580)
Page 111 General System Configuration Configuring SNMP The Web interface enables you to modify these parameters: ■ SNMPv1/v2c: Enables or disables SNMP version 1 and version 2c management access, and also enables the access point to send SNMP traps (notifications). (The default is Enabled.) Community Name (RO): Defines the SNMP community access string ■...
Page 112: Cli: Setting Basic Snmp Parameters
General System Configuration Configuring SNMP To Enable SNMP and Set Parameters: Click Management > SNMP and select the Settings tab. To activate SNMPv1/v2 features on the access point, click the SNMPv1/ v2 Enabled button. To establish a public read-only SNMP community, enter a name text string to replace the default community name (public) in the Community Name (RO) field.
Page 113 SNMP management on the access point defaults the community settings to “restricted” and “public”. To disable SNMP communities, type the following commands. ProCurve Access Point 530# configure ProCurve Access Point 530(config)# no snmp-server community public restricted ProCurve Access Point 530(config)# no snmp-server community system unrestricted...
Page 114 ProCurve Access Point 530(config) #snmp-server community alpha unrestricted ProCurve Access Point 530(config) #snmp-server community beta restricted ProCurve Access Point 530(config) #snmp-server host 192.16 8.1.15 alpha ProCurve Access Point 530(config) #snmp-server contact Jim ProCurve Access Point 530(config) #snmp-server location 2F ProCurve Access Point 530(config) #snmp-server port 161...
Page 115 General System Configuration Configuring SNMP ProCurve Access Point 530# configure ProCurve Access Point 530(config)# show snmp-server SNMP Server Settings --------------------------------------------------------------------------- SNMP Status Enabled SNMP Port Community (ro) public Community (rw) private Location 2FR19 Contact No SNMP trap destinations are currently configured.
Page 116: Web: Configuring Snmp V1 And V2C Traps
General System Configuration Configuring SNMP Web: Configuring SNMP v1 and v2c Traps The SNMP – Traps and SNMP – Trap Hosts screens configure SNMP v1 and v2c trap notifications that can be sent to specified management stations. SNMP Traps The SNMP – Traps screen controls whether specific SNMP notifications are sent: System Traps: pertaining to the system.
Page 117 General System Configuration Configuring SNMP • hpWlanClientRequestFailure – The station request failure is sent when a station fails to associate / re-associate / authenticate with the access point. The notification includes the station MAC address and the reason code for the failure. •...
Page 118 General System Configuration Configuring SNMP • hpWlanDot1XAuthNotInitiated– This notification is sent when a station did not initiate 802.1X authentication with the RADIUS server. The notification value includes the MAC address of the station that did not initiate 802.1X authentication. • hpWlanDot1XAuthSuccess –...
Page 119: Snmp Trap Hosts
General System Configuration Configuring SNMP Click Management > SNMP and select the Traps tab. Under the Trap Groups, check or uncheck the required traps boxes. Click Update. SNMP Trap Hosts The SNMP – Trap Hosts screen allows configuration of the following SNMP trap parameters: Trap Destination Host (1 to 3): Enables/Disables recipients (up to ■...
Page 120: Cli: Configuring Snmp V1 And V2C Traps
To send SNMP v1 and v2c traps to a management station, specify the host IP address using the snmp-server host command and enable specific traps using the snmp-server trap command. ProCurve Access Point 530(config)# snmp-server host 192.168. 1.15 public ProCurve Access Point 530(config)# snmp-server host 192.168.
Page 121 General System Configuration Configuring SNMP To display the current SNMP settings from the Manager Exec level, use the show snmp-server command, as shown in the following example. ProCurve Access Point 530(config)# show snmp-server SNMP Server Settings --------------------------------------------------------------------------- SNMP Status Enabled...
Page 122: Configuring Snmpv3
N o t e s ■ The AP-530 does not configure an ‘initial’ user for SNMPv3. If you want to enable SNMPv3 without first enabling SNMPv1/2c, it will be necessary to log into the AP-530 using the CLI interface and add an SNMPv3 user manually (See “CLI: Managing SNMPv3 Users”...
Page 123: Cli: Enabling & Disabling Snmpv3
General System Configuration Configuring SNMPv3 Figure 5-8. The SNMP - Settings Tab To Enable SNMPv3: Click Management > SNMP and select the Settings tab. Click the SNMPv3 Enabled button. Click [Update]. To Disable SNMPv3: Click Management > SNMP and select the Settings tab. Click the SNMPv3 Disabled button.
Page 124: Web: Managing Snmpv3 Users
ProCurve Access Point 530(config)# snmpv3 enable ProCurve Access Point 530(config)# To disable SNMPv3, enter the no snmpv3 enable command. ProCurve Access Point 530(config)# no snmpv3 enable ProCurve Access Point 530(config)# Web: Managing SNMPv3 Users The SNMP – SNMPv3 Users screen enables you to add and remove SNMPv3 users, and to manage their settings.
Page 125 General System Configuration Configuring SNMPv3 Figure 5-9. The SNMP SNMPv3 Users Tab To Add an SNMPv3 User: Click Management > SNMP and select the SNMPv3 Users tab. Enter the new username in the Username field. Optionally, select an authentication method from the Authentication Type drop-down.
Page 126: Cli: Managing Snmpv3 Users
To create an SNMPv3 user, enter the snmpv3 user-name command. ProCurve Access Point 530(config)# snmpv3 user-name tjames ProCurve Access Point 530(config)# To remove an SNMPv3 user, enter the no snmpv3 user-name command. ProCurve Access Point 530(config)# no snmpv3 user-name tjame ProCurve Access Point 530(config)# 5-42...
Page 127: Cli: Displaying Snmpv3 Settings
Configuring SNMPv3 To create an SNMPv3 user with MD5 authentication, add the auth parameter and password to the definition. ProCurve Access Point 530(config)# snmpv3 user-name tjames auth md5 12345678 ProCurve Access Point 530(config)# To create an SNMPv3 user with MD5 authentication and AES privacy, add the auth md5 and priv aes parameters and their passwords to the definition.
Page 128: Enabling System Logging
General System Configuration Enabling System Logging Enabling System Logging The access point supports a logging process that can control error messages saved to memory or sent to a server. The logged messages serve as a valuable tool for isolating access point and network problems. The following table lists the error message levels from the most severe (Emergency) to least severe (Debug).
Page 129: Web: Setting Logging Parameters
General System Configuration Enabling System Logging Web: Setting Logging Parameters The Event Log – Settings screen configures system logs and server details for the access point. The Web interface enables you to modify these parameters: ■ Primary Syslog Host: Enables the logging of error messages. ■...
Page 130 The following example shows how to set an IP address for the receiving server using the logging command. ProCurve Access Point 530# configure ProCurve Access Point 530(config)# logging 10.1.0.3 ProCurve Access Point 530(config)# The following example shows the settings. ProCurve Access Point 530# configure...
Page 131 General System Configuration Enabling System Logging The following example shows the security level of entries. ProCurve Access Point 530# configure ProCurve Access Point 530(config)#show logging Keys: M=eMergency C=Critical W=Warning I=Information A=Alert E=Error N=Notice D=Debug ----- Event Log Listing: Most Recent Events First...
Page 132: Configuring The Time (Sntp)
General System Configuration Configuring the Time (SNTP) Configuring the Time (SNTP) Simple Network Time Protocol (SNTP) allows the access point to set its internal clock based on periodic updates from a time server (SNTP or NTP). Maintaining an accurate time on the access point enables the system log to record meaningful dates and times for event entries.
Page 133 General System Configuration Configuring the Time (SNTP) To Set SNTP Parameters: Select Special Features > Time. For SNTP, click Enabled. For the SNTP Server, enter the IP address or the hostname in the SNTP Server field. Click [Update]. 5-49...
Page 134: Cli: Setting Sntp Parameters
The following example shows how to enable SNTP and configure a server IP address by using the sntp command. ProCurve Access Point 530# configure ProCurve Access Point 530(config) #sntp 10.1.0.19 ProCurve Access Point 530(config)# To display the current SNTP status, use the show sntp command, as shown in the following example.
Page 135: Configuring Radius Accounting
General System Configuration Configuring RADIUS Accounting Configuring RADIUS Accounting Remote Authentication Dial-in User Service (RADIUS) Accounting is an extension to the RADIUS authentication protocol that uses a central server to log user activity on the network. A RADIUS Accounting server runs software that receives user-session information from the access point.
Page 136: Web: Setting Radius Accounting Server Parameters
General System Configuration Configuring RADIUS Accounting Web: Setting RADIUS Accounting Server Parameters The Accounting Servers screen in the WLAN Configuration – Security pop-up window sets the primary and secondary server parameters for the RADIUS Accounting server. This configures the RADIUS Accounting servers to which the access point RADIUS server transmits user-session information.
Page 137 General System Configuration Configuring RADIUS Accounting Figure 5-12. Configuring RADIUS Accounting Servers To Set RADIUS Accounting Server Parameters: Click Network Setup > WLANs. Click the [Edit] button for the WLAN (BSS/SSID) interface you want to modify. A pop-up window with Security settings opens. Select the Accounting Servers tab.
Page 138: Cli: Enabling Radius Accounting Parameters
N o t e Enter radius commands, one per line. ProCurve Access Point 530# configure ProCurve Access Point 530(config)# radius-accounting primary ip 192.168.1.52 ProCurve Access Point 530(config)# radius-accounting primary port 161...
Page 139: Setting Up Filter Control
General System Configuration Setting Up Filter Control Setting Up Filter Control You can prevent communications between wireless stations associated to the access point, only allowing traffic between stations and the wired network. You can also prevent any wireless client from performing any access point configuration through any of its management interfaces, including Web, Telnet, or SNMP access.
Page 140: Cli: Setting Traffic Filters
9-89 The following example shows how to block communications between wire- less stations. ProCurve Access Point 530# configure ProCurve Access Point 530(config)# inter-station-blocking ProCurve Access Point 530(config)# The following example shows how to block wireless stations from gaining management access to the access point.
Page 141: Configuring Vlan Support
General System Configuration Configuring VLAN Support Configuring VLAN Support A Virtual Local Area Network (VLAN) is a location independent broadcast domain. A VLAN is like the standard definition of a LAN without the physical constraints. These VLAN domains are a collection of workstations that are part of the same logical, working community but not likely part of the same physical community.
Page 142: Web: Setting A Management Vlan
General System Configuration Configuring VLAN Support Management VLAN. A management VLAN can be configured for secure management access to the access point. The management VLAN is for managing the access point through remote management tools, such as the Web interface, SSH, Telnet, or SNMP. The access point only accepts management traffic that is tagged with the specified management VLAN ID.
Page 143: Web: Changing The Untagged Vlan Id
General System Configuration Configuring VLAN Support Figure 5-14. Setting A Management VLAN To Set A Management VLAN: Click Network Setup > Ethernet. Enter a valid number between 1 and 4094 in the Management VLAN ID field. Select [Update]. Web: Changing the Untagged VLAN ID The Network Setup –...
Page 144 General System Configuration Configuring VLAN Support Figure 5-15. Changing Untagged VLAN ID To Set Untagged VLAN ID: Click Network Setup > Ethernet. Enter a valid number between 1 and 4094 in the Untagged VLAN field. Select [Update]. 5-60...
Page 145: Cli: Enabling Vlan Support
9-118 The following example shows how to establish a management VLAN ID. ProCurve Access Point 530# configure ProCurve Access Point 530(config)# interface ethernet ProCurve Access Point 530(ethernet)# management-vlan 9 ProCurve Access Point 530(ethernet)# The following example shows how to set an untagged VLAN ID in the interface context.
Page 146 The following example displays the management VLAN ID. The static or dynamic VLAN state is configured per WLAN and can be validated using the show wlans command. ProCurve Access Point 530# show wlans All WLANs on Radio 1: WLAN BSSID...
Page 147: Managing Group Configuration
Managing Group Configuration The Group Configuration feature enables an administrator to configure and manage groups of up to twelve AP 530 access points using the management interface of only one of the devices. Group Configuration can be configured using the web-browser interface, the CLI, or through SNMP.
Page 148: Guidelines For Deploying Group Configuration
General System Configuration Managing Group Configuration The Administrator password (see “Modifying Management Passwords” on ■ page 5-6) ■ The local RADIUS user database (see “Configuring RADIUS Client Authentication” on page 7-32) All Probe Table settings (see “Probe Table” on page 8-35) ■...
Page 149: Security And Integrity Recommendations
General System Configuration Managing Group Configuration Parameter changes that are made using the CLI (after the write mem command), the Web browser interface (after clicking the Update button), or an SNMP request will all trigger synchronization. Complete synchronization may take up to one minute to propagate, depending on the size of the group and on network latency.
Page 150 General System Configuration Managing Group Configuration Member ID: An optional text string identifying the access point within ■ the group. ■ [Update]: Updates the Group Configuration settings on the access point. The current members of the selected group are listed in the Members list. N o t e The IP addresses of the other members of the group appear as links.
Page 151: Cli: Enabling Group Configuration
9-63 The following example shows how to add the current access point to a group. ProCurve Access Point 530# configuration ProCurve Access Point 530(config)# group-config name HBldg22 ProCurve Access Point 530(config)# group-config member-id AP-2 ProCurve Access Point 530(config)# group-config...
Page 152 General System Configuration Managing Group Configuration 5-68...
Page 153: Wireless Interface Configuration
Wireless Interface Configuration Contents Overview ............6-3 Setting the Country Code .
Page 154 Wireless Interface Configuration Managing Multiple WLAN (BSS/SSID) Interfaces ....6-34 Web: Configuring SSID Interfaces ......6-35 CLI: Naming an SSID Interface .
Page 155: Overview
Wireless Interface Configuration Overview Overview The Access Point 530 supports up to 16 service set identifier (SSID) interfaces. Most radio parameters apply globally to all configured SSID interfaces. For each SSID interface, different security settings, VLAN assignments and other parameters can be applied.
Page 156: Setting The Country Code
N o t e The country code is preset to “US” in the Access Point 530 NA unit and can be changed from the U.S. to only the Canada, Mexico, or Taiwan country code.
Page 157 You do not need to perform a system reboot to set the country code. Use the write mem command to save the country code. ProCurve Access Point 530# configure ProCurve Access Point 530(config)# country GB ProCurve Access Point 530(config)# write mem The following example shows how to use the show system-information command to return the access point’s current values, including the country...
Page 158: Configuring The Radio
This includes any changes to a WLAN or radio parameter. Table 6-1. Radio Configuration Summary Table Summary Point Parameters Three wireless LAN modes are available for use on the 530 802.11a, 802.11b, and access point. 802.11g Two separate wireless LAN radios are available for use on the Radio 1 and Radio 2 530 access point.
Page 159 Wireless Interface Configuration Configuring the Radio Summary Point Parameters Because they are in different parts of the spectrum, the channels 802.11b and 802.11a within these modes do not interfere with one another. channels. 802.11g and 802.11a channels. Each radio that is used, no matter what the mode, must be set to All modes (802.11a, a unique channel to avoid interference with other radios in the 802.11b, and 802.11g).
Page 160: Configuring The Radio Working Mode
Wireless Interface Configuration Configuring the Radio Configuring the Radio Working Mode As specified in the , the access point “Radio Configuration Summary Table” on page 6-6 can operate in three standard radio modes: IEEE 802.11a, 802.11b, or 802.11g. Getting to know 802.11a. The IEEE 802.11a provides specifications for wireless ATM systems.
Page 161: Web: Setting The Radio Working Mode
Wireless Interface Configuration Configuring the Radio To support both 802.11g and 802.11b stations, the access point must first communicate with all stations using CCK and only switch to OFDM for data transfers between 802.11g-compatible stations. This mechanism has the effect of reducing the maximum throughput for 802.11g stations in the network.
Page 162 Wireless Interface Configuration Configuring the Radio • IEEE 802.11g: Stations communicate at a higher data transfer range, between 1 to 54 Mbps, than the 802.11b PHY, while operating in the 2.4 GHz band. This standard uses orthogonal frequency division multiplexing (OFDM). Backward-compatible with IEEE 802.11b. (Radio 1 is the default.) •...
Page 163: Cli: Setting The Radio Working Mode
N o t e Enter radio commands, one per line. ProCurve Access Point 530# configure ProCurve Access Point 530(config)# radio 1 ProCurve Access Point 530(radio1)# mode g ProCurve Access Point 530(radio1)# The following example uses the show radios command to display current details on the dual radios configured on the access point.
Page 164: Configuring The Radio Channel And Other Basic Settings
Wireless Interface Configuration Configuring the Radio Configuring the Radio Channel and Other Basic Settings The access point uses the configured radio channel to communicate with wireless stations. As indicated in the “Radio Configuration Summary Table” on page 6- , the access point’s channel settings and radio mode have a configuration relationship to enhance the performance of the access point.
Page 165 Wireless Interface Configuration Configuring the Radio N o t e When the radio is configured for auto channel selection, any radio mode changes result in a five- to ten-second delay as the optimum radio channel is determined and selected. ■ Maximum Stations: The maximum number of stations allowed to access the applicable radio at any one time.
Page 166: Web: Configuring Advanced Radio Settings
Wireless Interface Configuration Configuring the Radio Web: Configuring Advanced Radio Settings The Radio – Advanced Settings pop-up window, shown in Figure 6-3, enables you to configure a number of advanced settings for the access point’s radio operation: ■ Broadcast/Multicast Rate Limiting: Enables the rate limiting on the radio to transmit multicast and broadcast traffic.
Page 167 Wireless Interface Configuration Configuring the Radio • Short: Sets the slot time to 9 microseconds. A short slot time can increase data throughput on the access point, but its use requires that all stations can support a short slot time (that is, 802.11g-compliant stations must support a short slot time).
Page 168: Configuring Advanced Radio Settings
Wireless Interface Configuration Configuring the Radio Configuring Advanced Radio Settings Figure 6-3. Configuring Advanced Radio Settings To Modify Advanced Radio Settings: Click Network Setup > Radio. Click the Edit button for Advanced Settings. A pop-up window for Advanced Settings opens (see figure 6-3). To enable rate limiting, click the Broadcast/Multicast Rate Limiting Enabled button.
Page 169: Configuring B + G Mode
Wireless Interface Configuration Configuring the Radio To configure the communication periods and packet size transmissions, enter values within the appropriate range for the Fragmentation Threshold and RTF Threshold fields. Enter the length of time value to establish Inactivity Timeout. Select values for the Supported and Basic Rate Sets. 10.
Page 170 Wireless Interface Configuration Configuring the Radio Figure 6-5. Configuring B + G Modes [Advanced Radio Settings] To Configure B + G Modes: The setting, shown in Figure 6-5, allows both b stations and g stations to associate with the AP. Select Network Setup >...
Page 171: Configuring G- Only Mode
Wireless Interface Configuration Configuring the Radio Configuring G- Only Mode Figure 6-6. Configuring Wi-Fi G-Only Mode To Configure Wi-Fi G-Only Mode: This setting, shown in Figure 6-6, allows g-only stations to associate with the AP. This is Wi-Fi standard-based g-only mode. Select Network Setup >...
Page 172: Configuring Pure G Mode
The setting, shown in Figure 6-7, allows only g stations to associate with the access point, but should be used only if no legacy 802.11b clients or access points are within range of the 530 access point. C a u t i o n This mode is not a standard-based configuration mode.
Page 173: Cli: Configuring Radio Settings
Enter radio commands one line at a time. ProCurve Access Point 530# configure ProCurve Access Point 530(config)# radio 1 ProCurve Access Point 530(radio1)# description “Radio 1 - 802.11g” ProCurve Access Point 530(radio1)# beacon-interval 102 ProCurve Access Point 530(radio1)# fragmentation-thresh 1024...
Page 174 Wireless Interface Configuration Configuring the Radio The following example uses the show radio command to display this access point’s radio parameter details. ProCurve Access Point 530# show radio 1 Description Radio 1 - 802.11g Base MAC 00:14:C2:A7:11:A0 Status Enabled Mode 802.11g...
Page 175: Modifying Antenna Settings
Wireless Interface Configuration Modifying Antenna Settings Modifying Antenna Settings When using an external antenna with the access point, you must configure the radio for the type of external antenna that is attached: either Diversity or Single. Also, the access point’s transmit power must be limited to conform to local regulations.
Page 176 Wireless Interface Configuration Modifying Antenna Settings Figure 6-8. Setting Transmit Power Reduction To Modify the Transmit Power Reduction: Select Network Setup > Radio. Use the Tx Power Reduction drop-down to select a dBm value. Select [Update] to set the radio transmit power reduction. 6-24...
Page 177: Web: Setting The Antenna Type And Antenna Mode
Wireless Interface Configuration Modifying Antenna Settings Web: Setting the Antenna Type and Antenna Mode The Radio – Advanced Settings pop-up window, shown in Figure 6-9, enables you to configure the following settings for adjusting the transmit power limits: ■ Antenna Type: The type of radio antenna utilized by this access point. (The default is Internal.) Antenna Mode: The mode of radio antenna utilized by this access point.
Page 178: Cli: Setting The Transmit Power Reduction And Antenna Parameters
Single on the access point. The default mode is set to Diversity. ProCurve Access Point 530(config)# radio 1 ProCurve Access Point 530(radio1)# tx-power-reduction 5 ProCurve Access Point 530(radio1)# antenna external ProCurve Access Point 530(radio1)# antenna mode single 6-26...
Page 179 Wireless Interface Configuration Modifying Antenna Settings You can use the show radio command to display the current radio settings from the wireless interface configuration level. ProCurve Access Point 530# show radio 1 Description Radio 1 - 802.11g Base MAC 00:14:C2:A7:11:A0...
Page 180: Adaptive Tx Power Control
Adaptive Tx Power Control is a group of advance radio settings that can optimize channel coverage and reduce interference from neighboring APs by dynamically reducing the transmit power levels of the AP 530. When it is enabled, ATPC is applied independently to each radio. ATPC assesses and adjusts power levels about once every second.
Page 181: Scope Of Neighboring Aps
Wireless Interface Configuration Adaptive Tx Power Control Scope of Neighboring APs ATPC may be applied broadly to all neighboring APs or more selectively to specific APs by configuring either RF Group Name or Avoid Neighbor APs. These parameters are mutually exclusive: Enabling one disables the other. ■...
Page 182: Power Reduction Limit
Wireless Interface Configuration Adaptive Tx Power Control This mode is recommended for low density deployments where coverage holes may be of concern. The data transmit power attenuation is calculated to put transmissions into the noise floor of the nearest same-channel AP, then reduced if needed to reach the farthest associated client station at a target RSSI.
Page 183: Web: Configuring Adaptive Tx Power Control
Wireless Interface Configuration Adaptive Tx Power Control Since ATPC can only reduce transmit power (not amplify it), optimal place- ment of access points will provide full coverage at a transmit power level somewhat below the maximum. Furthermore, if the deployment needs to be able to remediate conditions such as the failure or down-time of individual access points, the density should be such that ATPC can compensate for a missing unit by lessening power reduc- tion, thus allowing transmit power to increase towards its maximum.
Page 184: Cli: Configuring Adaptive Tx Power Control
Wireless Interface Configuration Adaptive Tx Power Control Figure 6-10. Setting Adaptive Transmit Power Control Parameters To Configure Adaptive Transmit Power Control: Select Network Setup > Radio tab > > Advanced Settings. [Edit] Select the Adaptive Tx Power Control Enabled button to enable ATPC. Depending on the scope of the neighboring APs you want to include in the ATPC calculations, do one of the following: To adapt transmit power to all neighboring APs (on the same...
Page 185 With RF Group Name” on page C-5. To configure AP #1 in this use case, enter the following commands: ProCurve Access Point 530(config)# radio 1 ProCurve Access Point 530(radio1)# atpc adapt ap ProCurve Access Point 530(radio1)# atpc max-reduction 18 ProCurve Access Point 530(radio1)# atpc rf-group-name...
Page 186: Managing Multiple Wlan (Bss/Ssid) Interfaces
Wireless Interface Configuration Managing Multiple WLAN (BSS/SSID) Interfaces Managing Multiple WLAN (BSS/SSID) Interfaces A wireless local area network (WLAN) is a local area network (LAN) that users access through a wireless connection. The IEEE 802.11-1999 standards specify WLAN technologies. The WLAN uses high-frequency radio waves rather than wires to communicate between nodes.
Page 187: Web: Configuring Ssid Interfaces
Wireless Interface Configuration Managing Multiple WLAN (BSS/SSID) Interfaces The following figure shows the configuration scenario to follow when managing VLANs and SSID interfaces. Figure 6-11. Configuring VLANs and SSID Interfaces Web: Configuring SSID Interfaces The WLANs tab, shown in Figure 6-11, enables you to configure SSIDs, VLANS, and closed system settings.
Page 188 Wireless Interface Configuration Managing Multiple WLAN (BSS/SSID) Interfaces N o t e If you are connected as a wireless client to the same AP that you are admin- istering, resetting the SSID will cause you to lose connectivity to the AP. You will need to reconnect to the new SSID after you save this new setting.
Page 189 Wireless Interface Configuration Managing Multiple WLAN (BSS/SSID) Interfaces Enter a unique name for the SSID interface. This name is automatically copied over to the compatible SSID interface for Radio 2. To prohibit WLAN (BSS/SSID) interface broadcasting, check the Closed- System box. To assign a VLAN ID per WlAN (BSS/SSSID), enter a VLAN ID in the VLAN field.
Page 190: Cli: Naming An Ssid Interface
The WLAN index uses the format “wlan x,” where x is a number between 1 and 16. ProCurve Access Point 530# configure ProCurve Access Point 530(config)# radio 1 ProCurve Access Point 530(radio1)# wlan 1 ProCurve Access Point 530(radio1-wlan1)#ssid PR3_WLAN To display a list of configured WLAN interface settings, use the show wlan ...
Page 191: Cli: Modifying Wlan (Bss/Ssid) Interface Settings
Wireless Interface Configuration Managing Multiple WLAN (BSS/SSID) Interfaces ProCurve Access Point 530(radio1-wlan1)# show wlan 1 WLAN #1 on Radio 1 Description Radio 1 - WLAN 1 Status Enabled SSID PR3_WLAN VLAN - Untagged BSSID 00:14:C2:A7:11:A0 DTIM Period Security Type no-security (No Sec.)
Page 192 Wireless Interface Configuration Managing Multiple WLAN (BSS/SSID) Interfaces To display WLAN interface settings, use the show wlan command, as shown in the following example. ProCurve Access Point 530(radio1)# show wlan All WLANs on Radio 1: WLAN BSSID VLAN Security Status...
Page 193 Wireless Interface Configuration Managing Multiple WLAN (BSS/SSID) Interfaces — This page is intentionally unused. — 6-41...
Page 194 Wireless Interface Configuration Managing Multiple WLAN (BSS/SSID) Interfaces 6-42...
Page 195: Wireless Security Configuration
Wireless Security Configuration...
Page 196 Wireless Security Configuration Contents Overview ............7-5 Wireless Security Overview .
Page 197 The Web-Auth Process ........7-57 Associating with the AP-530 ......7-57 URL Intercept .
Page 198 Wireless Security Configuration CLI: Configuring Web-Auth on a WLAN ......7-70 Prerequisites ......... . . 7-70 Web: Customizing the Login, Welcome, and Failed Screens .
Page 199: Overview
Wireless Security Configuration Overview Overview This chapter describes how to: Configure wireless security ■ Configure encryption ■ ■ Configure key management ■ Configure MAC and 802.1X authentication Configure MAC Lockout and Client/Station Deauthentication ■ ■ Configure AP Authentication ■ Configure Web Authentication...
Page 200: Wireless Security Overview
User Authentication The two ways of authenticating users on the Access Point 530 are: MAC authentication: Based on the user’s wireless station MAC address. ■...
Page 201: 802.1X User Authentication
For the CLI commands, see Section 9, “MAC Address Authentication” on page 9-72 MAC Authentication on the AP 530 includes the ability to lock out clients by MAC address, and to force an already connected client or station to deauthen- ticate.
Page 202: Encryption
Wireless Security Configuration Wireless Security Overview connections. The AP 530 supports port-access authentication through the AP Authentication feature. See “Configuring 802.1X AP Authentication” on page 7-53 for more information. Encryption The AP 530 supports three types of encryption: Wired Equivalent Privacy (WEP): Key lengths of 64 bits and 128 bits are ■...
Page 203: Counter Mode/Cbc-Mac Protocol (Ccmp)
It is the most effective encryption system currently available for wireless networks. It is possible to use a mixed cipher mode of TKIP and CCMP on a WLAN in the AP 530. Key Management Keys for encrypting the data can be managed either dynamically using 802.1X authentication or statically using preshared keys between the access point and station.
Page 204: Static Wired Equivalent Privacy (Wep)
Wireless Security Configuration Wireless Security Overview network VPN server. If this mode is used, it may be desirable to prevent advertising availability of the network to other stations by configuring the WLAN for closed-system operation. C a u t i o n Use the No Security mode on a sensitive internal network only for initial setup, testing, or problem solving, or where VPN connections are mandated to provide end-to-end security for the otherwise insecure wireless connection.
Page 205: Tkip With 802.1X
Wireless Security Configuration Wireless Security Overview TKIP with 802.1X The TKIP with 802.1X security profile uses TKIP as the encryption cipher and 802.1X as the authentication mechanism. In this way, each station uses a unique master key to derive the encryption between the access point and the station.
Page 206: Other Security Features
Wireless Security Overview Other Security Features In addition to the wireless security features described in the preceding section, the Access Point 530 has a user-based security feature called Identity Driven Management (IDM). For more details on IDM, see “Identity Driven Management” on page 8-36 Table 7-1.
Page 207 For more details on security configurations that are possible using the CLI, “CLI: Configuring Security Settings” on page 7-24. Table 7-2. Summary of Wireless Security Configuration Configuring Encryption in the ProCurve Wireless Access Point 530 Encryption Methods and WLAN Interface Level Commands Additional Notes...
Page 208 The AP 530 supports the following Extensible Authentication Protocol (EAP) methods: TLS, TTLS, MD5, and PEAP (MS- CHAP v2) when configured to use an external RADIUS server for authentication. The AP 530 supports only PEAP (MS- CHAP v2) when configured to use the built-in (local) RADIUS server.
Page 209 Wireless Security Configuration Wireless Security Overview Table 7-3. Summary of MAC Authentication Configuration Configuring MAC Authentication in the HP ProCurve Wireless Access Point 530 Local MAC MAC Authentication Table RADIUS Comments Authentication Authentication Authentication MAC Address Permission Mode MAC Table...
Page 210: Establishing Security
Wireless Security Configuration Establishing Security Establishing Security The security options are available from the WLANs tab (shown in Figure 7-1) and provide wireless security configuration for the WLAN. Figure 7-1. Security Access Via the WLANs Screen Basic parameters required for a security option configuration are provided in the WLANs –...
Page 211 You should give special consideration to the security option for WLAN 1 if you are configuring one or more Wireless Distribution System (WDS) links on the AP 530. The security option configured for WLAN 1 also establishes the security option that is used with WDS links (1–6). WDS security options (and thus the WLAN 1 configuration) are limited to one of the choices listed in Table 7-4.
Page 212: Web: Setting Security Options
Wireless Security Configuration Establishing Security Web: Setting Security Options The Security tab provides these options: ■ No Security: The access point is configured as an open system with no user authentication or data encryption. This is the default setting. Static WEP: Use static IEEE 802.11 Wired Equivalent Privacy (WEP) ■...
Page 213 Wireless Security Configuration Establishing Security WPA-PSK: Uses a preshared key (instead of using IEEE 802.1X and EAP ■ as is used in the WPA-802.1X security mode). The PSK is used for an initial check of credentials only. A WPA-supported station is required. If a mix of stations is used, with some supporting WPA2 and others supporting the original WPA, configure for both (set both wpa/wpa2 allowed).
Page 214 Wireless Security Configuration Establishing Security N o t e Stations that are not configured to use WPA-PSK cannot associate with an access point. ■ WPA-802.1X: IEEE 802.11i-2004 includes AES, CCMP, and TKIP mecha- nisms. The standard specifies security enhancements in encryption, authentication, and key management, and provides support for roaming.
Page 215 Wireless Security Configuration Establishing Security Figure 7-2. Configuring Static WEP To Configure Static WEP Shared Keys: Select Network Setup > WLANs. Click [Edit] after the selected WLAN. The WLAN Configuration Security pop-up window opens, displaying the Security tab. Select Static WEP from the Security Mode drop-down. To allow system authentication, select Shared from the Authentication option.
Page 216 Wireless Security Configuration Establishing Security Figure 7-3. Configuring WPA-PSK To Configure WPA-PSK: Select Network Setup > WLANs. Click [Edit] after the selected WLAN. The WLAN Configuration Security pop-up window opens, displaying the Security tab. Select WPA-PSK from the Security Mode drop-down. Select WPA, WPA2, or Both for WPA support, as required.
Page 217 Wireless Security Configuration Establishing Security Figure 7-4. Configuring WPA-802.1X To Configure WPA-802.1X: Select Network Setup > WLANs. Click [Edit] after the selected WLAN. The WLAN Configuration Security pop-up window opens, displaying the Security tab. Select WPA-802.1X from the Security Mode drop-down. Select WPA, WPA2, or Both for WPA support, as required.
Page 218: Manual Configuration Using The Cli
Wireless Security Configuration Manual Configuration Using the CLI Manual Configuration Using the CLI The following sections show examples of how to use the CLI to view and configure access point security settings. N O T E : Security settings using the CLI can only be made for WLANs in the context of Radio 1.
Page 219 Using the CLI to Configure No Security. The following example shows how to configure an WLAN interface to have no security set. ProCurve Access Point 530# configure ProCurve Access Point 530(config)# radio 1 ProCurve Access Point 530(radio1)# wlan 1 ProCurve Access Point 530(radio1-wlan1)#security no-security...
Page 220 The following example shows how to view the current configuration settings. ProCurve Access Point 530# configure ProCurve Access Point 530(config)# radio 1 ProCurve Access Point 530(radio1)# wlan 1 ProCurve Access Point 530(radio1-wlan1)# show wlan 1 WLAN #1 on Radio 1 Description insecure...
Page 221 These commands enable security and estab- lish the transfer key index (set to 4). ProCurve Access Point 530# configure ProCurve Access Point 530(config)# radio 1 ProCurve Access Point 530(radio1)# wlan 1 ProCurve Access Point 530(radio1-wlan1)#security static-wep ProCurve Access Point 530(radio1-wlan1)#wep-default-key 4...
Page 222 Wireless Security Configuration Manual Configuration Using the CLI ProCurve Access Point 530(radio1-wlan1)#wep-key-1 abcde ProCurve Access Point 530(radio1-wlan1)#wep-key-2 fghi ProCurve Access Point 530(radio1-wlan1)#wep-key-3 klmn ProCurve Access Point 530(radio1-wlan1)#wep-key-4 pqrs ProCurve Access Point 530(radio1-wlan)# The following commands set the security to a shared-key authentication protocol.
Page 223 Wireless Security Configuration Manual Configuration Using the CLI ProCurve Access Point 530# configure ProCurve Access Point 530(config)# radio 1 ProCurve Access Point 530(radio1)# wlan 1 ProCurve Access Point 530(radio1-wlan1)#security dynamic-wep radius primary ip ProCurve Access Point 530(radio1-wlan1)# 192.168.1.52 radius primary...
Page 224 WPA-802.1X is the recommended security mode. The incorporation of the RADIUS server makes it superior to the WPA-PSK security mode. ProCurve Access Point 530# configure ProCurve Access Point 530(config)# radio 1 ProCurve Access Point 530(radio1)# wlan 1 ProCurve Access Point 530(radio1-wlan1)#security wpa-802.1x...
Page 225 RADIUS server. Use of the built-in server automat- ically establishes the RADIUS key. ProCurve Access Point 530# configure ProCurve Access Point 530(config)# radio 1 ProCurve Access Point 530(radio1)# wlan 1 radius primary ip ProCurve Access Point 530(radio1-wlan1)# 192.168.1.52...
Page 226: Configuring Radius Client Authentication
“Configuring VLAN Support” on page 5-57 N o t e You can enter VLAN IDs on the RADIUS server as a hexadecimal number or an ASCII string. The Access Point 530 requires that you configure VLAN IDs as an ASCII string. 7-32...
Page 227: Web: Setting Radius Server Parameters
Wireless Security Configuration Configuring RADIUS Client Authentication To use dynamic VLAN, the access point must be using a security configuration that enables 802.1X authentication and must have a RADIUS server configured (see ). Wireless stations must also support 802.1X station software to page 7-41 be assigned to a specific VLAN.
Page 228 Wireless Security Configuration Configuring RADIUS Client Authentication Secondary Server Setup: Configures a secondary RADIUS server to ■ provide a backup in case the primary server fails. The access point uses the secondary server if the primary server fails or becomes inaccessible. Once the access point switches over to the secondary server, it periodically attempts to establish communication again with the primary server.
Page 229: Cli: Setting Radius Server Parameters
The following example shows how to configure RADIUS authentication failover and the RADIUS retransmit retry parameter for this WLAN. ProCurve Access Point 530# configure ProCurve Access Point 530(config)# radio1 ProCurve Access Point 530(radio1)# wlan 1 ProCurve Access Point 530(radio1-wlan1)#radius failover-to- local ProCurve Access Point 530(radio1-wlan1)#radius retransmit 30...
Page 230: Web: Establishing Local Radius Accounts
WLAN. ProCurve Access Point 530# configure ProCurve Access Point 530(config)# radio 1 ProCurve Access Point 530(radio1)# wlan 1 ProCurve Access Point 530(radio1-wlan1)# radius primary key open ProCurve Access Point 530(radio1-wlan1)# radius primary ip 192.168.1.53 ProCurve Access Point 530(radio1-wlan1)# radius primary mac-...
Page 231: Adding New Radius Accounts
Wireless Security Configuration Configuring RADIUS Client Authentication Figure 7-6. Configuring an Existing Account To Modify an Existing Local RADIUS Account: Select Special Features > Local Radius tab. Select the account to modify. Do one of the following: • To enable the account, select Enable. •...
Page 232 Wireless Security Configuration Configuring RADIUS Client Authentication • Password: Provides a string with a minimum of 1 character and a maximum of 32 characters. Do not use special characters or spaces. • Confirm Password: Repeats the same string with a minimum of 1 character and a maximum of 32 characters.
Page 233: Managing The Radius User Database
Wireless Security Configuration Configuring RADIUS Client Authentication Select [Add Account] to set the user account. Managing the RADIUS User Database The User Database tab shown in Figure 7-8 enables you to create a backup file. Once you have created user accounts for use with Local RADIUS, you can save the account information to a Backup file, which can then be used to Restore the Local RADIUS user accounts if needed.
Page 234 Wireless Security Configuration Configuring RADIUS Client Authentication Click Save to complete the process. The backup file will be placed in the specified folder. To Restore the Local RADIUS User Accounts From a User Database Backup: Select Special Features > Local Radius to display the Local RADIUS screen and user account information.
Page 235: Cli: Setting Local Radius Server Parameters
RADIUS server, the RADIUS accounting feature must be disabled and/or set to use an external RADIUS accounting server. ProCurve Access Point 530# configure ProCurve Access Point 530(config)# radius-local newuser ProCurve Access Point 530(config)# radius-local existinguser Disabled ProCurve Access Point 530(config)# no radius-local...
Page 236 The following example first sets the radius-local username to “chris” and subsequently sets the password for the chris user account to “chrisopen”. ProCurve Access Point 530# configure ProCurve Access Point 530(config)# radius-local chris realname csmith ProCurve Access Point 530(config)# radius-local chris...
Page 237: Configuring Mac Address Authentication
Wireless Security Configuration Configuring MAC Address Authentication Configuring MAC Address Authentication MAC address authentication functions enable the access point to control which devices can associate with it. You can: ■ Configure the access point to authenticate client MAC addresses against a local Access Control List stored locally on the access point or stored remotely on a RADIUS server, Specify station MAC addresses in the local Access Control List as allowed...
Page 238: Mac Lockout And Client/Station Deauthentication
Wireless Security Configuration Configuring MAC Address Authentication Consider the following guidelines: ■ Use MAC address authentication for a small network with a limited number of users. You can manually configure MAC addresses on the access point itself without the need to set up a RADIUS server. The access point supports up to 200 MAC addresses in its filtering table, but managing a large number of MAC addresses across more than one access point quickly becomes very cumbersome.
Page 239: Web: Configuring Access Control List
Wireless Security Configuration Configuring MAC Address Authentication Web: Configuring Access Control List The Local MAC Authentication tab shown in Figure 7-9 enables you to create and maintain access control lists (ACLs) that can be directly applied to each WLAN for access control. You can modify these parameters: ■...
Page 240: Web: Configuring Mac Address Authentication
Wireless Security Configuration Configuring MAC Address Authentication To Add a MAC Address to an Access Control List: Select the ACL from the ACL List drop-down. Enter the MAC address in the MAC Entry field. Click [Add] to add the new address to the ACL address list. To Remove a MAC Address from an Access Control List: Select the ACL from the ACL List drop-down.
Page 241: Cli: Configuring Mac Address Authentication
Wireless Security Configuration Configuring MAC Address Authentication Figure 7-10. Configuring Built-In MAC Authentication To Configure Built-In MAC Authentication:. Select Network Setup > WLANs. Click [Edit] after the selected WLAN. The WLAN Configuration Security pop-up window opens. Select the Mac Authentication tab. To enable local or remote MAC authentication, select Enabled and choose Local or Remote.
Page 242 The address format is a 48-bit MAC address format, displayed as a string of 12 hexadecimal digits separated by periods. For example: FE:DC:BA:09:87:65. ProCurve Access Point 530# configure ProCurve Access Point 530(config)# mac-auth-local mylist mac 00:11:22:33:44:55 ProCurve Access Point 530(config)# mac-auth-local mylist mac...
Page 243 Configuring MAC Address Authentication Verifying that the list was set on the WLAN. The following example shows how to view the newly created list using the show wlan command. ProCurve Access Point 530(radio1-wlan1)# show wlan 1 WLAN #1 on Radio 1 Description...
Page 244: Web: Configuring Mac Lockout
The MAC Lockout tab shown in Figure 7-11 enables you to add devices with selected MAC addresses to a MAC Lockout list. The MAC Lockout list applies to all WLANs on all radios in the Access Point 530. You can modify these parameters: ■...
Page 245: Cli: Configuring Mac Lockout
MAC address from the MAC Lockout list using the no lockout-mac command. ProCurve Access Point 530# configure ProCurve Access Point 530(config)# no lockout-mac 00:14:C2:A5:09:8D ProCurve Access Point 530(config)# Displaying the MAC Lockout list. The following example shows how to display the current MAC Lockout list.
Page 246: Cli: Configuring Client/Station Deauthentication
Clearing the MAC Lockout list. The following example shows how to remove all MAC addresses from the current MAC Lockout list. ProCurve Access Point 530# configure ProCurve Access Point 530(config)# lockout-mac clear all 2 MAC addresses removed from lockout list ProCurve Access Point 530(config)# show lockout-mac No MAC addresses in lockout list.
Page 247: Configuring 802.1X Ap Authentication
Configuring 802.1X AP Authentication Configuring 802.1X AP Authentication The AP Authentication feature enables the AP 530 to authenticate itself to a standard RADIUS server using its own username and password, just as a client or station would. The Access Point 530 AP Authentication feature supports 802.1X port-access authentication when connecting to switches that support...
Page 248: Web: Configuring Ap Authentication
C a u t i o n When a VLAN with tagged management is used together with AP authentica- tion on the Access Point 530, do not configure the switch authenticator with an "auth-vid" or with a RADIUS assigned VLAN. Using either of these config- urations will place the switch authentication port in an untagged state that will take precedence over any statically defined VLAN tagging on the port.
Page 249: Cli: Configuring Ap Authentication
Enabling AP Authentication on the access point. The following exam- ple enables AP Authentication with username ‘AP2167’, password ‘21B83j0k’, and PEAP authentication. ProCurve Access Point 530# configure ProCurve Access Point 530(config) #ap-authentication AP2167 21B83j0k ProCurve Access Point 530(config)# ap-authentication eap- type peap...
Page 250 Configuring 802.1X AP Authentication Displaying the current AP Authentication status. Use the show system- information command to check the current AP Authentication status of the access point. ProCurve Access Point 530(config)# show ap-authentication AP Authentication Settings for the Access Point: Status: Enabled...
Page 251: Web Authentication For Mobile Users
Web Authentication for Mobile Users Web Authentication for Mobile Users With the ProCurve Access Point 530, you can permit mobile users to authen- ticate to your network by entering their login credentials on a Web page. Web authentication (Web-Auth) credentials are verified through a RADIUS server.
Page 252: Url Intercept
The user then opens a Web browser and attempts to access a valid URL that can be reached through the network. The AP-530 intercepts this request and redirects the user’s Web browser to the Web-Auth login page to initiate the authentication process.
Page 253 Failed Authentication. If the user enters an invalid username and pass- word, the RADIUS server denies access, and the AP-530 displays the Web- Auth Invalid Credentials, or Failed, page (figure 7-15). In this case, the user’s station remains in the unauthenticated Web-Auth state.
Page 254: Redirecting To The Destination Url
For authentication, you can specify both a primary RADIUS server and a secondary RADIUS server to ensure high availability; the local RADIUS server may also be used. Optional Encryption Users connecting thorough Web-Auth may associate with the AP-530’s VLAN interface using: ■ No security, Static WEP, or ■...
Page 255: The Web-Auth Address Pool
The Web-Auth Address Pool When a client using dynamic IP addressing first associates with the access point, the AP-530 assigns the client a temporary IP address from a pool of temporary addresses that is shared by all Web-Auth WLANs. The addresses are served by a limited-function address server used only for initializing Web- Auth connections.
Page 256: Default Text Values For Authentication Screens
Wireless Security Configuration Web Authentication for Mobile Users Title Text Header Text Descr. Text Footer Text Figure 7-16. Web-Auth Failed Authentication Default Text Values for Authentication Screens The default values for each of the three customizable authentication screens varies, depending on whether Web-Auth access is granted to: Only registered users ■...
Page 257: Welcome Screen Default Values
Wireless Security Configuration Web Authentication for Mobile Users Welcome Screen Default Values Table 7-6. Welcome Screen Default Values Registered User Only Guest User Only Registered & Guest User Title Text Authentication Success Success Authentication Success Header Text Authentication Success Success Authentication Success Footer Text You now have access to the...
Page 258: Configuration Summary
When using Web-Auth, users must disable any proxy server for their web browser. Configuration Summary Configuring the AP-530 to provide mobile clients with Web-Auth requires several steps: Configure the WLAN-SSID and VLAN ID (as described in Chapters 5 and Optionally, configure static WEP or WPA-PSK security (as described in “Establishing Security”...
Page 259: Cli: Configuring The Global Address Pool
Wireless Security Configuration Web Authentication for Mobile Users [Update]: Updates the Web-Auth address pool configuration. ■ Figure 7-17. Configuring the Global Address Pool To Configure the global Address Pool: Select Web Authentication > Address Pool tab. Enter the starting IP address in the Starting IP Address field. Enter the desired subnet mask in the Subnet Mask field.
Page 260: Web: Configuring Global Guest Account Settings
Configuring the global Address Pool on the access point. The follow- ing example configures a range of temporary IP addresses with 60 second leases. ProCurve Access Point 530(config)# web-auth starting-ip-address 192.168.0.1 255.255.240.0 ProCurve Access Point 530(config)# web-auth lease-time 60 show web-auth...
Page 261: Cli: Configuring Global Guest Account Settings
Configuring Guest user credentials on the access point. The following example configures global Guest user credentials that will be assigned to Web- Auth Guest users. ProCurve Access Point 530(config)# web-auth guest-username lbg_guest ProCurve Access Point 530(config)# web-auth guest-password lbg_password show web-auth...
Page 262: Web: Configuring Web-Auth On A Wlan
Wireless Security Configuration Web Authentication for Mobile Users Web: Configuring Web-Auth on a WLAN Prerequisites ■ Before enabling Web Authentication on a WLAN, the temporary address pool must be configured, as described in “Web: Configuring the Global Address Pool” on page 7-64. Before enabling the Guest Login option, you must define the Guest User ■...
Page 263 Wireless Security Configuration Web Authentication for Mobile Users Figure 7-19. Configuring Web Authentication on a WLAN To Configure Web Authentication: Select Network Setup > WLANs. Click [Edit] after the selected WLAN. The WLAN Configuration Security pop-up window opens. Select the Web Authentication tab. Click Web Authentication Enabled.
Page 264: Cli: Configuring Web-Auth On A Wlan
Wireless Security Configuration Web Authentication for Mobile Users Click [Update]. CLI: Configuring Web-Auth on a WLAN Prerequisites Before enabling Web Authentication on a WLAN, the temporary address ■ pool must be configured, as described in “CLI: Configuring the Global Address Pool” on page 7-65. ■...
Page 265 Web-Authentication on WLAN 1, with Guest access and Registered User access enabled. ProCurve Access Point 530(radio1-wlan1)# web-auth guest-login ProCurve Access Point 530(radio1-wlan1)# web-auth username-login ProCurve Access Point 530(radio1-wlan1)# web-auth retry-limit 3 ProCurve Access Point 530(radio1-wlan1)# web-auth redirect-url www.procurve.com show wlan 1 ProCurve Access Point 530(radio1-wlan1)#...
Page 266: Web: Customizing The Login, Welcome, And Failed Screens
Wireless Security Configuration Web Authentication for Mobile Users Web: Customizing the Login, Welcome, and Failed Screens The Web Authentication – WLAN Web Authentication screen, through the Login, Welcome, and Failed tabs, shown in Figure 7-20 allows customization of the text on the three primary screens that are displayed during the Web Authentication process.
Page 267 Wireless Security Configuration Web Authentication for Mobile Users Figure 7-20. Configuring Guest Account Credentials To customize the text on the Web-Auth Login screen: Select Network Setup > WLANs. Click [Edit] after the selected WLAN. The WLAN Configuration Security pop-up window opens. Select the Web Authentication tab.
Page 268: Cli: Customizing The Login, Welcome, And Failed Screens
Wireless Security Configuration Web Authentication for Mobile Users Follow the same procedure for the Welcome sub-tab and the Failed sub-tab, if desired. N o t e If any of the fields is not explicitly customized, then the default value of the field is used.
Page 269 Login screen. The same fields may be customized on the Welcome screen and the Failed screen as well, using their respective commands. ProCurve Access Point 530(radio1-wlan1)# web-auth custom-login-text title GS User Login ProCurve Access Point 530(radio1-wlan1)# web-auth custom-login-text header GS...
Page 270 Wireless Security Configuration Web Authentication for Mobile Users 7-76...
Page 271: Special Features
Special Features...
Page 272 Special Features Contents Overview ............8-3 QoS Commands .
Page 273: Overview
Special Features Overview Overview The Access Point 530 provides the Web interface and CLI methods for config- uring special features such as QoS, upgrading software, WDS, AP detection, and STP. This chapter describes how to: ■ Configure QoS parameters Maintain configuration and upgrade files ■...
Page 274: Qos Commands
Special Features QoS Commands QoS Commands QoS describes a range of technologies for controlling traffic on shared network connections. The IEEE 802.11e - 2005 standard defines a QoS stan- dard for transmission quality and availability of service on wireless networks. QoS is designed to provide better network service by minimizing network congestion;...
Page 275: Web: Configuring Qos Parameters
■ coordination of wireless medium access. The QoS settings on the Access Point 530 control downstream traffic flowing from the access point to the client station (AP EDCA parameters) and the upstream traffic flowing from the station to the access point (station EDCA parameters). Disabling WMM deactivates QoS control of station EDCA parameters on upstream traffic flowing from the station to the access point;...
Page 276 Special Features QoS Commands Figure 8-2. QoS Advanced Settings Screen The WMM Settings pop-up window, shown in Figure 8-2, enables you to modify the following queue QoS parameters: AP Enhanced Distributed Channel Access (EDCA) Parameters: ■ Affect traffic flowing from the access point to the client station. •...
Page 277 Special Features QoS Commands for the “cwMin” are 1, 3, 7, 15, 31, 63, 127, 255, 511, and 1024. The value for “cwMin” must be lower than the value for “cwMax”. (The default per queue: 3, 7, 15, 15.) • cwMax: Specifies the Maximum Contention Window QoS parameter.
Page 278: Cli: Configuring Qos Parameters
Special Features QoS Commands for the “cwMax” are 1, 3, 7, 15, 31, 63, 127, 255, 511, and 1024. The value for “cwMax” must be higher than the value for “cwMin”. (The default per queue: 7, 15, 1023, 1023.) • TXOP Limit: Specifies the Transmission Opportunity QoS parameter.
Page 279 Special Features QoS Commands ProCurve Access Point 530(radio1)#qos ap-params voice aifs ProCurve Access Point 530(radio1)# This example sets the quality of service cwMin and cwMax contention window parameters on the AP EDCA medium-priority queue. ProCurve Access Point 530(radio1)#qos ap-params video cwmin...
Page 280 This example sets the quality of service AIFS wait time parameter to 10 seconds on the Station EDCA high priority queue. ProCurve Access Point 530(radio1)#qos sta-params voice aifs ProCurve Access Point 530(radio1)# This example sets the quality of service cwMin and cwMax contention window parameters on the Standard EDCA high-priority queue.
Page 281 This example uses the show qos commands to display QoS details on the access point. ProCurve Access Point 530# configure ProCurve Access Point 530(config)# radio 1 ProCurve Access Point 530(radio1)# show qos ap-params ------------------------------------------------------------ Transmission Queue QoS Settings for the Access Point: Radio 1...
Page 282: Sflow
The sampling algorithm is designed to give a high certainty that the total traffic within a small margin of error. On the Access Point 530, data sources are the interfaces, and “n”, the packet- sampling rate, is configurable per-interface and per-sampling instance (up to three per interface).
Page 283: Counter Polling By The Sflow Agent
100, flow sampling only adds about 0.7 percent overhead. The Access Point 530 uses datagram version 5, and you can specify the size of the datagram when you configure sFlow. Counter Polling by the sFlow Agent In addition to sampling every “nth”...
Page 284 Special Features sFlow The sFlow collector reserves the instance by writing its owner string into that instance on the sFlow receiver table. The sFlow collector, or receiver, also configures a receiver timeout value for itself. The agent counts down the receiver timeout, and when the timeout falls low, the sFlow receiver renews the reservation.
Page 285: Wireless Distribution System (Wds) And Spanning Tree Protocol (Stp)
When implementing a WDS link, the recommended practice is to dedicate one of the two radios in the Access Point 530 to servicing the WDS link. It is not recommended that the same WDS radio be configured to support wireless stations, although it is possible to do so.
Page 286 Special Features Wireless Distribution System (WDS) and Spanning Tree Protocol (STP) At least one Access Point 530 must be connected to the network by means of a wired Ethernet connection. This Access Point 530 can then provide wireless WDS links for up to six other Access Point 530 units. In this configuration, the...
Page 287 Special Features Wireless Distribution System (WDS) and Spanning Tree Protocol (STP) The Access Point 530 can be used as a wireless bridge to connect two different wired subnetworks together. For example, you can connect wired networks in two buildings across the street from one another by attaching an Access Point 530 to each separate network and configuring with a WDS link between them.
Page 288 Special Features Wireless Distribution System (WDS) and Spanning Tree Protocol (STP) You can also configure the Access Point 530 to use WDS links in a multiple- hop configuration, as shown in Figure 8-5. In this configuration, the intermediate access point serves as a “repeater,” to bridge wireless traffic between an access point with an Ethernet connection and a more remote access point on the other side.
Page 289: Web: Configuring Wds Parameters
Special Features Wireless Distribution System (WDS) and Spanning Tree Protocol (STP) STP is supported with WDS to manage loops that might be formed in the network through configuration of multiple WDS links. Enabling STP is recom- mended whenever you configure WDS links, unless you are assured that network loops cannot occur in your WDS configuration.
Page 290 Special Features Wireless Distribution System (WDS) and Spanning Tree Protocol (STP) – Key Type: Establishes the type of the key as either ASCII or Hex. – Characters Required: Automatically populated based on the key length and key type. – WEP Key: Configures the WEP key for security. WDS WPA Security (see Figure 8-8) –...
Page 291 Special Features Wireless Distribution System (WDS) and Spanning Tree Protocol (STP) Figure 8-7. Configuring WDS Link Parameters with WEP Security To Configure WDS Link Parameters with WEP Security: Select Special Features > WDS tab. To enable a WDS link, choose Enabled for the specific link option. To set the radio to establish the WDS link, use the Radio drop-down.
Page 292 Special Features Wireless Distribution System (WDS) and Spanning Tree Protocol (STP) Figure 8-8. Configuring WDS Link Parameters with WPA Security To Configure WDS Link Parameters with WPA Security: Select Special Features > WDS tab. To enable a WDS link, click the Enabled button for the specific link. To set the radio to establish the WDS link, use the Radio drop-down.
Page 293: Cli: Configuring Wds Links
& show wds 9-162 Using the CLI to Enable WDS. This example enables the WDS link. ProCurve Access Point 530(config)# interface wds1 ProCurve Access Point 530(wds1)# enable Using the CLI to Set the WDS SSID. This command sets the WDS SSID string for this WDS link and establishes a preshared key.
Page 294 This example sets the WDS WEP key length when using static-wep security. The options are 64 and 128. ProCurve Access Point 530(wds1)# wep-key-length 64 ProCurve Access Point 530(wds1)# This example defines the wep-key used for data encryption on a WDS inter- face.
Page 295 Disabled no-security not assigned yet not set Disabled no-security ProCurve Access Point 530(wds1)# ProCurve Access Point 530(wds1)#show wds 1 WDS #1 Description WDSLINK Status Enabled Use Radio Local MAC 00:14:C2:A4:14:BO Remote MAC 00:0D:9D:C6:98:7E STP State...
Page 296: Web: Configuring Stp Parameters
Special Features Wireless Distribution System (WDS) and Spanning Tree Protocol (STP) Web: Configuring STP Parameters The WDS screen in the Web browser interface (see Figure 8-9) provides global configuration for the Spanning Tree Protocol (STP). To modify additional details specific to the STP, see “CLI: Establishing STP Settings”...
Page 297: Cli: Establishing Stp Settings
The “hello-time” range is 1–10, the “forward-delay” range is 4–30, and the bridge “priority” range is 0–65535. ProCurve Access Point 530# configure ProCurve Access Point 530(config)# stp hello-time 10 ProCurve Access Point 530(config)# stp forward-delay 10 ProCurve Access Point 530(config)# stp priority 255...
Page 298 Using the CLI to View WDS Parameters. These examples use the show interface ethernet command and the show wds x command to check the status of the STP state and configured parameters. ProCurve Access Point 530#show interface ethernet Ethernet interface: --------------------...
Page 299 N o t e Spanning Tree Protocol (STP) has detected a loop and the WDS 1 interface is being blocked by STP, as shown in the following example. ProCurve Access Point 530(wds1)#show wds 1 WDS #1 Description Wireless Distribution System - Link 1...
Page 300: Ap Detection Commands
Special Features AP Detection Commands AP Detection Commands You can configure the access point to periodically scan all radio channels and find other access points within range. Alternatively, the access point can scan continuously in a dedicated mode with no stations supported. A database of nearby access points is maintained where detected access points can be identified.
Page 301 Special Features AP Detection Commands The Settings tab, shown in Figure 8-11, enables you to modify the following parameters: ■ AP Detection Radio 1/Radio 2: Enables/disables ability per radio for the access point to scan radio channels to discover other access points. (The default is Disable.) Scan Interval: Sets the minimum amount of time that the access point ■...
Page 302 Special Features AP Detection Commands Figure 8-11. AP Detection - Settings Tab To Enable AP Detection Parameters: Select Special Features > AP Detection > Settings tab. To enable scanning, select Enable from the AP Detection drop-down for the radio you are configuring. To specify the beacon transmission interval, enter the interval value in the Scan Interval field.
Page 303: Cli: Configuring Ap Detection
ProCurve Access Point 530(radio1)#ap-detection ProCurve Access Point 530(radio1)#ap-detection duration 10 ProCurve Access Point 530(radio1)#ap-detection interval 15 Using the CLI to Set AP List Parameters. This example sets the time that a detected AP remains on the AP list, and sets the maximum number of AP entries displayed on the list.
Page 304 Special Features AP Detection Commands ProCurve Access Point 530(radio1)#ap-detection expire-time ProCurve Access Point 530(radio1)#ap-detection max-entries Using the CLI to View the AP Scan Results. This example displays the current AP detection results. ProCurve Access Point 530(radio1)#show detected-ap Neighboring APs: BSSID...
Page 305: Probe Table
Special Features Probe Table Probe Table The Access Point 530 supports the Rogue AP Detection feature in ProCurve Mobility Manager by making available, via SNMP, a table of PROBE requests from unassociated audible clients. Probe Table Description The first time a PROBE request is received from an unassociated audible...
Page 306: Identity Driven Management
■ ■ Rate Limiting IDM on the Access Point 530 can be accomplished using either 802.1X authen- tication or MAC authentication. The 802.1X authentication is more secure, while MAC authentication can be used with stations that don’t have 802.1X supplicant. Although it is possible to use MAC authentication along with 802.1X, there are known user and ACL assignment overrides that occur.
Page 307: Idm Acl
ProCurve (HP) Vendor-Specific ID: 11 • Vendor-Specific Attribute for ACLs: 61 (string = HP-IP-FILTER-RAW) • Setting: HP-IP-FILTER-RAW = < “permit” or “deny” (Access Control Entry (ACE)> N o t e “Permit” forwards inbound packets, “deny” drops packets. ACL configuration, including: ■...
Page 308 Special Features Identity Driven Management — This page is intentionally unused. — 8-38...
Page 309: Command Line Reference
Command Line Reference...
Page 310: Contents
Command Line Reference Contents Contents Overview ............9-8 General Commands .
Page 311 Command Line Reference Contents System Clock Commands ........9-35 sntp .
Page 312 Command Line Reference Contents RADIUS Accounting/Authentication ......9-65 radius-accounting ......... . 9-65 radius failover-to-local | retransmit .
Page 313 Command Line Reference Contents description ..........9-93 dns primary .
Page 314 Command Line Reference Contents show basic-rate ......... . . 9-122 show stations .
Page 315 Command Line Reference Contents management-vlan ......... 9-148 QoS Commands .
Page 316: Overview
Command Line Reference Overview Overview This chapter describes the commands provided by the Access Point 530 CLI. The CLI commands can be broken down into the functional groups shown below. Command Group Description Page General Initial commands for performing basic access point 9-10 tasks.
Page 317 Command Line Reference Overview The access mode shown in the following tables is indicated by these abbrevi- ations: • GC (Global Configuration), MC (Manager Executive Configuration), • • IC-E (Ethernet Interface Configuration), • IC-WDS(WDS Interface Configuration), • IC-R (Radio Wireless Interface Configuration), and •...
Page 318: General Commands
Command Line Reference General Commands General Commands These commands are used to configure the basic commands on the access point. Command Function Mode Page configure Set the current context level to the Global 9-10 Configuration level. copy See “Flash/File Commands” on page 9-50 9-51 Sets the current context level to the Manager 9-11...
Page 319: End
Default Setting Command Mode Manager Exec Example ProCurve Access Point 530# configure ProCurve Access Point 530(config) This command sets the current context level to the Manager Exec level. Syntax Default Setting Command Mode...
Page 320: Logout
This example shows how to return to the previous command levels starting from the Interface Configuration mode and finally logging out of the CLI session: ProCurve Access Point 530(ethernet)# exit ProCurve Access Point 530(config)# exit ProCurve Access Point 530# exit Connection to host lost.
Page 321: Ping
Destination unreachable - The gateway for this destination indi- cates that the destination is unreachable. – Network or host unreachable - The gateway found no corre- sponding entry in the route table. Example ProCurve Access Point 530# ping 10.1.0.9 10.1.0.9 is alive ProCurve Access Point 530# 9-13...
Page 322: Reload
Manager Exec Example This example shows how to perform a warm reboot of the system: ProCurve Access Point 530# reload Device will be rebooted, do you want to continue [y/n]?y Do you want to save the current configuration [y/n]?n Connection to host lost.
Page 323 Command Line Reference General Commands • custom-default -Shows custom default configuration file of device. See “show custom-default” on page 9-58. debug - Shows debug-related information on this device. See • “show debug” on page 9-33. • detected-ap - Shows detected neighboring wireless network details. “show detected-ap”...
Page 324: Terminal
– <61-1920> - Number of characters on a screen line. Default Setting Command Mode Manager Exec Example ProCurve Access Point 530# terminal length 1000 ProCurve Access Point 530# ProCurve Access Point 530# terminal width 1900 ProCurve Access Point 530# 9-16...
Page 325: System Management Commands
Command Line Reference System Management Commands System Management Commands These commands are used to configure the user name, password, system details, and a variety of other system information. Command Function Mode Page country Set the country code for the access point. 9-18 ...
Page 326: Country
Command Line Reference System Management Commands country This command configures the access point’s Country Code, which identifies the country of operation and sets the correct authorized radio channels. Syntax country • country_code - A two character code that identifies the country of operation.
Page 327 Command Line Reference System Management Commands Country Code Country Code Country Code Country Code Bermuda Hong Kong Mozambique Tajikstan Bolivia Hungary Myanmar Thailand Bosnia and Iceland Nambia Trinidad and Tobago TT Herzegovina Botswana India Netherlands Tunisia Brazil Indonesia New Zealand Turkey Brunei Darussalam Iran, Islamic Repubic...
Page 328: Hostname
Appendix A, “Resets the configuration back to factory defaults.” on page A-17. Example ProCurve Access Point 530# country gb ProCurve Access Point 530# hostname This command sets the system hostname. Syntax hostname ...
Page 329: Domain
Default Setting None Command Mode Global Configuration Example ProCurve Access Point 530# configure ProCurve Access Point 530(config)# domain example.com password manager This command sets the password for entering the Manager Exec level. Syntax password manager • password - A text string to establish security for entry into the Manager Exec level.
Page 330: Buttons
System Management Commands Example ProCurve Access Point 530# configure ProCurve Access Point 530(config)# password manager admin buttons This command enables the ability to clear the password(s) and/or configura- tion(s) via the buttons on the device. The no command disables this ability.
Page 331: Cli-Confirmation
System Management Commands This example shows how to disable all the push button capabilities. ProCurve Access Point 530# configure ProCurve Access Point 530(config)# no buttons custom-reset ProCurve Access Point 530(config)# no buttons factory-reset ProCurve Access Point 530(config)# no buttons password-reset...
Page 332: Telnet
Default Setting Enabled Command Mode Global Configuration Example ProCurve Access Point 530# configure ProCurve Access Point 530(config)# console ProCurve Access Point 530(config)# telnet This command enables remote Telnet access. The no version disables remote Telnet access to this device.
Page 333: Ssh
Command Line Reference System Management Commands Example ProCurve Access Point 530# configure ProCurve Access Point 530(config)# telnet ProCurve Access Point 530(config)# This command enables the remote ssh access to this device. The no version disables the remote ssh access to this device.
Page 334: Show Buttons
Default Setting Enabled Command Mode Global Configuration Example ProCurve Access Point 530# configure ProCurve Access Point 530(config)# web-management ssl ProCurve Access Point 530(config)# show buttons This command displays the status of the push button capabilities. Syntax show buttons Default Setting...
Page 335: Show Console
This command displays the status of the console. Syntax show console Default Setting Command Mode Manager Exec General Configuration Context Example ProCurve Access Point 530(config)# show console CLI Access: Serial Interface Enabled Telnet Interface Enabled SSH Interface Enabled CLI Confirmation Dialogs...
Page 336: Show System-Information
Command Line Reference System Management Commands Example ProCurve Access Point 530(config)# show ssh SSH Status Enabled ProCurve Access Point 530(config)# show system-information This command shows information about the device and the hostname/DNS information. This command is the same as the show system command.
Page 337 Command Line Reference System Management Commands Example ProCurve Access Point 530# show system-information Serial Number TW547VV07X System Name ProCurve-AP-530 System Up Time 2 days 23 hours 35 mins 18 secs System Location not set System Country Code Software Version WA.01.00...
Page 338: Show Version
This command displays the version of the software running on the device. Syntax show version Default Setting Command Mode Manager Exec Global Configuration Example ProCurve Access Point 530# show version Image Software Version WA.02.00.0412 Boot Software Version WAB.01.00 ProCurve Access Point 530# 9-30...
Page 339: System Logging Commands
Command Line Reference System Logging Commands System Logging Commands These commands are used to configure system logging on the access point. Command Function Mode Page Displays all log entries in access point memory. 9-31 [no] logging Adds a syslog server host IP address and assign a port 9-32 ...
Page 340: Logging
Command Line Reference System Logging Commands Example ProCurve Access Point 530# log Keys: M=eMergency C=Critical W=Warning I=Information A=Alert E=Error N=Notice D=Debug ----- Event Log Listing: Most Recent Events First ---- I 01/03/00 03:57:15 login[29765]: root login on `ttyp0' I 01/03/00 02:28:56 login[24466]: root login...
Page 341: Show Debug
The following examples show how to relay log entries to a syslog host on port 514 at IP address 10.1.0.3. Example ProCurve Access Point 530# configure ProCurve Access Point 530(config)# logging 10.1.0.3 514 ProCurve Access Point 530(config)# Related Commands show logging (page 9-33) show debug This command displays debug related details on this device.
Page 342: Show Logging
Command Line Reference System Logging Commands show logging Default Setting Command Mode Manager Exec Example ProCurve Access Point 530# show logging Keys: M=eMergency C=Critical W=Warning I=Information A=Alert E=Error N=Notice D=Debug ----- Event Log Listing: Most Recent Events First ---- I 01/03/00 03:57:15 login[29765]: root login...
Page 343: System Clock Commands
The access point will poll the time servers in the order specified until a response is received. Example ProCurve Access Point 530# configure ProCurve Access Point 530(config)# sntp 10.1.0.19 9-35...
Page 344: Show Sntp
This command displays the current time and configuration settings for the SNTP client. Syntax show sntp Default Setting Command Mode Manager Exec Example ProCurve Access Point 530# show sntp SNTP Status Enabled SNTP Server 10.1.0.19 ProCurve Access Point 530# show time This command displays the current date and time.
Page 345: Network Management Application Commands
Command Line Reference Network Management Application Commands Network Management Application Commands These commands are used to configure Simple Network Management Protocol (SNMP) and Link Layer Discovery Protocol which defines standards for facilities network management.. Command Function Mode Page SNMP [no] snmp-server community Sets up the private community access 9-38 ...
Page 346: Snmp-Server Community Restricted | Unrestricted
Restricted community with a public access default. Command Mode Global Configuration Example ProCurve Access Point 530# configure ProCurve Access Point 530(config)# no snmp-server community restricted ProCurve Access Point 530(config)# no snmp-server community unrestricted ProCurve Access Point 530(config)# 9-38...
Page 347: Snmp-Server Contact
This command specifies the SNMP contact name. Use the no form to remove the specified contact name. Syntax snmp-server contact no snmp-server contact • contact - Name of the contact. Default Setting Command Mode Global Configuration Example ProCurve Access Point 530(config)# snmp-server contact J Wilson ProCurve Access Point 530(config) 9-39...
Page 348: Snmp-Server Host
Community String: public Command Mode Global Configuration Command Usage The snmp-server host command is used in conjunction with the snmp-server enable server command to enable SNMP notifications. Example ProCurve Access Point 530(config)# snmp-server host 10.1.0.15 public ProCurve Access Point 530(config) 9-40...
Page 349: Snmp-Server Location
This command specifies the SNMP location description. Use the no form to remove the specified location description. Syntax snmp-server location no snmp-server location • location - Name of the contact. Default Setting Command Mode Global Configuration Example ProCurve Access Point 530(config)# snmp-server location BHall6 ProCurve Access Point 530(config) 9-41...
Page 350: Snmp-Server Port
- The number specifying the port to which the SNMP server will listen. This must be an unused port on the AP. Default Setting Command Mode Global Configuration Example ProCurve Access Point 530# configure ProCurve Access Point 530(config)# snmp-server port 161 ProCurve Access Point 530(config)# 9-42...
Page 351: Snmp-Server Trap
Network Management Application Commands snmp-server trap This command enables and disables selected SNMP traps on the access point. Syntax [no] snmp-server trap • trap - One of the SNMP traps supported by the AP-530: adHocNetworkDetected apDetectionUpdate apInterfaceUpdate buttonUpdate clientAssociation clientAuthentication...
Page 352 Command Line Reference Network Management Application Commands Example ProCurve Access Point 530# configure ProCurve Access Point 530(config)# snmp-server trap radiusAcctUpdate ProCurve Access Point 530(config)# 9-44...
Page 353: Show Snmp-Server
SNMP server on this device. Syntax show snmp-server Default Setting None Command Mode Manger Exec Example ProCurve Access Point 530# configure ProCurve Access Point 530(config)# show snmp-server SNMP Server Settings --------------------------------------------------------------------------- SNMP Status Enabled SNMP Port Community (ro) public Community (rw)
Page 354: Snmpv3 Enable
[no] snmpv3 enable Default Setting Disabled Command Mode Global Configuration Example ProCurve Access Point 530# config ProCurve Access Point 530(config)# snmpv3 enable ProCurve Access Point 530(config)# show snmpv3 SNMPv3: Enabled SNMP engine ID: 00:00:00:0b:00:00:00:14:c2:a5:6a:b3 SNMPv3 user accounts: Username Auth. Protocol...
Page 355: Snmpv3 User-Name
Default Setting None. Command Mode Global Configuration Example ProCurve Access Point 530# config ProCurve Access Point 530(config)# snmpv3 user-name ltulina auth md5 12345678 priv aes 87654321 ProCurve Access Point 530(config)# Related Commands snmpv3 enable (page 9-46) show snmpv3 (page 9-47) show snmpv3 This command displays the current SNMPv3 settings on the access point.
Page 356: Lldp
Command Line Reference Network Management Application Commands show snmpv3 Default Setting Disabled Command Mode Manager Exec Example ProCurve Access Point 530# show snmpv3 SNMPv3: Enabled SNMP engine ID: 00:00:00:0b:00:00:00:14:c2:a5:09:8c SNMPv3 user accounts: Username Auth. Protocol Privacy Protocol ---------------------------------------------- ltulina afanto...
Page 357: Show Lldp
This command displays the status of the Link Layer Discovery Protocol (LLDP) service on the device. Syntax show lldp Default Command Mode Global Configuration Example ProCurve Access Point 530# configure ProCurve Access Point 530(config)# show lldp LLDP Status Enabled ProCurve Access Point 530(config)# 9-49...
Page 358: Flash/File Commands
Command Line Reference Flash/File Commands Flash/File Commands These commands are used to manage the system software or configuration files. Command Function Mode Page copy ...
Page 359: Copy
Manager Exec Example. ProCurve Access Point 530# copy startup-config tftp 192.168.1.52 copystart ProCurve Access Point 530# copy ftp flash 192.168.1.52 WA.01.00.img user-name Chris password chrispass ProCurve Access Point 530# copy custom-default startup-config This command sets the startup configuration file to contain the same settings as the customer-modifiable configuration on the device and reloads the device.
Page 360: Copy Startup-Config
Manager Exec Example In this example, the copy custom-default startup-config command resets the startup configuration to the same setting as the custom-default configuration. ProCurve Access Point 530# copy custom-default startup- config ProCurve Access Point 530# Related Commands erase (page 9-54)
Page 361: Copy Factory-Default
Command Line Reference Flash/File Commands Command Mode Manager Exec Example. ProCurve Access Point 530# copy startup-config ftp 192.168.1.52 copystart user-name chris password open ProCurve Access Point 530# copy startup-config tftp 192.168.1.52 copystart copy factory-default This command resets configuration file to the factory-default configuration...
Page 362: Erase
• modifiable default configuration file. Default Setting Command Mode Manager Exec Example ProCurve Access Point 530# copy running-default startup- config ProCurve Access Point 530# Related Commands write (page 9-55 erase This command resets the specified configuration file stored on the device.
Page 363: Write
Default Setting Command Mode Manager Exec Example This example shows how to reset the startup configuration to the defaults.: ProCurve Access Point 530# erase startup-config ProCurve Access Point 530# Related Commands copy custom-default startup-config (page 9-51) write This command views or saves the running configuration of the device.
Page 364: Show Config
Flash/File Commands show config This command displays the startup configuration on the device. Syntax show config Default Setting Command Mode Manager Exec Example ProCurve Access Point 530# show config wds down no-security 104 wlan1 WDS SSID 2...
Page 365: Show Copy
Syntax show copy Default Setting Command Mode Manager Exec Global Configuration Example ProCurve Access Point 530# show copy ------------------------------------------------------------ Copy Operation Status (FTP/SCP/TFTP) Last software image (flash) copy result: not initiated Last configuration file copy result: not initiated ProCurve Access Point 530#...
Page 366: Show Custom-Default
Command Line Reference Flash/File Commands Example ProCurve Access Point 530# show tech ------------------------------------------------------------ Description Radio 1 - WLAN 10 Status Disabled SSID SSID 10 VLAN None BSSID not assigned yet DTIM Period Security Type no-security (No Sec.) Closed System Disabled...
Page 367 Command Line Reference Flash/File Commands Example ProCurve Access Point 530# show custom-default Version: 1 Length: 98936 MD5sum: 87a35d67230ec78a4a33d37abbf2bec0 wds down wpa-psk 104 wlan1 WDS SSID 2 no ascii Wireless Distribution System - Link 2...
Page 368: Show Running-Config
This command displays the running configuration file in a readable text format. Syntax show running-config Default Setting Command Mode Manager Exec Example ProCurve Access Point 530# show running-config wds down no-security 104 wlan1 WDS SSID 2...
Page 369: Group Configuration
Command Line Reference Group Configuration Group Configuration Use the following commands to configure a group of access points whose parameters are synchronized whenever one member of the group is updated. Only parameters in the Group Configuration Parameter Block are synchro- nized Command Function...
Page 370: Group-Config Name
Global Configuration Example: The following example specifies that the access point will belong to group "WHBldg22". ProCurve Access Point 530# configure ProCurve Access Point 530(config)# group-config name WHBldg22 write memory ProCurve Access Point 530(config)# ProCurve Access Point 530(config)# group-config member-id The command sets an optional string that identifies the access point within the group.
Page 371: Show Group-Config
Global Configuration Example: The following example identifies the access point in the member list as "AP1". ProCurve Access Point 530# configure ProCurve Access Point 530(config)# group-config member-id AP1 ProCurve Access Point 530(config)# write memory ProCurve Access Point 530(config)# show group-config The command displays the current group configuration settings for the access point.
Page 372 Command Line Reference Group Configuration Example:. ProCurve Access Point 530# show group-config Status: Enabled Group name: WHBldg22 Member ID: ------------------------------- 00:14:C2:A5:09:8C 10.0.1.101 00:14:C2:A5:6A:B3 10.0.1.102 ProCurve Access Point 530# 9-64...
Page 373: Radius Accounting/Authentication
Command Line Reference RADIUS Accounting/Authentication RADIUS Accounting/Authentication The access point provides configuration for RADIUS Accounting servers and Radius Authentication which can be used to provide valuable information on user activity in the network. Command Function Mode Page [no] radius-accounting
Page 374: Radius Failover-To-Local | Retransmit
Disabled Command Mode WLAN Radio Interface Configuration Example ProCurve Access Point 530# configure ProCurve Access Point 530(config)# radio 1 ProCurve Access Point 530(radio1)# wlan 1 ProCurve Access Point 530(radio1-wlan1)# radius-accounting primary ip 192.168.1.52 ProCurve Access Point 530(radio1-wlan1)# radius-accounting port 161...
Page 375: Radius Primary | Secondary
Command Line Reference RADIUS Accounting/Authentication Example ProCurve Access Point 530# configure ProCurve Access Point 530(config)# radio1 ProCurve Access Point 530(radio1)# wlan 1 ProCurve Access Point 530(radio1-wlan1)# radius failover-to- local ProCurve Access Point 530(radio1-wlan1)# radius retransmit radius primary | secondary This command configures RADIUS configures primary and secondary param- eters for this WLAN.
Page 376 Example ProCurve Access Point 530# configure ProCurve Access Point 530(config)# radio 1 ProCurve Access Point 530(radio1)# wlan 1 ProCurve Access Point 530(radio1-wlan1)# radius primary key open ProCurve Access Point 530(radio1-wlan1)# radius primary ip 192.168.1.53 ProCurve Access Point 530(radio1-wlan1)# radius primary mac-...
Page 377: Radius Users
Command Line Reference RADIUS Users RADIUS Users The access point provides configuration to add local RADIUS user information in the network. Command Function Mode Page [no] radius-local Configure a new radius-local user account 9-69 [disabled] | or modify a user account. [password ] | realname ] show radius-local...
Page 378: Show Radius-Local
The following example first sets the radius-local username to "chris" and subsequently sets the password for the chris user account to "chrisopen". ProCurve Access Point 530# configure ProCurve Access Point 530(config)# radius-local chris ProCurve Access Point 530(config)# radius-local chris password chrisopen ProCurve Access Point 530(config)# This example sets the real name of the chris user account to chris smith.
Page 379 Command Line Reference RADIUS Users Example ProCurve Access Point 530# configure ProCurve Access Point 530(config)# show radius-local Username Real Name Status ---------- ---------- ---------- MSmith Mr Smith Enabled Chris CSmith Enabled ProCurve Access Point 530(config)# 9-71...
Page 380: Mac Address Authentication
Command Line Reference MAC Address Authentication MAC Address Authentication Use these commands to define MAC authentication on the access point. For local MAC authentication, first create the MAC authorization lists, enter the MAC addresses to be filtered and then define the default filtering policy using the address filter default command.
Page 381: Mac-Auth-Remote
Default None Command Mode WLAN Interface Configuration Example ProCurve Access Point 530# configure ProCurve Access Point 530(config)# radio 1 ProCurve Access Point 530(radio1)# wlan 1 ProCurve Access Point 530(radio1-wlan1)# mac-auth-local Bob accept-list ProCurve Access Point 530(radio1-wlan1)# mac-auth-remote This command enables remote MAC address authentication by using the RADIUS authentication server settings on this WLAN.
Page 382: Show Mac-Auth-Local
• name - Displays only MAC address entries for the specified list. Default Command Mode WLAN Radio Interface Configuration Example ProCurve Access Point 530# show mac-auth-local mylist MAC address entries for authentication control list "mylist": MAC Addresses ---------------------------------------------------------------------- 00:11:22:33:44:55 00:aa:bb:cc:dd:ee...
Page 383: Mac Lockout
MAC address entry from the MAC Lockout list. Valid format is 00:00:00:00:00:00 - FF:FF:FF:FF:FF:FF. Default None Command Mode Global Configuration Example ProCurve Access Point 530# configure ProCurve Access Point 530(config)# lockout-mac 00:14:C2:A5:09:8D ProCurve Access Point 530(config)# 9-75...
Page 384: Show Lockout-Mac
Syntax show lockout-mac Default None Command Mode Manager Exec Example ProCurve Access Point 530# show lockout-mac Locked out addresses 00:14:C2:A5:09:8D 0A:16:D2:5A:23:78 Number of locked out MAC addresses = 2 ProCurve Access Point 530# lockout-mac clear This command adds or removes entries in the MAC Lockout list on the device.
Page 385 Command Line Reference MAC Lockout Example ProCurve Access Point 530# configure ProCurve Access Point 530(config)# lockout-mac clear all 2 MAC addresses removed from lockout list ProCurve Access Point 530(config)# show lockout-mac No MAC addresses in lockout list. ProCurve Access Point 530(config)#...
Page 386: Client/Station Deauthentication
This command deauthenticates a device from the access point. Syntax deauth-mac • mac address - Specifies the MAC Address to deauthenticate. Valid format is 00:00:00:00:00:00 - FF:FF:FF:FF:FF:FF. Default None Command Mode Global Configuration Example ProCurve Access Point 530# deauth-mac 00:d0:59:c8:62:dd ProCurve Access Point 530# 9-78...
Page 387: Web Authentication Commands
Command Line Reference Web Authentication Commands Web Authentication Commands The commands described in this section are used to enable and configure Web Authentication (Web-Auth) in the Access Point 530. Command Function Mode Page Global [no] web-auth Enables 802.1X authentication IC-R-...
Page 388: Web-Auth (Global Address Pool)
Command Line Reference Web Authentication Commands Command Function Mode Page [no] web-auth default-login-page Enables or disables the default IC-R- 9-83 field values for the Login screen. WLAN title- web-auth custom-login-text [title < Specifies the custom text field IC-R- 9-83 text header-text >] | [header <...
Page 389: Web-Auth (Global Guest User)
Command Line Reference Web Authentication Commands Example ProCurve Access Point 530(config)# web-auth starting-ip- address 192.168.0.1 255.255.240.0 ProCurve Access Point 530(config)# web-auth lease-time 60 show web-auth ProCurve Access Point 530(config)# Temporary Address Pool Start 192.168.0.1 Subnet 255.255.240.0 Lease time (secs.) Guest Username...
Page 390: Web-Auth (Wlan Configuration)
Command Line Reference Web Authentication Commands web-auth (WLAN Configuration) These commands configure the Web-Auth settings for the selected WLAN. The no version of a command clears the field value. Syntax [no] web-auth [no] web-auth guest-login [no] web-auth username-login [no] web-auth redirect-url web-auth retry-limit ...
Page 391: Web-Auth (Wlan Screen Customization)
Web Authentication Commands Example ProCurve Access Point 530(radio1-wlan1)# web-auth guest-login ProCurve Access Point 530(radio1-wlan1)# web-auth username-login ProCurve Access Point 530(radio1-wlan1)# web-auth retry-limit 3 ProCurve Access Point 530(radio1-wlan1)# web-auth redirect-url www.procurve.com show wlan 1 ProCurve Access Point 530(radio1-wlan1)# WLAN # 1 on Radio 1...
Page 392 Syntax [no] web-auth default-login-page web-auth custom-login-text [title ] | [header ] | [footer
Sitemap Brand | Sitemap Product

HP 530 Management Manual

Table of Contents

3 Using the Command Line Interface (Cli)

4 Using the Procurve Web Browser Interface

5 General System Configuration

6 Wireless Interface Configuration

7 Wireless Security Configuration

8 Special Features

9 Command Line Reference

Quick Links

Chapters

Related Manuals for HP 530

Summary of Contents for HP 530