Manuals - NetShop AS
Contents
1. 86 d 86 l7 V 86 PMC RNC PRETI 86 PSS CHO MON RITE E E E D OT T 86 lineo C T um 86 PONOT eter orate oo menm 87 EE reg espe te pe eg E E EE E E E E E 87 Configuring SNMP notifications for events hh hene en nnne nennen nnns 87 7 Working with VLANS cccccccccceeceeseeeeeseeceeseeeeeeeeeeeseeeeeeeeeaeeeeeaeeeeeneeeegan 89 Defining a VLAN on 8 OR access acessenat sarc catensauted soaa enesacemnesaiaaaecaacsanenshinantaaceenensnteuneceactenntationn 89 Defining an egress VLAN for GV SC ui sete tUr EE RpPU NIE o Rat ERLEUERRR ARR EPRPPS TIN REFUREUEE ULP ME Era N 90 Configuring a default VLAN cccccccccccesseeecceeeeeeseeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeseeeeeeseeeeseeeeeeeeeeeanees 90 Assigning VLANs to individual users sessssssssssssssseseeeeeeene enne nnne nnne ns 9 NUTS lo rro GIN REPE RE 91 4 Contents 8 Authentication services ccsssee RI eR IR ee ee esiste esse eese nns 92 Using a third party RADIUS server nee e hene tnn nenne nnne ns 92 Configuring a RADIUS server profile nnne nnne 92 Authenticating manager logins using a third party RADIUS server sseee 94 Configuring user accounts on a RADIUS server ssssssssssssssseeeen mener 95 Configuring administrative accounts on a RADIU2. 68 Egress dpi M 72 Wireless security filters cccccccccssseccceeueeccceceaeeeeeeeeaseeeeeeeueeeeceeeaeeecessuaesecsesuaeeeeeesaaeseeeees 72 Wireless DIOIGEIIGUese metes RAPINIS EMERGED e Meum IM lax HEP 74 Protected Management Frames 802 11 W ccccccccccesseeceeeesseeeeeeeeseeeeeeeeseeeeeeeeseeeeeeessaaeeeeees 76 MACG based austheliic dall ajseesectcean anececessanstenasenscaagnesceaseusteecerehectecet aasneneeneraaeectaesens taro 77 LOCION Wy Ge cite pene escent naan EO E EE E E EE E E MAC GE C 78 BPP TN scapes TUTUP 78 voc dala Tou ee en a an ee a eee ee E PI 79 vilem pelle igre ela MT IP TC IIO ne D T 79 AP deployed with a controller esssssssssssssssssessene meme nnne nene 79 UIE Ol SS yA CS RITIRO E TR E 80 PHort v MEGAMI SMS seriar E EEE EAM CNN haces EREEREER oUm 8 Re oR 0 0 ere nee MEM E nee eee een eee 82 Upstream DiffServ tagging sssssssssssssssssseseeeeeeee mene e nnne nn enhn nene nnn nnne nnn nns 82 Upstream downstream traffic marking eese nehmen rennen nnns 83 3 a eh yarna II TIN 85 Ie evenis DY NR EE uu 85 DO IU 85 cm 85 j eee esa 86 pru
3. essseeeeene 127 B Resetting to factory Cetaults ccceccccsseccceseeececeeeceeueeeeeseeeeeeueeeeeeaeeeeans 128 Read this before resetting to factory defaults 128 Resetting to factory defaults slsssssssssssssssssssssseeeneneeneee enhn neeeen enn enn SESE innen 128 Using the reset UI Olt NER ET 128 Contents 5 Using the management io ro PRI EE T S Disabling the reset button on an AP sssssssssssssssssseeneeeeen nenne hene hne nnn annees 130 C Connecting external antennas eessssssssssssseeeeeeee eene nennen 131 laie e Ure o AE TETTE 131 802 11n MIMO antennas for the MSM466 and MSMMA66 R issssssss 131 802 11a b g antennas for NIN A INTE T EET TT 131 132 Radio powerlevel setting example 6 Contents 1 Introduction This guide describes how to configure and manage these access points operating in autonomous mode MSM410 MSM422 MSM430 MSM460 MSM466 MSM466 R and HP 560 For instructions on working with these APs when operating in controlled mode see the MSM7xx Controllers Configuration Guide NOTE The following APs do not support autonomous mode MSM310 MSM310 R MSM320 MSM320 R MSM325 HP 317 and HP 425 New in release 6 5 0 x Information on what is new and changed in release 6 5 0 x is located as follows New AP This release adds support for the HP 560 a See the installation guide for the HP 560 dual band 802 11a b g n ac access point
4. Scan ratio 0 5 9o Dwell time 20 i ms Scanning mode Passive Bands to scan All bands Channels to scan All channels Neighbor detection a 5477 s time Radio configuration parameters This section provides definitions for all configuration parameters that are present on all products Regulatory domain Indicates the geographical region in which the AP is operating To set the regulatory domain see Country page 13 Radio configuration 37 Operating mode Select the operating mode for the radio Available options are e Access point and Local mesh Standard operating mode provides support for all wireless functions The total available bandwidth on the radio is shared between all local mesh links and wireless users This can result in reduced throughput if lots of traffic is being sent by both wireless users and the local mesh links You can use the QoS feature to prioritize traffic e Access point only Only provides AP functionality local mesh links cannot be created e Local mesh only Only provides local mesh functionality Wireless client stations cannot connect e Monitor Disables AP and local mesh functions Use this option for continuous scanning across all channels in all wireless modes See the results of the scans by selecting Wireless gt Neighborhood This mode also enables 802 11 traffic to be traced using the Tools gt Network trace feature e Sensor Enables RF sensor functionality on th
5. Amount of time that will be taken to discover the best available master node The goal of this setting is to delay discovery until all the nodes in the surrounding area have had time to startup making the identification of the best master more accurate If this period is too short a slave may connect to the first master it finds not necessarily the best Update mesh ID from server Master nodes When this option is enabled every time the node restarts it retrieves the configuration file defined under Scheduled operations on the Maintenance gt Config file management page It the retrieved configuration file is different from the current configuration the node loads the retrieved configuration Promiscuous mode Alternate master or slave nodes Allows a node to connect to a different mesh when it cannot find a master or alternate master with its currently configured mesh ID within the specified amount of time Once a new master or alternate master is found the following actions are triggered e The node firmware is updated using the settings configured under Scheduled operations on the Maintenance Firmware page e The node configuration is updated using the settings configured under Scheduled operations on the Maintenance Config file management page This changes the node mesh ID to the one found in the configuration file If no configuration file is defined the node updates its mesh ID to match the new master or alternate mast
6. Config file management Backup the current configuration file Load a configuration file Config file Password Reset configuration Reset the configuration to factory default NOTE The current operational mode will be kept Operation Backup Day of week Everyday Time of day 00 00 Momm URL To reset the AP to factory defaults and FORCE it back into its default controlled mode follow this procedure l Select Maintenance System 2 Under Factory reset select Reset to Factory Default Save system information Download system information for troubleshooting purposes Download Restart Restart the MSM422 Factory reset Reset the MSM422 to its factory defaults IMPORTAAT All configuration settings will be erased and the M5M422 will restart in its factory default operational mode Resetto Factory Default Switch operational mode Switch the MSM422 to controlled mode IMPORTAAT All configuration settings will be reset to their factory defaults Switch to Controlled Mode Provision for controlled mode operation Provision the MSM422 controlled mode settings Provision Resetting to factory defaults 129 Disabling the reset button on an AP In certain cases it may be useful to disable the functionality of the reset button on an AP as follows l Select Management gt Hardware Reset button 9 Enabled Disabled S
7. page 47 Beacon interval page 47 Multicast Tx rate page 47 Transmit power control page 48 Certain parameters are not supported on all radios Refer to the parameter descriptions that follow for details Wireless mode Supported wireless modes are determined by the regulations of the country in which the AP is operating and are controlled by the country setting on the AP To configure the country setting see Country page 13 802 llac n a 5 GHz Supported on Radio 1 on HP 560 Data rates For 802 l1ac clients Up to 1300 Mbps For 802 11n clients Up to 450 Mbps For 802 lla clients Up to 54 Mbps Radio configuration 39 When operating in this mode the AP allows 802 l1ac 802 11 n and 802 1la clients to associate The AP will dynamically adjust channel width and data rates to individually accommodate the capabilities of each associated wireless client 802 11 n a 5 GHz Supported on MSM410 MSM466 MSM466 R Radio 1 on MSM422 MSM430 MSM460 and HP 560 not supported in Monitor mode on the HP 560 Data rates For 802 11n clients Up to 450 Mbps on the MSM466 MSM466 R MSM460 and up to 300 Mbps on the MSM410 MSM422 and MSM430 For 802 lla clients Up to 54 Mbps When operating in this mode the AP allows both 802 11 n and legacy 802 1la clients to associate The AP advertises protection in the beacon when legacy clients are associated or operating on the same channel
8. SNMP agent configuration Attributes System name serial_number Location Contact Engine ID 80 00 22 28 03 78 E3 B5 8E 70 20 Port 161 UDP SNMP protocol version 1 version 2c version 3 Notifications Configure Notifications v1 v2c communities Community name eeecce Read only name eeeeee I Confirm community name eeeeee Confirm read only name eeeeee v3 users Username Security Access level readonly MDS DES read only readwrite MDS DES read write Add New User Notification receivers Host UDP port Version Community Username No notifications receivers are defined Add New Receiver 2 Select the SNMP agent configuration checkbox 3 Under Attributes select the Notifications checkbox 4 Select Configure Notifications The SNMP notification configuration page opens Button 87 88 ps Events SNMP notification configuration 7 Event notifications 4 J 802 1x C No response from RADIUS Bad EAP ID L1 EAP failure frame EAP Logoff O No response to request id packet Unexpected EAP frame C Unknown EAP frame received L No PMKID in association request PMKID accepted PMKID rejected PMKID unavailable C RADIUS reject C RADIUS timeout C RADIUS unknown C Secure client rejected F1 oA nr ic rannan Timm ih gt w ji in Enable Event notifications and select
9. 56 Wireless configuration Three spatial streams Data rates in Mbps Nss 3 Channel width Guard interval 20 M 800 20 ied 400 40 Med 800 40 ME 400 80 id 800 80 MHz 400 ns 10095 5 45 5 Oww 7 88 8 vss m 34s 45 wa Ww 08 m 3e w 99 Xm e gt o ON OMNEM NNNM NN NN AN e MHz megahertz e ns nanoseconds e VHT MCS 0 to MCS 9 are supported by the HP 560 e On the HP 517 the guard interval is not configurable It is always set to 400 ns but will downgrade to 800 ns based on the capability of connected clients or the wireless environment Wireless access points To view wireless information for an AP select Status gt Wireless The information you see will vary depending on the AP For example this is the status page for an MSM460 Viewing wireless information 57 Access point status wireless Port is UP Frequency Channel 52 5 260GHz Wireless mode 802 11n a 5 GHz Operating mode AP only Tx power 7 dBm EIRP Transmit protection status Disabled Tx multicast octets 159298 Rx multicast octets 16565 Tx unicast octets 187790 Rx unicast octets 57043 Tx broadcast octets 9154 Rx broadcast octets 8032 Tx fragments 2998 Rx fragments 2998 Tx multicast frames 106 Rx multicast frames 99 Tx unicast frames 382 Rx unicast frames 381 Tx broadcast frames 67 Rx broadcast frames 60 Tx discards wong SA O Rx discards no buffer 0 Tx discards oO Rx discards WE
10. Save Until fully operational status lights follow their normal behavior This allows potential error conditions to be diagnosed The following settings are available e Normal All status lights on the AP operate normally e Quiet All status lights on the AP are turned off once the AP is fully operational e Awake The power light flashes once per minute once the AP is fully operational Country Select Management Country to open the Country page This page enables you to configure the country in which the AP operates NOTE The Country page is not available on APs delivered with a fixed country setting Country setting Country WORLD he Save Set the country in which the AP will operate This enables the AP to properly customize the list of operating frequencies channels that you can configure on the Wireless gt Radio s page Only frequencies that conform to the regulations in your area will be available LEDs 13 3 Network configuration Working with network profiles The AP uses logical entities called network profiles to manage the configuration of network settings Network profiles let you define the characteristics of a network and assign a friendly name to it Once defined network profiles can then be bound to a port or VLAN as required Network profiles make it easy to use the same settings in multiple places on the AP For example if you define a network profile with a VLAN ID of 10 you could use th
11. Anonymous Save Important e If this option is enabled and the AP is connected to a unsecured switch port 802 1X is ignored e The AP always performs 802 1 X authentication without VLAN tagging The switch port is expected to be multi homed so that once authentication is successtul tagged and untagged trattic for any MAC addresses including wireless clients will be accepted by the switch Customizing DiffServ DSCP mappings 29 e VLAN attributes received in the RADIUS access accept are not provided to other applications running on the AP e The AP sends the EAPOL start and waits for the Request Identity On a time out the AP will perform a single retry On a second time out the 802 1X supplicant will become idle The switch is responsible for restarting the IEEE 802 1X authentication by sending an EAP Request Identity EAP Method Select the extensible authentication protocol method to use e PEAP version 0 Authentication occurs using MS CHAP V2 e PEAP version 1 Authentication occurs using EAP GTC e TIIS The Tunneled Transport Layer Security protocol requires that the switch first authenticate itself to the AP by sending a PKI certificate The AP authenticates itself to the switch by supplying a username and password over the secure tunnel Username Username that the AP will use inside the TLS tunnel Password Confirm password Password assigned to the AP Anonymous Name used outside the TLS tunnel by all three
12. Each entry in the file comprises two items MAC address and SSID Each entry should appear on a new line The easiest way fo create this file is to wait for a scan to complete then open the list of all APs in Brief format Edit this list so that it contains only authorized APs and save it Then specity the address of this file under List of authorized access points Viewing wireless information Viewing all wireless clients To view information on all wireless client stations select Wireless gt Overview 52 Wireless configuration Wireless Overview Wireless client stations Radio 1 Number of associated client stations 1 MAC address IP address VLAN SSID Authorized Authentication Asnosialisn Signal Noise SNR PMF Action 80 BE 05 34 5E D9 169 254 23 24 HP_560 Yes 0 00 37 40 i an Y Disassociate Wireless client stations Radio 2 Number of associated client stations 1 MAC address IP address VLAN SSID Authorized Authentication A559c2U9 Siqnal Noise SNR PMF Action 98 FE 94 21 69 EF 169 254 116 52 HP 560 2 Yes 0 01 23 29 86 57 N Disassociate This page lists all wireless clients associated with all VSCs MAC Address MAC address of the client station Select the MAC address to view more detailed information on the client IP address IP address assigned to the client station Username Name with which the user logged in VLAN VLAN assigned to the client station SSID SSID assigned to the cli
13. IN 1H Ilii 4 lt Y Yes supported Antenna Notes e 4 4 dBi 2 4GHz Indoor Outdoor Omnidirectional antenna J8441A is a high performance omnidirectional collinear antenna used for 2 4 GHz RF distribution systems Its flattened radiation pattern focuses energy along the horizontal plane to provide extended coverage in large rooms or vaulted areas It may also be pole mounted e 7 4 dBi 2 4GHz Outdoor Omnidirectional antenna J8444A is a mast mounted antenna e 3 4 dBi Dual Band Diversity indoor antenna J8997A indoor only is a ceiling mounted spatial omnidirectional array Two independent vertically polarized radiators provide null free omnidirectional coverage for meeting rooms offices or other enclosed spaces e 6 9 7 7 dBi Dual Band Directional antenna J8999A indoor outdoor is a directional patch array enclosed in a UV stable weatherproof radome The focused radiation pattern may be used to extend point to point link coverage or to provide targeted sector coverage Radio power level setting example You need to get the HP Antennas Power Level Setting Guide available online from www hp com support manuals Search for the part number of your antenna 132 Connecting external antennas In this example an optional HP antenna J8997A is to be used on an autonomous MSM AP configured for 802 11g in the USA Per the Maximum RF Power Setting chart screenshot below the intersection of row UNITED STATES and column 802 1
14. MSM466 and MSM466 R The total number of packets that could not be sent due to the following errors Rx retry limit exceeded and TX discards wrong SA Rx packets Not shown on the MSM410 MSM430 MSM460 MSM466 and MSM466 R The total number of packets received Rx dropped Not shown on the MSM410 MSM430 MSM460 MSM466 and MSM466 R The number of received packets that were dropped due to lack of resources on the AP This should not occur under normal circumstances A possible cause could be if many client stations are continuously transmitting small packets at a high data rate Rx multicast octets The number of octets received successfully as part of multicast including broadcast MSDUs These octets include MAC Header and Frame Body of all associated fragments Rx unicast octets The number of octets received successfully as part of unicast MSDUs These octets include MAC Header and Frame Body of all associated fragments Rx fragments The number of MPDUs of type Data or Management received successtully Rx multicast frames The number of MSDUs with a multicast MAC address including the broadcast MAC address as the Destination Address received successtully Rx unicast frames The number of MSDUs with a unicast MAC address as the Destination Address received successtully Rx discards no buffer The number of received MPDUs that were discarded because of lack of buffer space Rx discards WEP excluded The number of discarded packets
15. This button tells the AP to bring down any link it has already established and restart looking for the best master to which it can connect It can be used when a new master is installed close to a slave and you want the slave to connect to that master without rebooting Sample local mesh deployments RF extension Local mesh provides an effective solution for extending wireless coverage in situations where it is impractical or expensive to run cabling to an AP In this scenario a wireless bridge is used to extend coverage of the wireless network Both APs are equipped with omni directional antennas enabling them to deliver both AP capabilities and wireless bridging using local mesh capabilities AP 1 AP 2 Controller Building to building connection You can also use local mesh to create point to point links over longer distances in this scenario two dual radio APs create a wireless link between networks in two adjacent buildings Each AP is equipped with a directional external antenna attached to radio 1 to provide the wireless link Omnidirectional antennas are installed on radio 2 to provide AP capabilities The two APs are placed within line of sight Sample local mesh deployments 119 Building A Building B directional antenna wireless link directional antenna AP 3 LQ atic we BS Controller NOTE In the above example all APs must connect to the backbone network via port 1 Dynamic network In
16. 241 7GHz Channel 3 2 422GHz 5 E Max clients 755 which is 63 S5 of max power E Automatic power control Interval 1 hour 8 Select Save Additional information is available as follows e For autonomous access points see Transmit power control page 48 e For controlled access points see Transmit power control in the MSM7xx Controllers Configuration Guide Documentation is available online from www hp com support manuals Search by product number or name Radio power level setting example 133
17. 3 Set date amp time time servers after the 8th of March at 2 00 and ends the first Sunday on or after the 1st of November at 2 00 Customize DST Rules O colubris pool ntp crg v Add Time server protocol Time Protocol RFC 868 Simple Network Time Protocol RFC 2030 1 Set timezone amp DST as appropriate 2 Set Time server protocol to Simple Network Time Protocol 3 Select Set date amp time time servers and then select the desired time server Add other servers it desired The AP contacts the first server in the list If the server does not reply the AP tries the next server and so on By default the list contains two ntp vendor zone pools that are reserved for HP networking devices By using these pools you will get better service and keep from overloading the standard ntp org server For more information visit www pool ntp org 4 Select Save and verify that the date and time is updated accurately A working Internet connection on Port 1 is required NOTE If access to the Internet is not available to the AP you can temporarily set the time manually with the Set date amp time manually option However it is important to configure a reliable time server on the AP Using the management tool LEDs Select Management LEDs to control operation of the status lights on the AP after the AP has successfully started up and become fully operational Settings Operating mode Normal
18. 7 Advanced wireless settings eis D Collect statistics for wireless clients O RTS threshold bytes Spectralink VIEW Mock timeout km Bj Distance Maire Beacon interval 100 time units TU Multicast Tx rate Transmit power control Maximum output power 20 dBm Q Use maximum power o Set power to dBm which is 5 m of max power d Automatic power control Interval 1 hour bul Save A local mesh profile defines the characteristics for the type of links that can be established with other nodes as follows A local mesh profile defines the characteristics for the type of links that can be established with other nodes Each node supports up to six profiles each of which can be either static or dynamic e lfa profile defines a static local mesh link the profile can only be used to connect with another node with a profile that has matching settings If a profile defines a dynamic local mesh link it establishes links to other nodes as follows Role 00 Upstream link Downstream link Master None Up to nine links with alternate master or slave nodes per profile Alternate master A single link to a master node or alternate master node Up to eight links with alternate master or slave nodes A single link to a master node or alternate master node When a dynamic profile is active the AP constantly scans and tries to establish links as defined by the profile Local mesh profiles 115 Con
19. 802 11 w support This new VSC configuration option Protected Management Frames 802 11 w page 76 provides enhanced security for WPA2 traffic by protecting unicast and multicast management action frames HP 560 only Load on reboot This new feature enables a firmware Performing a scheduled software update page 125 update to occur automatically when an AP is restarted New in release 6 5 0 x 7 2 Using the management tool Starting the management tool Using Microsoft Internet Explorer 8 or Mozilla Firefox 3 with SSL v3 support enabled open page https 192 168 1 1 and then log in This assumes you are connected to the LAN port on the controller ports 1 2 3 or 4 on the MSM720 About passwords The default username and password is admin New passwords must be 6 to 16 printable ASCII characters in length with at least 4 different characters Passwords are case sensitive Space characters and double quotes cannot be used Passwords must also conform to the selected security policy as described in Passwords page 10 About the security warning A security certificate warning is displayed the first time that you connect to the management tool This is normal Select whatever option is needed in your Web browser to continue to the management tool The default certificate provided with the AP will trigger a warning message on most browsers because it is self signed To remove this warning message you mu
20. Configuration has changed Nov 16 15 47 27 Local Update o 56 kos4 00095 Maintenance Configuration Configuration has changed Nov 16 15 46 27 Local Update Admin o 85 Ko64 00095 Security Authentication Administrator has successfuly authenticated Mov 16 15 46 17 Success O B4 KO64 00095 Security Eee Administrator adminAccessInfo admin has logged out Nov 16 15 46 14 Admin o 3 kos4 00095 Security Authentication Administrator has successfuly authenticated Nov 16 14 53 05 Success 2 KO64 00095 System 2 Ce stan boobng ep Nov 16 14 52 33 1 K064 00055 ieee TORE niian hes denged Nov 16 14 52 27 Local Update The Severity Device Alarm and Timestamp columns display detailed information if you hover the mouse pointer over an entry in the table as shown You can also sort events in any column except Description by clicking the column title Filter events by To see only a subset of all events select a filter condition and click Apply Filters are saved across sessions and can be cleared by selecting Clear filters To see only a subset of all events select a filter condition and click Apply Filters are saved across sessions and can be cleared by selecting Clear filters Severity e Critical Red Events of this type indicate a failure and signal the need for immediate attention e Major Orange Events of this type indicate an impending failure e Minor Yellow Events of this type indicate a warning condition that can escalate into a more
21. EAP methods If this field is blank then the value specified for Username is used instead 30 Network configuration 4 Wireless configuration Wireless coverage As a starting point for planning your network you can assume that when operating at high power an AP radio provides a wireless networking area also called a wireless cell of up to 300 feet 100 meters in diameter Before creating a permanent installation however you should always perform a site survey see Wireless neighborhood page 50 to determine the optimal settings and location for the AP NOTE Supported wireless modes operating channels and power output vary according to the AP model and are governed by the regulations of the country in which the AP is operating called the regulatory domain For a list of all operating modes see Radio configuration page 36 To set the regulatory domain see Country page 13 Factors limiting wireless coverage Wireless coverage is affected by the factors discussed in this section Radio power More radio power means better signal quality and the ability to create bigger wireless cells However cell size should generally not exceed the range of transmission supported by wireless users If it does users will be able to receive signals from the AP but will not be able to reply rendering the connection useless Further when more than one AP operates in an area you must adjust wireless cell size to reduce interfer
22. NR EE DOT LUTTER 24 DNS advanced SEMIS xraacancenseanecancdsennciaiocaeantonsarentarecneaatosiienssheotmnatsatnenasseaesameteniardeueiceds 24 Deunime WP Toue eere UN REEep PEN MUNI deduee sateen IN IMS PPM MINES 25 Configuring IP fOUIGSLesceopia INIRE rissie o seMITM MI En SEERNE A E EEEE E E r EERS SS 25 IEE os 26 Conhigurnng IP O03 0 po sise Edd e Rot E EEE UD NEM MM EEE 26 EX NN UU 27 Customizing DiffServ DSCP MAPPING ice ipdeturberetroncu ip beirtint dnce Rleebretun pedi den Eier MERE NN 29 OZ IK SU fol Ioo ease EE ETT 29 MEAN TCIM etc NE NT ETT NE RRTET 29 EAP NS e oro MERRRNTR RR E E centre ua EE E E ENN 30 Deine al eee en ener nen ete tee ee er ee eee ee E ee ee eee 30 Password Confirm PassWord aestu RR Haedui Sur RR eiA E hen a E Eae AERES 30 ANONO TUNE E TOTO EA E E uyaneeacantas 30 A Wireless COnfiguration ccccccsecccccseeeecceeeeeeeeeeaeeeeeesaeeeeeeseeeeseesaeeeeeeaneees 31 Wireless COGS e o NNI TEE TT 31 Factors limiting wireless coverage sssssssssssssseeeeeee eene n nennen rne nnn nenne 31 Configuring overlapping wireless cells sssssssssssssseeeene ee 32 Automatic ransmik power obl csse i o ee atenta umm b bt eim TRUM M Ente UM E 35 Supporting 802 11a and legacy wireless clients sssesssssessseem 35 Radio COMMUN osese ene rna E E E EEEE TE 36 Radio configuration parameters ss sssssssinsesss
23. QoS All traffic that matches the ports protocols specified in the selected IP QoS profiles NOTE Although the WMM specification refers to 802 1D and not 802 1 p this guide uses the term 802 1 p because it is more widely recognized The updated IEEE 802 1 D ISO IEC 15802 3 MAC Bridges standard covers all parts of the Traffic Class Expediting and Dynamic Multicast Filtering described in the IEEE 802 1p standard 84 Working with VSCs Events The events feature provides a logging system that can be used by administrators and support personnel to easily monitor and troubleshoot system issues Note For backward compatibility the system log feature that was available in previous releases is still available on the Tools menu An event is the occurrence of a condition that has been detected in the network infrastructure For example wireless client association disassociation radios turned on off radio power channel changes and more A record of events is typically stored over relatively long periods of time to assist with OAM amp P and auditing activities A new Events page has been created on the Tools menu that replaces and enhances the old client event log The following screen capture shows the Events page with a number of events Number of matching events 7 of 23 490 Clear filter Fitereventsby Severity v Appl ID Device Category Type Description Timestamp 59 kos4 00095 Maintenance Configuralian
24. Received Signal Strength Indication is the difference between the amount of noise in an environment and the wireless signal strength It is expressed in decibels dB The higher the number the stronger the signal Beacon interval Not available in Monitor or Sensor modes Sets the number of time units TUs that the AP waits between transmissions of the wireless beacon One TU equals 1024 microseconds The default interval is 100 TU which is equal to 102 4 milliseconds Supported range is from 20 to 500 TU Multicast Tx rate Not available in Monitor or Sensor modes Radio configuration 47 Use this parameter to set the transmit rate for multicast and broadcast traffic This is a fixed rate which means that if a station is too far away to receive traffic at this rate the multicast is not seen by the station On the MSM430 MSM460 MSM466 MSM466 R and HP 560 the lowest supported value is 40 even if you set a value in the range 20 39 Transmit power control Not available in Monitor or Sensor modes Use these parameters to control the transmission power of the wireless radio Adjustments to the transmission power may be required for two reasons First when using an optional external antenna it may be necessary to reduce power levels to remain in compliance with local regulations Second it may be necessary to reduce power levels to avoid interference between APs and other radio devices Important For a list of supported e
25. a third party RADIUS server 101 9 Security Managing certificates Digital certificates are electronic documents that are used to validate the end parties or entities involved in data transfer These certificates are normally associated with X 509 public key certificates and are used to bind a public key to a recognized party for a specific time period The certificate stores provide a repository for managing all certificates To view the certificate stores select Security gt Certificate stores file ID Issued to Current usage Start date Fio CRL Delete Qi SOAP API Certificate Authority SDAP Server 2005 04 06 2025 04 01 Mo Q 2 Management Console Dummy Authority HP Management console 2010 05 19 2020 05 16 No PKCS 7 ne or X 509 instali certificate ID Issued to Issued by Current usage Start date Fu ii Delete i wireless hp internal wireless hp internal Web Management Tool 2010 11 03 2038 10 27 SOAP Server 2 Management Console Default Management Console HP Management console 2010 05 19 2020 05 16 client certificate Dummy Authority PRES 12 PKCS 12 Browse Install password Trusted CA certificate store This list displays all root CA certificate authority certificates installed on the AP The AP uses these CA certificates to validate the certificates supplied by peers during authentication Multiple CA certificates can be installed to support validation of clients with certificates issued by differ
26. access requests sent by the AP NOTE This option has no effect on IEEE802dot1 x authentication requests These requests always include the RADIUS Message Authenticator attribute Primary Secondary RADIUS server Server address Specify the IP address or fully qualified domain name of the RADIUS server Secret Confirm secret Specify the password for the AP to use to communicate with the RADIUS server The shared secret is used to authenticate all packets exchanged with the server proving that the packets originate from a valid trusted source Authentication realms Authenticating manager logins using a third party RADIUS server Using a RADIUS server enables you to have multiple manager accounts each with a unique login name and password Identify manager accounts using the vendor specific attribute web administrative role Valid values for this attribute are Manager and Operator For attribute 94 Authentication services information see Configuring administrative accounts on a RADIUS server page 100 To use a RADIUS server you must define a RADIUS profile on the Authentication RADIUS profiles page NOTE Login credentials for managers can be verified using local account settings and or an third party RADIUS sever If both options are enabled the RADIUS server is always checked first Configure RADIUS authentication as follows l Define an account for the administrator on the RADIUS server See Configuring administrative acc
27. attributes This table lists all attributes supported in Access Accept packets for each authentication type Axe debis WE M fetid oe x v Ww o a X Wa 0 x 0v X XIS NINSISIS X XN S i n X S X X S Vendor specitic Microsoft MS MPPE Recv Key X v X MS MPPE Send Key X v X x X NIS x X X S X Descriptions Acct Interim Interval 32 bit unsigned integer When present enables the transmission of RADIUS accounting requests of the Interim Update type Specify the number of seconds between each transmission Class string As defined in RFC 2865 EAP Message string Note that the content will not be read as the RADIUS Access Accept overrides whatever indication is contained inside this packet Idle Timeout 32 bit unsigned integer Maximum idle time in seconds allowed for the user Once reached the user session is terminated with termination cause IDLE TIMEOUT Omitting the attribute or specifying O disables the feature Using a third party RADIUS server 97 e Session Timeout 32 bit unsigned integer Maximum time a session can be active After this interval o 802 1X clients are automatically re authenticated MAC clients are blocked and must de associate and then re associate to start a new MAC authentication cycle e Termination Action As defined by RFC 2865 If set to 1 Customer traffic is not allowed during the 802 1X re authentication o W
28. can add routes by specifying the appropriate parameters and then selecting Add The routing table is dynamic and is updated as needed If more than one default route exists the fi rst route in the table is used The following information is shown for each default route IP QoS Interface The port through which traffic is routed When you add a route the AP automatically determines the interface to be used based on the Gateway address Gateway IP address of the gateway to which the AP forwards routed traffic known as the next hop An asterisk is used by system routes to indicate a directly connected network Metric Priority of a route If two routes exist for a destination address the AP chooses the one with the lower metric Delete Select the garbage can icon to delete a route If the icon has a red line through it then the route cannot be deleted You configure IP quality of service QoS by creating IP QoS profiles that you can then associate with a VSC Quality of service page 71 or with local mesh profiles Quality of service page 113 You can configure up to 32 IP QoS profiles on the AP You can associate up to 10 IP QoS profiles to a VSC Configuring IP QoS profiles To view and configure IP QoS profiles select Network gt IP QoS Initially no profiles are defined Start port 161 SNMP 80 http Add Mew Profile To create an IP QoS profile select Add New Profile 26 Network configura
29. each field If you want to force the DHCP client to obtain a new lease select Release and then Renew Network configuration Static addressing Port settings IP address 192 168 1 1 Address mask 255 255 7550 Default gateway Under Port settings define the following e IP address Specify the static IP address you want to assign to the port e Address mask Specify the appropriate mask for the IP address you specified e Default gateway Specify the address of the default gateway on the network Contiguring port settings To configure settings for the physical ports on the AP select Network gt Ports Jack Name Duplex Speed MAC address o Bridge port N A N A D00 24 2a8 88 50 58 o F Port i Full 1 Gbps DO0 24 a8 88 50 58 Status light e Green Port is properly configured and ready to send and receive data e Red Port is not properly configured or is disabled Jack Indicates the jack physical interface to which a port is assigned Name Identities the port Duplex Indicates if the port is Full or Half duplex Speed Indicates the speed at which the port is operating MAC address Indicates the MAC address of the port Bandwidth control The AP incorporates a bandwidth management feature that provides control of outgoing user traffic on the wireless ports To configure bandwidth control select Network Bandwidth control Configuring port settings 19 Outgoing traffic throttle Wireless po
30. excluding WEP related errors Rx discards WEP ICV error The number of received MPDUs that were discarded due to malformed WEP packets Rx MSG in bad msg fragments The number of MPDUs of type Data or Management received successtully while there was another reception going on above the carrier detect threshold but with bad or incomplete PLCP Preamble and Header the message in message path 2 in the modem Rx MSG in msg fragments The number of MPDUs of type Data or Management received successtully while there was another good reception going on above the carrier detect threshold the message in message path 2 in the modem 60 Wireless configuration Rx WEP undecryptable The number of received MPDUs with the WEP subfield in the Frame Control field set to one that were discarded because it should not have been encrypted or due to the receiving station not implementing the privacy option Rx FCS errors The number of MPDUs considered to be destined for this station Address matches received with an FCS error Note that this does not include data received with an incorrect CRC in the PLCP header These are not considered to be MPDUs Clear counters Select this button to reset all counters to zero Viewing wireless information 6l 5 Working with VSCs Key concepts A VSC virtual service community is a collection of configuration settings that define key operating characteristics of an AP In most cases a VSC is used to define
31. is configured to obtain an IP address via PPPoE or DHCP DNS configuration 23 DNS servers DNS advanced settings DNS cache Dynamically assigned DNS servers Semer i C ONS switch on server failure Server 2 C ONS switch over Server 3 Override dynamically assigned DNS servers Server 1 192 166 5 111 Server 2 Server 3 When the Bridge port is configured to use a static IP address DNS servers DNS advanced settings DNS cache Server 1 d DNS switch on serwer failure EE AO m Pio asco Server 3 DNS servers Dynamically assigned servers Shows the DNS servers that are dynamically assigned to the controller when PPPoE or DHCP is used to obtain an IP address on the Internet port Override dynamically assigned DNS servers Enable this checkbox to use the DNS servers that you specify on this page to replace those that are assigned to the controller Server 1 Specify the IP address of the primary DNS server for the controller to use Server 2 Specify the IP address of the secondary DNS server for the controller to use Server 3 Specify the IP address of the tertiary DNS server for the controller to use DNS advanced settings DNS cache Enable this checkbox to activate the DNS cache Once a host name is successfully resolved to an IP address by a remote DNS server it is stored in the cache This speeds up network performance because the remote DNS server does not have to be queried for subsequent requests for
32. neighbors will consider LLDP information sent by this agent to be valid Calculated by multiplying Transmit interval by the Multiplier as defined on the Discovery protocols page Optional TLVs Select the optional TIVs that you want to send with the values as shown Port description Type 4 A description of the port System name Type 5 Administrative name assigned to the device from which the TIV was transmitted By default this is the SNMP system name If the Generate dynamic system names option is enabled the system name is replaced by the dynamically generated name System description Type 6 Description of the system comprised of the following information operational mode hardware type hardware revision and firmware version System capabilities Type 7 Indicates the primary function of the device Set to WLAN access point for APs Router for controllers Management IP address Type 8 Specify the IP address on which the agent will respond to management requests 802 3 TLVs The IEEE 802 3 organizationally specific TIV set is optional for all LLDP implementations The AP supports a single optional TIV from the 802 3 definition MAC PHY configuration status This TIV provides the following information e Bitrate and duplex capability e Current duplex and bit rating e Whether these settings were the result of auto negotiation during link initiation or manual override DNS configuration When the Bridge port
33. on channel 11 cell 3 on channel 14 cell 3 on channel 13 In North America you can create an installation as shown in the following figure Wireless coverage 33 Cell 1 Cell 2 Cell 3 Channel 1 Channel 6 Channel 11 Reducing transmission delays by using different operating frequencies in North America Alternatively you can stagger cells to reduce overlap and increase channel separation as shown in the following figure Cell 1 Cell 2 Cell 3 Cell 4 Channel 1 Using only three frequencies across multiple cells in North America This strategy can be expanded to cover an even larger area using three channels as shown in the following figure 34 Wireless configuration Cell 1 Cell 2 Cell 3 Cell 4 Channel 1 Channel 6 Channel 11 Channel 1 Cell 5 Channel 11 Channel 1 Channel 6 Channel 11 Using three frequencies to cover a large area in North America Gray areas indicate overlap between two cells that use the same frequency Distance between APs In environments where the number of wireless frequencies is limited it can be beneficial to adjust the receiver sensitivity of the AP To make the adjustment select Wireless gt Radio and set the Distance between access points option For most installations Distance between access points should be set to Large However if you are installing several wireless APs and the channels available to you do not provide enough separation reducing receiver sensitivi
34. only be used in the 5470 5725 MHz band In the USA these antennas can be only be used in the 5725 5850 MHz band 802 11a b g antennas for MSM APs Antennas included with MSM310 MSM310 R MSM320 and MSM320 R Included with Antenna Type Antenna Band GHz 24 53 535 547 5725 5 725 5 850 MSM310 amp Omni 2 5 dBi 3 0 dBi 3 4 dBi 3 4 dBi MSM320 J9401 A MSM31O R amp Omni 5 6 dBi MSM320 R Introduction 13 A CAUTION When re antennas outdoors a lightning arrestor is required for lightning protection Consider placing the lightning arrestor immediately before the antenna cable enters the building HP offers a lightning ander as an accessory HP product number J8996A All HP devices are designed to be compliant with the rules and regulations in locations they are sold and will be oben as required Any changes or modifications to HP equipment not expressly approved by HP could void the user s authority to operate this device Use only antennas approved for use with this device Unauthorized antennas modifications or attachments could cause damage and may violate local radio regulations in your region Optional 802 11a b g antennas for MSM APs These four optional 802 11a b g antennas are certified for use with these MSM APs FreqBand tenn 4 4 dBi 2 4GHz 7 4 dBi 2 4GHz 3 A dBi Dual Band 6 9 7 7 dBi Dual s A m M Band OM MSM310 MSM310 R MSM325 my lt lt tH MSM320 R MSM422 Radio Tit
35. or less Lock access for nn minutes must be set to 30 minutes or more o The settings under Account inactivity logout must be configured as follows Timeout must be set to 15 minutes or less For more information on these guidelines refer to the Payment Card Industry Data Security Standard v1 2 document Configuring management tool security Select Management Management tool and configure the settings under Security Security Access to the management tool is enabled for the addresses and interfaces that are specified below Allowed addresses IP address Mask Remove Selected Entry Active Interfaces Port 1 Wireless ports VLAN gt Guest 11 Allowed addresses Enables you to define a list of IP address trom which to permit access to the management tool To add an entry specity the IP address and appropriate mask and select Add When the list is empty access is permitted from any IP address For example To allow access for a single computer with IP address 192 168 1 209 specify IP address 192 168 1 209 Mask 255 255 255 255 To allow access for several computers in the IP address range 192 168 10 16 to 192 168 10 31 specify IP address 192 168 10 16 Mask 255 255 255 240 Active interfaces Select the interfaces through which access to the management tool will be permitted These settings also apply when SSH is used to access the command line interface A CAUTION Itis possibl
36. profiles to use for this profile To add QoS profiles to the list use the Network gt IP QoS page Up to 10 profiles can be selected To select more than one profile hold down the CTRL key as you select profile names in the list To define an IP QoS profile see Configuring IP QoS profiles page 26 Upstream DiffServ tagging Enable this option to have the AP apply differentiated services marking to upstream traffic Layer 3 upstream marking ensures end to end quality of service in your network Data originating on the wireless network can now be carried throughout the network wireless and wired with a consistent quality of service and priority This feature is enabled by default When this feature is enabled packets received on the wireless interface that include Wi Fi Multimedia WMM QoS values are remarked using IP DiffServ values when transmitted to the 82 Working with VSCs wired network Remarking is only done for packets that have a DiffServ value of O The original DiffServ value from the wireless client is preserved for all other packets Upstream downstream traffic marking Depending on the priority mechanism that is active upstream and downstream traffic is marked as described in this section Upstream traffic marking This table describes the marking applied to wireless traffic sent by connected client stations to an AP and then forwarded onto the wired network by the AP OUTGOING TRAFFIC INCOMING TRAFFIC T
37. reduce the throughput of your Internet connection e Auto reconnect The AP will automatically attempt to reconnect if the connection is lost e Un numbered mode This feature is useful when the AP is connected to the Internet and NAT is not being used Instead of assigning two IP addresses to the AP one to the Internet port and one to the LAN port both ports can share a single IP address This is especially useful when a limited number of IP addresses are available to you 2 Under Assigned by PPPoE server select Restart Connection Once you are connected to the server the following fields will display information about your connection The Internet connection is not active until this occurs Refer to the online help for a description of each field Configuring the DHCP client 18 Settings Assigned by DHCP server DHCP Client ID R007 00001 Touri Smam Tam z IP address 192 168 5 76 Mask 255 255 255 0 Primary ONS address Secondary DMS address Default gateway Expiration time Release Renew Cancel The DHCP client does not require any configuration unless you need to set a value for the optional DHCP Client ID parameter for proper operation with your DHCP server Once you are connected to the server the fields under Assigned by DHCP server show the settings assigned to the AP by the DHCP server The connection is not active until this occurs Refer to the online help for a description of
38. serious problem e Informational Green Events of this type require no action They are provided for information purposes Filter events by 85 ID Unique number assigned to the event Device Indicates the device that detected the event Hover the mouse pointer over the device name to see the device type and its MAC address Category Events are classified into categories so that they can be sorted Categories include e 8021X e Controlled AP e DHCP e MAC Authentication e Maintenance e MTM e Public Access e REI e RRM e Satellite Management e Security e Syslog e System e Teamed Controller e Teaming e VPN e VSC e Wireless e WPA Type Classifies the event within a category Categories are predetined and cannot be changed Alarm If an event triggers an alarm the appropriate alarm indicator appears in this column Hover the mouse pointer over the alarm to see its severity and ID The association between an event and an alarm is predetined and is not contigurable Description Detailed information about the event Timestamp Date and time that the event occurred 86 Events Button Export Click this button to export all the events that are visible in the table to a CSV comma separated values file for use in other applications Configuring SNMP notifications for events Notifications can be set via SNMP for specific events as follows l Select Management SNMP The SNMP agent configuration page opens
39. state o 0 e M Undone a M Vendor CBSE v Descriptions eem vemm Acct Input Gigawords 32 bit unsigned integer High 32 bit value of the number of octets bytes received by the user Only present when Acct Status Type is Interim Update or Stop e Acct Input Octets 32 bit unsigned integer Low 32 bit value of the number of octets bytes received by the user Only present when Acct Status Type is Interim Update or Stop e Acct Input Packets 32 bit unsigned integer Number of packets received by the user Only present when Acct Status Type is Interim Update or Stop e Acct Output Gigawords 32 bit unsigned integer High 32 bit value of the number of oclets bytes sent by the user Only present when Acct Status Type is Interim Update or Stop As defined in 2869 e Acct Output Octets 32 bit unsigned integer Low 32 bit value of the number of octets bytes sent by the user Only present when Acct Status Type is Interim Update or Stop Acct Output Packets 32 bit unsigned integer Number of packets sent by the user Only present when Acct Status Type is Interim Update or Stop e Acct Session ld 32 bit unsigned integer Random value generated by the AP e Acct Session Time 32 bit unsigned integer Number of seconds since this session was authenticated e Acct Status Type 32 bit unsigned integer Supported values are Accounting Start 1 Accounting Stop 2 and Accounting On 7 and Accounting
40. syslog message above is displayed MAC lockout This feature lets you to block traffic from client stations based on their MAC address MAC lockout applies to client stations connected to e Wireless ports e Wired ports including switch ports e local mesh ports Configuring MAC lockout Before you can configure MAC lockout you must define one or more MAC address lists l Select Security gt MAC lockout MAC list MAC list ta be used Save 2 Select the MAC address list to use 3 Select Save Configuring MAC address lists MAC lists are used by several options to allow deny access to client stations You can define up to 75 MAC address lists with up to 256 entries in each list The lists can be used to define MAC addresses for the following features e The MAC filter option in a VSC When used with this feature a maximum of 256 addresses are supported per list e The MAC lockout feature When used with this feature a maximum of 64 addresses are supported per list The total number of MAC addresses defined for all lists cannot exceed 4800 To define a MAC list do the following l Select Security gt MAC lists Number of list 0 75 Hame Usage Humber of entries No MAC lists are defined 2 Select Add New MAC List The Add Edit MAC list page opens Each entry in the MAC list contains a MAC address and its associated mask By varying the mask an entry can be defined to match a single address or a range of
41. the HP 560 channel 144 is excluded by default Antenna selection Supported on MSM422 Not available in Monitor or Sensor modes Select the antenna s to use for each radio Antenna support varies on each AP For a list of supported external antennas see Connecting external antennas page 131 In most APs antenna diversity is supported Diversity provides improved signal quality by using multiple antennas on the same radio NOTE When using an external antenna it is your responsibility to make sure that the radio does not exceed the transmit power level for the country of use See Transmit power control page 48 When creating a point to point local mesh link HP recommends that you use an external directional antenna MSM422 Select either Internal or External according to the following guidelines Radio 1 Radio 1 features three internal antennas in the lower flap supporting 802 11 n a b g Each antenna has a corresponding connector A B C for the installation of an optional external antenna Radio 1 supports diversity on its internal and external antennas In 802 11 n modes a special form of diversity called MIMO is used MIMO uses spatial multiplexing to transport two or more data streams simultaneously on the same channel to increase throughput For example under most conditions multiplexing two streams can result in double the throughput of a single stream MIMO mode 3x3 is automatically used which means t
42. the characteristics of a wireless network Multiple VSCs can be active at the same time allowing for great flexibility in the configuration of services Up to 64 VSC profiles can be configured provided proper licensing is used In the following scenario four VSCs are used to support different types of wireless users Each VSC is configured with a different wireless network name SSID and the quality of service QoS feature is used to classify user traffic priority Controller Backbone Network VSC 1 5 VSC 42 SSID Guest IN da SSID Phone QoS Low priority i QoS Very High Priority VSC 3 VSC 4 SSID Employee SSID Video QoS Normal priority QoS High priority Stand alone deployment An autonomous AP can be deployed as a stand alone device to provide wireless networking support for an existing wired network The AP essentially creates a wireless extension to the existing wired network bridging wireless users onto the wired backbone Corporate network 62 Working with VSCs User authentication The AP can validate user login credentials using a third party RADIUS server The following authentication types are supported WPA WPA2 802 1X and MAC WPA WPA2 and 802 1X authentication Full support is provided for users with WPA WPA2 client software and 802 1X client software that uses the following e EAP TLS Extensible Authentication Protocol Transport Layer Security e EAPTTLS Extensible Authentication
43. the firmware signature is valid or invalid 124 Maintenance 3 Select Install This will automatically test the integrity of the firmware by validating its signature If the signature is valid the firmware will be installed and the AP will restart If the signature is invalid the firmware will not be installed NOTE Select Force install to install a firmware file without validating its integrity Installing firmware without validating its integrity may result in the AP becoming inoperative Performing a scheduled software update The AP can automatically retrieve and install software from a remote site identified by its URL To schedule software installation follow this procedure 1 Enable Scheduled install 2 For Day of week select a specific day or Everyday and set Time of day 3 On the MSM410 MSM430 MSM460 MSM466 MSM466 R and HP 560 set Mode one of the following e Preset time Firmware update occurs according to the settings for Day of week and Time of day e Load on reboot Firmware update occurs the next time the AP is restarted An event is generated if the upgrade is not successtul and the AP remains operational Possible reasons for failure include o Firmware signature is invalid Firmware version is the same as the one currently installed It the version of the firmware being loaded is older than the one currently installed a factory reset is done after the upgrade 4 For URL specify an address like
44. this e ftp username password 192 168 132 11 newsoftware cim e http 192 168 132 11 newsoftware cim Secure transfers are supported using HTTPS or FTPS 5 Select Validate URL to test that the specified URL points to a firmware file 6 Select Save or to commit the schedule and also update the software immediately select Save and Install Now NOTE Before a scheduled software update is performed only the first few bytes of the software file are downloaded to determine if the software is newer than the currently installed version If it is not the download stops and the software is not updated Software updates 125 12 Support and other resources Online documentation You can download documentation from the HP Support Center website at www hp com support manuals Search by product number or name Contacting HP For worldwide technical support information see the HP Support Center website www hp com networking support Before contacting HP collect the following information e Product model names and numbers e Technical support registration number if applicable e Product serial numbers e Error messages e Operating system type and revision level e Problem description and any detailed questions HP websites For additional information see the following HP websites e www hp com networking e www hp com Typographic conventions Table 1 Document conventions Convention Blue text Table 1 p
45. this scenario a controller is deployed with several APs to provide wireless coverage of a large area Instead of using a backbone LAN wireless links are used to interconnect all APs AP 1 is the master It provides the connection to the wired network and a wireless link to the other APs The other APs automatically established their links to the master based on a balance between SNR signal to noise ratio and hops to provide the most efficient network topology It a node becomes unavailable the links dynamically adjust to find the optimum path to the master 120 Local mesh Controller MASTER AP 2 AP 3 ALTERNATE lt a ALTERNATE MASTER KA A KA MASTER x 2 ALTERNATE Controller MASTER AP 2 AP 3 le ALTERNAT Ja ALTERNATE MASTER KA SE MASTER MASTER g AP 4 ES ALTERNATE ALTERNATE MASTER MASTER AP 5 AP 6 Initial network configuration is automatically established ALTERNATE i MASTER AP 4 ALTERNATE ALTERNATE MASTER MASTER AP 5 AP 6 When AP 4 is unavailable the network dynamically reconfigures itself Sample local mesh deployments 121 11 Maintenance Config file management The configuration file contains all the settings that customize the operation of the AP You can save and restore the configuration file manually or automatically Select Maintenance gt Config file management Backup configuration Restore configuration Backup the current configu
46. this setting may lower the performance for users with marginal signal strength or when interference is present Essentially it means that if a frame needs to be retransmitted it will take longer before the actual retransmit takes place Local mesh Radio 1 Regulatory UNITED STATES domain Operating mode Access point and Local mesh Wireless mode 802 11n b GHz Channel width Auto 20 40 MHz Channel Channel 36 1 5 180GHz Currently Channel 36 5 180GHz l _ Channel 1 2 412GHz Automatic channell Channel 2 2 417GHz exclusion list Channel 3 2 4322 GHz Antenna selection Internal antenna Max clients i f gt Advanced wireless settings Collect statistics for wireless clients RTS threshold bytes Spectralink VIEW Guard interval Miek meou IM E Distance iura Beacon interval time units TU Multicast Tx rate Transmit power control Maximum output power 17 dBm Q Use maximum power o Set power to dBm which is H0 s of max power a Automatic power control Interval 1 hour bul Local mesh profiles Radio 2 Regulatory UNITED STATES domain Operating mode Access pointandLocalmesh Time of day Ah mm Currently Channel 6 2 43 7GHz _ Channel 1 2 412GHz Automatic channel Channel 2 2 417GHz exclusion list Channel 3 2 422 GHz Antenna selection Internal antenna hull Max clients
47. traffic These filters limit both incoming and outgoing traffic as defined below and force the APs to exchange traffic with a specific upstream device Settings 72 It Use HP MSM Controller is enabled under General the AP will only forward user traffic that is addressed to the MSM7xx controller defined on the Security gt Access controller page All other traffic is blocked Make sure that the access controller is set as the default gateway for all wireless users If not user traffic will be blocked by the AP The default wireless security filters are in effect Wireless security filters Restrict wireless traffic to access controller Select the access controller link to open the Security Access controller page where you can configure access controller options Working with VSCs If Use HP MSM Controller is disabled under General then you can manually configure the security filters as required using the following options Wireless security filters Restrict wireless traffic to 9 MSM422 default gateway MAC address Q Custom e AP name default gateway The AP will only forward user traffic that is addressed to default gateway assigned on the Network gt Ports page via DHCP PPPoE or static addressing options e MACaddress The AP will only forward user traffic that is addressed to the upstream device with the specified MAC address Make sure that this device is set as the default gateway for all wireless use
48. traffic sent on the detault VLAN to also be sent untagged on the port 3 Select Save Assigning VLANs to individual users You can assign a VLAN to an individual user by setting the attributes Tunnel Medium Type Tunnel Private Group ID and Tunnel Type in the users RADIUS account Restrictions are as follows e A user cannot be assigned to a VLAN that is set as the default VLAN on port 1 or port 2 e A user can only be assigned to a VLAN that is defined on the Network gt Ports page e Only applicable to clients using WPA or 802 1X Not applicable to MAC authentication NOTE A VLAN that is assigned to a user overrides a VLAN assigned by a VSC or by the default VLAN VLAN bridging If you assign a VLAN ID to more than one interface the VLAN is bridged across the interfaces For example if you create the VLANs shown in the following table all VLAN traffic with ID 50 is bridged across all three interfaces If you create a VSC and assign the egress VLAN to any of these VLANS output from the VSC can be sent to any interface VLAN name VLAN ID Bridge 3 Local mesh 1 Assigning VLANs to individual users 91 8 Authentication services Using a third party RADIUS server The AP can use one or more external RADIUS servers to perform a number of authentication and configuration tasks including the tasks shown in the table below Task For more information see Validating administrator login credentials uu manager login
49. 1g Mode J8997A indicates that the maximum radio power level is 15 dBm Please check the actual charts in the HP Antennas Power Level Setting Guide for current values 18441A J8997A J8441A J8997A J48999A ARGENTINA HENCE Pe nnnc is AS es guum passages BRAZIL CANADA CHILE COLOMBIA MEXICO PERU UNITED STATES AUSTRALIA Set the maximum power level of 15 dBm as follows MSM31O used as example Launch the MSM AP management tool and log in Select Wireless gt Radio For Wireless mode select 802 Tlg Set Antenna gain to the gain of the attached antenna Select Advanced wireless settings to expand the dialog box Under Transmit power control disable Maximum available output power To the left of dBm specify the value 15 in this example The dialog box should now look similar to this in this screenshot the tall dialog box is split in two MO OR OI gt ES Advanced wireless settings J Radio Collect statistics for wireless clients Regulatory domain UNITED STATES C E i RTS threshold byte Operating mode Access point only resho ytes Wireless mode 802 11b g SPEER TE Distance between ap Large Cw Channel Automatic Interval Disabled Beacon interval 100 time units TU Mc ES hh 00 M Multicast Tx rate 1 0 Mb s Y Currently Channel 161 5 805GHz Transmit power control Channel 1 2412GHz Maximum output power 17 dBm Automatic channel uro Lise maximum power exclusion Wer Channel 2
50. 2 bit unsigned integer A virtual port number starting at 1 Assigned by the AP NAS Port Type 32 bit unsigned integer Always set to 19 which represents WIRELESS 802 1l Service Type 32 bit unsigned integer Set to LOGIN USER State string As defined in RFC 2865 User Name string The username assigned to the user Or if MAC authentication is enabled the MAC address of the wireless client station The following attributes are mutually exclusive depending on the RADIUS authentication method User Password string The password supplied by a user or device when logging in Encoded as defined in RFC 2865 Only present when the authentication method for the RADIUS profile 96 Authentication services is set to PAP Or if MAC authentication is enabled this attribute contains the MAC address of the wireless client station e EAP Message string As defined in RFC 2869 Only present when the authentication method for the RADIUS profile is set to EAP MD5 e Vendor specific Colubris AVPair SSID SSID that the customer is associated with The Colubris AVPair attribute conforms to RADIUS RFC 2865 You may need to define this attribute on your RADIUS server if it is not already present using the following values SMI network management private enterprise code 8744 o Vendorspecific attribute type number O Attribute type A string in the following format lt keyword gt lt value gt Access Accept
51. 30 MSM460 and MSM466 466 R The AP then chooses the best channel using the same methods as when auto channel is enabled The AP may decide not to switch to a different channel For example if the RF interference source affects all channels in the band After switching to an alternative channel the AP continues to monitor the channel quality of the non operating channels Eventually it is expected that the interference will go away Most interference sources are temporary The AP then decides whether it should switch back to the original channel or to continue operating on the alternate channel Ix protection Supported on MSM410 MSM430 MSM460 MSM466 MSM466 R HP 560 Not available in Monitor or Sensor modes When an AP is operating in an 802 11n mode and legacy a b g traffic is present on the same channel as 802 11n traffic this feature can be used to ensure maximum 802 11n throughput The following options are available e CTS to self 802 11n transmissions are protected by sending a Clear To Send CTS frame that blocks other wireless clients from accessing the wireless network e RTS CTS 802 11n transmissions are protected by sending a Request To Send RTS frame followed by a CTS frame This is a more robust but slower solution than CTS to self However this method resolves the hidden station problem where certain legacy stations may not see only a CTS frame e No MAC protection This setting gives the best per
52. 523 0 NOME p Add New Interface 9 Select Add New Interface to open the Add Edit interface page Add Edit interface Interface Network A 25 Assign IP address via 9 DHCP client Static w 10 Under Interface select the network profile that you defined earlier Tl Under Assign IP address via select the addressing method to use e DHCP client Dynamic host configuration protocol The DHCP server will automatically assign an address to the network profile which functions as a DHCP client e Static Specify an IP address Mask and Gateway 12 Select Save 13 The new interface is added to the IPv4 interfaces table IPv4 interfaces Interface IP address Mask Allocation method Delete 192 168 1 1 25590 290290 292 0 NONE p Network A 25 0 0 0 0 0 0 0 0 DHCP it Add New Interface l Network configuration Configuring the Bridge interface All wireless and Ethernet ports on an AP are bridged As a result they all share the same configuration settings defined by the Bridge interface The following configuration options are available if you select the Bridge interface in the table Bridge configuration Assign IP address via PPPoE Client Configure DHCP Client O statie By default the Bridge interface operates as a DHCP client Select the option you want to use and select Configure Refer to the following sections for additional configuration information e
53. C address 00 03 52 00 AA FF Mask FF FF FF 00 FF FF 108 Security 10 Local mesh Key concepts The local mesh feature enables you to create wireless links between two or more APs These links provide a wireless bridge that interconnects the networks connected to the Ethernet port on each AP For example AP 2 and AP 3 use the local mesh feature to create a wireless link between the main office network and a small network in a warehouse Main office area Warehouse Wireless network File server DHCP server Employee computers E C AP 2 AP 3 AP 1 The local mesh feature replaces the need for Ethernet cabling between APs making it easy to extend your network in hard to wire locations or in outdoor areas Key local mesh features include e Automatic link establishment Nodes automatically establish wireless links to create a full connected network A dynamic network identifier local mesh group ID restricts connectivity to groups of nodes enabling distinct groups to be created with nodes in the same physical area e Provides fall back operation to recover from node failure In a properly designed implementation redundant paths can be provided If a node fails the mesh will automatically reconfigure itself to maintain connectivity e Maintains network integrity when using DFS channels In accordance with the 802 11h standard dynamic frequency selection DFS detects the presence of certain radar de
54. Colon Station ID MAC case Uppercase Called Statian Id Content Wireless Radio MAC filter MAC Address list Nonae Filter action Allow Block IP filter Only allow traffic addressed to IP address Mask Remove Selected Entry Availability of certain VSC features and their functionality are dependent on the setting of the Use HP MSM Controller in the General box This option determines how authentication and access control are handled by the VSC 66 Working with VSCs Name HP E Use HP MSM Controller It the Use HP MSM Controller option is enabled This creates an access controlled VSC which means that the AP must be used in conjunction with a controller because the VSC is automatically contigured to forward all user trattic to the controller for authentication Wireless protection and MAC based authentication options are forced to use the controller as the RADIUS server Also once authenticated user traffic is restricted by the Wireless security filters option Only traffic addressed to the controller is permitted These filters can be disabled if required NE e emt fu F CAE S E User Third party Autonomous AP Controller authentication server It the Use HP MSM Controller option is disabled This creates a non access controlled VSC which allows the AP to operate independent of a controller and manage user authentication itself using the services of a
55. Configuring the PPPoE client page 17 e Configuring the DHCP client page 18 default setting e Static addressing page 19 Configuring the PPPoE client Bridge port PPPoE client configuration Settings Assigned by PPPoE server wemme O See provider Connection status IP address 0 0 0 0 Mask 0 0 0 0 Maximum Receive Unit Primary ONS address 9 0 0 0 MRU 1492 Secondary DNS address 0 0 0 0 Maximum Transmit Unit 3492 uy 92 O Auta reconnect Default gateway 0 0 0 0 Restart Connection Un numbered mode Cancel Save Configuring IP interfaces 17 1 Under Settings define the following e Username Specify the username assigned to you by your ISP The AP will use this username to log on to your ISP when establishing a PPPoE connection e Password Confirm password Specify the password assigned to you by your ISP The AP will use this password to log on to your ISP when establishing a PPPoE connection e Maximum Receive Unit MRU Maximum size in bytes of a PPPoE packet when receiving Changes to this parameter only should be made according to the recommendations of your ISP Incorrectly setting this parameter can reduce the throughput of your Internet connection e Maximum Transmit Unit MTU Maximum size in bytes of a PPPoE packet when transmitting Changes to this parameter should only be made according to the recommendations of your ISP Incorrectly setting this parameter can
56. HP MSM APs Configuration Guide Abstract This document describes how to configure and manage these access points operating in autonomous mode MSM410 MSM422 MSM430 MSM460 MSM466 MSM466 R and HP 560 HP Part Number 5998 6897 Published October 2014 Edition Edition 1 Software Version 6 5 0 x Copyright 2014 Hewlett Packard Development Company L P The information contained herein is subject to change without notice The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services Nothing herein should be construed as constituting an additional warranty HP shall not be liable for technical or editorial errors or omissions contained herein Acknowledgments Microsoft Windows and Windows XP are U S registered trademarks of the Microsoft group of companies Java is a registered trademark of Oracle and or its affiliates Apple and Bonjour are trademarks of Apple Inc sFlow Warranty WARRANTY STATEMENT See the warranty information sheet provided in the product box Contents roau erne Ea E EE PHONE EEEE EEEE 7 Newin release oen 0b NRI E 7 2 Using the management tool ssssssssssssseeeeeee ene 8 Starting the management 100 bs cadiciscine hcteicetsecadeadauisiad aa Tu ea duaudesowiesabeadaanactenlangateckasuasceiuepsadiuneeeeacediess 8 Setting up manager and operator ACCOUNTS cccccseeeccceeeeeceeee ese eeeeeee
57. ID To be included in the drop down list the VLAN must mapped to a port on the Network VLANs page and not be assigned to a VLAN range Egress VLAN 3 Select Save Contiguring a default VLAN You can configure port 1 or port 2 with a default VLAN setting so that any outgoing traffic that is not tagged with a VLAN ID receives the default VLAN ID To configure a default VLAN do the following l Select Network Ports Select Port 1 or Port 2 if available This displays the Port configuration page VLAN C Heii 0 C Restrict default VLAN to management traffi raffic only C Default VLAN and untagged port compatibility Link Speed AUTO Duplex AUTO Currently 100 Mbps Full Duplex Cancel Save 2 Under VLAN configure the following settings e Enable the VLAN ID check box and specify a VLAN number e f required enabled the Restrict default VLAN to management traffic only check box This restricts the default VLAN to carry management traffic only which includes the following o All traffic that is exchanged with the controller login authentication requests replies All traffic that is exchanged with external RADIUS servers o HTTPS sessions established by managers and operators of the management tool 90 Working with VLANs o Incoming and outgoing SNMP traffic o DNS requests and replies e f required enable the Default VLAN and untagged port compatibility check box This causes any
58. MHz megahertz e ns nanoseconds e MCS Oto MCS 15 are supported by the MSM410 MSM422 MSM430 MSM460 MSM466 MSM466 R and HP 560 e MCS 16 to MCS 23 are supported by the MSM460 MSM466 MSM466 R and HP 560 e For HT traffic the MCS rate implies the number of spatial streams MCS Oto 7 1 spacial stream o MCS 8 to 15 2 spacial stream MCS 16 to 23 3 spacial stream Very high throughput rate traffic Displays information for users connected via 802 llac Rates are shown for each supported modulation coding scheme MCS The size of the bar indicates the amount of traffic sent at each MCS Viewing wireless information 55 Supported rates vary depending as follows One spacial stream Data rates in Mbps Nss 1 Channel width Guard interval 20 sad 800 20 nc 400 40 nus 800 40 eed 400 80 Me 800 80 MHz 400 ns 5 me aw we em wv m we 4x ao 90 mss Ws 05 2w sme wo nee Ta o 06 sso so mso wso m ms 8 ww we zo x 3 9 09 swo no mo ow o mb da Two spatial streams Data rates in Mbps Nss 2 Channel width Guard interval 20 ji 800 20 d 400 40 M 800 40 iis 400 80 aid 800 80 MHz 400 ns ee mw om o3 8 0 o1 c m9 5 de w mH 2 4 s 9 v5 I 03 0m os ow 0m om 0o er e w a mw ee O NN NN NM NN AN 08 m w 3 vo m 35 08 ow m ow w m w eve oO
59. Off 8 Acct Terminate Cause 32 bit unsigned integer Termination cause for the session Only present when Acct Status Type is Stop Supported causes are Idle Timeout Lost Carrier Session Timeout and User Request See RFC 2866 for details Using a third party RADIUS server 99 Called Station Id string o 8021X BSSID of the VSC By default the value address is sent in IEEE format For example 00 02 03 5E 32 1A The format can be changed in the Wireless protection section of the VSC gt Profiles page MAC MAC Address of the radio Network gt Ports page By default the MAC address is sent in IEEE format For example 00 02 03 5E 32 1A The format can be changed in the Wireless protection section of the VSC gt Profiles page Calling Station Id string The MAC address of the wireless client station in IEEE format By default the MAC address is sent in IEEE format For example 00 02 03 5E 32 1A The format can be changed in the Wireless protection section of the VSC gt Profiles page Class string As defined in RFC 2865 Multiple instances are supported Framed IP Address 32 bit unsigned integer IP Address as configured on the client station if known by the AP Framed MTU 32 bit unsigned integer Hard coded value of 1496 The value is always four bytes lower than the wireless MTU maximum which is 1500 bytes in order to support IEEE802 1X authentication NAS Identifier string The NAS ID set on t
60. P 0 excluded Tx retry limit exceeded O Rx discards WEP ICY O Tx multiple retry frames 1106 desee Tx single retry frames 2884 lix inicia ia bad megla Tx deferred 0 fragments transmissions Rx msg in msg 550602 fragments QoS low priority tx 0 Rx WEP undecryptable 0 QoS medium priority tx 485 Rx FCS errors 369087 QoS high priority tx 0 QoS very high priority tx 3 Clear Counters Access point status Wireless port e Up Port is operating normally e Down Port is not operating Frequency The current operating frequency Wireless mode Current wireless mode Operating mode Current operating mode Tx power Current transmission power Transmit protection status e Disabled HT protection G protection is disabled e Bclients G protection is enabled because a B client is connected to the AP e B APs G protection is enabled because a B client is connected to another AP on the same channel used by the AP e AGclients HT protection is enabled because a non HT client is connected to the AP e AG APs HT protection is enabled because a non HT AP is present on the same channel used by the AP Tx multicast octets The number of octets transmitted successfully as part of successfully transmitted multicast MSDUs These octets include MAC Header and Frame Body of all associated fragments 58 Wireless configuration Tx unicast octets The number of octets transmitted successfully as part of successfully tran
61. P address The name should be a domain name containing at least one dot If you try to add a certificate with an invalid name the default certificate is restored The common name in the certificate is automatically assigned as the domain name of the AP l Specify the name of the certificate file or select Browse to choose one from a list Certificates must be in PKCS 77 format 2 Specify the PKCS 12 password 3 Select Install to install the certificate Default installed private key public key certificate chains The following private key public key certificate chains are installed by default e wireless hp internal Default certificate used by the management tool SOAP server and HTML based authentication e Dummy Server Certificate Used by the internal RADIUS server This certificate is present only to allow EAP PEAP to work if the client chooses not to verify the server s certificate You should replace this with your own certificate for maximum security e Management Console Default client certificate This certificate is used to identity the management tool when it communicates with HP PCM PMM software 104 Security NOTE When a Web browser connects to the AP using SSL TLS the AP sends only its own X 509 certificate to the browser This means that if the certificate has been signed by an intermediate certificate authority and if the Web browser only knows about the root certificate authority that signed the public key cert
62. Protocol Tunnelled Transport Layer Security e PEAP Protected Extensible Authentication Protocol NOTE For security reasons use of 802 1X without enabling dynamic WEP encryption is not recommended MAC based authentication Devices can be authenticated based on their MAC address This is useful for authenticating devices that do not have a web browser cash registers for example As soon as the device MAC address appears on the network the AP attempts to authenticate it Using more than one authentication type in a VSC For added flexibility you can enable both the 802 1X and VSC based MAC authentication at the same time MAC authentication always takes place first If it fails 802 1X is then attempted Deployment with a controller Autonomous APs can also be used with a controller to create a public access network infrastructure In this type of deployment all VSCs are access controlled which means that the AP forwards all wireless user traffic to the controller which handles user authentication and access control To reach protected network resources wireless users must successfully authenticate with the public access interface that is provided by the controller Public network Public Protected network ser logs in access Ac U Cess to net D ee interface Work is granted To y m n Controller The following authentication types are supported on the controller WPA WPA2 802 1X MAC HTML F
63. S server ssssse 100 EAE T eU IIS LPEE ENA OI IA OI IPTE EEEE T 102 Managing ee IRI eo I NETTO TET TETTE 102 Trusted CA certificate SIOIG Leo nee ene SURI en IS RI UM MEER INIRE TIME 102 Certificate and private key store Innen n Henne nnn nennen nnne nnn 103 ITN usc nos e e EEA E EEN EE E E EAN AE ese tabeacanes 105 About certificate Warnings ecesuptrtneciseronsd puro sepu UID MUIdurE DI SIDE ENIMS IPM 106 CSE qo fo To 0E 91 EINER EI E ETE TTD T 106 DAG NOCH NRTRCRTEE 107 Copugannd JVC TOeKOULe di scam ibtd brem Ris bees etree eon ee a ee MN EI 107 Configuring MAC address IISIs sesso ci dor turned eet aon Ie epo test bete ti PoesicsarpbRtR Md peti us PET Kr tAad pus 107 Matching MAC bolo le os ee bene Mi ee oun NUI EMI eer 108 1O local mea RT TET 109 EEE e E o NITET O O E UU T 109 Simultaneous AP and local mesh support ssesssssssssssee eee 109 Using 802 11 ac n a for local Peshisssemsas savais ais Satis brand enti uerdsdtue metto Id a sa oU EO MEUS Tr ORE 110 local mesh link YPES preser kenne esnan ETEEN E EEES NEER MERECE 110 Static local mesh HUNKS NIE ITE TE 110 Dynamic IOGEN MIND DOT 111 Quality of SEP VIC BL ester Geen carpet ere ton haste es pagers tritt rr tts Sr ip ea tbe du EMEN 113 Maximum range Ack timeout eesssssssssssssssssesese nenne nennen nennen nenne nnne nnn 114 Local mesh edo EIN T T RTT Em 115 Configuring a local mesh profile lsss
64. Scanning is continuously performed on all channels in the currently selected Operating mode even though the channel is only re evaluated each time the Interval expires If Interval is set to Disabled continuous scanning is not performed Continuous scanning can cause interruptions to voice calls On dual radio APs you can avoid interruptions by setting one radio to operate in Monitor mode For example if radio 1 is set to Automatic and radio 2 is in Monitor mode scanning occurs on radio 2 and interruptions on radio 1 do not occur e On the MSM410 MSM422 Scanning during the channel selection process can cause interruptions to voice calls each time the Interval expires Therefore HP does not recommend contiguring a short Interval CAUTION When using the Automatic option with an external antenna in the 2 4 GHz band all channels must be set to the lowest acceptable value for your regulatory domain See Transmit power control page 48 Manual channel selection If setting the channel manually for optimal performance when operating in 2 4 GHz modes select a channel that differs from other wireless APs operating in neighboring cells by at least 25 MHz For example if another AP is operating on channel 1 set the AP to channel 6 or higher See Wireless neighborhood page 50 to view a list of APs currently operating in your area For detailed information on selecting channels when operating at 2 4 GHz see Configuring overlapping
65. This alerts associated 802 11 n clients to use protection when transmitting The AP also uses protection when necessary when sending 802 11 n data The type of protection is configurable by setting the Tx protection parameter 802 11a 5 GHz Supported on MSM410 MSM422 MSM466 Radio 1 on MSM430 MSM460 not supported in Monitor mode This is a legacy mode that can be used to support older wireless client stations 802 11n b g 2 4 GHz Supported on MSM410 MSM422 Radio 2 on MSM430 MSM460 MSM466 MSM466 R HP 560 Frequency band 2 4 GHz Data rates For 802 11n clients Up to 130 Mbps on the MSM410 MSM422 MSM430 Up to 300 Mbps when using a 40 MHz channel width which is not recommended in the 2 4 GHz frequency band Up to 216 7 Mbps on the MSM460 MSM466 MSM466 R HP 560 For 802 11g clients Up to 54 Mbps For 802 11b clients Up to 11 Mbps When operating in this mode the AP allows both 802 11 n and legacy 802 11 b g clients to associate The AP advertises protection in the beacon when legacy clients are associated or operating on the same channel This alerts associated 802 11n clients to use protection when transmitting The AP also uses protection when necessary when sending 802 11n data The type of protection is configurable by setting the Tx protection parameter 40 Wireless configuration 802 11b g 2 4 GHz Supported on MSM410 MSM422 Radio 2 on MSM430 MSM460 MSM466 MSM466 R HP 560 Frequenc
66. a 40 MHz channel width On the HP 517 when Wireless mode is set to 802 T1n b g Channel width is automatically set to 20 MHz and cannot be changed Channel extension Supported on MSM410 MSM422 radio 1 MSM430 radio 2 MSM460 radio 2 MSM466 radio 2 MSM466 R radio 2 HP 560 radio 2 Not available in Sensor mode This setting only appears when Wireless mode is set to 802 11n b g and Channel width is set to Auto 20 40 MHz This setting determines where the second 20 MHz channel is located e Above the beacon 1 The secondary channel is located on a channel above the currently selected channel e Below the beacon 1 The secondary channel is located on a channel below the currently selected channel Channel Select channel frequency for wireless services The channels that are available are determined by the radio installed in the AP and the regulations that apply in your country Radio configuration 41 42 Automatic channel selection Use the Automatic option to have the AP select the best available channel Control how often the channel selection is re evaluated by setting the Interval parameter If the Interval parameter is set to any value other than Time of day and a wireless client is associated with the radio automatic channel selection is delayed The AP will retry at one minute intervals until the radio is unused by wireless clients NOTE e On the MSM430 MSM460 MSM466 MSM466 R and HP 560
67. abled Disabled wnreless protection 802 1X Wireless protection 802 1X RADIUS profile Access controller RADIUS profile RADIUS 1 WEP encryption RADIUS accounting Station ID delimiter Dash RADIUS profile RADIUS 1 WEP encryption Station ID MAC case Uppercase L ryp Called Station Id BSSID aa Content Station ID delimiter Dash vt Station ID MAC l B Rocks Uppercase For a complete description of all options see the online help WEP This option provides support for users using WEP encryption V wireless protection WEP Key Key 2 Key 3 Key 4 Transmission key Key format ASCII Oo HEX For a complete description of all options see the online help NOTE When the radio used by a VSC is configured to support 802 11 n and the VSC is configured to use WEP the VSC can only support legacy a b g traffic Except on the MSM422 where WEP is not supported when the radio is configured for 802 11 n Protected Management Frames 802 11 w Only supported on the HP 560 Enable this option to provide enhanced security for WPA2 traffic by protecting unicast and multicast management action frames This option is only configurable when Wireless protection is set to WPA and Mode is set to an option that supports WPA2 The Terminate WPA at the controller option is not compatible with this feature Protected Management Frames 802 11w Mode of operati
68. addresses MAC lockout 107 Number of MAC entries 0 64 MAC list Mame MAC address Mask Add Remove Selected Entry Cancel Save 3 Specify a Name to identify the MAC address list 4 Specify the MAC address and Mask that you want to match then select Add Setting the Mask to 00 00 00 00 00 00 is allowed but not recommended since it will match all MAC addresses 5 Repeat step 4 until you have defined all needed entries 6 Select Save Matching MAC addresses Matching a single MAC address To match a single MAC address specify the address using 12 hexadecimal numbers in the format nn nn nn nn nn nn and set the Mask to FF FF FF FF FF FF For example this definition matches a single MAC address MAC address 00 03 52 07 2B 43 Mask FF FF FF FF FF FF Matching a range of MAC addresses To match a range of MAC addresses you need to use the wildcard feature A value of 00 in a mask means that the corresponding position in the address is a wildcard i e it can be any value For example to match all address that begin with the prefix 00 03 52 you would define MAC address 00 03 52 00 00 00 Mask FF FF FF 00 00 00 Wildcards can be placed anywhere but must always be OO half byte masks such as FO are not supported Multiple wildcards can be used For example this entry matches all the addresses that have their first three bytes set to 00 03 52 and the final bytes set to AA FF MA
69. age 126 Cross reference links Blue underlined text www hp com Website addresses Bold text e Keys that are pressed Text typed into a GUI element such as a box GUI elements that are clicked or selected such as menu and list items buttons tabs and check boxes A WARNING Indicates that failure to follow directions could result in bodily harm or death A CAUTION Indicates that failure to follow directions could result in damage to equipment or data IMPORTANT Provides clarifying information or specific instructions NOTE Provides additional information X TIP Provides helpful hints and shortcuts 126 Support and other resources A Console ports Console port connector specifications The console ports are wired as described in this section MSM422 console port The MSM422 provide a DB 9 female console serial port connector The DB 9 connector DCE has pin assignments as follows Pin Signal Direction Connector NEN DSR 9876 DB 9 female Uwe To connect to a computer use a standard straight through serial cable male to female MSM410 MSM430 MSM460 and MSM466 console port These APs provide an RJ 45 console serial port connector Use an RJ 45 to DB 9 adapter cable not supplied with an RJ 45 male connector on one end and a DB 9 female connector on the other end Wire the cable as follows ea is Hd Sn os FPF Sm KENN tome 7 NOTE The DSR and DIR signal
70. anded Access Point name Specify how the dynamically generated name will be created You can use regular text in combination with placeholders to create the name Placeholders are automatically expanded each time the name is regenerated It the placeholders cause the generated name to exceed 32 characters it is truncated To create the system name the items are concatenated using a hyphen as separator For example systemname portid suffix NOTE Once AP names are dynamically changed by this feature there is no way to return to the old AP names TlV settings To customize TIV settings select Configure TIVs on the Network Discovery protocols page Basic TLVs 802 3 TLVs Mandatory TLVs Chassis ID 00 24 38 88 50 58 Port ID 00 24 a8 88 50 58 Time To Live 150 Optional TLVs Port description Port 1 MAC PHY configuration status System name SG00725WS8T System description AP Autonomous SG amp S S System capabilities WLAN Access Point Management address 0 0 0 0 Save 22 Network configuration Basic TLVs The AP supports all mandatory and optional TIVs type length value information elements that are part of the basic management set Mandatory TLVs The AP always sends these TIVs with the values as shown Chassis ID Type 1 The MAC address of the AP Port ID Type 2 The MAC address of the port on which the TIV will be transmitted Time to live Type 3 Defines the length of time that
71. area being served Radio waves cannot penetrate metal they are reflected instead A wireless AP can transmit through wood or plaster walls and closed windows however the steel reinforcing found in concrete walls and floors may block transmissions or reduce signal quality by creating reflections This can make Wireless coverage 3 it difficult or impossible for a single AP to serve users on different floors in a concrete building Such installations require a separate wireless AP on each floor Configuring overlapping wireless cells Overlapping wireless cells occur when two or more APs are operating within transmission range of each other This may be under your control for example when you use several cells to cover a large location or out of your control for example when your neighbors set up their own wireless networks When APs are operating in the 2 4 GHz band overlapping wireless cells can cause performance degradation due to insufficient channel separation Performance degradation and channel separation When two wireless cells operating on the same frequency overlap throughput can be reduced in both cells Reduced throughput occurs because a wireless user that is attempting to transmit data defers delays transmission if another station is transmitting In a network with many users and much traffic these delayed transmissions can severely affect performance because wireless users may defer several times before the channel
72. at profile to e Map VLAN 10 to an AP port using the Network gt VLANs page e Set VLAN 10 as the egress network for a VSC using the VSC gt Profiles page To define a new network profile l Select Network Network profiles Name WLAN ID Delete Add New Profile 2 Select Add New Profile Add Edit network profile Settings Name vean ip 1 Cancel Save 3 Configure profile settings as follows e Under Settings specify a Name for the profile e Optionally assign a VLAN ID Select VLAN ID and then specify a number You can also define a range of VLANs in the form X Y where X and Y can be 1 to 4094 For example 50 60 An IP address cannot be assigned to a VLAN range You can define more than one VLAN range by using multiple profiles Each range must be distinct and contiguous 4 Select Save Configuring IP interfaces The IP interfaces page lists all network profiles to which an IPv4 address is assigned To open the IP interfaces page select Network IP interfaces IPv4 interfaces Interface IP address Mask Allocation method Delete Bridge interface 192 168 1 1 205 29090 22542 0 NONE bud Add Mew Interface The Bridge interface is created by default It can be edited but not deleted It is mapped to the wireless port and all Ethernet port s on the AP These ports are bridged and share the same IP address Network configuration To assign an IP address to a new interface Any network
73. ave 2 Under Reset button select Disabled 3 Select Save Once this is done pressing the reset button on the AP will have no effect a i during a briet time period after the AP is powered on During this brief period the reset button functions as normal 130 Resetting to factory defaults C Connecting external antennas Introduction A CAUTION This appendix provides mandatory radio power level settings that must be configured to ensure that your device complies with regulatory requirements in your region Depending on the country of use the antenna selected and your radio settings it may be mandatory to reduce the radio transmission power level to maintain regulatory compliance For specific power limits for your country consult the Antenna Power Level Setting Guide for MSM Products available from www hp com support manuals This appendix applies to you if you use any of the HP antennas discussed in this appendix with HP MSM access points Guides for the antennas discussed in this appendix are available online from www hp com support manuals Search by product number or name 802 11n MIMO antennas for the MSM466 and MSM466 R These 802 11n MIMO antennas are certified only for use with the MSM466 and MSM466 R Access Points NNNM CNN C NN 196598 Omnidrecionol 24 5GHr 15 548 vo J9169A Narrow Beam 2 4 5 GHz 8 10 7 dBi Outdoor Sector A _ Antennas J9169A and J9170A In the European Community these antennas can
74. becomes available If a wireless user is forced to delay transmission too many times data can be lost Delays and lost transmissions can severely reduce throughput on a network To view this information about your network select Status Wireless For recommendations on using this information to diagnose wireless problems see the online help for this page The following example shows two overlapping wireless cells operating on the same channel frequency Since both APs are within range of each other the number of deferred transmissions can be large Gell 1 Cell 2 Channel 1 Channel 1 The solution to this problem is to configure the two AP to operate on different channels Unfortunately in the 2 4 GHz band adjacent channels overlap So even though APs are operating on different channels interference can still our This is not an issue in the 5 GHz band as all channels are non overlapping Selecting channels in the 2 4 GHz band In the 2 4 GHz band the center frequency of each channel is spaced 5 MHz apart except for channel 14 Each 802 11 channel uses 20 MHz of bandwidth 10 MHz above and 10 MHz 32 Wireless configuration below the center frequency which means that adjacent channels overlap and interfere with each other as follows Tes p E E 9 9 g e a usm o wu o me 7 ma bes Mo w o To avoid interference APs in the same area must use channels that are separated by at least 25 MHz 5 channels F
75. bridged onto ports 1 and 2 if available e VLAN All traffic on port 1 or 2 if available can be assigned to a VLAN AP deployed with a controller Ingress Features The AP only handles wireless traftic The SSID is the name of the wireless network that the user associates with e Authentication Authentication can either 802 1X or MAC To validate user credentials the AP makes use of the controller For more information see the chapter on User authentication in the MSM7xx Controllers Configuration Guide e Wireless security filters Enables the AP to block traffic unless it is addressed to a specitic device like the controller For more information see Wireless security filters page 72 VSC data flow 79 Egress e MAC filter Enables the AP to only allow wireless to wired LAN traffic for specific wireless user MAC addresses For more information see MAC filter page 78 e IP filter Enables the AP to only allow wireless to wired LAN traffic for specific wireless user IP addresses For more information see IP filter page 78 e Bridge onto port 1 2 User and authentication traffic is bridged onto ports 1 and 2 if available e VLAN All traffic on port 1 or 2 if available can be assigned to a VLAN VSC on controller For more information on controller configuration see the MSM7xx Controllers Configuration Guide Ingress e SSID LAN port SSID is retrieved using the location ware function clien
76. ce regardless of the priority mechanism supported by associated client stations For example if you set VSC based low priority then all devices that connect to the VSC have their traffic set at this priority including SVP clients Queue VSC based priority value VSC based Very High rmm VSC based Normal VSC based Low Quality of service 81 DiffServ Differentiated Services TOS IP QoS This mechanism classifies traffic based on the value of the Differentiated Services DS codepoint field in IPv4 and IPv6 packet headers as defined in RFC2474 The codepoint is composed of the six most significant bits of the DS field LT NE DiffServ DS codepoint value 111000 Network control 110000 Internetwork control 101000 Critical 100000 Flash m 011000 Flash scene Routine 4 010000 Immediate 001000 Priority This mechanism classifies traffic based on value of the TOS Type of Service field in an IP packet header o Queue TOS Type of Service field value 0x30 OxEO 0x88 0xB8 All other TOS traffic This option lets you assign traffic to the queues based on the criteria in one or more IP QoS profiles Each profile lets you target traffic on specific ports or using specific protocols Disabled When QoS traffic prioritization is disabled all traffic is sent to queue 3 IP QoS profiles This option is only available if you set the Priority mechanism to IP QoS Select the IP QoS
77. ce your links must span Local mesh link types Two types of local mesh links are supported static and dynamic Static local mesh links Static local mesh links can be used to create a fixed wireless connection between two APs creating a wireless bridge between the networks connected to the two APs For example in the following scenario a static wireless link is created between AP 1 and AP 2 Each AP is connected to a separate physical network but both networks are on the same IP subnet 192 168 5 0 Traffic is bridged across the wireless link allowing User A to communicate with User B 110 Local mesh Network 1 192 168 10 0 Network 2 192 168 10 0 Terminology The following terms are used in this guide when discussing the static local mesh feature Local The AP that you are currently configuring to support a static link The AP that to which the static link will connect The wireless connection between a local and remote AP Configuration guidelines The following guidelines apply when you create a static local mesh link between two or more APs e All radios used to establish the link must be set to the same operating frequency and channel This means that on the Wireless Radio page under Channel you cannot select Automatic e All APs must be on the same subnet and each AP must have a unique IP address e f AES CCMP security is enabled the same key must be defined on all APs e Only one stat
78. cess e SNMP access e SOAP access Defining a VLAN on a port Define a VLAN on AP port as follows 1 Define a network profile with the required VLAN as described under To define a new network profile page 14 This example uses a new network profile called Guest assigned to VLAN 100 2 Select Network gt VLANs Number of matching VLANs 1 Show all VLANs Filter VLANs by Network profile v Select the action to apply to the selected network profiles Select an Action Network profile VLAN ID Location Tagged Untagged 7 Guest 100 None 3 Select the network profile you defined in step 1 Guest This opens the Add Edit VLAN mapping page Add Edit VLAN mapping Selected network profiles Map to Hetwork profile VLAN ID Port nd id Pol o 4 Under Map to select the port to which the VLAN will be bound 5 Select Save Defining a VLAN on a port 89 Defining an egress VLAN for a VSC You can map egress traffic on each VSC to its own VLAN Wireless clients that connect to a VSC with VLAN support are bridged to the appropriate VLAN Address allocation and security measures are the responsibility of the target network to which the VLAN connects NOTE You cannot assign the same VLAN ID to the default VLAN and to a VLAN that is mapped to a VSC egress l Select Network VSC Select an existing VSC to edit it or select Add New VSC Profile 2 Under Egress VLAN select a VLAN
79. channels permitted by the regulatory domain Transmission of probes is not allowed on DFS channels so no probes are sent on DFS channels even when this option is selected Bands to scan Not configurable in Monitor mode The All bands option is automatically used Radio configuration 49 Not supported on the HP 560 e All bands Scan both 802 11 bands 2 4 GHz and 5 GHz e Operating band only Scan only the band in which the radio is currently operating Recommended settings for single radio APs e With IDS disabled select Operating band only e With IDS enabled select All bands Recommended settings for dual radio APs e With IDS disabled contigure both radios for Operating band only e With IDS enabled contigure the 2 4 GHz radio for Operating band only with a small scan ratio and configure the 5 GHz radio for All bands with a larger scan ratio The 2 4 GHz band is probably much busier than the 5 GHz band so IDS scanning using the 5 GHz radio has a reduced performance impact Channels to scan e All channels Scan all channels supported by the current operating mode e Regulatory channels only Scan only channels supported by the current regulatory domain country e Non excluded channels only When enabled the AP will not scan any channels in the Automatic channel exclusion list Neighbor detection time Estimated time in seconds to detect a neighbor Wireless neighborhood You can use the wireless neighbor
80. configuration page for the MSM460 Configuration settings are the same on other products 36 Wireless configuration Radios configuration Radio1 7 Radio 2 Regulatory Regulatory UNITED STATES onan UNITED STATES domain Operating mode Access point only hd Operating mode Monitor hd Wireless mode 802 11n a b GHz Wireless mode 802 11n b g 2 4 GHz Channel width Auto 20 40 MHz Channel width Auto 20 40 MHz ki Channel Automatic Channel Above the beacon 1 extension Interval Time of Day Channel Automatic Time of day 01 hh 00 mm C Neighborhood scanning Currently Channel 1 2 412GHz toan ha na Channel 1 2 412GHz Pu M fs exclusion list Channel 2 2417GHz Scanning mode Passive Channel 3 2 422GHz Channels to scan All channels Max clients 755 7 Advanced wireless settings Client restriction Disabled d Collect statistics for wireless clients E Tx beamforming E RTS threshold bytes Spectralink VIEW Severe interference detection mitigation Tx protection CTS to self Guard interval Short Distance Large Beacon interval 100 time units TU Multicast Tx rate 60 Mb s Traffic shaping Disabled r Transmit power control Maximum output power 27 dBm EIRP 7j Use maximum power Set power to dBm which is 1 Di of max power E Automatic power control Interval 1 hour T Cl Neighborhood scanning
81. d Channel width is Auto 20 40 MHz the Channel extension parameter value affects which channels are shown in the Channel list Although HP recommends that you use the 5 GHz band for all 802 1I n activity if you insist upon using 802 11n and a 40 MHz Channel width in the crowded 2 4 GHz band it is best to select channels as follows according to the number of 2 4 GHz channels available in your region Available 2 4 GHz channels Channel width Recommended non overlapping channels 1 to 13 20 MHz Ld 1 to 13 40 MHz 1 13 If both are used there will be some performance degradation to 1 20 MHz 1 6 1 lto ll 40 MHz 1 11 If both are used there will be some performance degradation Interval Not available in Monitor or Sensor modes or when the system wide auto channel feature is enabled When the Automatic option is selected for Channel this parameter determines how often the AP re evaluates the channel setting Select Time of day to have the channel setting re evaluated at a specitic time of day e Select Time of day to have the channel setting re evaluated at a specific time of day Note that to prevent all APs from re evaluating their channel at the same time a random delay between O and 2 hours is added to the time of day for each AP If the Interval parameter is set to any value other than Time of day and a wireless client is associated with the radio automatic channel selection is delayed The AP will retry at one minute in
82. dvertising 80 Working with VSCs The QoS feature defines four traffic queues based on the Wi Fi Multimedia WWMM access categories In order of priority these queues are Que WMM access category Typically used for Voice traffic Video traffic Best effort data traffic Background data traffic Outgoing wireless traffic on the VSC is assigned to a queue based on the selected priority mechanism Traffic delivery is based on strict priority per the WMM standard Therefore if excessive traffic is present on queues 1 or 2 it will reduce the flow of traffic on queue 3 and queue 4 Regardless of the priority mechanism that is selected e Traffic that cannot be classified by a priority mechanism is assigned to queue 3 e SVP SpectraLink Voice Protocol traffic is always assigned to queue 1 except if you select the VSC based priority mechanism in which case SVP traffic is assigned to the configured queue Priority mechanisms Priority mechanisms are used to classify traffic on the VSC and assign it to the appropriate queue The following mechanisms are available 802 1 p This mechanism classifies traffic based on the value of the VLAN priority field present within the VLAN header Queue 802 1p VLAN priority field value VSC based priority This mechanism is unique to HP It enables you to assign a single priority level to all traffic on a VSC If you enable the VSC based priority mechanism it takes preceden
83. e set Priority mechanism to IP QoS In IP QoS profiles Ctrl click each profile 4 Select Save a 28 Network configuration Customizing DiffServ DSCP mappings These settings do not apply to IP QoS You can create custom DSCP mappings that let you override the standard DSCP mappings that are defined by default when you enable DiffServ as the QoS priority mechanism for a VSC or for local mesh links This enables you to customize how traffic is assigned to the QoS priority queues To view and configure DSCP mappings select Network gt IP QoS Initially no mappings are defined DSCP tag Priority Delete Background Add DSCP tag DSCP codepoint value Priority Indicates the priority level assigned to traffic that matches the DSCP tag e Background Assigns the traffic to queue 4 Lowest priority e Best effort Assigns the traffic to queue 3 e Video Assigns the traffic to queue 2 e Voice Assigns the traffic to queue 1 Highest priority To create a new mapping Specify a value for DSCP tag select a Priority and then select Add DSCP tag Priority Delete i2 Background it 55 Best Effot Add 802 1X supplicant The 802 1X supplicant can be used when the AP is connected to a secure switch port that requires 802 1X authentication To configure the 802 1X supplicant select Network gt 802 1X supplicant 5upplicant EAP Method PEAP version Username Password Confirm password
84. e radio HP APs are smart APs and do not forward broadcast packets when no client stations are connected Therefore the RF sensor function will not be able to detect these APs unless they have at least one connected wireless client station This feature requires that the appropriate license is installed on the AP See The following table shows the operating modes supported for each product wo 1 7 7 y v7 J x msm ow v7 J v J v J x MSM43O p e a MSM460 ME MSM466 R HP 560 The following table shows all radio parameters that are configurable for each operating mode Parameter Access point and Access point only Local mesh only Local mesh Regulatory domain page 37 Wireless mode page 39 a oo 7 x Channel wiih page 41 Loop r Channel extension page 41 Channel page 41 Interval page 43 Time of day page 43 38 Wireless configuration Automatic channel v v v x x exclusion list page 43 44 S Antenna gain page 44 Max clients page 44 Client restriction page 45 Collect statistics for wireless clients page 45 Tx beamforming page 45 RTS threshold page 45 Spectralink VIEW page 46 Severe interference detection mitigation page 46 Tx protection page 46 Guard interval page 46 Maximum range ack timeout page 47 Distance between APs
85. e to lose access to the AP if you add the wrong IP address or address range to the list Make sure that the IP address or address range you add matches that of your computer If you lose access you will need to reset the AP to its factory default settings as described in the installation guide Configuring management tool security Tl Configuring the Login page message You can customize the message that is displayed at the top of the login page by selecting Management gt Management tool and entering a new message under Login message Login message Login message Authorized access only This system is property of COMPANY NAME E Im Configuring Auto refresh Select Management gt Management tool and configure the settings under Auto Refresh This option controls how often the AP updates the information in group boxes that show the auto refresh icon in their title bar Under Interval specify the number of seconds between refreshes Auto Refresh Interval seconds Setting the system time 12 Select Management System time to open the System time page This page enables you to configure the time server and time zone information Set timezone i Set date amp time manually GMT 05 00 Eastern US v 009 jot phe jos khs YYYY mr dd hh mm hk mm zz Automatically adjust clock for daylight savings time changes Default D5T rule Daylight saving time begins the first Sunday on or
86. e to receive multicast traffic APs transmit a beacon every 100 ms The DTIM counts down with each beacon that is sent Therefore if the DTIM is set to 5 then client stations in low power mode will wake up every 500 ms 5 second to receive multicast traffic Transmit receive on Select the radio on which this VSC will transmit and receive Broadcast name SSID When this option is enabled APs will broadcast the wireless network name SSID to all client stations Most wireless adapter cards have a setting that enables them to automatically discover APs that broadcast their names and connect to the one with the strongest signal If you disable this option client stations will have to specify the network name you enter for Name SSID when they connect Advertise Tx power Not supported on MSM410 MSM430 MSM460 MSM466 MSM466 R HP 560 When this option is enabled APs broadcast their current transmit power setting in the wireless beacon It also enables support for 802 11h and 802 11 d Broadcast filtering Use this option to conserve wireless bandwidth by filtering out non essential broadcast trattic When broadcast filtering is enabled e DHCP broadcast requests are never forwarded on the wireless port e DHCP broadcast offers are never forwarded on the wireless port unless the target of the offer is an associated client on the wireless interface e ARP broadcast requests are never forwarded out the wireless port unless the targe
87. eam links with other nodes Node discovery Discovery of another node to link with is limited to nodes with the same mesh ID The link is established with the node that has the best score based on the following calculation Score SNR Number of hops x SNR cost of each hop It a node loses its upstream link it automatically discovers and connects to another available node When an AP is attempting to establish a local mesh link the radio status light on its chassis will blink Once the local mesh link is established the radio status light will return to its normal operation Operating channel If a mesh operates on a dynamic frequency selection DFS channel the master node selects the operating channel If another node detects radar and switches channels that node reports the channel switch to the master node which initiates a channel switch for the nodes connected to it This allows the local mesh to converge on a specific channel A node that uses a DFS channel and that loses connection with its master scans channels to find a master on another channel which can be a new master or the same master If the local mesh does not operate on a DFS channel configure the radios in one of the following ways e Configure the radios on all nodes to use the same fixed channel e Configure the radios for automatic channel selection In this case the master selects the least noisy channel Slaves and alternate masters scan channels until t
88. ed on all the channels in the currently selected Operating mode even though the channel is only re evaluated each time the channel selection interval expires If the interval is set to Disabled continuous scanning is not performed Continuous scanning can cause interruptions to voice calls On dual radio APs you can avoid interruptions by setting one radio to operate in monitor mode For example if radio 1 is set to automatic channel scanning and radio 2 is in monitor mode scanning occurs on radio 2 and interruptions on radio 1 do not occur Background scanning Supported on MMSM41O and MSM422 For any other radio configuration scanning is controlled by the settings on the Network gt Wireless neighborhood page To enable scanning select the Repeat scanning every xx seconds checkbox and set a value Scanning is performed for all the channels in the currently selected radio Operating mode One channel is scanned during each scan interval By default the scan interval is set to 600 seconds This is done to minimize the impact on radio throughput Use this method to continuously view APs operating in your area while minimizing the effect on throughput NOTE Scanning is temporarily disabled when a trace is active Tools Network trace page To obtain the best possible wireless performance such as needed for voice applications scanning should be disabled When a radio is configured to support automatic channel selection backgrou
89. el or Automatic with interval set to Disabled Automatic power control is disabled under Transmit power control On the Wireless gt Neighborhood page do not enable the Repeat scan every nnn seconds option Notes on 802 1lac n 802 11n supports legacy rates 1 to 54 as well as high throughput HT rates MCS O to MCS 23 You must always enable at least one legacy rate for 802 11 n 802 1lac supports legacy rates 6 to 54 as well as high throughput HT rates MCS O to MSC 23 and very high throughput VHT rates MCS O to MSC 9 The supported VHT rates are configurable depending on the number of spacial streams Nss 1 2 or 3 VHT MCS 9 is not supported for Nss 1 or 2 when using the 20 MHz channel width VHT MCS 6 is not supported for Nss 3 when using the 80 MHz channel width Note regarding the MSM430 MSM460 MSM466 and MSM466 R On these products the wireless rates shown for 802 11n apply to all wireless modes supported on both radios which are 802 11 a b g n If you remove a rate it is removed for all wireless modes Egress VLAN Sets the VLAN to which this profile forwards traftic If you do not select a VLAN traffic is sent untagged VLANs can also be assigned using other methods some of which may override the Egress VLAN See Working with VLANs page 89 for details Egress VLAN Wireless security filters APs feature an intelligent bridge that can apply security filters to safeguard the flow of wireless
90. eld to generate the keys that encrypt the wireless data stream Specify a key that is between 8 and 63 ASCII characters in length HP recommends that the key be at least 20 characters long and be a mix of letters and numbers Policy manager The policy manager controls global configuration settings that apply to all nodes that are part of the local mesh For proper operation you should configure only one node as the policy manager Setting more than one node as the policy manager will prevent policies from being properly implemented Although the policy manager can be any node it is strongly recommended that you make the master node the policy manager When the local mesh is established all nodes search for the policy manager and report to it Enforce node limit This policy lets you limit the total number of nodes that can make up a local mesh When the node limit is reached additional nodes will not be able to join the local mesh This policy is primarily intended to be used in train applications to prevent unwanted connections from neighboring train cars For example if there are eight cars in a train and two APs in each car except for the first one there are a total of 15 APs in the train By setting the node limit policy to 15 nodes when the 15 nodes in the train s local mesh are connected together then no more nodes will be allowed to join the mesh Addressing Static Use this option to create simple back to back links bet
91. ence between APs An automatic power control feature is available to address this challenge See Transmit power control page 48 Antenna configuration Antennas play a large role in determining the shape of the wireless cell and transmission distance See the specifications for the antennas you use to determine how they affect wireless coverage Interference Interference is caused by other APs or devices that operate in the same frequency band as the AP and can substantially affect throughput Advanced wireless configuration features are available to automatically eliminate this problem See Radio configuration page 36 In addition the several tools are available to diagnose interference problems as they occur e Select Wireless gt Overview to view information about each connected wireless client e Select Wireless gt Neighborhood to view a list of wireless radios operating nearby e Enable the Severe interface detection mitigation feature on the Radio configuration page to automatically switch channels when interference is detected See Severe interference detection mitigation page 46 A CAUTION APs that operate in the 2 4 GHz band may experience interference from 2 4 GHz cordless phones and microwave ovens Physical characteristics of the location To maximize coverage of a wireless cell wireless APs are best installed in an open area with as few obstructions as possible Try to choose a location that is central to the
92. ent CAs The AP uses these certificates to validate certificates supplied by e Managers or operators accessing the AP s management tool e SOAP clients communicating with the AP s SOAP server The following information is presented for each certificate in the list e Status light Indicates the certificate state o Green Certificate is valid o Yellow Certificate will expire soon o Red Certificate has expired e D A sequentially assigned number to help identify certificates with the same common name e ssued to Name of the certificate holder Select the name to view the contents of the certificate e Issued by Name of the CA that issued the certificate e Current usage Lists the services that are currently using this certificate e Start Expiration date Indicates the period during which the certificate is valid e CRL Indicates if a certificate revocation list is bound to the certificate An X 509 certificate revocation list is a document produced by a certificate authority CA that provides a list of serial numbers of certificate that have been signed by the CA but that should be rejected e _ Delete Select to remove the certificate from the certificate store 102 Security Installing a new CA certificate l Specify the name of the certificate file or select Browse to choose from a list CA certificates must be in X 509 or PKCS Z7 format 2 Select Install to install a new CA certificate CA certificate im
93. ent station Authorized e Yes Client station has the right to transmit receive traffic e No Indicates that the client station can only transmit receive 802 1X packets e Filtered Indicates that traffic is blocked by a MAC filter Authentication Indicates how the station was authenticated 802 1X and or MAC If a station successfully authenticates with both 802 1 X and MAC only the 802 1X indication is shown Association time Indicates how long the client station has been associated with the AP Signal Indicates the strength of the radio signal received from client stations Signal strength is expressed in decibel milliwatt dBm The higher the number the stronger the signal Noise Indicates how much background noise exists in the signal path between client stations and the AP Noise is expressed in decibel milliwatt dBm The lower more negative the value the weaker the noise Viewing wireless information 53 SNR Indicates the relative strength of the client station radio signals versus the radio interference noise in the radio signal path In most environments SNR is a good indicator for the quality of the radio link between the client stations and the AP A higher SNR value means a better quality radio link PMF Indicates if 802 11 w support protected management frames is enabled Only supported on the HP 560 Action Select Disassociate to disconnect a wireless client Viewing wireless client data rates To view in
94. eout expires Operator access to the management tool is blocked if a manager is logged in An active manager session cannot be terminated by the login of an operator e s blocked until the current operator logs out When enabled access to the management tool is blocked until an existing operator logs out or is automatically logged out due to an idle session e Login control If login to the management tool fails five times in a row bad username and or password login privileges are blocked for five minutes Once five minutes expires login privileges are once again enabled However if the next login attempt fails privileges are again suspended for five minutes This cycle continues until a valid login occurs You can configure the number of failures and the timeout e Account inactivity logout By default if a connection to the management tool remains idle for more than ten minutes the controller automatically terminates the session You can configure the timeout NOTE An operator session is always terminated if a manager logs in An active operator session cannot block a manager from logging in Administrative user authentication Login credentials can be verified using local account settings and or an external RADIUS sever This also affects how many accounts you can have e Local Select this option to use a single manager and operator account Configure the settings for these accounts under Manager account and Operator acco
95. er e An SNMP notification is sent if the configuration file or firmware fails to load After loading new firmware or a new configuration file the node waits 30 seconds before restarting if a downstream link was established with another node in promiscuous mode This provides downstream nodes with additional time during which to download new firmware and configuration files thus improving the total convergence time of the entire network Preserve master link across reboots Alternate master or slave nodes When enabled the address of the current master to which the node is connected is saved so that if the node restarts it will reconnect to the same master bypassing the initial discovery period Local mesh Allow forced links Alternate Master Slave only When enabled the node will accept any connection forced from a master and it will change its mesh ID in order to use the master mesh ID A link is forced from the master by using the force link button next to the slave s entry in the local mesh scan A link can be forced to a slave alternate master in a different mesh This will cause the slave to save the new mesh ID and use it from that point onward Search for better link on minimum SNR Alternate Master Slave only When enabled if the current SNR on the link drops below the value set for Minimum SNR the node will search for a connection to another master with a better SNR Restart Discovery Alternate master or slave nodes
96. establishes the AP as a legitimate user of the certificate Number of associated CAs Number of CA certificates used by the service Changing the certificate assigned to a service Select the service name to open the Certificate details page For example if you select Web Management Tool you will see Service Authentication to the peer Service Web Management Tool Local certificate 1 wireless hp internal Peer authentication Peer authentication is not possible with this service Save Under Authentication to the peer select a new Local certificate and then select Save Managing certificates 105 About certificate warnings When you connect the management tool certificate warnings occur because the default certificate installed on the AP is not registered with a certificate authority It is a self signed certificate that is attached to the default IP address 192 168 1 1 for the AP To continue to work with the management tool without installing a certificate select the option that allows you to continue to the Website To eliminate these warnings you can do one of the following e Obtain a registered X 509 SSL certificate from a recognized certificate authority and install it on the AP This is the best solution since it ensures that your certificate can be validated by any web browser A number of companies offer this service for a nominal charge These include Thawte Verisign and Entrust e Become a p
97. etermine the optimal power setting within the defined power limits i e up to the specified percentage dBm value Interval Specily the interval at which the Automatic power control feature adjusts the optimal power setting Neighborhood scanning Supported on MSM410 HP 425 MSM430 MSM460 MSM466 MSM466 R HP 560 Not configurable when Operating mode is set to Access point and Local mesh or Local mesh only Scan ratio Not configurable when Operating mode is set to Monitor The percentage of time the radio will spend scanning channels other than the operating channel Dwell time The amount of time in milliseconds that a radio remains on a channel while performing channel scanning The default value is 30 milliseconds Set a value between 10 and 32 milliseconds when Operating mode is set to Access point only Use a value of 30 milliseconds on the MSM410 Set a value between 10 and 1000 milliseconds when Operating mode is set to Monitor Scanning mode e Passive The AP listens to the channel to detect wireless traffic but does not transmit any probes The AP will receive beacon frames and probe response frames and use them to identify neighbors When IDS is enabled other frames are also received and sent to the IDS system for analysis The key point is that no frames are transmitted This is the default setting e Active The AP uses probe request frames to speed up neighbor detection Active scanning only occurs on
98. f addresses 78 Working with VSCs Examples To only allow traffic addressed to a gateway at the address 192 168 130 1 define the filter as follows e Address 192 168 1301 e Mask 255 255 255 255 To only allow trattic addressed to the network 192 168 130 0 define the filter as follows e Address 192 168 130 0 e Mask 255 255 255 0 VSC data flow Stand alone deployment VSC on autonomous AP Ingress The AP only handles wireless traftic The SSID is the name of the wireless network with which the user associates Features e Authentication Authentication can be either 802 1X or MAC To validate user credentials the AP makes use of an external RADIUS server which can be the controller or a third party device For more information see Stand alone deployment page 79 e Wireless security filters Enables the AP to block traffic unless it is addressed to a specific device like the controller For more information see Wireless security filters page 72 e MAC filter Enables the AP to only allow wireless to wired LAN traffic for specific wireless user MAC addresses For more information see MAC filter page 78 e IP filter Enables the AP to only allow wireless to wired LAN traffic for specific wireless user IP addresses For more information see IP filter page 78 Egress e Bridge onto port 1 2 Unless a centralized mode tunnel has been established user and authentication trattic is
99. face Destination Mask Gateway Metric Delete Bridge port 192 168 1 0 255 255 255 0 0 pg m Interface Gateway Metric Delete Active routes This table shows all active routes on the AP You can add routes by specitying the appropriate parameters and then selecting Add The routing table is dynamic and is updated as needed This means that during normal operation the AP adds routes to the table as required You cannot delete these system routes The following information is shown for each active route e Interface The port through which traffic is routed When you add a route the AP automatically determines the interface to be used based on the Gateway address e Destination Traffic addressed to this IP address or subnet is routed e Mask Number of bits in the destination address that are checked for a match Defining IP routes 25 Gateway IP address of the gateway to which the AP forwards routed traffic known as the next hop An asterisk is used by system routes to indicate a directly connected network Metric Priority of a route If two routes exist for a destination address the AP chooses the one with the lower metric Delete Select the garbage can icon to delete a route If the icon has a red line through it then the route cannot be deleted Default routes The Default routes table shows all default routes on the AP Default routes are used when traffic does not match any route in the Active routes table You
100. feature to support roaming across different subnets configuration of the wireless security filters must respect the following guidelines so as not to interfere with roaming functionality e The Restrict wireless traffic to Access point default gateway option is not supported e The Restrict wireless traffic to MAC or Custom options can be used provided that they restrict traffic to destinations that are reachable from all subnets in the mobile domain Wireless protection Three types of wireless protection are offered WPA 802 1X and WEP WPA This option enables support for users with WPA WPAQ2 client software 7 4 Working with VSCs Mode Support is provided for e WPA TKIP Not supported on the HP 560 WPA with TKIP encryption When you enable this option the VSC can only support legacy a b g traffic All 802 11 n features on a radio are disabled for this VSC e WPA2 AES CCMP WPA2 802 11i with AES CCMP encryption e WPA or WPA2 Mixed mode supports both WPA version 1 and WPA2 version 2 at the same time Some legacy WPA clients may not work if this mode is selected This mode is slightly less secure than using WPA2 AES CCMP option Note On radios that have Client restriction set to 802 T1n only or 802 Tlac only WPA2 is always used instead of WPA Authentication must occur via an external device unless preshared keys are used If Use HP MSM controller is enabled under General this must be an HP MSM Co
101. figuring a local mesh profile Select Wireless gt Local mesh Local mesh profiles Enabled Name Encryption Dynamic Remote MAC address Yes Local mesh groupi NOME Yes N A Yes Local mesh group 2 NONE No 00 03 52 00 00 02 Add New Profile Global settings Quality of Service Disabled mechanism lt No IP QoS profiles defined IP QoS profiles To configure a profile select its name in the list The Local mesh profile page opens Local mesh profile Enabled 8 Disabled Q8 Static Remote MAC address 0 03 52 00 00 00 Name Localmesh profile eae Re e eee Use Radiol e 2 Dynamic Mode Master Speed Auto Mesh ID AES CCMP 5ecurity Allowed downtime 10 seconds Maximum links 9 Key Update mesh ID from server Confirm key Policy manager Enforce node limit amp nodes Local mesh neighborhood Serial MAC address Mesh ID Radio Chan Mode Awl Encr Signal Noise SNR Settings Enabled Disabled Specify if the profile is enabled or disabled The profile is only active when enabled 116 Local mesh Name Name of the profile Use Select the interface to use for this link Speed Static links only Sets the speed the link will operate at For load balancing you may want to limit the speed of a link when connecting to multiple destinations AES CCMP Enables AES with CCMP encryption to secure traffic on the wireless link The node uses the key you specily in the Key fi
102. formance for 802 11 n clients in the presence of 802 11g or 802 11a legacy clients or APs No protection frames CTS to self or RTS CTS are sent at the MAC layer by the AP PHY based protection remains active which alerts legacy clients to stay off the air while the AP is transmitting data to 802 11n clients This method of protection is supported by most 802 11g or 802 11a clients but is not supported for 802 11 b only clients and should not be used if such clients are expected on the network Guard interval Supported on MSM410 MSM422 radio 1 MSM430 MSM460 MSM466 MSM466 R HP 560 Not available in Monitor or Sensor modes This parameter is only configurable when Wireless mode is set to support an 802 11n option 46 Wireless configuration On the MSM410 and MSM422 Guard interval is automatically set to Long when Channel width is set to 20 MHz To enhance performance in 802 11 n modes the guard interval can be reduced from its default of 800 nanoseconds to 400 The guard interval is the intersymbol time period that is used to prevent symbol interference when multiple data streams are used MIMO However symbol interference reduces the effective SNR of the link so reducing the guard interval may not improve performance under all conditions The following settings are available e Short Sets the guard interval to 400 nanoseconds which can provide improved throughput up to 10 in some environments The AP remains compat
103. formation on all wireless client stations currently connected to the AP select Status gt Client data rate matrix High throughput rate traffic Receive Transmit MCS Radio Client MAC 0 i1 2 3 45 amp 7 BH 98 10 331 12 Y3 4 15 16 17 1B 18 20 Zi 22 3 1 OO 16 EA 8F 00 26 B 1 00 243 D7 43 D6 44 2 D4 85 64 88 C7 8F i ji TT LLL aas elna B m gH Legacy rate traffic Receive Transmit Radio Client MAC 1 2 55 121 6 9 C 1B H E dB WH 1 2 55 H amp 9 C IH H Oe dH 54 1 00 16 EA 8F 00 26 Z E 1 00 24 D7 43 D6 44 B Ea 2 D4 85 64 88 C7 8F This page shows the volume of traffic sent and received at each data rate for each client station Headings in bold indicate the data rates that are currently active for the wireless mode being used Supported wireless rates depend on the AP model Legacy rate traffic Displays information for users connected via any 802 11a b g mode The size of the bar indicates the amount of traffic sent or received at each rate High throughput HT rate traffic Displays information for users connected via any 802 11 n mode Rates are shown for each supported MCS modulation coding scheme The size of the bar indicates the amount of traffic sent or received at each MCS Data rates in Mbps MCS Channel width Guard interval 20 MHz 800 ns 20 MHz 400 ns 40 MHz 800 ns 40 MHz 400 ns 19 50 21 70 40 50 45 00 54 Wireless configuration Data rates in Mbps MCS Channel width Guard interval e
104. hat three antennas are used to transmit and three antennas are used to receive For point to point local mesh links on Radio 1 install two directional antennas on connectors A and B Installing a third directional antenna on connector C will increase performance only when receiving Radio 2 Radio 2 features two internal antennas in the upper flap supporting 802 11a b g These antennas have a single connector D for the installation of an optional external antenna Radio 2 provides support for diversity only on its two internal antennas Diversity is not supported when using an external antenna Antenna gain Supported on MSM466 MSM466 R Not available in Monitor or Sensor modes For optimum performance this parameter must be set to the gain of the antenna Max clients Not available in Monitor or Sensor modes 44 Wireless configuration Specify the maximum number of wireless client stations that can be supported on this radio across all VSCs Advanced wireless settings Client restriction Only available when Wireless mode supports 802 11ac or 802 11n Use this option to restrict access to the wireless network to specific types of wireless clients e 802 IIn only Only wireless clients supporting 802 11 n can connect This prevents 802 11 a b g client stations from accessing the wireless network e 802 llac only Only wireless clients supporting 802 11ac can connect HP 560 e 802 1lac or 802 11n only Only wire
105. he Security gt RADIUS page for the profile being used NAS Port 32 bit unsigned integer A virtual port number starting at 1 Assigned by the AP NAS Port Type 32 bit unsigned integer Always set to 19 which represents WIRELESS 802 1l User Name string The RADIUS username provided by the 802 1X client Vendor specific Colubris AVPair SSID SSID that the customer is associated with The HP Colubris AVPair attribute conforms to RADIUS RFC 2865 You may need to define this attribute on your RADIUS server if it is not already present using the following values SMI network management private enterprise code 8744 o Vendorspecific attribute type number O Attribute type A string in the following format lt keyword gt lt value gt Configuring administrative accounts on a RADIUS server This section presents all RADIUS attributes that are supported for administrator manager operator accounts NOTE Only Access Request packets are supported for administrative accounts Access Accept Access Reject Access Challenge Accounting Request and Accounting Response requests are not supported Access Request attributes The following are supported Access Request RADIUS attributes User Name string The username assigned to the user or a device when using MAC authentication NAS Identifier string The NAS ID set on the Security RADIUS page for the profile being used 100 Authentication services Serv
106. he internal RADIUS server You should replace this with your own CA certificate NOTE For security reasons you should replace the default certificates with your own Certificate and private key store This list displays all certificates installed on the AP The AP uses these certificates and private keys to authenticate itself to peers Items provided in this list are as follows Managing certificates 103 Status indicator Indicates the certificate state e Green Certificate is valid e Yellow Certificate will expire soon e Red Certificate has expired ID A sequentially assigned number to help identify certificates with the same common name Issued to Name of the certificate holder Select the name to view the contents of the certificate Issued by Name of the CA that issued the certificate Current usage Lists the services that are currently using this certificate Start Expiration date Indicates the period during which the certificate is valid Delete Select to remove the certificate from the certificate store Installing a new private key public key certificate chain pair NOTE RADIUS EAP certificates must have the X 509 extensions Information about this is available in the Microsoft knowledgebase at http support microsott com kb 814394 en us The certificate you install must e Bein PKCS 12 format e Contain a private key a password controls access to the private key e Not have a name that is an I
107. hen receiving traffic from a MAC client the AP starts a new authentication cycle automatically and the client does not need to re associate e Tunnel Medium Type Used only when assigning a specific VLAN number to a customer In this case it must be set to 802 e Tunnel Private Group ID Used only when assigning a specific VLAN number to a customer In this case it must be set to the VLAN ID e Tunnel Type Used only when assigning a specific VLAN number to a customer In this case it must be set to VLAN e Vendor specific Microsoft MS MPPE Recv Key As defined by RFC 3078 o MS MPPE Send Key As defined by RFC 3078 Access Reject attributes Access Reject RADIUS attributes are not supported Access Challenge attributes This table lists all attributes supported in Access Challenge packets for each authentication type Descriptions e EAP Message string As defined in RFC 2869 e Message Authenticator string As defined in RFC 2869 Always present even when not doing an EAP authentication length 16 bytes e State string As defined in RFC 2865 Accounting Request attributes 98 This table lists all attributes supported in Accounting Request packets for each authentication type mi EX MK Authentication services Ade EX M WaOweGee kaOwaO 0 0 0X CO CHEN RR Wem Masse O o a pameca X Chee a M cmos o 0M Re 7 v Wem o 0X Bem o0 y X mseme o CRM MStt
108. hey find the master then tune to the master channel and link with the master Configuration guidelines e You can configure a total of six local mesh profiles on each node e Each dynamic local mesh profile master or alternate master can be used to establish up to nine links with other nodes e The same security settings must be used on all nodes in the same mesh Quality of service The local mesh feature enables you to define a quality of service QoS setting that will govern how traffic is sent on all wireless links Local mesh link types T113 Quality of Service QoS priority Disabled iii mechanism IP QoS profiles Save NOTE When traffic is forwarded onto a local mesh link from a VSC the QoS settings on the VSC take priority For example if you define a VSC with a QoS setting of VSC based High then traffic from this VSC will traverse the local mesh on queue 2 even if the QoS setting on the local mesh is VSC based Low queue 4 Maximum range ack timeout 114 This is a global setting that is configurable on the Radio page when the Operating mode is set to support Local mesh It fine tunes internal timeout settings to account for the distance that a link spans For normal operation it is set to less than 1 km This is a global setting that applies to all wireless connections made with a radio not just for local mesh links Therefore if you are also using a radio to access an AP adjusting
109. hood feature to discover the operating frequencies of radios in your area for site planning purposes It can also be used to flag discovered APs as either authorized APs or rogue APs This is useful for monitoring the installation of wireless access points in your company s work areas to ensure that new APs which could be a security risk if improperly configured are not deployed without your knowledge Scanning modes The way in which the AP performs scanning depends on the configuration of the wireless radio The following scanning modes are possible Monitor mode When a radio has its Operating mode set to Monitor scanning occurs continuously The scan switches to a new channel every 200 ms sequentially covering all supported wireless modes and channels Use this method to quickly obtain an overview of all APs in your area for site planning or for initial configuration of the authorized access points list Monitor mode scanning is temporarily disabled when a trace is active Tools Network trace page 50 Wireless configuration Automatic channel selection When the Automatic channel selection feature is enabled scanning occurs as follows On the MSM430 MSM460 MSM466 MSM466 R HP 560 Scanning only occurs when the channel selection interval expires This may cause interruptions to voice calls Therefore configuring a short channel selection interval is not recommended On the MSM410 MSM422 Scanning is continuously perform
110. ible with clients that only support a long guard interval Use this setting when Channel width is set to Auto 20 40 MHz to get the best throughput e Long Sets the guard interval to the standard of 800 nanoseconds Maximum range ack timeout Only available in modes that support Local Mesh Fine tunes internal timeout settings to account for the distance that a link spans For normal operation timeout is optimized for links of less than 1 km NOTE This is a global setting that applies to all wireless connection made with the radio Therefore adjusting this setting may lower the performance for users with marginal signal strength or when interference is present Essentially it means that if a frame needs to be retransmitted it will take longer before the actual retransmit takes place Distance between APs Not available in Monitor or Sensor modes Use this parameter to adjust the receiver sensitivity of the AP only if you have a very dense deployment where many APs are close together In all other cases use the default setting of Large If you have installed multiple APs reducing the receiver sensitivity helps to keep clients with low signal quality from connecting thereby increasing the probability that client stations connect with the nearest AP Available settings e Large Accepts all clients e Medium Accepts clients with an RSSI greater than 15 dB e Small Accepts clients with an RSSI greater than 20 dB NOTE RSSI
111. ic wireless link can be defined between any two APs Dynamic local mesh links The dynamic local mesh feature enables an AP to automatically find and connect with other APs to automatically create wireless links When multiple APs are properly configured they can automatically combine to create a mesh topology that is self configuring and self healing For example in the following scenario a dynamic local mesh is composed of five APs When the APs are started they automatically establish the connections to build the mesh based on their role master alternate master slave If AP 2 fails AP 4 automatically switches its connection to AP 3 Local mesh link types 1 Root network Alternate Master node Alternate Master node Slave node Slave node Traffic is bridged across the wireless links allowing users connected to any AP to reach the root network Terminology The following illustration and table define terms that are used in this guide when discussing the dynamic local mesh feature An AP that is configured to support local mesh connections Root node The root node is configured in Master mode and provides access to the root network Alternate master node A node that is configured in Alternate master mode which enables it to make upstream and downstream connections Slave node A node that is configured in Slave mode which enables it to make upstream connections only Root network Wired network to which the roo
112. ice Type 32 bit unsigned integer As defined in RFC 2865 Set as follows o Web Admin is SERVICE TYPE ADMINISTRATIVE Framed MTU 32 bit unsigned integer Hard coded value of 1496 MSCHAP Challenge string As defined in RFC 2433 Only present when the authentication scheme on the Security gt RADIUS page is set to MSCHAPv1 or MSCHAPv2 Length 8 bytes MSCHAP Response string As defined in RFC 2433 Only present when the authentication scheme on the Security gt RADIUS page is set to MSCHAPv1 Length 49 bytes Vendor specific Colubris AVPair Administrative role Administrative role assigned to the user either manager or operator The Colubris AVPair attribute conforms to RADIUS RFC 2865 You may need to define this attribute on your RADIUS server if it is not already present using the following values SMI network management private enterprise code 8744 o Vendorspecific attribute type number O o Attribute type A string in the following format lt keyword gt lt value gt The following keyword and value is supported for administrative accounts web administrative role role Where Use one of the following values to identify the role of the account Manager A manager is able to access all configuration pages and can change and save all configuration settings Operator An operator is able to view all configuration pages but is limited in the types of changes that can be made Using
113. ificate of the intermediate certificate authority the Web browser does not get the whole certificate chain it needs to validate the identity of the AP Consequently the Web browser issues security warnings To avoid this problem make sure that you install the entire certificate chain when you install a new certificate on the AP NOTE An SNMP notification can be sent to let you know when the AP SSL certificate is about to expire To enable this notification select Management gt SNMP and enable the Notifications option Then select Configure Notifications enable Event notifications and then select the event Maintenance certificate about to expire under System See Configuring SINMP notifications for events page 87 Certificate usage To see the services that are associated with each certificate select Security gt Certificate usage With the factory default certificates installed the page will look like this Service Authenticate to peer using Number of associated CAs Web Management Tool 1 wireless hp internal SOAP Server 1 wireless hp internal 1 HP Management console 2 Management Console Default cl 1 e Service Name of the service that is using the certificate To view detailed information on the certificate select the service name Authenticate to peer using Name of the certificate and private key The AP is able to prove that it has the private key corresponding to the public key in the certificate This is what
114. iption TLV content Select the content to be included in and advertised as part of the port description TLV Interface friendly name Use the friendly name for the interface the name you see in the management tool For example LAN port Internet port Interface internal name Use the internal name for the interface For example ethO eth 1 Generate dynamic system names When enabled this feature replaces the system name with a dynamically generated value which you can define Discovery protocols 21 Access Point name Specify how the dynamically generated name will be created You can use regular text in combination with placeholders to create the name Placeholders are automatically expanded each time the name is regenerated It the placeholders cause the generated name to exceed 32 characters it is truncated Placeholders RN System name of the neighboring device to which the port is connected obtained via the System Name TLV Since this is an optional TLV if it is not available the Chassis ID TLV is used instead RP Port description of the port on the neighboring device to which the local port is connected obtained via the Port Description TLV Since this is an optional TLV if it is not available the Port ID TLV is used instead SN AP name suffix if specified Up to 16 characters can be appended to the name IP AP s IP address An IP address can require up to 15 characters nnn nnn nnn nnn Exp
115. less clients supporting 802 11 ac or 802 11 n can connect HP 560 Collect statistics for wireless clients Not available in Monitor or Sensor modes When this option is enabled the AP collects statistics for connected wireless client stations The statistical information can be retrieved via SNMP from the following MIBs LEN INN COLUBRIS DEVICE WIRELESS MIB my controlled mode coDeviceWirelessDetectedStationTable COLUBRIS IEEE802DOT ll my autonomous mode coDot 11 DetectedStationTable Tx beamforming Supported on MSM430 MSM460 MSM466 MSM466 R HP 560 radio 2 Not available in Monitor or Sensor modes Tx beamforming can be used to help increase throughput by improving the quality of the signal sent to wireless clients When this option is enabled APs use beamforming techniques to optimize the signal strength for each individual wireless client station Beamforming works by changing the characteristics of the transmitter to create a focused beam that can be more optimally received by a wireless station HP APs support the following two explicit beamforming techniques e Non compressed beamforming in which the client station calculates and sends the steering matrix to the AP e Compressed beamforming in which the client station sends a compressed steering matrix to the AP Radio calibration is not required to use either of these two methods NOTE Beamftorming only works with wireless clients that are configured to
116. llision and both devices need to re transmit If there are enough Supporting 802 11a and legacy wireless clients 35 devices in the network the collision rate will grow exponentially and prevent any useful throughput from the wireless network 802 11n clients face the same problem as described above legacy 802 11 b clients cannot detect the High Throughput HT rates that 802 11 n uses So to avoid causing excessive collisions 802 11n clients must use the same protection mechanisms when a legacy client is present Even the most efficient protection mechanism CTS to self causes a substantial decline in throughput performance can decline by as much as 50 percent For this reason the protection behavior of the MSM430 MSM460 MSM466 and MSM466 R can be configured see Tx protection page 46 to allow network administrators greater flexibility over their deployments NOTE 802 11n clients can only achieve maximum throughput when legacy clients are not present on the same radio You can use the Allow 802 11n clients only setting to segregate 802 11 n traffic to ensure that 802 11n clients do not experience performance degradation by sharing a wireless network with legacy slower client stations Radio configuration To define configuration settings for a radio select Wireless gt Radio s This opens the Radio s configuration page The contents of this page varies depending on the product The following screen shows the Radio s
117. mation can then be queried by other devices via SNMP Support is provided for the following MIBs e Physical topology MIB RFC 2922 e Entity MIB version 2 RFC 2737 e Interfaces MIB RFC 2863 NOTE LLDP information is only sent received on Ethernet links LLDP information is not collected from wireless devices connected to an AP However LLDP can function across a local mesh link and will show the AP on the other side of the link as a neighbor LLDP agent Select this option to enable the LLDP agent on port 1 Select Configure TLVs to customize TLV support Transmit Enable this option to have the agent transmit LLDP information to its neighbors Receive Enable this option to have the agent accept LLDP information from its neighbors LLDP over local mesh Enables support for LLDP on any active local mesh links APs on the other side of a local mesh link will be shown as neighbors when this feature is active LLDP settings Use these options to define global LLDP settings Transmit interval Sets the interval in seconds at which local LLDP information is updated and TLVs are sent to neighboring network devices Multiplier The value of Multiplier is multiplied by the Transmit interval to define the length of Time to live Time to live Indicates the length of time that neighbors will consider LLDP information sent by this agent to be valid Time to live is automatically calculated by multiplying Transmit interval by Multiplier Port Descr
118. n is used to advertise AP information to third party devices such as CDP aware switches When installed with a controller the controller uses CDP information sent by autonomous APs to collect information about these APs for display in its management tool LLDP configuration The IEEE 802 1 AB Link Layer Discovery Protocol LLDP provides a standards based method for network devices to discover each other and exchange information about their capabilities An LLDP device advertises itself to adjacent neighbor devices by transmitting LLDP data packets on all ports on which outbound LLDP is enabled and reading LLDP advertisements from neighbor devices on ports that are inbound LLDP enabled An LLDP enabled port receiving LLDP packets inbound from neighbor devices stores the packet data in a Neighbor database MIB 20 Network configuration LLDP information is used by network management tools to create accurate physical network topologies by determining which devices are neighbors and through which ports they connect LLDP operates at layer 2 and requires an LLDP agent to be active on each network interface that will send and receive LLDP advertisements LLDP advertisements can contain a variable number of TLV type length value information elements Each TLV describes a single attribute of a device When an LLDP agent receives information from another device it stores it locally in a special LLDP MIB management information base This infor
119. nd in combination with other authentication options Client address Filter action When used When used with MAC based When used with 802 1X alone authentication authentication Client Access is Access is granted MAC based Access is granted or denied based address is in granted authentication is not performed on result of 802 1X authentication the MAC address list Client Access is Access is denied MAC based Access is denied address is in denied authentication is not performed the MAC address list Client Access is Access is granted or denied Access is granted or denied based address is not denied based on result of MAC based on result of 802 1X authentication in the MAC authentication Not supported address list on access controlled VSCs Client Access is Access is granted or denied Access is granted or denied based address is not granted based on result of MAC based on result of 802 1X authentication in the MAC authentication address list IP filter When this option is enabled the VSC only allows wireless trattic that is addressed to an IP address that is defined in the list All other traffic is blocked except for e DNS queries i e TCP UDP traffic on port 53 e DHCP requests responses IP filter Only allow traffic addressed to IP address Mask nn NEN Hemove Selected Entry A maximum of two addresses can be defined Each address can target a specific device or a range o
120. nd scanning is only supported when the Time of Day option is selected for the automatic channel selection Interval Viewing scan results To view the results of the latest scan open the Wireless Neighborhood page For example Wireless neighborhood 51 Wireless neignpormnad od Q URL of list of authorized access points OO O Repeat scan every seconds Unauthorized access points MAC address SSID Status XML version Detailed Brief All access points MAC address 55ID D00 23 51 be 28 61 HE D0 03 52 f2 d5 b0 fruitbat D00 24 a8 4b e1 50 HP D00 03 52 1c 39 60 fruitbat D00 24 aB8 4b b1 cD HF XML version Detailed Brief Mode Status Mode Ok G Ok G Ok G Ok G Ok G Channel Channel amp 8 i 4 11 Signal Signal 73 22 ao 28 56 Test List URL Save Noise SNR Info Noise SNR Info B3 10 ESS WEP B4 62 ESS WEP B4 29 ESS B4 56 ESS WEP 80 24 ESS Frequency used by this access point WPA or WPA2 Wireless Encryption Support To update scanning results select the refresh button in your browser Identifying unauthorized APs When an AP is discovered during a scan its MAC address is compared against the list of authorized APs which you must define If the scanned AP does not appear in the list of authorized APs it is displayed in the Unauthorized access points list Creating the list of authorized APs The list of authorized APs must be defined in an external file in XML format
121. ns 2 Select the Scheduled operations checkbox 3 For Operation select Backup or Restore 4 For Day of week select Everyday or select a specitic day of the week on which to perform the backup or restoration 5 For Time of day specify the hour and minute on which to perform the backup or restoration Use the format hh mm where e hh ranges from OO to 23 e mm ranges from OO to 59 If support for daylight savings time DST is enabled on the Controller gt gt Management gt System time page do not set Time of day to 2 AM because this is when the clock is changed when adjusting for DST 6 For URL specify the path that leads to the local or remote directory in which to save the configuration file or from which to load the configuration file For example e ftp username password 192 168 132 11 new cfg e http 192 168 132 11 new cfg Secure transfers are supported using HTTPS or FTPS 7 Select Validate to test that the specitied URL is correct 8 Select Save Software updates Software updates are managed by selecting Maintenance gt Firmware updates On the MSM410 MSM430 MSM460 MSM466 MSM466 R and HP 560 Software updates 123 Firmware updates Install firmware Install firmware directly to the MSM460 from your local hard drive or schedule regular uploads from a remote server Current firmware version 6 5 0 0 18471 Manual install Browse_i No file selected eeseeeeseseeseseseseeses
122. ntage Maximum output power Shows the maximum output power that can be supported by the radio based on the regulatory domain e Onthe MSM410 MSM430 MSM460 HP 560 Shows the maximum EIRP Effective Equivalent Isotropic Radiated Power that can be delivered by the AP based on the regulatory domain The displayed EIRP power is equivalent to the Conducted RF transmit power of the radio dBm plus the array gain of the antenna dBi e On the MSM466 and MSM466 R Shows the maximum conducted RF power dBm that can be delivered to the external antenna The EIRP can be calculated by adding the antenna array gain dBi Use maximum power Select this checkbox to use the maximum available output power 48 Wireless configuration Set power to Specify the transmission power in dBm or as a percentage of the maximum output power When you click Save percentage values are rounded up or down so that the dBm value is always a whole number Note that the actual transmit power used by the radio may be less than the specified value The AP determines the maximum power to be used based on the regulatory domain Supported power levels are as follows e 0 20 dBm MSM410 MSM422 MSM466 MSM466 R e 5 25 dBm MSM430 MSM460 operating at 2 4 GHz e 7 20 dBm MSM430 MSM460 operating at 5 GHz e 15 29 dBm HP 560 operating at 2 4 GHz e 16 28 dBm HP 560 operating at 5 GHz Automatic power control Select this checkbox to have the AP automatically d
123. ntroller otherwise a third party RADIUS server can be used WPA options supported when the Use HP MSM controller feature is Enabled Disabled Wireless protection WPA Wireless protection WPA Mode WPA2 AES CCMP Mode WPA2 AES CCMP Key source RADIUS Key source RADIUS RADIUS profile Access controller RADIUS profile Mo RADIUS defined Station ID Hach delimiter Station ID MAC set RADIUS accounting RADIUS profile Mo RADIUS defined Uppercase Called Station Id BSSID ad On radios in pure 802 11n mode WPA2 is always Content used instead of WPA Station ID EE delimiter Dash Station ID MAC e Uppercase On radios in pure 80Z 1in mode WPA2 is always used instead of WPA For a complete description of all options see the online help 802 1X This option enables support for users with 802 1X client software that use any of the following authentication methods EAP TLS EAP TTLS and EAP PEAP Additionally when an external RADIUS server is used support for EAP SIM EAP AKA EAP FAST and EAP GIC is also provided Check your external RADIUS server for supported authentication methods VSC configuration options 75 Authentication must occur via an external device If Use HP MSM controller is enabled under General this must be an HP MSM Controller Otherwise a third party RADIUS server can be used 802 1X options supported when the Use HP MSM controller option is En
124. o connect at the rates that you select If a client does not support the selected rate and mode it will not be able to connect to this VSC 7 Allowed wireless rates 802 11b 802 11g 802 11b g 802 11a 802 11n 802 11ac v i vla v 1 Mle Mi v amp M2 Ws v 2 Mls M2 v 5 Miss Miz Mss Miz Mss v 12 11 18 6 is Me 18 24 9 24 v s e 24 Mise v 11 Mlsc Mii v 36 as v i2 Wlas liz v 48 54 18 54 18 54 v 24 v 24 mcs o v 36 v 36 MCS 1 v 42 v 48 MCS 2 v 54 v 54 v mcs 3 MCSU MCS 1 MCS 2 MCS 3 MCS 4 MCS 5 MCS 6 MCS 7 MCS 8 MCS 8 MCS 10 MCS 4 MCS 3 MCS 6 MCS 7 MCS 8 MCS 8 MCS 10 MCS 11 MCS 12 MCS 13 MCS 14 mcs 11 v wcs 15 mcs 12 v wcs 16 mcs 13 v wcs 17 mcs 14 v cs 18 mcs 15 v cs 19 mcs 1 amp v cs 20 mcs 17 v mcs 21 mcs is v cs 22 mcs 19 v wcs 23 MECS 20 Nss i mcs 21 v uss 2 mcs 22 v uss 3 MCS 23 All APs do not support all wireless modes and rates e MCS Oto MCS 15 are supported by the MSM410 MSM422 MSM430 MSM460 MSM466 MSM466 R and HP 560 e MCS 16 to MCS 23 are supported by the MSM460 MSM466 MSM466 R and HP 560 e VHT MCS 0 to MCS 9 are supported by the HP 560 VSC configuration options 71 To ensure a high quality of service for voice applications disable all rates below 5 5 Also ensure that the radio is configured as follows Operating mode is set to Access point only Channel is set to a fixed chann
125. ock access after 5 login failures Interval 5 seconds Lock access for 5 minutes J A t ti it I l Login message Timeout 30 minutes Login message Authorized access only This system is property of COMPANY NAME Contact EMAIL for more information Only one administrator manager or operator can be logged in at any given time Options are provided to control what happens when an administrator attempts to log in while another administrator or the same administrator in a different session is already logged in In every case the manager s rights supersede those of an operator The following options can be used to prevent the management tool from being locked by an idle manager or operator e Terminates the current manager session When enabled an active manager or operator session will be terminated by the login of another manager This prevents the management tool from being locked by an idle session until the Account inactivity logout timeout expires e s blocked until the current manager logs out When enabled access to the management tool is blocked until an existing manager logs out or is automatically logged out due to an idle session Setting up manager and operator accounts 9 e Terminates the current operator session When enabled an active operators session will be terminated by the login of another operator This prevents the management tool from being locked by an idle session until the Account inactivity logout tim
126. on Supported v SA query retry timeout 201 TUs SA query max timeout 1000 TUs 76 Working with VSCs By default WPA2 only protects data frames 802 11 w adds the following e Protects unicast management actions frames from eavesdropping and forging e Protects multicast management action frames from forging e Mode of operation Select one of the following modes Mandatory Only enable this option if all client stations support 802 11 w Supported Provides support for client stations that use 802 11 w and those that do not Clients that do not use 802 11 w will continue to operate normally e SA query retry timeout Specify the number of TUs time units that the AP waits when sending SA query requests Requests are sent until a response is received from the client or until the SA query max timeout is reached in which case the client is disconnected e SA query max timeout Specify the maximum number of TUs time units that can elapse before a client station must respond to the SA query requests sent by an AP If a client station does not respond within this time it is disconnected MAC based authentication This option enables wireless users to be authenticated by their MAC addresses Authentication must occur via an external device If Use HP MSM Controller is enabled under General this must be an HP MSM Controller Otherwise a third party RADIUS server can be used MAC based authentication options supported when
127. on type mie Mwge OK MAD Fem ee Chad x 0v v Md end Calngseiond x v v Mese Bee m o OX eee Been O v v Xam Wesen v v ov Menger Mee NASH Using a third party RADIUS server 95 NI SIS NIIS NS S B a E E me e NOR NN Vendor specitic a AVPair SSID Colubris SSID Descriptions X x NS NIN N X Acct Session Id 32 bit unsigned integer A unique accounting ID used to make it easy to match up records in a log file Called Station Id string BSSID of the VSC used by a wireless client or the MAC address of the LAN port used by a wired client By default the MAC address is sent in IEEE format For example 00 02 03 5E 32 1A The format can be changed under Wireless protection on the VSC Profiles page Calling Station Id string The MAC address of the 802 1X client station By default the MAC address is sent in IEEE format For example 00 02 03 5E 32 1A The format can be changed under Wireless protection on the VSC Profiles page Framed MTU 32 bit unsigned integer Hard coded value of 1496 Message Authenticator string As defined in RFC 2869 Always present even when not doing an EAP authentication Length 16 bytes NAS Identifier string The NAS ID set on the Security gt RADIUS page for the RADIUS profile being used NAS Ip Address 32 bit unsigned integer The IP address of the port the AP is using to communicate with the RADIUS server NAS Port 3
128. ontrolled by this setting If traffic between the AP and the RADIUS server is not protected by a VPN HP recommends that you use either EAP MD5 or MSCHAP V2 if supported by your RADIUS server PAP and MSCHAP V1 are less secure protocols EAP MD5 is not supported on VSCs that have WEP with dynamic keys enabled NAS ID Specily the identifier for the network access server that you want to use for the AP By default the serial number of the AP is used The AP includes the NAS ID attribute in all packets that it sends to the RADIUS server Always try primary server first Enable this option if you want to force the AP to contact the primary server first Otherwise the AP sends the first RADIUS access request to the last known RADIUS server that replied to any previous RADIUS access request If the request times out the next request is sent to the other RADIUS server if defined For example assume that the primary RADIUS server was not reachable and that the secondary server responded to the last RADIUS access request When a new authentication request is received the AP sends the first RADIUS access request to the secondary RADIUS server If the secondary RADIUS server does not reply the AP retransmits the RADIUS access request to the primary RADIUS server When two servers are configured the AP always alternates between the two Use message authenticator When enabled causes the RADIUS Message Authenticator attribute to be included in all RADIUS
129. or example if an AP is operating on channel 3 and a second AP is operating on channel 7 interference occurs on channel 5 For optimal performance the second AP should be moved to channel 8 or higher With the proliferation of wireless networks it is possible that the wireless cells of APs outside your control overlap your intended area of coverage To choose the best operating frequency select Wireless Neighborhood to view a list of all APs that are operating nearby and their operating frequencies The number of channels available for use in a particular country are determined by the regulations defined by the local governing body and are automatically configured by the AP based on the Country setting you define See Country page 13 This means that the number of non overlapping channels available to you varies by geographical location The following table shows the number of channels that are available in North America Japan and Europe Since the minimum recommended separation between overlapping channels is 25 MHz five channels the recommended maximum number of overlapping cells you can have in most regions is three The following table gives examples relevant to North America Japan and Europe applies to 22 MHz channels in the 2 4 GHz band North America Japan O O o woe OO cell 1 on channel 1 cell 1 on channel 1 cell 1 on channel 1 cell 2 on channel 6 cell 2 on channel 7 cell 2 on channel 7 cell 3
130. or more information on controller authentication features see the MSM7xx Controllers Configuration Guide In this type of installation VSC definitions on both the AP and controller must match so that traffic from wireless users connected to the AP can be sent to the controller for handling For example if two VSCs are being used they could be configured as follows Key concepts 63 VSC Profiles SSID Guest SSID Employee VLAN ID 20 Controller Autonomous AP P 2X SSID Employee SSID Guest Sa VLAN ID 20 SF VSC Profiles Management with VLANs When operating in a VLAN environment management traffic can be carried on its own VLAN Configure the VSC on both the autonomous AP and the controller as illustrated VSC Profiles IP 192 168 1 1 7m MVANID 10 i P IP address SSID VSC1 SSID VSC2 SSID VSC3 SSID VSC4 Controller 192 168 2 1 VLANID 20 VLAN ID 30 VLANID 40 VLAN ID 50 LAN port 192 168 1 1 VLAN 10 192 158 2 1 LAN port 192 168 1 2 VLAN 10 192 168 2 2 Autonomous AP aif Default SSID VSC1 SSID VSC2 SSID VSC3 SSID VSC4 E VLAN ID 10 VLAN ID 20 VLAN ID 30 VLAN ID 40 VLAN ID 50 ee IP address C 192 168 2 2 VSC Profiles In this example the traffic for each wireless network is carried on its own VLAN This leaves only management traffic from the autonomous AP on VLAN 10 A static IP is assigned on both ends to permit the two device
131. ounts on a RADIUS server page 100 2 Onthe controller create a RADIUS profile that will connect the controller to the RADIUS server See Configuring a RADIUS server profile page 92 3 Select Management gt Management tool 4 Under Administrator authentication set Authenticate via to the RADIUS profile you created In this example the profile is called RADT Administrative user authentication E Local RADIUS RADI v Important Test your RADIUS account access now before saving Password Test 5 Test the RADIUS account to make sure it is working before you save your changes Specify the appropriate username and password and select Test As a backup measure you can choose to enable Local This will allow you to log in using the local account if the connection to the RADIUS server is unavailable Configuring user accounts on a RADIUS server When a non access controlled VSC is set to use WPA 802 1X or MAC based authentication a RADIUS server must be used to authenticate user logins You must create an account for each user on the RADIUS sever with the appropriate username and password The AP provides support for a number of standard RADIUS user attributes including those for authentication and accounting Refer to your RADIUS documentation for more information on how to use these attributes Access Request attributes This table lists all attributes supported in Access Request packets for each authenticati
132. port formats The import mechanism supports importing the ASN 1 DER encoded X 509 certificate directly or as part of two other formats e PKCS 7 widely used by Microsoft products e PEM defined by OpenSSL popular in the Unix world e The CRL can be imported as an ASN 1 DER encoded X 509 certificate revocation list directly or as part of a PEM file Content and file format Items carried in the file ASN 1 DER encoded X 509 One X 509 certificate This is the most basic format certificate supported the certificate without any envelope X 509 certificate in PKCS 77 file One X 509 certificate Popular format with Microsoft products X 509 certificate in PEM file One or more X 509 certificates Popular format in the Unix world X 509 DER certificate is base64 encoded and placed between BEGIN CERTIFICATE and END CERTIFICATE lines Multiple certificates can be repeated in the same file ASN 1 DER encoded X 509 CRL One X 509 CRL Most basic format supported for CRL X 509 CRL in PEM file One X 509 CRL Same format as X 509 certificate in PEM format except that the lines contain BEGIN CRL and END CRL Detault CA certificates The following certificates are installed by default e SOAP API Certificate Authority Before allowing a SOAP client to connect the AP checks the certificate supplied by a SOAP client to ensure that it is issued by a trusted certificate authority CA e Dummy Authority Used by t
133. profile that has a VLAN ID and is mapped to a physical port can have an IP address assigned to it The following steps illustrate how to create a new profile and assign an IP address to it 1 Select Network gt Network profiles 2 Select Add New Profile 3 Specify a name for the profile and assign a VLAN ID to it This example uses the profile name Network A and a VLAN ID of 25 Select Save Add Edit network profile Settings Name Network A VLAN ID Cancel Save 4 Select Network gt VLANs to open the VLANs page VLANS E Humber of matching VLAMs 1 Show all VLANs Select the action to apply to the selected network profiles Select an Action Apply L Hetwork profile VLAN ID Location Tagged Untagged C Network A 25 None 5 Select the new profile in the table to open the Add Edit VLAN mapping page Add Edit VLAN mapping Selected network profiles Map to Network profile VLAN ID Port Network A 25 Port 6 Select the port to which you want to map the profile in this case Port 1 Configuring IP interfaces 15 7 Select Save The profile is mapped to Port 1 tagged Humber of matching VLAMs 1 Show all VLANs Network profle vw Aly Apply L Hetwork profile VLAN ID Location Tagged Untagged C Network A 25 Local Port 1 8 Select Network gt IP interfaces to open the IPv4 interfaces page IPv4 interfaces Interface IP address Mask Allocation method Delete 192 16BH 1 1 253 2523 2
134. racteristics of the wireless network created by the VSC including its name the number of clients supported and QoS settings APs with a single radio Virtual AP WLAN DTIM count ho Broadcast name SSID Advertise TX power Broadcast filtering Band steering Wireless clients Max clients 64 Allow traffic between all v areles cients Ju y of service Allowed wireless rates adv APs with dual radios Virtual AP WLAN DTIM count ho Transmit receive on Radio 1 and 2 Broadcast name SSID Advertise TX power Broadcast filtering Band steering Wireless clients Max clients per radio 64 Allow traffic between all NI pre dients Quality of service Allowed wireless rates fad Select the Virtual AP checkbox to enable the wireless network defined by this VSC WLAN WLAN Name SSID HP DTIM count 1 Transmit receive on Radio 1 bul Advertise TX power Broadcast filtering W Broadcast name SSID Band steering Settings Name SSID Specify a name to uniquely identify the wireless network associated with this VSC The wireless network is created by the controlled APs and managed by the controller 68 Working with VSCs Each wireless user that wants to connect to this VSC must use the WLAN name The name is case sensitive DTIM count Specify the DTIM period in the wireless beacon Client stations use the DTIM to wake up from low power mod
135. raffic sent by the AP to the network Wireless traffic sent from client stations to BB marking MERE Upstream DiffServ Upstream DiffServ tagging is enabled tagging is disabled 802 1p WMM 802 1p Requires an DiffServ Remarking Pass through Original egress VLAN to be is only done for layer 3 marking if any defined for the VSC packets that have a is preserved If L3 marking is DiffServ value of 0 enabled and hel otherwise the original marking value is value is preserved DiffServ DiffServ higher than the L2 Pass through marking value then Original layer 3 the L3 marking value marking if any is is used for L2 marking preserved TOS TOS Pass through Original layer 3 marking if any is preserved VSC based WMM Non WMM Uses the selected VSC based value very high high normal low IP QoS WMM Pass through Original layer 3 marking if any is preserved Quality of service 83 Downstream traffic marking This table describes the marking applied to traffic received from the wired network by an AP and then sent to connected wireless client stations INCOMING OUTGOING TRAFFIC TRAFFIC Wireless traffic sent from the AP to client stations Traffic received from wired network WMM Client Non WMM Client 802 1p 802 1 p WMM HPQ WMM HPQ hardware priority TOS marking done according to queueing DiffServ DiffServ the rules for the mechanism os mo VSC based All traffic on the VSC IP
136. ration file Load a configuration file Config file Browse_ Password Password Confirm password Restore _ Backup racc Scheduled operations Reset configuration Operation Backu k Reset the configuration to factory default ES P NOTE The current operational mode will be kept Bay of week Eve ry d ay Time of day 00 00 _ Reset hh mm URL Validate Save Manual configuration file management The following options are available for manual configuration file management Backup configuration This option enables you to backup your configuration settings so they can be easily restored in case of failure This option is also used when you want to directly edit the configuration file Before you install new software you should always make a backup of your current configuration Select Backup to start the process You will be prompted for the location to place the configuration file Configuration information is saved in the backup file as follows e Certificates and private keys If you specify a password when saving the configuration file certificates and private keys are encrypted with a key based on the password If you do not specify a password certificates and private keys are still encrypted but with a default key that is identical on all APs e Manager and operator username password This information is not saved in the backup configuration file This means that if you restore a configu
137. ration file the current username and password on the AP is not overwritten e All other configuration information All other configuration information is saved as plain text allowing the settings to be viewed with a standard text editor 122 Maintenance Reset configuration See Resetting to factory defaults page 128 Restore configuration The Restore configuration option enables you to load a previously saved configuration file This option enables you to maintain several configuration files with different settings which can be useful if you must frequently alter the configuration of the AP or if you are managing several APs from a central site Use the following steps to restore a saved configuration file l Select Browse and then locate the configuration file you want to restore 2 Select Restore to upload it to the AP If the configuration file is protected with a password you must supply the password to restore the complete configuration If you supply an invalid password all settings are restored except for any certificates and private keys NOTE The AP automatically restarts when once the file has been loaded Scheduled operations The Scheduled operations feature enables you to schedule unattended backups or restorations of the configuration file Use the following steps to schedule a backup or restoration of the configuration file l Select Maintenance Config file management The Config file management page ope
138. rivate certificate authority CA and issue your own certificate You can become your own CA and create as many certificates as you require However since your CA will not be included in the internal list of trusted CAs maintained by most browsers users will get a security alert until they add your CA to their browser Certificate expiration alerts The following warnings are generated when a certificate is about to expire The status light for the certificate turns yellow See Trusted CA certificate store page 102 A message appears on the management tool home page For example Access TE NL m mL Nm cm 2 Current IP address Ethernet base MAC address Wireless MAC address radio 1 Wireless MAC address radio 2 Regulatory domain Wireless network name SSID Associated wireless stations Uptime SNMP system name Software version Hardware revision Serial number Operational mode 192 168 1 1 00 03 52 00 660 5E 00 03 52 B4 CD 10 00 03 52 5 A 42 00 UNITED STATES HP 0 on Radio 1 0 on Radio 2 12 days 5 hours 0 minutes K 064 00095 2 7 0 37 01 10448 30 00 1034 00 28 A K 064 00095 Autonomous The following syslog message is sent every 24 hours Warning n certificate s is are about to expire Please go to the Certificates page for more information Where n is the number of certificates that are about to expire 106 Security When logging into the CLI a message similar to the
139. rs If not user traffic will be blocked by the AP e Custom Lets you define custom inbound and outbound security filters To use the default filters as a starting point select Get Default Filters Filters are specified using standard pcap syntax with the addition of a few HP specific placeholders These placeholders can be used to refer to specific MAC addresses and are expanded by the AP when the filter is activated Once expanded the filter must respect the pcap syntax The pcap syntax is documented in the tcpdump man page http www tcpdump ora tcodump man html Placeholders a a MAC address of the AP b b MAC address of the bridge g g MAC address of the default gateway assigned to the AP w w MAC address of AP wireless port Default wireless security filter definitions The following filters are defined by default Incoming wireless traffic filters Applies to traffic sent from wireless users to the AP Accepted e Any IP traffic addressed to the controller e PPPoE traffic The PPPoE server must be the upstream device e P broadcast packets except NetBIOS e Certain address management protocols ARP DHCP regardless of their source address e Any traffic addressed to the AP including 802 1X VSC configuration options 73 Blocked e All traffic that is not accepted is blocked This includes NetBIOS traffic regardless of its source destination address HTTPS traffic not addre
140. rt Save If outgoing traffic arrives at the rate defined by the specified bandwidth limit or less it is processed without delay If outgoing traffic arrives at a rate that is greater than the defined bandwidth limit it causes the AP to throttle the traffic If the traffic rate is over limit for just a short burst the data will be queued and forwarded without loss If the traffic rate is over limit for a sustained period the AP will drop data to bring the rate down to the bandwidth limit that is set For example if you set bandwidth control to 5000 kbps the maximum rate at which traffic can be sent to wireless client stations is 5000 kbps Discovery protocols The controller supports two protocols LLDP and CDP that provide a mechanism for devices on a network to exchange information with their neighbors To configure these protocols select Network gt Discovery protocols LLDP agent LLDP settings pert Transmit interval 30 seconds Transmit Multiplier 5 Receive Time to live 150 seconds Configure TLVs Port Description TLV content CDP support Interface friendly name Enabled O Disabled O Interface internal name LLDP over Local Mesh d Generate dynamic system names O Enabled Disabled Access Point name RN RP SN Expanded Access Point name K064 00095 CDP configuration The AP can be configured to transmit CDP Cisco Discovery Protocol information on all ports This informatio
141. rview of all the contiguration options available for a VSC It will give you a good idea on how the features can be used The default VSC is pre configured as described in the following pages Below is an overview of the entire VSC configuration page VSC configuration options 65 Add Edit Virtual Service Community General Name d Use HP MSM Controller Virtual AP WLAN DTIM count H Transmit receive on Radio 1 wt Broadcast name SSID Advertise TX power Broadcast filtering Wireless clients Max clients per radia Allow traffic between all B reles dente Priority mechanism DiffServ w No IP QoS profiles define IP QoS profiles Ili EJ Upstream DiffServ tagging Enable WMM advertising Allowed wireless rates advanced Egress VLAN VLAN ID No VLAN defined Wireless security filters Restrict wireless traffic to 9 MSM422 default gateway O MAC address O Custom General wireless protection Mode WPA TKIP v Key source RADIUS w RADIUS profile No RADIUS defined RADIUS accounting RADIUS profile No RADIUS defined Content bSSID M Station ID mur delimiter Dash xm genis Uppercase v i hu Upper case On radios in pure 802 11n mode WPA2 is always used instead of WPA RADIUS Profile Mo RADIUS defined RADIUS accounting RADIUS Profile Mo RADIUS defined bul Station ID delimiter
142. s are Voice Provides voice traffic with high priority Web Provides HTTP traffic with low priority Create the profiles AUN Select Network gt IP QoS and then Add New Profile The IP QoS Profile page opens Under Profile name specify Voice Under Protocol from the drop down list select TCP Under Start port from the drop down list select SIP Start port and End port are automatically populated with the correct value 5060 Under Priority from the drop down list select Very High IPQoS 27 Add Edit IP QoS profile Settings End port Cancel Save 6 Select Save NOTE You could also create another profile using the same parameters but for UDP to cope with any kind of SIP traffic 7 On the IP QoS Profile page select Add New Profile 8 Under Profile name specity Web 9 Under Protocol from the drop down list select TCP 10 Under Start port from the drop down list select http Start port and End port are automatically populated with the common HTTP port 80 11 Under Priority from the drop down list select Low Add Edit IP QoS profile Settings Profile name Protocol e Start port End port Priority 12 Select Save Assign the profiles to a VSC l Select VSC gt Profiles and then select one of the VSC profiles in the Name column Scroll down to the Quality of service section in the Virtual AP box Qua of service Priority mechanism P QoS bul BN 2 Under Quality of servic
143. s are only supported on the MSM410 Console port connector specifications 127 B Resetting to factory defaults Read this before resetting to factory defaults Resetting an AP to factory detaults has the following eftects e The AP is returned to controlled mode operation If required switch the AP back to autonomous mode as described in the product Quickstart e All user defined configuration settings are deleted and returned to factory default settings which includes o The manager username and password are set to admi n The DHCP client is enabled on any Ethernet ports If no DHCP server assigns an address to the AP its address defaults to 192 168 1 1 e Userinstalled licenses are retained after a reset to factory defaults Resetting to factory defaults Use the procedures in this section to set an AP to its factory default settings Using the reset button This technique forces the AP into its factory defaults state including switching the AP back into controlled mode Using a tool such as a paper clip press and hold the reset button for a few seconds until the front status lights blink three times Using the management tool Launch the management tool default https 192 168 1 1 To reset the AP to factory defaults keeping it in autonomous mode follow this procedure l Select Maintenance Config file management 128 Resetting to factory defaults 2 Under Reset configuration select Reset
144. s to communicate Viewing and editing VSC profiles Select VSC on the main menu to open the VSC page This page lists all defined VSC profiles and enables you to add new ones Ingress Egress QoS Filtering Encryption Authentication Radios Name SSID VLAN IP MAC TKIP AES WEP 802 1x MAC HP 9 HP DiffSrv E 1 Add New VSC Profile Use access controller X SSID Off 7 55ID On SSID On and configured for broadcast The HP VSC profile is defined by default e To edit an existing profile select its Name e To add a new profile select Add New VSC Profile 64 Working with VSCs In either case the Add Edit Virtual Service Community page opens providing all VSC profile options General Wireless protection WPA Name HP Mode WPA2 AES CCMP Use HP MSM Controller Key source RADIUS RADIUS profile Mo RADIUS defined 4 Virtual AP c RADIUS accounting WLAN RADIUS profile No RADIUS defined gt Name SSID HP Called Station Id Content BSSID T DTIM count 1 Een delimiter Dash bi Transmit receive on Radio 1 T l us Station ID MAC a 4 Broadcast name SSID case Uppercase v Advertise TX power On radios in pure 802 11n mode WPA2 is always used instead of WPA The following sections provide an overview of each VSC option and how it is used For complete descriptions of individual parameters see the online help in the management tool VSC configuration options This section provides an ove
145. s using a third party RADIUS server page 94 Validating user login credentials for WPA 802 1X or Wireless protection page 74 MAC based authentication types on non access controlled Vegi eee en ee ee ee VSCs page 77 Retrieving RADIUS attributes on a per user basis on user accounts on a RADIUS server page non access controlled VSCs Storing accounting information for each user on dua support is enabled under Wireless protection non access controlled VSCs page 74 or MAC based authentication page 77 NOTE e On VSCs that have the Use HP MSM controller option enabled creating an access controlled VSC see the MSM7xx Controllers Configuration Guide for details on how user authentication is configured e When a VSC has the Use HP MSM controller option disabled creating a non access controlled VSC an external RADIUS server can be used to validate user credentials for WPA 802 1X or MAC based authentication as described in this section Configuring a RADIUS server profile The AP enables you to define up to 64 RADIUS profiles depending on the license that is installed Each profile defines the settings for a RADIUS client connection To support a client connection you must create a client account on the RADIUS server The settings for this account must match the profile settings you define on the AP For backup redundancy each profile supports a primary and secondary server The AP can func
146. se Scheduled install Mode Presettime Y Day of week Everyday bd Time of day 00 00 hh mm URL Validate URL Save Save and Install Now On the MSM422 Firmware updates Install firmware Install firmware directly to the MSM720 from your local hard drive or schedule regular uploads from a remote server Current firmwere version 6 2 0 0 14791 Manual install i Browse Validate Force install C Scheduled install Day of week Everyday M Time of day 00 00 hh mm URL Validate URL Save and Install Now A CAUTION e At the end of the update process the AP automatically restarts causing all users to be disconnected Once the AP resumes operation all users must reconnect To minimize network disruption use the scheduled install option to have updates performed outside of peak usage hours e When using a controller in conjunction with one or more autonomous APs you must 1 always update the controller before updating the APs and 2 never load an earlier software version on the APs than is installed on the controller Performing an immediate software update To update the AP software now do the following l Select Browse and then locate a firmware file and select it 2 Select Validate if you want to test the integrity of the selected firmware file without installing it A message will appear at the top of the page indicating whether
147. seeeeeeeeaeeeeeeeeaeeeeeeegsaeeeeeeeaas 8 Administrative user GUINCMIICGN OM ca casacsuioseAawadedcnensoualenesddatenueconsicciesddabanidedbuinictindancmnaiabeaiones 10 PCTS SONG EN eto naet EE EE TEE T T 10 Configuring management tool security hne nennen nnn 1 Configuring the Login page message ssssssssssssseee eee eene rh h Henne ninh nennen eniin 12 Configuring FO LEM OSI e cexet trad mtu Up mA PTUS SECUN Operpep p cU HuvpaIRS RT MEUM FUP ene ver MEETS 12 Seling Ihe syslen TIMMS NNI TTD 12 1p 13 Coll ig HE 13 3 Network configuration essssssssssssssssseeeeee eene nnne nnns 14 Working with network eel ETE E TT 14 To define a new network profile enne nnns 14 Configuring IP MITIS e sescenti ert itemt tinent taebex dieta aestumentntinitamiqte d p MIRI TUR MEE 14 To assign an IP address to a new iNterlACe cceeceeseeecccccee eee eeeceeeeesseeeeeeeeeessseeeseeeeeesaeeeeeeeeeas 15 Configuring the Bridge interface seesssssssssssssssssseeeeeeeee ene en nnn nennen nnns 17 Configuring BOHSSEITDOS oerteepterIr I tpe tu nodis Marin t d Dir E EFIE ERN E TIN 19 Pand WGI COMM Oe aea E ie adici E mie MM NIMM OMNE 19 Discovery POOO NER END INTE TD 20 de Meo eU folo T NN NEED 20 LDP con TOC Posee unen E SUMI cesses PME UMEN TM NM MN UE MUI 20 BS S iee e RENTRER TIT QI EE E E T OT 23 BEI
148. smitted unicast MSDUs These octets include MAC Header and Frame Body of all associated fragments Tx fragments The number of MPDUs of type Data or Management delivered successfully i e directed MPDUs transmitted and being ACKed as well as non directed MPDUs transmitted Tx multicast frames The number of MSDUs of which the Destination Address is a multicast MAC address including broadcast MAC address transmitted successfully Tx unicast frames The number of MSDUs of which the Destination Address is a unicast MAC address transmitted successfully This implies having received an acknowledgment to all associated MPDUs Tx discards wrong SA The number of transmit requests that were discarded because the source address is not equal to the MAC address Tx discards The number of transmit requests that were discarded to free up buffer space on the AP This can be caused by packets being queued too long in one of the transmit queues or because too many retries and defers occurred or otherwise not being able to transmit for example when scanning Tx retry limit exceeded The number of times an MSDU is not transmitted successfully because the retry limit is reached due to no acknowledgment or no CTS received Tx multiple retry frames The number of MSDUs successfully transmitted after more than one retransmission on the total of all associated fragments May be due to collisions noise or interference Excessive retries can indicate that
149. ssed to the AP or upstream device is also blocked which means wireless users cannot access the management tool on other HP APs Outgoing wireless traffic filters Applies to traffic sent from the AP to wireless users Accepted e Any IP traffic coming from the upstream device except NetBIOS packets e PPPoE traffic from the upstream device e P broadcast packets except NetBIOS e ARP and DHCP Offer and ACK packets e Any traffic coming from the AP itself including 802 1 X Blocked e All other traffic is blocked This includes NetBIOS traffic regardless of its source destination address Custom wireless security filter definitions Use this option to define your own security filters to control incoming and outgoing wireless trattic To use the default filters as a starting point select Get Default Filters Filters are specified using standard pcap syntax with the addition of a few HP specific placeholders These placeholders can be used to refer to specitic MAC addresses and are expanded by the AP when the filter is activated Once expanded the filter must respect the pcap syntax The pcap syntax is documented in the tcodump man page http www tcpdump org tcpdump man html Placeholders e a MAC address of the controller e 2b MAC address of the bridge e 2g MAC address of the default gateway assigned to the AP e w MAC address of AP wireless port Wireless mobility considerations If you enable the wireless mobility
150. ssiesrsssrrrinrssssrrriressrrrrerrrsresrerisssrrrrrrrssssn 97 Advanced wireless SEMINGSscicrteccennanoatencancensannents bxonennanne saomencend c tebut aet ase pete s vesdhau ol esque cto etus 45 MIe tlerelsstorore SCCM ING NNI T IE T E 49 Wireless neighborhood sssssssssssssssssssssssseseee nennen nhe nenn n rhh nenne nnn nnns nnne nnns 50 Contents 3 Jeana ng TAOS EE E TT TO TO 50 MSW SCCM FO SONS NITE ITI ETT 5 Identifying unauthorized APs eeeesssssssssssssssssseeeeeeeneneeneen nnne nnne h nnne nn rrr eene nn 52 Viewing wireless infOrmation ccccccccseeeccccceeeseeeeeeeeeeeseeeeeeeeeee eee eeeeeeeseeeeeeeeeeeeseeeseeeeeeeaaeee sees 52 Viewing all wireless cli nts ccccceecccccesseeeeeee ee eeeeeee se eeeeeeeseeeeeeeeaeeeeeeeeseeeeeeessaeeeeeeesaeeeeeeas 52 Viewing wireless client data TIles ueu cie eso teet ore r boue erba ase boe d aequ etn aa Prise eei d etas Ua las bo Duc etui 54 Wireless access DON Sosa tecan rade osnsaeaeiunt eaceg eosin incest ust EroMeP M ME OUN CMM MDIM MN d MMTMMNdM 5 ST minio 8 RR EEEE EEEE 62 CONC E e DERIT m 62 XX eae o lor Mo elo LM MUNERE TET ETT 62 Deployment with a controller essssssessssssssssseee eee nme nnnm nnns 63 Management RP T 64 Viewing and editing VSC profiles ccccccccccccccsseeeecceeeeesseeeeeeeeeesseeeeeeeeeesseeeseeeesessaeeeseeeeeas 64 VSC configuration repo o1 NN IEEE T ERR 65 Eo RR NOTE 66 IZ
151. sssssssssssssee eene 116 Sample local mesh deployment cccccceseeccceeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeaeeeeesaaeeeeeaaeeeeesaeees 119 xiu RR Um 119 Building to b ilding CONN ce fon NN e TT 119 Dynamic Del WO Koss eae pcsuster etus EpEp S Re TES Ea tarnctntaninabaaaaenpanadiee ARER EE ENAS 120 M PN OG NEN m 122 Config file NHN SSI a caersasecsarrtsectctn poy aeosranao esa de encesuastancesceds ona aaectaus ansdaveny tava ssanenatanennia aeceies 122 Manual configuration file MANAGEMENL ccccccccc ee eeeeeeeeeee cess eeeeeeeeessseeeeeeeeessaaeeeeeeeeaaaae sees 122 Scheduled fre oT To To BE ENTE TRE ETE ee Se E en een seen 123 SO WERE NETS es css res ctae urT TIER Sua E En i AE NUN REPAS ERORE N OUMDNDN M UTD RAS URN MUT EERENS 123 Performing an immediate software update eesssssssesssssseeeneee eene 124 Performing a scheduled software update sessssssssesssssseeeeeeeeeennn 125 12 Support and other reSOUurces cccceecccnecceeecceeceeeeeaeceeeeceueceueeeeaeeeeneeeas 126 Onine documenla Hoe erra TETTE E TT 126 Coniac iro RE erer E E E E EEEE EEE 126 FU NET OTT 126 Typographic CORVEIIONS NITET 126 doo Mee NONE 127 Console port connector specifications sssssssssssssseesee eene enne hn enne nnns 127 MSM422 console DOllussesrercmetens tni veis EADIpD A I obaR o tuegrh tds debt UHR epa dun sp Ee P Io Mu Gili RET RA 127 MSM410 MSM430 MSM460 and MSM466 console port
152. st replace the default certificate See Managing certificates page 102 Setting up manager and operator accounts 8 Two types of administrative user accounts are defined on the AP manager and operator e The manager account provides full management tool rights e The operator account provides read only rights plus the ability to disconnect wireless clients and perform troubleshooting To configure the accounts select Management Management tool Using the management tool Management tool configuration m Em Mu m lici V Local Follow FIPS 140 2 guidelines RAapIUs No RADIUS defined v J Follow PCI DSS 1 2 guidelines Manager account Security Username admin Access to the management tool is enabled for the addresses and interfaces that are specified below Current password Allowed addresses New password IP address Mask Add Confirm new password If a manager is logged in then a new manager login Terminates the current manager session Is blocked until the current manager logs out Remove Selected Entry Active Interfaces Operator account V Porti 7 wireless ports Username New password Confirm new password Web server If an operator is logged in then a new operator login Terminates the current operator session Secure web server port 443 Is blocked until the current operator logs out Web server port 80 Login control V Auto Refresh L
153. support it RTS threshold Not available in Monitor or Sensor modes Use this parameter to control collisions on the link that can reduce throughput If the Status gt Wireless page shows increasing values for Tx multiple retry frames or Tx single retry frames adjust this value until the errors clear Start with a value of 1024 and decrease to 512 until errors are reduced or eliminated Note that using a small value for RTS threshold can affect throughput Range 128 to 1540 Radio configuration 45 It a packet is larger than the threshold the AP holds the packet and issues a request to send RTS message to the client station The AP sends the packet only when the client station replies with a clear to send CTS message Packets smaller than the threshold are transmitted without this handshake Spectralink VIEW Supported on MSM410 MSM422 MSM430 MSM460 MSM466 MSM466 R HP 560 Not available in Monitor or Sensor modes Provides support for Spectralink phones using Spectralink Voice Interoperability for Enterprise Wireless VIEW extensions Severe interference detection mitigation Supported on MSM410 MSM430 MSM460 MSM466 MSM466 R HP 560 Not available in Monitor or Sensor modes When an AP detects severe degradation in the channel quality of the current operating channel on a radio that persists for tens of seconds the AP does an intensive spectrum analysis scan to identify the type of interference only on the MSM4
154. t node is connected This is the network to which the local mesh provides access for all connected alternate master and slave nodes Mesh A series of nodes that connect to form a network Each mesh is identified by a unique mesh ID The wireless connection between two nodes Downstream link A link that transports data away from the root network Upstream link A link that transports data towards the root network Peer Any two connected nodes are peers In the diagram AP 1 is the peer of both AP 2 and AP 3 112 Local mesh Operational modes Three different roles can be assigned to a local mesh node Master Alternate Master or Slave Each role governs how upstream and downstream links are established by the node e Master Root node that provides the upstream link to the ground network that the other nodes want to reach The master never tries to connect to any other node It waits for links from downstream alternate master or slave nodes NOTE lt is possible to have several masters for the same mesh ID connected to the ground network This can be used to provide redundant paths to the ground network for downstream nodes e Alternate Master First establishes an upstream link with a master or alternate master node Next operates as a master node waits for links from downstream alternate master or slave nodes e Slave Can only establish an upstream link with master or alternate master node Slave nodes cannot establish downstr
155. t of the ARP request is an associated client on the wireless interface Broadcast filtering should be disabled in the following cases e An external DHCP server is connected to the wireless network e lta wireless client bridge is connected to the wireless network Band steering Supported on MSM422 MSM430 MSM460 MSM466 MSM466 R HP 560 Band steering is used to help solve dense client issues When band steering is enabled APs attempt to move wireless clients that are capable of 802 11a n onto the 5 GHz band thus reducing the load on the slower and more crowded 2 4 GHz band leaving it for less capable legacy 802 11 b g clients An AP uses the following methods to encourage a wireless client to associate at 5 GHz instead of 2 4 GHz e The AP waits 200 ms before responding to the first probe request sent by a client at 2 4 GHz e If the AP has learned that a client is capable of transmitting at 5 GHz the AP refuses the tirst association request sent by the client at 2 4 GHz e Once a client is associated at 5 GHz the AP will not respond to any 2 4 GHz probes from the client as long as the clients signal strength at 5 GHz is greater than 80 dBm decibel milliwatt If the clients signal strength falls below 80 dBm then the AP will respond to 2 4 GHz probes from the client without delay VSC configuration options 69 NOTE e To support band steering the VSC must be bound to APs with two radios One radio must be config
156. t on the RADIUS server to use for accounting By default RADIUS servers use port 1813 Retry interval Specify the number of seconds that the AP waits before access and accounting requests time out IF the AP does not receive a reply within this interval the AP switches between the primary and secondary RADIUS servers if a secondary server is defined A reply that is received after the retry interval expires is ignored Retry interval applies to access and accounting requests that are generated by the following e Manager or operator access to the management tool e User authentication by way of HTML e MAC based authentication of devices e Authentication of the AP e Authentication of the controlled AP You can determine the maximum number of retries as follows Using a third party RADIUS server 93 e HIMLbased logins Calculate the number of retries by taking the setting for the HTML based logins Authentication Timeout parameter and dividing it by the value of this parameter Default settings result in 4 retries 40 10 e MAC based and AP authentication Number of retries is infinite e 802 1X authentication Retries are controlled by the 802 1X client software Authentication method Select the default authentication method that the AP uses when exchanging authentication packets with the RADIUS server defined for this profile For 802 1X users the authentication method is always determined by the 802 1X client software and is not c
157. t runs on AP e VLAN LAN or Internet port Traffic with a VLAN ID is handled by the VSC with a matching VLAN definition e Untagged LAN port Untagged traffic on the LAN port may originate from wired users or APs operating in autonomous mode HP or third party Features e Authentication The controller supports 802 1X MAC or HTML authentication To validate user login credentials the controller can use the local user accounts or make use of a third party authentication server Active Directory or RADIUS e Access control features The controller provides a number of features that can be applied to user sessions Features can be enabled globally or on a per account basis Egress The controller enables user traffic to be forwarded to different output interfaces which include the routing table VLAN ID or IP GRE tunnel Quality of service QoS can be enabled on a VSC see Quality of service page 80 or on a local mesh link see Quality of service page 113 The quality of service QoS setting under Virtual AP in a VSC provides a number of different mechanisms to prioritize wireless traffic sent to wireless client stations This is useful when the AP handles wireless traffic from multiple devices or multiple applications on a single device that have different data flow requirements Quality of service Priority mechanism DiffServ a IP QoS profiles lt gm Upstream DiffServ tagging Enable WMM a
158. tervals until the radio is unused by wireless clients e Select a time interval in hours to define how often the channel setting is re evaluated If a wireless client is associated with the radio when the interval occurs automatic channel selection is delayed at one minute intervals until the radio is unused by wireless clients Background scanning is not supported when you select this option e Select Disabled to have the scan performed once when you select Save and then only when the AP is restarted This also prevents continuous scanning from being performed on the MSM410 and MSM422 Time of day Not available in Monitor or Sensor modes or when the system wide auto channel feature is enabled When the Time of day option is selected for Interval this parameter determines the time of day that the AP re evaluates the channel setting To prevent APs from re evaluating their channel at the same time a random delay between O and 2 hours is added to the time of day for each AP For example if 1 AM is selected the channel with be re evaluated between 1AM and 3AM Automatic channel exclusion list Not available in Monitor or Sensor modes or when the system wide auto channel feature is enabled Radio configuration 43 Used when Automatic is selected under Channel this parameter determines the channels that are not available for automatic selection To select more than one channel hold down Ctrl as you select the channel names On
159. the Use HP MSM Controller option is Enabled Disabled L MAC based authentication MAC based authentication RADIUS Profile Access controller RADIUS Profile RAADIUS 1 Station ID delimiter Colon v RADIUS accounting Station ID MAC case Uppercase RADIUS Profile RADIUS_1 Station ID delimiter Colon v Station ID MAC case Upper case Called Station Id 7 Wireless Radio Content For a complete description of all options see the online help Location aware This feature enables you to control logins to the public access network based on the AP or group of APs to which a user is connected It is only available when Use HP MSM controller is enabled under General For each user login location aware sends the PHY Type SSID and VLAN to the controller It also includes the specified Group name Location aware VSC configuration options 77 MAC filter When enabled this option enables you to control access to the AP based on the MAC address of client stations You can either block access or allow access depending on your requirements Select the MAC address list to use Each list can contain up to 256 MAC addresses MAC filter MAC Address list Filter action allow 9 Block To define a MAC address list see Configuring MAC address lists page 107 The following table describes how the MAC filter functions when it is used alone a
160. the following rules govern how traffic is exchanged e Unicast traffic exchanged between VSCs on the same radio is controlled by the setting of either the sender s or the receiver s VSC e Unicast traffic exchanged between VSCs on different radios is controlled by the setting of the sender s VSC e Multicast traffic exchanged between VSCs is always controlled by the setting of the senders VSC Generally most clients will be involved in the bidirectional exchange of unicast packets In this case the rules can be simplified by assuming that the most restrictive setting for this option takes precedence For example e f VSCI is set to No and VSC2 is set to All no communication is permitted between clients on the two VSCs or between clients on VSC1 However all clients on VSC2 can communicate with each other e FVSCI is set to 802 1X and VSC2 set to All only 802 1X clients can communicate between the two VSCs 7 0 Working with VSCs Quality of service The quality of service QoS feature provides a number of different mechanisms to prioritize wireless traffic sent to wireless client stations See Quality of service page 80 Quality of service Priority mechanism DiffServ he IP QoS profiles lil Upstream DiffServ tagging Enable WMM advertising Allowed wireless rates Select the wireless transmission speeds in Mbps that this VSC will support for each wireless mode Clients will only be able t
161. the notifications that you want to send Select Save You are returned to he SNMP agent configuration page In the Notifications receivers box select Add New Receiver The Add Edit SNMP notifications receiver page opens Add Edit SNMP notifications receiver Receiver settings Host UDP port Version Version2c Define the settings for the receiver as follows e Host Specify the domain name or IP address of the SNMP notifications receiver to which the controller will send notifications e UDP port Specify the port on which notifications will be sent e SNMP version Select the SNMP version v1 v2c v3 for this receiver e Community For SNMP v1 and v2c specify the SNMP community name of the receiver For SNMP v3 select the SNMP v3 username of the receiver Select Save 7 Working with VLANs The AP provides a robust and flexible virtual local area network VLAN implementation that supports a wide variety of scenarios For example VLANs can be used to isolate management from user traffic or to route traffic over a local mesh connection You can map user traffic to a VLAN for each virtual service community VSC or on a per user basis by setting the appropriate RADIUS attributes in a users account Up to 80 VLAN definitions can be created VLAN ranges are supported enabling a single definition to span a range of VLAN IDs The following AP features can be supported on a VLAN e Management tool ac
162. third party RADIUS server Once authenticated user traffic is restricted to the default gateway assigned to the AP by the Wireless security filters option These filters can be disabled or re configured if required b Me m User Third party Router Autonomous AP authentication server NOTE When access control is disabled user trattic sent by the AP must bypass the controller otherwise it will be interpreted and processed The following table shows how VSC configuration options are affected by setting the Use HP MSM controller option The Use HP MSM Controller option is VSC option Enabled Disabled Virtual AP Available Available Egress VLAN Available Available Wireless security filters Available but wireless traffic is Available but wireless traffic is restricted to the controller restricted to the default gateway Can be changed VSC configuration options 67 The Use HP MSM Controller option is VSC option Enabled Disabled Wireless protection Available but user authentication must Available User authentication can be be performed by the controller performed by any external RADIUS server MAC based authentication Available but user authentication must Available User authentication can be be performed by the controller performed by any external RADIUS server MAC filter Available Available Wireless IP filter Available Available Virtual AP The virtual AP settings define the cha
163. this host 24 Network configuration An entry stays in the cache until one of the following is true e An error occurs when connecting to the remote host e The time to live TTL of the DNS request expires e The AP restarts DNS switch on server failure Controls how the AP switches between servers e When enabled the AP switches servers if the current server replies with a DNS server failure message e When disabled the AP switches servers if the current server does not reply to a DNS request DNS switch over Controls how the AP switches back to the primary server e When enabled the AP switches back to the primary server once the primary server becomes available again e When disabled the AP switches back to the primary server only when the secondary server becomes unavailable Defining IP routes All wireless traffic on the AP is bridged to the egress interface on the VSC with which it is associated Therefore IP routes cannot be applied to user traffic However IP routes can be used to ensure that the management traffic generated by the AP is sent to the correct destination For example if two VSCs are defined each with authentication assigned to a different RADIUS server operating on a different subnet and VLAN routing table entries may be required to ensure proper communication with the RADIUS servers Configuring IP routes To view and configure IP routes select Network IP routes Inter
164. tion Settings Example Settings Profile name Protocol Other o Start port Other v lo End port Priority Low ba Profile name Specify a unique name to identify the profile Protocol Specify an IP protocol to use to classify traffic by specifying its Internet Assigned Numbers Authority IANA protocol number Protocol numbers are pre defined for a number of common protocols If the protocol you require does not appear in the list select Other and specify the appropriate number manually You can find IANA assigned protocol numbers on the Internet Start port End port Optionally specify the first and last port numbers in the range of ports to which this IP QoS profile applies To specify a single port specify the same port number for both Start port and End port Port numbers are pre defined for a number of common protocols If the protocol you require does not appear in the list select Other and specify the appropriate number manually NOTE To accept traffic on all ports for a specified protocol set Start port to Other and O Also set End port to 65535 Priority Select the priority level that will be assigned to traffic that meets the criteria specified in this IP QoS profile NOTE Itis strongly recommended that you reserve Very high priority for voice applications This example shows how to create two IP QoS profiles and associated them with a VSC The two profile
165. tion with any RADIUS server that supports RFC 2865 and RFC 2866 Authentication occurs via authentication types such as EAP MD5 CHAP MSCHAP v1 v2 PAP EAP TLS EAP TTLS EAP PEAP EAP SIM EAP AKA EAP FAST and EAP GTC EAP MD5 is not supported on VSCs that have WEP with dynamic keys enabled NOTE If you change a RADIUS profile to connect to a different server while users are active all RADIUS traffic for active user sessions is immediately sent to the new server Configuration procedure l Select Authentication gt RADIUS profiles The RADIUS profiles page opens Name Primary server Secondary server NAS ID Add New Profile 2 Select Add New Profile The Add Edit RADIUS Profile page opens 92 Authentication services Profile name Primary RADIUS server Profile name o Server address BEEN Settings Confirm secret o Authentication port Accounting port Secondary RADIIS seres Frase Retry interval Seen Server address O Retry timeout seconds Secret fF O O Authentication method Confirm secret oo O O L Always try primary server first Use message authenticator Cancel Save 3 Configure the profile settings as described in the following section 4 Select Save Configuration parameters Profile name Specity a name to identify the profile Settings Authentication port Specify a port on the RADIUS server to use for authentication By default RADIUS servers use port 1812 Accounting port Specity a por
166. too many computers are using the wireless network or that something is interfering with transmissions Tx single retry frames The number of MSDUs successfully transmitted after one and only one retransmission on the total of all associated fragments May be due to collisions noise or interference Large numbers of single retries can indicate that too many computers are using the wireless network or that something is interfering with transmissions Tx deferred transmissions The number of MSDUs for which one of the fragment transmission attempt s was one or more times deferred to avoid a collision Large numbers of deferred transmissions can indicate that too many computers are using the wireless network QoS low priority tx Total number of QoS low priority packets that have been sent QoS medium priority tx Total number of QoS medium priority packets that have been sent QoS high priority tx Total number of QoS high priority packets that have been sent QoS very high priority tx Total number of QoS very high priority packets that have been sent Tx packets Not shown on the MSM410 MSM430 MSM460 MSM466 and MSM466 R The total number of packets transmitted Viewing wireless information 59 Tx dropped Not shown on the MSM410 MSM430 MSM460 MSM466 and MSM466 R The number of packets that could not be transmitted This can occur when the wireless configuration is being changed Tx errors Not shown on the MSM410 MSM430 MSM460
167. ty can help you to reduce the amount of crosstalk between wireless APs Another benefit to using reduced settings is that it improves roaming performance Wireless users switch between APs more frequently Automatic transmit power control The automatic power control feature enables the AP to dynamically adjust its transmission power to avoid causing interference with neighboring HP APs For information see Transmit power control page 48 Supporting 802 11a and legacy wireless clients The 802 11n standard is very similar to the 802 11g standard in that both provide mechanisms to support older wireless standards In the case of 802 11g protection mechanisms were created to allow 802 11b and 802 11g wireless devices to co exist on the same frequencies The data rates of 802 11g 6 9 12 18 24 36 48 and 54 Mbps are transmitted using Orthogonal Frequency Division Multiplexing OFDM modulation while the data rates of 802 11b are transmitted using Direct Sequence Spread Spectrum DSSS modulation Since older 802 11 b only clients cannot detect OFDM transmissions 802 11 g clients must protect their transmissions by first sending a frame using DSSS modulation This frame usually a CTS to self or RTS CTS exchange alerts 802 11b clients to not attempt to transmit for a specified period of time If protection is not used 802 11 b clients may transmit a frame while an 802 11g frame is already being sent This leads to a co
168. unt e RADIUS Using a RADIUS server enables you to have multiple manager and operator accounts each with a unique username and password To setup this option see Authenticating manager logins using a third party RADIUS server page 94 If both options are enabled the RADIUS server is always checked first Passwords 10 Passwords must be 6 to 16 printable ASCII characters in length with at least 4 different characters Passwords are case sensitive Space characters and double quotes cannot be used Passwords must also conform to the selected security policy as follows e Follow FIPS 140 2 guidelines When selected implements the following requirements from the FIPS 140 2 guidelines All administrator passwords must be at least six characters long All administrator passwords must contain at least four different characters For more information on these guidelines refer to the Federal Information Processing Standards Publication FIPS PUB 140 2 Security Requirements for Cryptographic Modules e Follow PCI DSS 1 2 guidelines When selected implements the following requirements from the PCI DSS 1 2 guidelines All administrator passwords must be at least seven characters long All administrator passwords must contain both numeric and alphabetic characters Using the management tool The settings under Login control must be configured as follows Lock access after nn login failures must be set to 6
169. ured for 2 4 GHz operation and the other for 5 GHz operation e Band steering is temporarily suspended on an AP when the radio configured for 5 GHz operation reaches its maximum number of supported clients Wireless clients Wireless clients Max clients 6 4 Allow traffic between all 7 areles Hnc Settings Max clients per radio Specify the maximum number of wireless client stations that can be associated with this SSID at the same time on each radio On dual radio products the limit applies separately on each radio The HP 560 supports a maximum of 128 simultaneous wireless clients on all active VSCs Allow traffic between nn wireless clients Use this option to control how non access controlled wireless clients that are connected to the same VSC can communicate with each other The following settings are available e no Blocks all inter client communications e 802 1X Only authenticated 802 1X clients can communicate e all All authenticated and unauthenticated clients can communicate Default setting e IPv6 Only authenticated clients using IP version 6 can communicate Communication between users connected to different non access controlled VSCs can only occur if the same VLAN is assigned in the Egress VLAN option for both VSCs For example to support traftic between authenticated users on two different VSCs the Authenticated option under VSC egress mapping must be set to the same VLAN on both VSCs In addition
170. vices on a channel and automatically switches the network node to another channel if such signals are detected 802 11h is intended to resolve interference issues with military radar systems and medical devices NOTE Depending on the radio regulations of some countries DFS channels are only available on the 802 11ac n a bands which are the preferred band for local mesh backhaul If more than one node detects radar simultaneously and must switch channels each node does not necessarily switch to the same channel and the network might never reconverge To avoid this problem local mesh detects a change in channel and provides a means to reconnect on other channels by scanning on multiple channels See Operating channel page 113 Simultaneous AP and local mesh support APs can be configured to support both access point and local mesh functionality whether they have a single radio or multiple radios Key concepts 109 NOTE HP strongly recommends that the same AP model be used at both ends of a local mesh link Mixing recent APs MSM430 MSM46x HP 560 with older APs MSM3xx MSM422 may cause a local mesh link to stop working after a software upgrade Single radio APs A single radio can be configured to simultaneously support wireless users and one or more local mesh links Although this offers flexibility it does have the following limitations e The total available bandwidth on the radio is shared between all local mesh links and
171. ween two APs When creating static links both APs must be operating on the same wireless channel Make sure that the channel selection on the Wireless gt Radio s page is not set to Automatic e Remote MAC address MAC address of the radio on the remote AP on which the link will be established e Local MAC address MAC address of the radio on this AP on which the link will be established Dynamic Use this option to create dynamic local mesh installations Mesh ID A unique number that identifies a series of nodes that can connect together to form a local mesh network Minimum SNR Alternate master or slave nodes Local mesh profiles 117 118 This node will only connect with other nodes whose SNR is above this setting in dB SNR cost per hop Alternate master or slave nodes This value is an estimate of the cost of a hop in terms of SNR It indicates how much SNR a node is willing to sacrifice to connect to node one hop closer to the root node because each hop has an impact on performance especially when using a single radio Allowed downtime The maximum time in seconds that a link can remain idle before the link actually gets deleted When a slave or alternate master loses its link to its master the discovery phase is re initiated Maximum links Master or alternate master nodes The maximum number of upstream and downstream links that this node can support Initial discovery time Alternate master or slave nodes
172. wireless users This can result in reduced throughput if lots of traffic is being sent by both wireless users and the local mesh links You can use the QoS feature to prioritize traffic e It limits you to using the same radio options for both wireless clients and local meshes Multiple radio APs On APs with more than one radio one radio can be dedicated to support wireless users and another to provide local mesh links Each radio can be configured optimally according to its application Controlled APs Controlled APs can be managed over local mesh links Using 802 11ac n a for local mesh HP recommends that 802 11 ac n a in the 5 GHz band be used for local mesh links whenever possible This optimizes throughput and reduces the potential for interference because e Most Wi Fi clients support 802 11 b or b g therefore most APs are set to operate in the 2 4 GHz band This frees the 5 GHz 802 11 ac n a band for other applications such as local mesh e 802 lac n a channels in the 5 GHz band are non overlapping e 802 llac n a provides increased data throughput providing a fat pipe for traffic exchange The main limitations in using the 5 GHz band are e Since the same radio options must be used for both wireless clients and local mesh links support for 802 11 b g clients is not possible on APs with a single radio e The 5 GHz band has a shorter reach when compared to the 2 4 GHz band This could be a factor depending on the distan
173. wireless cells page 32 When operating in 802 11a or 802 11 n 5 GHz modes channels do not interfere with each other enabling APs to operate on two adjacent channels without interference HP APs support Dynamic Frequency Selection 802 11 h and Transmit Power Control 802 11 d for 802 11a operation in European countries These options are automatically enabled as required Channels used by dynamic frequency selection DFS for radar avoidance are identified with an asterisk e On the MSM410 MSM422 radio 1 MSM430 MSM460 MSM466 MSM466 R HP 560 When Wireless mode is 802 11n a and Channel width is Auto 20 40 MHz the channel numbers in the Channel list include either a 1 or 1 to their right A T indicates that the 40 MHz channel is formed from the indicated channel plus the next channel A 1 indicates that the 40 MHz channel is formed from the indicated channel plus the previous channel With a 40 MHz Channel width in the 5 GHz band channel selection and usage is as follows for the first four channels Channel selected Channels used 36 1 36440 40 1 40 36 AA I 44 48 48 48 44 Wireless configuration NOTE The channel selected is the primary channel and the channel above or below it becomes the secondary channel The AP beacon is transmitted only on the primary channel and all legacy client traffic is carried on the primary channel e On the MSM410 MSM422 radio 1 When Wireless mode is 802 11n b g an
174. xternal antennas see Connecting external antennas page 131 When using antennas not originally supplied with the AP it is your responsibility to ensure that the Transmit power control settings are configured so that the radio will not exceed permissible power levels for the regulatory domain in which the AP is operating Depending on the regulatory domain the specific antenna chosen the wireless mode channel width band or channel selected you may need to configure the radio with a reduced transmit power setting When using Automatic channel selection with an external antenna in the 2 4 GHz band all channels must be set to the lowest acceptable value for your regulatory domain A CAUTION For specific power limits according to your regulatory domain consult the Antenna Power evel Settings Guide available at wvww hp com support manuals Search for the part number of your antenna For example if you install an external 8 dBi directional antenna and the maximum allowed power level for your country is 15 dBm you may have to reduce the transmit power level to be in compliance It you change the antenna at a later time you must get the latest version of the Antenna Power Level Settings Guide and again reassess and possibly adjust radio power settings according to the antenna used When setting Transmit power control to comply with information in the Antenna Power Level Settings Guide always set radio power in dBm and not as a perce
175. y band 2 4 GHz Data rates For 802 11g clients Up to 54 Mbps For 802 11b clients Up to 11 Mbps This is a legacy mode that can be used to support older wireless client stations Channel width Supported on MSM410 MSM422 radio 1 MSM430 MSM460 MSM466 MSM466 R HP 560 Not available in Monitor or Sensor modes 802 11n allows for the use of the standard channel width of 20 MHz or a double width of 40 MHz The double width is achieved by using two adjacent channels to send data simultaneously This results in double the available bandwidth leading to much higher throughput Select the Channel width from one of the following options e 20 MHz Uses the standard channel width of 20 MHz Recommended when the AP is operating in the 2 4 GHz band and multiple networks must co exist in the same location e Auto 20 40 MHz The AP will advertise 40 MHz support to clients but will use 20 MHz for each client that does not support 40 MHz e Auto 20 40 80 MHz Only supported when Wireless mode is set to 802 l1ac n a on the HP 560 The AP automatically adjusts channel width to support clients that are using 20 40 or 80 MHz wide channels NOTE When operating in the 2 4 GHz band the MSM430 MSM460 MSM466 and MSM466 R will automatically switch to using a 20 MHz channel width if a legacy 802 11b g client or AP is detected on the primary or secondary channel When the legacy device is no longer present the AP will revert back to using
Download Pdf Manuals
Related Search