HP ProCurve Wireless Access Point 420 - Hewlett Packard

More documents

Recommendations

Info

Access Point Configuration Setting up Filter Control Setting up Filter Control The access point can employ VLAN ID and network traffic frame filtering to control access to network resources and increase security. Access and Frame Filtering. You can prevent communications between wireless clients associated to the access point, only allowing traffic between clients and the wired network. You can also prevent any wireless client from performing any access point configuration through any of its management interfaces, including web, Telnet, or SNMP access. Frame filtering can also be enabled to control specific Ethernet protocol traffic that is forwarded to or from wireless clients. VLAN ID Filtering. The access point can enable the support of VLANtagged traffic passing between wireless clients and the wired network. Up to 64 VLAN IDs can be mapped to specific wireless clients, allowing users to remain within the same VLAN as they move around a campus site. This feature can also be used to control access to network resources from wireless clients, thereby improving security. A VLAN ID (a number between 1 and 4095) can be assigned to each client after successful authentication using IEEE 802.1x and a central RADIUS server. The user VLAN IDs must be configured on the RADIUS server for each user authorized to access the network. If a user does not have a configured VLAN ID, the access point assigns the user to its own configured native VLAN ID. When setting up VLAN IDs for each user on the RADIUS server, be sure to use the RADIUS attributes and values as indicated in the following table. Number RADIUS Attribute Value 64 Tunnel-Type VLAN (13) 65 Tunnel-Medium-Type 802 81 Tunnel-Private-Group-ID VLANID(1 to 4095 as hexadecimal) Not e The specific configuration of RADIUS server software is beyond the scope of this guide. Refer to the documentation provided with the RADIUS server software. 5-32
Access Point Configuration Setting up Filter Control When VLAN filtering is enabled, the access point must also have 802.1x authentication enabled (see page 5-57) and a RADIUS server configured (see page 5-28). Wireless clients must also support 802.1x client software to be assigned to a specific VLAN. With VLANs enabled, the access point’s Ethernet interface drops all received traffic that does not include a VLAN tag. To maintain network connectivity to the access point and wireless clients, be sure that the access point is connected to a device port that supports IEEE 802.1Q VLAN tags. When VLAN filtering is disabled, the access point ignores the VLAN tags on any received frames. Web: Enabling VLAN Support and Setting Filters The Filter Control window on the Configuration tab to configure frame filtering on the access point’s wireless and Ethernet interfaces. The web interface enables you to modify these parameters: ■ Native VLAN ID: The VLAN ID assigned to wireless client users that are not assigned to a specific VLAN by RADIUS server configuration. The Native VLAN ID is limited to a number between 1 and 64. ■ VLAN: Enables or disables VLAN tagging support on the access point. ■ Local Bridge Filter: Controls wireless-to-wireless communications between clients through the access point. However, it does not affect communications between wireless clients and the wired network. • Disable: Allows wireless-to-wireless communications between clients through the access point. • Enable: Blocks wireless-to-wireless communications between clients through the access point. ■ AP Management Filter: Controls management access to the access point from wireless clients. Management interfaces include the web, Telnet, or SNMP. • Disable: Allows management access from wireless clients. • Enable: Blocks management access from wireless clients. ■ Ethernet Type Filter: Controls checks on the Ethernet type of all incoming and outgoing Ethernet packets against the protocol filtering table. • Disable: Access point does not filter Ethernet protocol types. • Enable: Access point filters Ethernet protocol types based on the configuration of protocol types in the filter table. If a protocol has its status set to “ON,” the protocol is not passed by the access point. 5-33
Page 1 and 2:
HP ProCurve Wireless Access Point 4
Page 3 and 4:
Contents 1 Getting Started Contents
Page 5 and 6:
Modifying System Management Access
Page 7 and 8:
sntp-server date-time . . . . . . .
Page 9:
shutdown . . . . . . . . . . . . .
Page 12 and 13:
Getting Started Introduction 1-2 In
Page 14 and 15:
Getting Started Related Publication
Page 16 and 17:
Getting Started Sources for More In
Page 18 and 19:
Getting Started Need Only a Quick S
Page 20 and 21:
Selecting a Management Interface Ov
Page 22 and 23:
Selecting a Management Interface Ad
Page 24 and 25:
Using the Command Line Interface (C
Page 26 and 27:
Page 28 and 29:
Page 30 and 31:
Page 32 and 33:
Page 34 and 35:
Page 36 and 37:
Using the HP Web Browser Interface
Page 38 and 39: Using the HP Web Browser Interface
Page 58 and 59: Access Point Configuration Overview
Page 60 and 61: Access Point Configuration Modifyin
Page 66 and 67: Access Point Configuration Configur
Page 74 and 75: Access Point Configuration Enabling
Page 76 and 77: Access Point Configuration Enabling
Page 90 and 91: Access Point Configuration Setting
Page 92 and 93: Access Point Configuration Setting
Page 124 and 125: Command Line Reference Overview 6-2
Page 126 and 127: Command Line Reference General Comm
Page 128 and 129: Command Line Reference General Comm
Page 130 and 131: Command Line Reference System Manag
Page 138 and 139:
Command Line Reference System Manag
Page 140 and 141:
Page 142 and 143:
Page 144 and 145:
Page 146 and 147:
Page 148 and 149:
Command Line Reference SNMP Command
Page 150 and 151:
Command Line Reference SNMP Command
Page 152 and 153:
Command Line Reference Flash/File C
Page 154 and 155:
Command Line Reference Flash/File C
Page 156 and 157:
Command Line Reference RADIUS Clien
Page 158 and 159:
Page 160 and 161:
Page 162 and 163:
Command Line Reference 802.1x Port
Page 164 and 165:
Page 166 and 167:
Page 168 and 169:
Page 170 and 171:
Command Line Reference Filtering Co
Page 172 and 173:
Command Line Reference Filtering Co
Page 174 and 175:
Command Line Reference Interface Co
Page 176 and 177:
Page 178 and 179:
Page 180 and 181:
Page 182 and 183:
Page 184 and 185:
Page 186 and 187:
Page 188 and 189:
Page 190 and 191:
Page 192 and 193:
Page 194 and 195:
Page 196 and 197:
Page 198 and 199:
Page 200 and 201:
Command Line Reference VLAN Command
Page 202 and 203:
Command Line Reference VLAN Command
Page 204 and 205:
File Transfers Overview A-2 Overvie
Page 206 and 207:
File Transfers Downloading Access P
Page 208 and 209:
File Transfers Downloading Access P
Page 210 and 211:
File Transfers Transferring Configu
Page 212 and 213:
File Transfers Transferring Configu
Page 214 and 215:
P password … 4-7, 4-8 administrat
show all

HP ProCurve Wireless Access Point 420 - Hewlett Packard

Create successful ePaper yourself

Delete template?

Save as template?