User-Manual - Newegg.com
Contents
1. Note WEP cannot be used when the radio operating mode supports 802 11n or 802 11 ac Transfer key index This value indicates which of the four configured WEP keys the AP uses to encrypt the data it transmits Key length The number of characters you specify for the key determines the level of encryption e For 64 bit encryption specify 5 ASCII characters or 10 hexadecimal digits e For 128 bit encryption specify 13 ASCII characters or 26 hexadecimal digits Managing wireless communities 33 Note 34 Key type Select the format used to specify the encryption key The definition for the encryption key must be the same on the M330 and all wireless clients e ASCII ASCII keys are much weaker than carefully chosen hexadecimal keys You can include ASCII characters from 32 to 126 inclusive in the key which includes upper and lower case alphabetic letters the numeric digits and special symbols such as and However note that not all wireless clients support non alphanumeric characters such as spaces punctuation or special symbols in the key e Hex Your keys should only include the following hexadecimal characters 0 9 a f A F Key 1 to Key 4 Specify the key as ASCII or hexadecimal characters Authentication The authentication algorithm detines the method used to determine whether a client is allowed to associate with an AP using WEP Choose one of the following options e Open system2. Enabling wireless encryption on a WDS link Go to the Wireless gt WDS page of either AP Under WDS link 1 click the Encryption drop down list and select WPA PSK You are now presented with additional fields e Link name Enter a name for the WDS link that you created It is important that the same link name is entered at the other end of the WDS link If this name is not the same for both APs on the WDS link they will not be able to communicate or exchange data The name can be any alphanumeric combination e Key Enter a shared key for the WDS link This shared key must also be entered for the AP at the other end of the WDS link If this key is not the same for both APs they will not be able to communicate or exchange data The WPA PSK key uses AES encryption It can be trom 8 to 63 characters Acceptable characters include upper and lower case alphabetic letters the numeric digits and special symbols such as and The key cannot begin with or end with spaces and cannot contain only spaces Repeat this process on the other AP 72 Creating WDS links Multiple WDS link contiguration DHCP server Similar to the single WDS wireless link example up to four M330 access points can have WDS links to the same M330 The following example shows how to create multiple WDS links M330 3 W P E o o 192 168 5 30 5 31 5 32 o of of M330 2 D ae P es P Wireless links 1092 108 5120 52 5 22
3. ee ee es Wireless community 2 Low security wireless network Guests with access to a network for guests A e printer and the Internet In this scenario employees connect to wireless community 1 which is protected with WPA WPA2 All employee traffic exits the M330 on VLAN 1 providing access to private resources on the company network and on the Internet Guests connect to wireless community 2 which is protected with WEP All guest traffic exits the M330 on VLAN 2 providing access only to the Internet Note WEP is available only when the radio mode does not support 802 11 n For offices that already have a wired networking infrastructure the M330 is easily integrated to provide wireless networking It can also be used to extend the reach of the network to areas that are difticult or impossible to reach with traditional cabling In the following scenario M330 1 provides wireless network services to the employees in the main office while M330 2 and M330 3 use the Wireless Distribution System WDS to create a wireless link between the main office network and a small network in a warehouse WDS eliminates the need to run cabling allowing for fast and easy deployment Main office area Warehouse WDS Wireless link s gt cc Wireless community File server 2 DHCP server Employee M330 M330 computers 3 S Bs es Wireless community In the following scenario three M330s provide distinct em
4. pi Ap Make it matter LE Internet Q100 7 ig a zi 114 Captive portal On the M330 select Captive Portal gt Client List to view wireless clients logged in to the captive portal network Client List Authenticated clients Total number of authenticated clients 3 MAC address IP address Username berg Verify wade wade Radio ID mat irate a at Rx packets Tx packets Rx bytes Tx bytes 80 be 05 34 5e d9 15 226 15 52 Mandrake Curvey http guest 1 1 0 3004 s 383 171 32330 75907 98 fe 94 21 69 ef 15 226 15 60 Bombast Blew _ http guest 1 1 0 lo 126 23 10241 2949 7c c5 37 24 ac ca 15 226 15 55 Zansebar Smith http guest 1 1 0 lo 4919 5670 771943 6282254 Failed authentication clients Total number of failed authentication clients 0 Verify MAC address IP address Username mode Portal ID VSC ID Radio ID ae Failure time The name entered by the captive portal client is shown in the Username column When a captive portal client does not enter a username in this unauthenticated example the name guest appears in the Username column Example of guest captive portal configuration 115 116 Captive portal 10 Maintenance Contiguration tile management The configuration file contains all the settings that customize the operation of the M330 You can save and restore the configuration file by selecting Maintenance gt Con
5. Captive Portal instance parameters Instance name GuestCP 1 32 characters Set Captive portal instances to Create and then enter an Instance name for example Guest P Click Save The captive portal instance settings are displayed Note that Verification is set to Guest by default so there is no need to change any settings It you do changes any other settings click Save again Advanced Configuration Captive Portal instances GuestCP Captive Portal instance parameters Instance ID 1 Admin mode Enable Protocal http Verification Guest Redirect Enable Disable Redirect URL 0 256 characters Away time 0 1440 minutes Session timeout 0 1440 minutes Max bandwidth upstream 0 1300 Mbps Max bandwidth downstream 0 1300 Mbps Locale count Delete instance Save Cancel Example of guest captive portal configuration 111 Community binding Select Captive Portal gt Community Binding For Radio 1 VSC O select the captive portal instance GuestCP from the list Click Save Community Binding Radio VSC 0 GuestCP Save Cancel Web customization Select Captive Portal gt Web Customization and create a captive portal web locale Web Customization amp Web binary upload Upload web customization image Choose File No file chosen Upload Delete web customization image T Web customization Captive Portal web locale Create Captive Portal web locale parameters Web
6. Ts M330 4 Q p Wi ws 192 168 5 40 5 41 5 42 General Information Note The following is assumed for the example provided e For initial configuration M330 1 M330 2 M330 3 and M330 4 are all connected to the same switch and subnet After completing configuration of all APs M330 1 is installed on the main network After configuration M330 2 M330 3 and M330 4 serve remote networks e The switch is served by a DHCP server It no DHCP server is available preconfigure each AP with a static IP address following the instructions provided in the M330 Dual Radio 802 1lac Access Point Quick Start Guide e Whether a dynamic or static address is assigned it is necessary to determine the IP address of each AP The IP address is required to launch the web based management intertace to contigure each AP During the configuration process WDS links that are successfully enabled between the APs creates a loop on the switch HP strongly recommends that you enable STP mode on all APs Setting up multiple WDS links The procedure for setting up multiple WDS links follows that for a single link This example provides a summary of the procedure for details of each step see Example of a WDS Deployment on page 69 Multiple WDS link configuration 73 Set a common SSID For each AP select Wireless gt Communities and then select the radio and enter a Network name SSID for example WDS_330 Select a common oper
7. 28 80 23 99 62 30 None Plain text V Save Cancel General Spanning tree mode The Spanning Tree Protocol STP can be enabled to prevent undesirable loops trom occurring in the network that can result in decreased throughput HP recommends that you enable spanning tree mode WDS link 1 2 3 4 You can link the M330 with up to four other M330 devices Specity the following settings for each WDS interface Radio Selects the wireless radio on the M330 for the WDS link Radio 1 for 2 4 GHz and Radio 2 for 5 GHz Local address The MAC address of the default wireless community SSID O the first SSID entry on the selected M330 radio The M330 only uses SSID O the first SSID entry on each radio to create the WDS link This address needs to be entered as the Remote address on the M330 to which this link connects WDS configuration 67 Note Note 68 Remote address Specify the MAC address of the default wireless community SSID 0 on the remote M330 to which this link will connect Or click the left arrow next to the text box to select from a list of MAC addresses detected during an AP scan The MAC address must be in the following format six pairs of hexadecimal numbers including numbers O to 9 and letters a to f or A to F with each pair separated by a colon For example 00 03 52 0a 0f 01 A common community name SSID is required on both APs to establish a WDS link This SSID must be the first ent
8. For existing clusters whenever the administrator updates the contiguration of any member of the cluster the configuration change is shared with all members of the cluster and the contigured AP assumes control of the cluster When two separate clusters join into one then the cluster that was created first wins arbitration for cluster control The configuration on the newly formed cluster is overwritten by the configuration on the new cluster controller If a cluster does not receive cluster advertisements from an AP for more than 60 seconds when for example the AP loses connectivity to other APs in the cluster the AP is removed from the cluster It a clustered AP loses connectivity it is not immediately dropped from the cluster If it regains connectivity and rejoins the cluster without having been dropped and configuration changes were made to that AP during the lost connectivity period the changes will be propagated to the other cluster members when connectivity resumes It a clustered AP loses connectivity is dropped from the cluster and later rejoins the cluster and contiguration changes were made in the cluster during the lost connectivity period the Cluster formation 87 88 changes will be propagated to the AP when it rejoins If there are configuration changes in both the disconnected AP and the cluster then the AP with the greatest number of changes and secondarily the most recent change will be selected to propaga
9. It the system unexpectedly reboots log messages can be usetul to diagnose the cause However log messages in volatile memory are lost when the system reboots You can enable persistent logging to store log messages in flash memory so that they are retained after a reboot Choose Enable to save system logs to flash memory Choose Disable to save system logs to volatile memory only Persistent logging can eventually wear out the flash memory and degrade network performance You should only enable persistent logging to debug a problem Make sure you disable persistent logging after you finish debugging the problem System log 121 Severity Specity the severity level of the log messages to write to the system log s This setting applies to messages stored in RAM and flash In the following list the severity levels are listed from most severe top to least severe bottom e Emergency indicates that the system is unusable It is the highest level of severity e Alert indicates action must be taken immediately e Critical indicates critical conditions e Error indicates error conditions e Warning indicates warning conditions e Notice indicates normal but significant conditions Informational indicates informational messages e Debug indicates debug level messages For example if you specify Critical then only critical alert and emergency messages are written to the log s Depth RAM and flash memory can store up to 512
10. cccccceeeseeceeeeeeees 29 WEVE E E E EE A E E T I E EE E 29 Contig ring global RADIUS Servers srera ee ree Eni R E 29 Managing wireless communities essonneesesieessseeersssrrenssstrirssstreressrrrrsssrrrssssrrrsssrerssrerirsssrreesrerssserrrsses 3l About the default wireless community seossnnnsssnnenesssenussstnssssriresssrerssssrrrsssrrensssrrersssrressssrrressreresesn 3 Wireless community configuration OPLONS cescicctcnacaverdeasadaccetasdevecdsnaaeuedabexeukecsddceecebees wha eanans lente swedeeneeds 32 MVE TESS ORGIES ON eaer eran E EAEE NEE AEE L EEEE E O ETE E EE EA 33 MAG OUNEN ANO i ee E E AE AA eee ane ee EA EE AE 40 5 Wireless configuration sss ssssnusssssinsssrirsssrerssrrrrssssrersssrrrssrrirssrrersrrrrssn 43 i SS VSN e N E ENTAI E SESA A A N T NAO 43 Factors limiting wireless coverage ss nesssninssssiesssssrirsssrrrssstirrsssrerssssrrrrsssrerssssrirsssrrrssserreresreresren 43 Configuring overlapping wireless APS csc osanswvscsenndaaentmnedsaesnededstosattsadudensmedioeniavareeuasdekleansilvssdinwiediasaduanmsuines 44 902 llac ond 802 Im besl Prochi eS ag cea aorncacauonaemnadoneiie E EEEE EEE EE a n eR 48 Supporting legacy wireless clients ca crstecses cece res emeartist capac io etesartenteawedoeant lactis detest actelaanaaaanantouduaeenaienees 48 CENO E E E E T E eee enemputoeee eeeaemee 50 Radio connor Opee e a E E eee E AEA EAE T E AE EE A E 51 UY cesses eee suse se arse anh aan
11. 128 Tools e wlanlvapx Traffic for 5 GHz wireless community x where x is the community ID and can be from 1 to 7 Wireless community IDs are shown in the first column of the Communities table on the Wireless gt Communities page e brtrunk Traffic that is forwarded among different wireless communities the Ethernet interface and WDS interfaces e wlanOwdsx Traffic for 2 4 GHz WDS interface x where x is the WDS interface ID and can be trom 1 to 4 Contigured WDS intertaces are shown on the Wireless gt WDS page e wlanlwdsx Traffic for 5 GHz WDS interface x where x is the WDS interface ID and can be trom 1 to 4 Contigured WDS intertaces are shown on the Wireless gt WDS page 3 Specify the following parameters e Trace duration The time duration in seconds for the trace range 10 to 3600 Max trace file size The maximum allowed size for the trace file in KB range 64 to 4096 It you change either of these values you must click Save before initiating a trace 4 Click Start Trace The trace session will run for the specitied duration You can view the trace status in the Packet trace status section Click Refresh to see updated trace time and file size values You can also click Stop Trace to stop a trace before the specified duration has elapsed Remote packet trace Setting Remote packet trace enables you to specify a remote port as the destination for packet captures This feature works in conjunction with t
12. Away time 1440 minutes Group name Max bandwidth upstream 1300 Mbps Max bandwidth downstream 1300 Mbps Delete user The following parameters on the Local User Group Association page are used to configure settings for a captive portal local user Captive Portal users Select the name of the user for which you want to contigure settings Local user group association 107 User password Enter 8 to 64 alphanumeric and special characters for the user s password The user must enter this password to log into the captive portal and gain access to the network Away time The time that a client entry is retained in the captive portal authenticated client list atter it has disassociated trom the AP Specify a time between O and 1440 minutes The default setting is O minutes Note Each captive portal instance also has a configured Away time setting See Advanced contiguration on page 96 The local user timeout value has precedence over the value contigured for the captive portal instance Group name Select the group to which the user belongs Each captive portal instance supports a particular user group Note Each Group must contain at least one user in order to avoid captive portal authentication failures Maximum bandwidth upstream The maximum speed at which a client can send data to the network when using the captive portal Specify a value between O and 1300 Mbps The default value is O which means th
13. DFS support 5 GHz radio 2 only Dynamic Frequency Selection DFS is a mechanism that enables wireless devices to share spectrum and avoid co channel operation with radar systems in the 5 GHz band The DFS requirements vary depending on the contigured regulatory domain Multidomain regulatory mode This mode causes the AP to broadcast as a part of its beacons and probe responses the country in which it is contigured for operation This allows wireless clients to operate in any country without recontiguration Disabling this feature prevents the country code setting from being broadcast in the beacons However this applies only to radios configured to operate in the 802 11g band 2 4 GHz For radios operating in the 802 11a band 5 GHz the AP software configures support for the IEEE standard 802 11h When 802 11h is supported the country code information is broadcast in the beacons Short guard interval supported This setting is available only it the selected radio mode includes 802 11 n The guard interval is the dead time in nanoseconds between symbols or characters transmitted by the AP The guard interval helps distinguish where one symbol transmission stops and another starts thereby reducing inter symbol interference ISI The 802 11n mode allows for a reduction in this guard interval from the 802 1la and 802 11g definition of 800 nanoseconds to 400 nanoseconds Enabling the short guard interval SGI is recommended as it ca
14. HTTP S to a PC A trace is automatically stopped when the trace tile download command is triggered HTTP download Select HTTP to download to your PC or a network location Packet trace file download Download method HTTP TFTP TFTP server filename apcapture pcap Server IP 0 0 0 0 When you select Download you will be able to browse to the desired location TFTP download Select TFTP to download to download to a TFTP server Packet trace file download Download method O HTTP TFTP TFTP server filename apcapture pcap Server IP 0 0 0 0 TFTP server filename The file will be saved to the TFTP server under this name and path Server IP Enter the IP address of the TFTP server When you click Download a progress bar displays to indicate download status 132 Tools Ping The M330 supports ping functionality to enable basic diagnostics of network devices To ping another device select Tools gt Ping Ping Address to ping Timeout 1 15 seconds Result Address to ping You can specify an IPv4 address an IPv6 address or a hostname Timeout Specity the amount of time in seconds after which an unsuccesstul ping will time out Results The results window shows the size and number of each packet sent and if the host is reached the size and number of each packet received in response and its round trip time It also displays statistics about packet loss and if the host is reached the average r
15. Hardware version The AP hardware version Serial number The AP serial number Device description Information about the product hardware Country The contigured country of operation also known as the regulatory domain Wireless This page also includes the following radio 1 and 2 information Status The AP radio current operating status Mode The AP radio current operating mode Channel The AP radio current operating channel Operational Bandwidth The AP radio current operating channel bandwidth Using Quick setup 3 Managing the M330 The M330 is managed via its web based management tool using Microsoft Internet Explorer 8 or later Google Chrome V29 or Mozilla Firefox V24 or later You can access the M330 management tool using either http or https Using https is more secure but you will see a warning because the security certificate is issued by the M330 and not a known certificate authority With https it is acceptable to choose the option that allows you to proceed through the security warning In a web browser specify either http 192 168 1 1 or https 192 168 1 1 For information on launching the management tool for the first time see the HP M330 Dual Radio 802 1lac Access Point Quick Start Guide Contiguring web server settings Select Management gt Management tool to configure web server settings Management Tool Web server configuration HTTPS server status Enable Disable HTTP server sta
16. The MAC address of the client IP address The IPv4 or IPv6 address of the client If the client has a valid IPv4 address assigned it will be displayed here Otherwise a global IPv6 address either from DHCPv6 Autocontiguration or statically contigured will be used Username The client s captive portal user name Protocol mode The connection protocol used by the client HTTP or HTTPS Verify mode The authentication method used for the captive portal client either Guest Local or RADIUS VSC ID The virtual service community VSC to which the user is associated Radio ID The ID of the radio Radio 1 for 2 4 GHz band or Radio 2 for 5 GHz band Captive Portal ID The captive portal instance ID to which the client is associated Session timeout The remaining time in seconds of the valid captive portal session after which the client is deauthenticated Away timeout The remaining time in seconds for a dissociated valid client before it is deauthenticated Rx packets The number of received IP packets from the client station Tx packets The number of IP packets transmitted to the client station Rx bytes The number of bytes received from the client station Tx bytes The number of bytes transmitted to the client station Failure time The timestamp for when the client station failed authentication Failed authentication clients list only Client list 109 Example of guest captive portal configuration
17. see Example of guest captive portal configuration on page 110 Basic configuration Use the Basic Configuration page to control the administrative state of the captive portal feature and configure global settings that affect all captive portal instances configured on the AP To configure basic captive portal features select Captive Portal gt Basic Configuration The Basic Configuration page displays Basic Configuration Captive Portal mode Enable Disable Authentication timeout 300 60 600 seconds Additional HTTP port 0 1025 65535 or 80 0 disables Additional HTTPS port 1025 65535 or 443 0 disables Instance count Group count User count Save Cancel The following parameters are on the Basic Configuration page Captive Portal mode Enables or disables the administrative mode of the captive portal on the AP Basic configuration 95 Authentication timeout To gain network access through a captive portal clients are directed to an authentication web page where they must first enter authentication information This parameter is the maximum number of seconds an authentication session remains open for a wireless client before the session is terminated A session is terminated when a client does not enter valid credentials on the authentication WEB page within the timeout period The authentication timeout range is 60 600 seconds and the default is 300 seconds Additional HTTP port Typically HT
18. 128 Default IPv6 gateway Static IPv6 address status IPv6 link local address fe80 2a80 23ff fe99 6230 64 IPv6 auto config Enable Disable IPv6 autoconfigured global addresses IPv6 DNS Nameservers Dynamic Manual IPv6 Enable or disable the ability to use IPv6 addressing to access the web user interface for AP configuration This setting does not enable or disable IPv6 functionality on the network itself IPv6 connection type Select Static IPv6 from the list to manually configure an IPv6 address or leave the default setting ot DHCPv6 for automatic IPv6 address assignment Static IPv6 address The AP can have a static IPv address even if addresses have already been configured automatically Enter an address in the form XXXX XXXX XXXX XXXX Static IPv6 address prefix length The prefix length must be an integer in the range trom O to 128 The prefix length determines the part of the IPv6 address that identities the network that the M330 is attached to Default IPv6 gateway The default gateway address for IPv 6 traffic destined outside the network Static IPv6 address status The operational status of the static IPv6 address assigned to the M330 management interface The possible values are as follows e Operational The IP address has been verified as unique on the LAN and is usable on the interface e Tentative The M330 initiates a duplicate address detection DAD process automatically when a static IP
19. AP IP address Channel planning 91 92 Radio The MAC address of the radio Band The band on which the AP is broadcasting Channel The radio channel on which this AP is broadcasting Proposed channel The channel to which this AP will be reassigned when the current channel plan is applied The proposed channel and current channel can be different if any of the following have occurred e Dynamic Frequency Selection DFS is enabled and has marked the proposed channel out of service e The channel is locked because the Locked checkbox is selected e The proposed channel has not yet been applied there is a small window of time between the proposal and the application of the proposed channel Status Indicates whether the channel is up or down Locked You can select to lock the AP onto the current channel When selected automated channel plans cannot reassign the AP to a different channel as a part of the optimization strategy Instead APs with locked channels will be factored in as requirements for the plan Clustering multiple M330s 9 Captive portal Overview Captive Portal is a feature that blocks wireless clients trom accessing the network until user verification has been established The captive portal verification can be configured to allow access for both guest and authenticated users Authenticated users must be validated against a database of authorized captive portal users before access is granted The da
20. Delete instance Save Cancel Captive Portal instances Select an existing instance to view or contigure its settings or select Create to contigure a new captive portal instance The AP supports two instances If both instances have been contigured you must delete an instance before you can create a new one Instance ID The captive portal instance identifier For an existing instance this field cannot be configured When creating a new captive portal instance the ID cannot be used by another captive portal instance Admin mode Click the option to enable or disable the administrative mode of the selected instance Protocol Specities HTTP or HTTPS as the protocol for the captive portal instance to use during the verification process Advanced configuration 97 Note 98 Verification The method used to authenticate clients Select Local to use a database of authorized users on the AP or select Radius to use a RADIUS server If Guest is selected users are not authenticated Redirect Select Enable to redirect newly authenticated clients to a configured URL When disabled the locale specific welcome page is displayed for clients Redirect URL The URL for redirected clients This can be either an IPv4 or IPv6 address The IPv4 address should be in a form similar to http xxx xxx xxx xxx htto 192 168 1 10 The IPv address should be in a form similar to http XXXX XXXX XXXX XXXX XXXX XXXX XXX
21. E E 5l STS E E E T tears S E EE E AEN E E E EE ES 5l ANGONE d TaS N a EA E E E A E O meee ee 54 Kelate Nesi CUNY EEEE E E OE A A AENA E A E 57 DEEA TOGUE AP oenar E E E E A E E E abn eteeseune sens inentee 58 FE HUES IC E AN ae eE E E E E A E 58 Deeded ana oN A NS e E S E E A E E E 58 Working SUT i SAV AP SIS cates rins aae EE EEE REEE E T E E EE E E E 60 Viewing wireless information eee eae eee en en nent nev eee reer 60 Viewing all connected wireless clients cccccccccccceeeeeeeceeeeeeeeeeee ee eeeeeee see eeeee ase eeeeees se eeeeseaseeeeeeeaeEeEEEEES 60 Viewing wireless statistics for the radio cccccccseecccce ee eeeeceee ee eeeeeeeeeeeeeeee a eeeeee ase eeeeees sees eeeted eee eeeesaEEEE EEE 62 6 Creating WDS links ccc ccccccceseccc ee eeee ee eeeee se eee en eeeeeaeeeeeaeeeeeaeeeeeaeeeegee setae 0G EEEE E T A E E A A ee ee ee ee O ee E 65 Simultaneous AP and WDS support cccccccccceseeeecee eee eeeeee eee eeeeee ese eeeeeesseeeeeeaseeeeeeeeseeeeeeeesaeeeeeeaeeees 65 Using the 5 GHz band for WDS links vies dcesestrecsteencsivscr cls sdnanseuenaseanbaaevedee sapautonsemsesgimaesassssemrseatoenanasier ten 66 Configuration considerations siccina dacencancuusdnesninaaeaanataasdcdonbadesienebauasiadtolddlawecoataiuesoeaiedaaaitebiniesneneesenemanonnats 66 WD TORI GOON OO merenan n T E A E E EEA EN T E AS 67 gt lt olti 3e ie MYA DSEDY 0 0 17111 11 ee 69 SISTA AICI NON A E E E A A E E
22. Password Specity the password associated with the username configured in the previous field Message configuration Message To address 1 To address 2 To address 3 Email subject Log message from AP i To address 1 2 3 Configure the first email address to which alert messages are sent and optionally a second and third email address The address must be in email address format for example abc det com By default no addresses are configured Email subject Specity the text to be displayed in the subject of the email alert message The subject can contain up to 255 alphanumeric characters The default is Log message from AP Email alert 125 Sending a test message To validate the configured email server credentials select Test Mail The following text shows an example of an email alert sent trom the AP to the network administrator From AP 192 168 1 1 mailserver com Sent Wednesday February 08 2015 11 16 AM To administrator mailserver com Subject log message from AP TIME Priority Process Id Message Feb 8 03 48 25 info login 1457 root login on ttypo0 Feb 8 03 48 26 info mini http ssl1 1175 Max concurrent connections of 20 reached Viewing email alert status 126 Tools You can select Status gt Email alert to view the status of the email alert feature and information about past activity Email Alert Email alert status Email alert status Number of email sent Number of email failed Time
23. This example shows you how to create a captive portal on the M330 for unauthorized guest access to a wireless network Initial settings Starting with a factory default M330 first configure Basic wireless network as the Network Environment and then proceed to contigure the basic radio settings in the Quick Setup wizard Step 3 Specify wireless network settings Radia 1 T Wireless mode IEEE 802 11b g n Identify the wireless network Network name SSID Secure the wireless network Security method Disabled ET Cancel Select the Radio and Wireless mode for the captive portal Typically Radio 1 in the IEEE 802 11 b g n mode provides the widest support for guest users Set the Network name SSID for the captive portal for example Guest Set the Security method to Disabled to allow guest users unauthenticated access to the network Basic configuration Select Captive Portal gt Basic Configuration and set the Captive portal mode to Enable Click Save Basic Configuration Captive Portal mode Enable Disable Authentication timeout 300 60 600 seconds Additional HTTP port 0 1025 65535 0 disables Additional HTTPS port 1025 65535 0 disables Group count 0 Instance count 0 7 0 User count ET Cancel 110 Captive portal Advanced contiguration Select Captive Portal gt Advanced Configuration and create a captive portal instance Advanced Configuration Captive Portal instances Create
24. User License Agreement End User License Agreement PLEASE READ CAREFULLY BEFORE USING THIS EQUIPMENT This End User license Agreement EULA is a legal agreement between a you either an individual or a Single entity and b Hewlett Packard Company or in country legal entity HP that governs your use of any Software Product which is either i installed on or made available by HP for use with your HP product HP Product or ii made available as part of the HP product portfolio for use on a standalone basis HP Software Product that is not otherwise subject to a separate license agreement between you and HP or its suppliers Other software may contain a EULA in its online documentation The term Software Product means computer software and may include associated media printed materials and online or electronic documentation An amendment or addendum to this EULA may accompany the HP Product or HP Software Product RIGHTS IN THE SOFTWARE PRODUCT ARE OFFERED ONLY ON THE CONDITION THAT YOU AGREE TO ALL TERMS AND CONDITIONS OF THIS EULA BY INSTALLING COPYING DOWNLOADING OR OTHERWISE USING THE SOFTWARE PRODUCT YOU AGREE TO BE BOUND BY THE TERMS OF THIS EULA IF YOU DO NOT ACCEPT THESE LICENSE TERMS YOUR SOLE REMEDY IS TO RETURN THE ENTIRE UNUSED PRODUCT HARDWARE AND SOFTWARE WITHIN 14 DAYS FOR A REFUND SUBJECT TO THE REFUND POLICY OF YOUR PLACE OF PURCHASE The HP End User License Agreement has already been accepted on this
25. actually not be authenticated to the AP via the second layer of security The number of packets and bytes received from the wireless client and the number of packets and bytes that were dropped after being received The number of packets and bytes transmitted from the AP to the wireless client and the number of packets and bytes that were dropped upon transmission Viewing wireless information 6 Viewing wireless statistics for the radio 62 Select Status gt Wireless to display the Wireless status page Wireless Wireless status Radio WLAN packets received WLAN bytes received WLAN packets transmitted WLAN bytes transmitted WLAN packets receive dropped WLAN bytes receive dropped WLAN packets transmit dropped WLAN bytes transmit dropped Fragments received Fragments transmitted Multicast frames received Multicast frames transmitted Duplicate frame count Failed transmit count Transmit retry count Multiple retry count RTS success count RTS failure count ACK failure count FCS error count Transmitted frame count WEP undecryptable count This page displays the following information fo en WLAN packets Total packets received by the AP received WLAN bytes received _ Total bytes received by the AP WLAN packets Total packets transmitted by the AP transmitted WLAN bytes Total bytes transmitted by the AP transmitted WLAN packets receive Number of packets received by the AP that were
26. address is assigned An IPv6 address is in the tentative state while it is IPv6 configuration 79 being verified as unique on the network While in this state the IPv6 address cannot be used to transmit or receive trattic except to exchange messages with other network nodes to verify the uniqueness of the address Blank no value No IP address is assigned or the assigned address is not operational IPv6 link local address The IPv 6 link local address is the IPv6 address used by the local physical link The link local address is not configurable and is assigned by using the IPv6 Neighbor Discovery process IPv6 auto contig When IPv6 auto configuration is enabled the M330 processes the Router Advertisements received on the LAN port to determine its IPv6 addresses The M330 can have multiple autocontigured Pv6 addresses The autocontigured addresses coexist with the statically configured address The AP can be accessed using either the statically configured or the automatically obtained IPv6 address IPv6 autocontigured global addresses It the AP has been assigned one or more IPv6 addresses automatically the addresses are listed IPv6 DNS nameservers Select Dynamic to have the IPv DNS servers assigned through DHCPv6 or select Manual to configure up to two static IPv6 DNS server addresses VLAN configuration When the AP receives trattic from a wireless client the AP may forward it on the Ethernet network to which the
27. and configure a captive portal instance A captive portal instance defines how a group of users are authenticed The AP supports two captive portal instances See Advanced configuration on page 96 Bind captive portal instances to wireless communities Typically authorized users are assigned to a different captive portal instance and wireless community than guest users See Community binding on page 100 To assign VLANs to wireless communities see VLAN configuration on page 80 Create a web locale and associate it to a captive portal instance A web locale is a customized captive portal authentication web page Up to three locales can be created and associated with a captive portal instance which enables the display of captive portal pages in multiple languages up to three The language of choice can be selected from the upper left hand side of the main captive portal page See Web customization on page 101 O h Scorer English French Spanish Company Logo Goes Here Welcome to the Wireless Guest Network This service is free to our guests The user understands Enter your login information transmitted across the wireless network is open information and can be compromised 6 Create captive portal user accounts and user groups Up to 128 users can be configured in the local database See Local user group association on page 106 For a step by step walk through of the contiguration process
28. backup key 2 Radius backup key 3 Redirect Redirect URL Away time Session timeout Max bandwidth upstream Max bandwidth downstream Locale count Delete instance Enable Disable On O Off On Off ipv4 V Enable Disable 0 256 characters 0 1440 min 0 1440 min 0 1300 Mbps 0 1300 Mbps Save Cancel Advanced configuration 99 Global radius When Veritication is set to Radius you can select On to use the Global RADIUS server list for authenticating captive portal clients see Configuring global RADIUS servers on page 29 If set to Off the RADIUS servers must be configured on this page Radius accounting To track the resources that captive portal clients use such as the network connection time and amount of data transmitted or received you can enable the RADIUS accounting feature When enabled RADIUS accounting functions on all local or globally configured servers Radius IP network Specify whether the local RADIUS server IP addresses are IPv4 or IPv addresses Radius IP The IPv4 or IPv6 address of the primary RADIUS server for this wireless community The AP first attempts to authenticate clients using the primary server if this server fails the backup servers are then tried Radius backup IP 1 3 Up to three IPv4 or IPv6 backup RADIUS server addresses After an authentication failure using the primary server the backup servers are then tried in sequence Radius
29. frame exceeds the fragmentation threshold you set the fragmentation function is activated and the frame is sent as multiple 802 11 frames Radio configuration 55 56 It the frame being transmitted is equal to or less than the threshold fragmentation is not used Setting the threshold to the largest value 2 346 bytes effectively disables fragmentation Fragmentation involves more overhead because it requires the extra work of dividing up and reassembling frames and it increases message traffic on the network However fragmentation can help improve network performance and reliability if properly configured Sending smaller frames by using lower fragmentation threshold might help with some interference problems for example with microwave ovens By default fragmentation is off HP recommends not using fragmentation unless you suspect radio interference The additional headers applied to each fragment increase the overhead on the network and can greatly reduce throughput RTS threshold Specify a Request to Send RTS threshold value trom O to 2347 The RTS threshold indicates the number of octets in an MPDU below which an RTS CTS handshake is not performed Changing the RTS threshold can help control traffic flow through the AP especially one with many clients If you specify a low threshold value RTS packets will be sent more frequently This will consume more bandwidth and reduce packet throughput on the AP On the other hand s
30. list The locale web page displays Web preview Captive Portal web locale Captive Portal web locale parameters preview Ap Make it matter a Ba Enter your Username Username Password L Check here to indicate that you have read and To start using this service enter your accepted the Acceptance Use Policy credentials and click the connect button Local user group association A captive portal instance can be contigured for both guest users and authorized users Guest users do not have assigned user names and passwords Authorized users must first submit a valid user name and password to be validated against a local database or RADIUS server Typically authorized users are assigned to a different captive portal instance and wireless community than guest users Use the Local User Group Association page to contigure up to 128 authorized users in the local database To configure captive portal local users and groups select Captive Portal gt Local User Group Association The Local User Group Association page displays Local User Group Association Local group Captive Portal groups Captive Portal group parameters Group name 1 32 characters Save Cancel Local user Captive Portal users Captive Portal user parameters Username 1 32 characters Save Cancel 106 Captive portal Creating local captive portal groups In the Local group section of the page select Create tor Captiv
31. messages each When the depth value you configure is reached the oldest log message is overwritten by the new log message Remote syslog configuration 122 Tools You can view up to 512 messages stored in RAM in the Events section of the System Log page To view a longer history of messages you must set up a remote syslog server that acts as a syslog log relay host on your network Then you can configure the M330 to send syslog messages to the remote server The Severity level setting configured in the System log configuration section determines which messages are stored in RAM and are available for relay to a remote syslog server Using the remote syslog feature provides these benefits e Allows aggregation of syslog messages from multiple M330s The MAC address of the sending AP displays at the start of each message e Stores a longer history of messages than those that are kept on a single M330 e Can trigger scripted management operations and alerts The procedure for contiguring a remote log host depends on the type of system you use as the remote host You can use the Remote syslog configuration section of the System Log page to configure M330 remote log settings Remote syslog configuration Remote syslog Enable Disable Syslog server Syslog port 1 65535 Save Cancel Events Remote syslog Use this setting to enable or disable this feature When enabled messages of the selected Severity level or h
32. proceed to Entering the remote MAC address for radio 2 WDS configuration Option 1 for radio 1 recommended On M330 1 select Wireless gt WDS Under WDS link 1 click the left arrow next to the Remote address box A list of SSIDs with their corresponding MAC address appears From the list select the SSID of M330 2 This populates the Remote address box with M330 2 s MAC address Repeat this step on the other AP entering M330 1 s MAC address in M330 2 s Remote address box Be sure to enable Spanning tree mode at the top of M330 2 WDS page If the desired SSID is not on the list proceed with Option 2 Option 2 for radio 1 WDS deployment On M330 1 select Home gt System Summary The MAC address of M330 1 is provided on the System Summary page Copy this MAC address and then on M330 2 select Wireless gt WDS and paste the MAC address in the Remote address box Next copy the MAC address of M330 2 from the System Summary page and paste it into the M330 1 Wireless gt WDS page Remote address box Now both APs can identity each other s MAC addresses on the common SSID If you are manually entering the MAC address it must be in the following format six pairs of hexadecimal numbers including numbers O to 9 and letters a to f or A to F with each pair separated by a colon For example 00 03 52 0a 0 01 Creating WDS links An unencrypted a WDS link is now established between the two APs To test
33. section to configure parameters that affect how packet trace functions on the radio interfaces Network Trace Packet trace configuration Trace beacons Enable Disable Promiscuous trace Enable Disable Client filter enable Client filter MAC address 00 00 00 00 00 00 Trace beacons Enable to trace the 802 11 beacons detected or transmitted by the radio HP recommends that you also enable Promiscuous trace when performing a beacon trace Promiscuous trace Enable to place the radio in promiscuous mode when the trace is active In promiscuous mode the radio receives all traftic on the channel including trattic that is not destined to the M330 While the radio is operating in promiscuous mode it continues serving associated clients Packets not destined to the AP are not forwarded As soon as the trace is completed the radio reverts to non promiscuous mode operation Network trace contiguration 127 Client filter enable Enable to use the WLAN client filter to trace only frames that are transmitted to or received trom a WLAN client with a specitied MAC address Client tilter MAC address Specity a MAC address for WLAN client filtering Note that the MAC filter is active only when a trace is performed on an 802 11 interface Note Changes to packet trace settings take effect after a packet trace is restarted Modifying the parameters while a packet trace is running does not aftect the current packet trace se
34. step in securing your wireless network HP strongly recommends that you change the administrator password from the default Current password The default password is admin New password and Confirm password Specify a new password for the M330 administrator account The administrator password can be from 1 to 32 alphanumeric characters Do not use special characters or spaces For security purposes HP recommends that the password be at least 6 characters If you forget the administrator password the only way to access the administrator account is to reset the M330 to factory default settings See Factory reset procedures on page 137 SSH contiguration Note For advanced network management Secure Shell SSH is a remote management tool that can be used to access the M330 s command line interface CLI from anywhere in the network SSH acts as a secure replacement for Telnet using generated public keys to encrypt all data passing between the M330 and an SSH enabled management station An administrator can securely use a user name and password for authentication and management access to the M330 SSH client software needs to be installed on the management station to access the M330 for management using the SSH protocol Select Management gt SSH to configure SSH settings SSH status Enable Disable Save Cancel Select to enable or disable SSH access to the CLI SSH access is enabled by default 20 Managing
35. the AP to the Known AP list You can select Delete to remove an AP from the Known AP list The Detected rogue AP list and Known AP list provide information only The M330 does not have control over the APs on these lists and cannot apply any security policies to them Detecting rogue APs 59 Working with saved AP lists You can save the Known AP list and import a saved list to the M330 A saved list can show APs that you previously identified as known APs but that may not be showing in the current Detected rogue AP list because they are not currently operational for example To create a list under Save AP list select Save and then save the file to your PC or network Save AP list Save known AP list to a file By default the filename is Rogue2 cfg You can use a text editor or web browser to open the tile and view its contents In the Import known AP list section you can import a list that was previously saved trom this AP or from another M330 Import known AP list Replace or merge to known AP list Replace Merge Filename Browse Select one of the following options e Replace The imported list will replace the Known APs list e Merge APs trom the imported list are added to the existing Known APs list Browse to select the file to import and select Import The new list displays in the Known AP list Viewing wireless information The M330 provides several pages where you can view info
36. the M330 Telnet contiguration Telnet is a remote management tool that can be used to access the M330 s command line interface CLI from anywhere in the network Note that Telnet is not completely secure from hostile attacks HP recommends that SSH be used as a secure replacement for Telnet Note Telnet client sottware needs to be installed on the management station to access the M330 for management using Telnet Select Management gt Telnet to contigure Telnet settings Telnet Telnet status O Enable Disable Save Cancel Select to enable or disable Telnet access to the CLI Telnet access is disabled by default Scheduler The Scheduler enables radio and wireless community VSC interfaces to be enabled or disabled at specitied times This feature can used to automatically enable radios only during oftice hours or to disable VSCs at times for improved security or just to reduce power consumption Schedule rules can be configured by specifying start and end times for certain days of the week Each rule is repeated on a weekly basis A Schedule Profile is constructed by grouping up to 16 non overlapping schedule rules together The M330 supports up to 16 schedule profiles that can be associated with a specified radio or VSC Select Management gt Scheduler to configure scheduler settings Telnet configuration 21 22 Scheduler Administrative mode Status Enable Disable Operational status Status D
37. the Web Customization page Delete instance To delete the current instance select this option and click Save Captive portal Local verification The following additional field is displayed on the Advanced Configuration page when Verification is set to Local Advanced Configuration Captive Portal instances Captive Portal instance parameters Instance ID Admin mode Protocol Verification User group name Redirect Redirect URL Away time Session timeout Max bandwidth upstream Max bandwidth downstream Locale count Delete instance User group name Enable Disable ttp Vv ocal vV Default V O Enable Disable ae n o O O 0 256 characters 0 1440 min 0 1440 min 0 1300 Mbps 0 1300 Mbps Save Cancel The user group associated with this instance Each captive portal user is associated with a group and a group is associated with a captive portal instance See Local user group association on page 106 RADIUS verification The additional following fields are displayed on the Advanced Configuration page when Verification is set to Radius Advanced Configuration Captive Portal instances Captive Portal instance parameters Instance ID Admin mode Protocol Verification Global radius Radius accounting Radius IP network Radius IP Radius backup IP 1 Radius backup IP 2 Radius backup IP 3 Radius key Radius backup key 1 Radius
38. versions WPA TKIP MWPA2 AES Protected management frames Disabled Supported L Mandatory Key 8 63 characters Confirm key Broadcast key refresh rate 0 86400 seconds WPA versions Select one of the following options e WPA TKIP WPA with TKIP encryption This is the original version of the standard and is still supported by many legacy clients e WPAZ2 AES WPA2 802 11i with AES encryption This version is more secure than WPA TKIP If all your users have WPA2 client software select this option for the maximum possible security e WPA and WPA2 When both are selected both WPA and WPA2 are supported at the same time Some legacy WPA clients may not work if this mode is selected This mode is slightly less secure than using the WPA2 AES CCMP mode WPA2 AES must be selected when the radio mode supports 802 11n If an 802 11 n only mode is selected only WPA2 AES can be used Key The M330 uses the preshared key PSK you specify to generate the WPA TKIP or WPA2 AES keys that are used to encrypt the wireless data stream Specity a key that is from 8 to 63 alphanumeric characters in length HP recommends that the preshared key be at least 20 characters long and be a mix of letters and numbers The key cannot begin or end with spaces Broadcast key refresh rate Enter the interval at which the broadcast group key is refreshed for clients associated with this
39. wireless community the default is 300 The valid range is O to 86400 seconds A value of O indicates that the broadcast key is not refreshed Managing wireless communities 37 Protected management frames Provides security for the otherwise unprotected and unencrypted 802 11 management frames This contiguration parameter is visible only when WPA2 AES security is enabled The following three options can be configured e Disabled Protected management frames are not used for clients e Supported Capable clients can use protected management frames e Mandatory Clients must be capable of using protected management frames to associate with the community By default Supported is selected When selecting Mandatory the Supported checkbox is also selected WPA Enterprise WPA Enterprise with RADIUS is an implementation of the Wi Fi Alliance IEEE 802 11 i standard which includes the CCMP AES and TKIP mechanisms The Enterprise mode requires the use of a RADIUS server to authenticate users Network name SSID VLAN ID MAC auth Security Delete 0 HP1_2 4G 1 Disabled WPA personal X SSID Off SSIDOn Y SSID On and configured for broadcast Add New Wireless Community Network name SSID HP1_2 4G Broadcast SSID Vv VLAN ID 1 1 4094 MAC authentication Disabled V Security method WPA enterprise V WPA versions WPA TKIP MI WPA2 AES Protected management frames Disabled M Supported C Mandatory Enable pre authe
40. AP connects Client traftic may be associated with a VLAN as it is forwarded to the Ethernet network VLAN assignment via wireless communities 80 The easiest way to assign user traffic to a VLAN is to configure the VLAN ID setting in a wireless community See Wireless community configuration options on page 32 This puts all the traffic from users that connect to the wireless community onto the specified VLAN via the M330 Ethernet port In the following scenario two wireless communities are detined each with its own VLAN Contiguring Ethernet IP and VLAN settings Employee 1 Employee 2 _ T x VLAN 10 Company gi Employee file server wireless community Switch VLAN 10 VLAN 10 20 VLAN 10 20 Shared printer Guest wireless community VLAN 20 VLAN 10 20 a Guest 1 Guest 2 No VLAN gt DHCP server e The Employee wireless community is configured with VLAN 10 All employee traffic exits the M330 on VLAN 10 providing access to the company file server shared printer and the Internet e The Guest wireless community is configured with VLAN 20 All traffic from the Guest community exits the M330 on VLAN20 providing access to the shared printer and the Internet VLAN assignment via RADIUS VLANs can also be assigned on a per user basis by setting VLAN attributes in a user s RADIUS account To use this option you need to do the following e Configure a wireless community with Secu
41. As an immediate first step in securing your wireless network HP recommends that you change the administrator password trom the default For more information on setting the administrator password see Administrator login credentials on page 20 Contigure system settings When you configure the Quick Setup settings by selecting Home gt Quick Setup the system settings are also displayed In the Contigure system settings area you can specify a name and location that helps identity the M330 You can also specify a person to contact for administrative purposes The System name appears in the banner at the top of the M330 web management tool interface Quick Setup wizard 13 Step 2 Specify access point cluster settings Note Use this section to contigure whether this AP functions as a member of a cluster of APs on the network To add the M330 to a cluster set Clustering to Enabled specity a Cluster name the same name must be used for all members of the cluster optionally specify a Cluster location and set the Cluster IP version to either IPv4 or IPv6 Step 2 Specify access point cluster settings Configure access point clustering Clustering Enable Disable Cluster name default Cluster location not set Clustering IP version Pv4 IPv6 For more information on clustering see Clustering multiple M330s on page 85 It the selected network environment was Add to wireless network with existing AP clus
42. Check here to indicate that you have read and accepted the Acceptance Use Policy Example of guest captive portal configuration 113 Test captive portal client access From any wireless client such as a notebook computer locate the Guest SSID network and connect gt Captive Portal Windows Internet Explorer SEE GeO http 192 168 1 1 cp cgi action captive R x I Google ej w Favorites captive Portal fo 7 n v Page Safety Tools af GY Make it matter ea oe Enter your Usemame Username Zansebar Smith To start using this service enter your credentials and click the connect button Check here to indicate that you have read and accepted the Acceptance Use Policy FX Internet Either immediately on some smartphones or when you launch a web browser the captive portal authentication page displays Enter a Username and check the Acceptance Use Policy to log in to the network The captive portal welcome page displays You now have access to the network and should be able to browse the Internet Note With the Guest captive portal instance used in this example Username is solely for information purposes No user authentication is performed The user can choose to leave Username blank gt Captive Portal Windows Internet Explorer SEE Go http 192 168 1 1 cp cgi action captive v R x 9 Google Cedid w Favorites captive Portal i z m Page Safety Tools
43. E TOSE E E 69 aap a INO T ee A E E EEEE E E E EE R 69 Multiple WDS link COM MOOR Oller psdgansrtantceun veoeanedecarucbianiebencteeescpoaenditeacsionan uavataned aseanyiaea dieieeawtuseosvemtanben verses 73 General aielgan el ileldk eee ere eee eer ee a ee ere ee ee ee ee eee eee eee 73 Seling up m liple WDS IMCS aacastecuorodearses cane n R EN evens E EEE EEE E EEEE ESE 73 7 Configuring Ethernet IP and VLAN settingS cccccseeccceeseeecceeseeeeeeeaeeeeeees Td Eikemo eongoa oiiae ere E E E E E EA E EE 77 erg cona O a mn tr A E E T E E EAA EA T E 78 Automatically assigning an IP address default method cccceeeccceecseeeeceeeeeeeeeeesseeesesesaeeeeeeesaaeeeeeaas 78 Se ee E o E E E E EA ET NEE E OEE T AE E A EE A 78 POC OnO O yates ae A EE EER E E 79 VANOOR GNI iorn E E E E E E E E EE E A EN EE 80 VLAN assignment via wireless communities ssssnnesssssieesssinnseseinrssrirrssrtrirsssirrrertrerssrrrrsssrrrrrsssrresren 80 MAP SSNS Va RADIU aea E E met E TE OEA EEE E EE TEE 8l POSS E E A E A E A E E aru canta eceaeeacoe ees 83 8 Clustering multiple M3308 ccccccccceccccceeeeeeeeeeeseeeeeseeeeeaeeeeeseeeeeaeeeegeeeeeaas 85 D E A sgt ic a E ests TEN AE E T EN EE A N A E A ET 85 Shared settings Lee oe 85 PAGAN IP Y OMNI SIT Sc E T EETA E A E E A E S sess 87 cuter nan eea eE E E E EEEE ping we tt mp oes EE EA E EE E baeuehconeseuendedt 87 CMTS TO MNT ONS E E T E E E E E E E A E AEE AO 89 Channel Pannin
44. HP M330 Dual Radio 802 11 ac Access Point Contiguration and Administration Guide P Part Number 5998 6740 ai bli sh Mar ch 2015 Edition Copyright 2015 Hewlett Packard Development Company L P The information contained herein is subject to change without notice The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services Nothing herein should be construed as constituting an additional warranty HP shall not be liable for technical or editorial errors or omissions contained herein Acknowledgments Microsoft and Windows are U S trademarks of the Microsoft group of companies Google Chrome browser is a trademark of Google Inc Warranty WARRANTY STATEMENT See the warranty information sheet provided in the product box and available online Supported Acess Point Models This document applies to these M330 models e JLO62A HP M330 Dual Radio 802 11ac AM AP e JLO63A HP M330 Dual Radio 802 11 ac WW AP e JLO64A HP M330 Dual Radio 802 11ac JP AP Contents 1 Deploying the M330 cccccccccccecccseece ce eeeceeeee ee eee ee eeeeaeeeeeeeeeae essen eeeeneeeeaeeeens 7 2 Using Quick setup cccccccccccceccccceeece cece eee eeee ee eeee se eeeeseeeeeseeeeeseeeeeaeeeeeaeeeenaees 9 eo ae ee ee ee ee ee ee eee 9 Automatically running Quick setup the first time you log in ccccecceeccccceeeeececceeeeeeeeeeseeeeeeesseeeeeeeeseaeeeee
45. O UNM O Mg scc2s cnicsnssaemncemrcsemaenden sas xaos sbeattonyebsesdeusintsaslesa weeded wdwiesaeieoietenemactasssetoson 122 21 ee ee eee ee een ne eet ree eT ee eer ee eer eee 123 EG CN a EIEE AT cs eee eee de Se ak wis PE EI N fe tetova E T des sansoostdatea eases sane en ban asee 123 General configuration GrcsetyvimneninewhsnxedanteranpalladhenudbomateasadstennehotgeuenrteidematoeneplacsetiionsiansmandestoieeaNinecehans 123 Mail server CO MiG URANO ae duencstevedeansaedacammsssaiyeo es sx seudyosues EEEE E ANOO T EERDERE AONE N E E RE R O TEEES EES aa 125 Message ConigurahioN sesaper renine E E EE EEEE R E 125 Sending atesi MESSAGE serine E N A E REE E ETE E eee eee 126 Viewing email alert status 00nnnessoennnsssenesssrennsssteessserirssstrerssssrirsssrrrssssrnrsssrresssriresesrersrerssssrresss 126 Network trace configuration ssccrciesct cuce bdagussenssouescneenenenesatsd ees ateesaheceusseroniedsaseanobhdeoseaneaide cont ioenestinmendoeons 127 VN cist E eg chet et rs corey et rato atta rioters pe Nee Get ete on ect seco 127 Fackel tace Onl GUN OM sees ereneris e n agent bade heb TEE E ATEREA E 127 Packer ME MOCE ach ee eerste A E EE E EE E O E EEE TE E eeeee nas 128 kemole packe AG oere n ner Nar S E E E E A EE E EE E 129 Packet tace JOUS sasra a a i a E S 131 Packet trace Mendownload ssseriinarsorie raer En E cates EE E E AE aE E A 132 P E E E creed vers ee en E E E A E E hare ee eee oa 133 uppoo and oiner ESOU CEN aers aE NNS T35 a
46. TP trattic uses port 80 but an additional port can be configured Specity a port number between 1025 and 65535 or port 80 The HTTP and HTTPs ports cannot be the same Additional HTTPS port Typically HTTP trattic over SSL HTTPS uses port 443 but an additional port can be contigured Specify a port number between 1025 and 65535 or port 443 The HTTP and HTTPs ports cannot be the same Instance count The number of captive portal instances currently configured on the AP The AP supports up to two instances Group count The number of captive portal groups currently configured on the AP The AP supports up to three groups including the default group The default group cannot be deleted User count The number of captive portal users currently configured on the AP The AP supports up to 128 users Advanced configuration A captive portal instance is a defined set of parameters that can be associated with one or more wireless communities This enables the AP to respond differently to certain users when they access the network community The AP supports up to two instances Creating a captive portal instance 96 The AP has no captive portal instances configured by default To create an instance you must first assign a name to the instance and then click Save The AP supports two instances If both instances are already configured you must first delete an instance before you can create a new one To create a captive portal inst
47. The M330 does this via a field in the beacons that it sends So clients sending data to the M330 will use protection but data sent from the M330 will not be protected Some people may refer to this mode as Greenfield which is not correct Greenfield is an 802 11 n specitic preamble The M330 does not support this preamble and therefore does not support Greenfield mode 802 1 lac and 802 11n best practices 49 The Pure n mode can be used when there is no legacy wireless traftic present in or around the premises on the channels that will be used All client devices must support 802 11 n Channel width Note 50 When operating in an 802 11n mode the M330 enables you to use the standard channel width of 20 MHz or a double width of 40 MHz A width of 40 MHz is achieved by using two adjacent channels to send data simultaneously The advantage of using a 40 MHz wide channel is that the available bandwidth is doubled leading to much higher throughput for clients operating in that mode A disadvantage is that fewer channels are available for use by all clients When the channel width is set to 20 MHz channel usage is the same as in legacy mode When 40 MHz is selected the M330 radio uses a 40 MHz channel width However both 20 MHz and 40 MHz clients can associate The channel selected on the Radio page is the primary channel and the secondary or extension channel is located adjacent to it The secondary channel is either above or below d
48. These two 20 MHz channels are often referred to as the Primary and Secondary channels The Primary channel is used for 802 11 n clients that support only a 20 MHz channel bandwidth and for legacy clients Select one of the following options e Upper The Primary Channel is the upper 20 MHz channel in the 40 MHz band e Lower The Primary Channel is the lower 20 MHz channel in the 40 MHz band Current channel This field displays the currently assigned channel Station isolation When enabled the M330 prevents communication between wireless clients associated with the same wireless community Clients can still communicate with the wired network across a WDS link and with other wireless clients associated with a different wireless community This selection is applied to all wireless communities on the AP Radio configuration 53 Advanced radio settings Note 54 When you select next to Advanced settings the following settings display Advanced settings DFS Support Multidomain regulatory mode Short guard interval supported STBC mode Protection Beacon Interval 20 2000 msec DTIM period 1 255 beacons Fragmentation threshold 256 2346 bytes even numbers RTS threshold 0 2347 bytes Transmit power 1 100 percent Fixed multicast rate Mbps Rate limit 50 1 50 packets per second Broadcast Multicast rate limiting Rate limit DUTSL 75 5 packets per second Save Cancel
49. This method allows any client to associate with the AP whether or not that client has the correct WEP key It does not ensure however that an associated client can exchange trattic with the AP A client must have the correct WEP key to be able to successfully access and decrypt data from an AP and to transmit readable data to it e Shared key This method requires the client to have the correct WEP key to associate with the AP A client with an incorrect WEP key will not be able to associate with the AP e Open system and shared key This is the default selection When selected e Wireless clients configured to use WEP in shared key mode must have a valid WEP key to associate with the AP e Wireless clients configured to use WEP as an open system mode shared key mode not enabled can associate with the AP even if they do not have the correct WEP key Open system authentication or shared key authentication can be used by the client to authenticate with the AP when the AP is configured for 802 11 open authentication When the AP is configured for 802 11 shared key authentication however 802 11 shared key authentication must be used by the client to authenticate with the AP Working with wireless communities and authentication 802 1X Dynamic WEP 802 1X enables you to authenticate wireless clients via user accounts stored on a third party RADIUS server 802 1X is purely a protocol for user authentication On the M330 it is paired with Dyn
50. X XXXX http 2001 DB8 36A5 1C32 One double colon may be used in the IPv6 address to indicate the appropriate number of zeros required to fill the undefined fields Away time The time that a client entry is retained in the captive portal authenticated client list atter it has disassociated trom the AP Specify a time between O and 1440 minutes The default setting is 60 minutes Each user also has a configured Away time setting See the Local User Group Association page The local user timeout value has precedence over the captive portal instance value contigured on this page Session timeout The amount of time to wait before terminating a session A user is logged out after the session timeout expires If the value is set to O the timeout is disabled Specify a time between O and 1440 minutes The default value is O Max bandwidth upstream The maximum speed at which a client can send data to the network when using the captive portal Specify a value between O and 1300 Mbps The default value is O which means that no limit is enforced Max bandwidth downstream The maximum speed at which a client can receive data from the network when using the captive portal Specify a value between O and 1300 Mbps The default value is O which means that no limit is enforced Locale count The total number of locales that are associated with this instance Up to three locales are supported for each captive portal instance as assigned on
51. aaeees 9 Accessing Quick Setup after your first log Wisarieccteeatcstatetucscasstacusieensaetuancinsusen eae taeeee eee eee 12 E R re e E E EE EE A E E ee T EA E T 12 Step l Specify access oLo FRC L g 6 lt a ee a nee oe ee ee one ee oe ee nee eee 13 Step 2 Specify access point cluster SCHINGS cccccccccessccceeeeeeeeeeeeeeeeeeeeesseeeeeeesseeeeeeeeseeeeeseeseeeeeeesaaeeeess 14 Step 3 Specify wireless network SettingS ccccccccssesecccceeeeseeeeeeceeeeeeeeeeeeeeeeeeaeeeeeeeceeeseeeeseseseseeaeeeeeeeess 14 Sy SISA SUMING AEEA E nse E ts anes oeeies E E EE and eaten seanosesmusetnaos sends EE 17 3 Managing the 055 Oca cance ates szancsraccoedennocnsmenenencserasceeeaaceicsanseensaendanteceeeente 19 Config ring web server Seri Succ ascencteencccee scene tceneecas ese caecunnateesnanioeseucnantedeaecddencen einesacnectonownnctenicaees 19 Webserver OMG UNGN OU serere rire riis ins Ehr E EEE E E ERE Ea E E 19 Administrator lo in eredenhials eneren n EEEE 20 STC e ee e E E E EEE E E A OEN E E E E EE E E E eae 20 ME E Eeen e DL e AEE EIEE EEE TEE O EEEE AES 21 SSNS ea a E a E E E ances A E E atin sgeredeecnt 21 shedul rae o e a E A E E E eee 23 SDU Oia e e e E A E E E E EE A A A E AE aes 24 upp anie d MIDE a E E E E eee ee ee ee eee 25 SISTING E E EEE EE E E E E E EEE 26 DEF E EA MG EA A T TE E A E SE A A A E E A AT 26 BOTEN I E E E E EA EE E E EE PEA A ET 27 4 Working with wireless communities and authentication
52. address for the primary RADIUS server for this wireless community It IPv4 is selected as the RADIUS IP address type enter the IP address of the RADIUS server that all wireless communities use by default for example 192 168 10 23 If IPv6 is selected enter the IPv6 address of the primary global RADIUS server for example 2001 0db8 1234 abcd RADIUS IP or IPv6 address 1 to 3 Enter up to three IPv4 and or IPv6 addresses to use as the backup RADIUS servers for this wireless community The tield label is RADIUS IP address when IPv4 is selected as the RADIUS IP address type and RADIUS IPv6 address when IPv6 is selected Managing wireless communities 35 36 If authentication fails with the primary server each configured backup server is tried in sequence RADIUS key Enter the RADIUS key in the text box The RADIUS key is the shared secret key for the RADIUS server You can use up to 63 alphanumeric and special characters The key is case sensitive and you must configure the same key on the AP and on your RADIUS server The text you enter will be displayed as asterisk characters to prevent others from seeing the RADIUS key as you type RADIUS key 1 to 3 Enter the RADIUS key associated with the configured backup RADIUS servers The server at RADIUS IP address 1 uses RADIUS key 1 RADIUS IP address 2 uses RADIUS key 2 and so on Enable RADIUS accounting Select this option to track and measure the resources a particular user ha
53. amic WEP which adds WEP encryption based on a set of dynamically generated keys Network name SSID VLAN ID MAC auth Security Delete 0 HP1_2 4G 1 Disabled Disabled j X SSID Off SSIDOn SSID On and configured for broadcast Add New Wireless Community Network name SSID HP1_2 4G Broadcast SSID Vv VLAN ID 1 1 4094 MAC authentication Disabled V Security method IEEE802 1X v Use global RADIUS server settings RADIUS IP address type IPv4 IPv6 RADIUS IP address RADIUS IP address 1 RADIUS IP address 2 RADIUS IP address 3 RADIUS key 1 64 characters RADIUS key 1 RADIUS key 2 RADIUS key 3 Enable RADIUS accounting Broadcast key refresh rate 300 0 86400 seconds Session key refresh rate 0 30 86400 seconds 0 disables Note Dynamic WEP cannot be used when the radio operating mode supports 802 11n or 802 11ac Use global RADIUS server When selected the wireless community will use the global RADIUS servers defined at the top of the Communities page When not selected you can contigure each wireless community to use a different set of RADIUS servers RADIUS IP address type You can toggle between the address types to configure IPv4 and IPv6 RADIUS server addresses Note however that the AP contacts only the RADIUS server or servers of the address type selected in this field RADIUS IP address RADIUS IPv6 address Enter the IPv4 or IPv6
54. ance select Captive Portal gt Advanced Configuration The Advanced Configuration page displays Advanced Configuration Captive Portal instances Create V Captive Portal instance parameters Instance name 1 32 characters Save Cancel Captive portal For Captive Portal instances select Create and enter a name of 1 32 characters in the Instance name field Click Save to create the instance The Captive Portal instance parameters are then displayed and can be configured Contiguring a captive portal instance The captive portal instance parameters displayed on the Advanced Configuration page depend on the Verification setting The AP supports the following three methods for client verification e Guest Users are not authenticated e Local Verifies client access against a database of authorized users on the AP e Radius Verifies client access against a database of authorized users on a RADIUS server Guest veritication The following fields are displayed on the Advanced Configuration page when Verification is set to Guest Advanced Configuration Captive Portal instances TestCP1 V Captive Portal instance parameters Instance ID 1 Admin mode Enable Disable Protocol http YV Verification Guest V Redirect Enable Disable Redirect URL 256 characters Away time 1440 min Session timeout 1440 min Max bandwidth upstream 1300 Mbps Max bandwidth downstream 1300 Mbps Locale count
55. at no limit is enforced Maximum bandwidth downstream The maximum speed at which a client can receive data from the network when using the captive portal Specify a value between O and 1300 Mbps The default value is O which means that no limit is enforced Delete user To delete the current user select this option and click Save Client list The Client List page displays information about clients that have authenticated or failed authentication on the configured captive portal instances To view the captive portal client list select Captive Portal gt Client List The Client List page displays Client List g3 Authenticated clients Total number of authenticated clients 0 Protocol erify 3 Captive Session way MAC address IP address Username mode p de Radio ID Portal ID A EEST Tx packets Failed authentication clients Total number of failed authentication clients 0 Captive Portal ID MAC address IP address Username haeste vsc ID Radio ID Failure time 108 Captive portal The following parameters are on the Client List page Total number of authenticated clients The number of clients that have successfully authenticated on any captive portal instance This number includes only clients that are currently authenticated Total number of failed authentication clients The number of clients that have failed authentication on any captive portal instance MAC address
56. at are not shared WDS links Ethernet wired settings Radio settings e Channel e Beacon interval e DTIM period e Transmit power Country setting Network trace Settings collected in the showtech rtt and showdev out files Developer info collection IPv4 and IPv clusters The M330 supports IPv4 and IPv6 mode clusters Cluster formation Cluster criteria A cluster can be formed between two or more M330 APs if the following conditions are met All M330 APs in the cluster must have the same part number Different regional models cannot be mixed in the cluster You can view the part number on the System Summary page The APs are configured with the same Country setting The APs are connected on the same wired subnet Clustering is not supported over a wireless connection such as a WDS link The APs joining the cluster have the same Cluster name setting The APs are configured with the same Cluster IP version setting IPv4 or IPv6 Clustering is enabled on each AP Cluster negotiation When an M330 is configured with a cluster name and clustering is enabled it begins sending periodic advertisements every 10 seconds to announce its presence If there are other M330s that match the criteria for the cluster arbitration begins to determine which AP provides its configuration to the others The first AP to advertise itself as a member of the cluster wins the arbitration The following rules apply to cluster formation
57. ating channel For the APs to communicate all APs must transmit and receive on the same channel For all APs select Wireless gt Radio and set the same channel for the selected radio Enable Spanning tree mode For all APs enable Spanning tree mode at the top of the Wireless gt WDS page Enter WDS link remote MAC addresses There are different options for setting up the WDS link remote MAC addresses see Example of a WDS Deployment on page 69 Using the method you select ensure the following addresses are contigured e For M330 1 configure the WDS link 1 Remote address with the MAC addresses of M330 2 and the WDS link 2 Remote address with the MAC addresses of M330 4 e For M330 2 configure the WDS link 1 Remote address with the MAC address of M330 1 and the WDS link 2 Remote address with the MAC addresses of M330 3 e For M330 3 configure the WDS link 1 Remote address with the MAC address of M330 2 e For M330 4 configure the WDS link 1 Remote address with the MAC address of M330 1 Disconnect remote APs from the switch Disconnect M330 2 M330 3 and M330 4 from the switch and connect them to the networks at their remote locations Test the WDS links To test the WDS links select Tools gt Ping on M330 1 and ping the IP addresses of each remote AP If the pings succeed the WDS links are working Alternatively connect a laptop to the network of each remote AP open a browser and browse the net
58. ation page Upload web customization image Click Browse to locate an image file on the management computer that can be used on the captive portal web page Click Upload to store the image file on the AP Delete web customization image Select a stored image image file in the list and then click Delete to remove it from the AP Captive portal web locale To create a new web locale select Create from the available list To view or update an existing web locale select its name from the list After a web locale has been created or selected the Captive portal web locale parameters are displayed Web locale name This field is displayed only if Create is selected from the Captive Portal web locale list Enter a name to assign to the page The name can be trom 1 to 32 alphanumeric characters Captive Portal instances This field is displayed only when Create is selected from the Captive Portal web locale list From the list select the captive portal instance to which this locale is associated Multiple locales can be associated with a captive portal instance When a wireless community associated with a captive portal instance is accessed by a user links for all the locales are displayed on the authentication page The user then selects the link for the appropriate locale Customizing a web locale 102 After a captive portal web locale has been created the web page customization parameters can be configured The following describes the parame
59. ation page displays The captive portal authentication page can be customized by changing text color and images to create a locale Up to three locales can be created and associated with a captive portal instance which enables the display of captive portal authentication pages in multiple languages up to three The language of choice can then be selected from the upper left hand side of the main captive portal page Creating a web locale The AP has no web locale pages configured by detault To create a web locale first assign a name to the locale and then click Save To configure a captive portal web locale select Captive Portal gt Web Customization The Web Customization page displays In the Web customization section of the page select Create for Captive Portal web locale and enter a name of 1 32 characters in the Web locale name box Click Save to create the locale The Captive Portal web locale parameters are then displayed and can be configured Web Customization 2 Web binary upload Upload web customization image Browse Delete web customization image v Web customization Captive Portal web locale Create V Captive Portal web locale parameters Web locale name 1 32 characters Captive Portal instances TestCP1 V Web preview Captive Portal web locale v Captive Portal web locale parameters preview Web customization 101 The following parameters are on the Web Customiz
60. ations that rely on multicast or broadcast traftic may be affected The rate limit applies only to trattic flowing in the downstream direction from the AP to wireless clients Wireless configuration By default this option is disabled When you enable it the following fields are editable Rate limit Enter the rate limit you want to set for multicast and broadcast traffic The limit should be greater than 1 but less than 50 packets per second Any traffic that falls below this rate limit will always conform and be transmitted to the appropriate destination The default and maximum rate limit setting is 50 packets per second Rate limit burst The rate limit burst sets a threshold rate for traffic bursts above which all traffic is considered to exceed the rate limit This burst limit allows intermittent bursts of traffic that are above the set Rate limit but below the Rate limit burst The default and maximum rate limit burst setting is 75 packets per second Load balancing Note You can set network utilization thresholds on the AP to maintain the speed and performance of the wireless network as clients associate and disassociate with the AP The load balancing settings apply to both radios To configure load balancing settings for the M330 radios select Wireless gt Load Balancing The Load Balancing page displays Load Balancing Q Load balancing Enable Disable Utilization threshold 0 1 100 percent Save Can
61. ble a radio or VSC The time is in HH MM 24 hour format The range is lt O0 24 gt lt 00 59 gt The default is 00 00 End Time The time of day to disable a radio or VSC The time is in HH MM 24 hour format The range is lt O0 24 gt lt 00 59 gt The default is 00 00 Select a contigured rule from the table and click Modify Rule to change its configuration After making any modifications you must click Save to apply the changes and to save the settings Scheduler association The configured schedule profiles must be associated to specitic radio and virtual service community VSC interfaces to be operational Only one protile can be associated to a radio or VSC interface but a single profile can be associated with multiple interfaces By default there are no profiles associated to any intertaces If a schedule profile associated to a radio or VSC interface is deleted the interface association is removed automatically Note that when a radio is disabled all the VSC interfaces for that radio are also operationally disabled After you have associated profiles with radio or VSC interfaces click Save to apply the changes Select Management gt Scheduler Association to contigure scheduler association settings Scheduler Association Radio Radio Profile name Operational status 1 up 2 up Community Radio VSC lt lt aa rofile name Operational status up down down down down down down down S No
62. bled The following three options can be configured e Disabled Protected management frames are not used for clients e Supported Capable clients can use protected management frames e Mandatory Clients must be capable of using protected management frames to associate with the community By default Supported is selected When selecting Mandatory the Supported checkbox is also selected Enable pre authentication If for WPA versions you select only WPA2 AES or both WPA TKIP and WPA2 AES you can enable pre authentication for WPA2 clients Enable pre authentication if you want WPA2 wireless clients to send pre authentication packets The pre authentication information will be relayed from the AP the client is currently using to the target AP Enabling this feature can help speed up authentication for roaming clients who connect to multiple APs Use global RADIUS server When selected the wireless community will use the global RADIUS servers defined at the top of the Communities page When not selected you can configure each the wireless community to use a different set of RADIUS servers RADIUS IP address type You can toggle between the address types to configure IPv4 and IPv6 RADIUS server addresses Note however that the AP contacts only the RADIUS server or servers of the address type selected in this field RADIUS IP address RADIUS IPv6 address Enter the IPv4 or IPv6 address for the primary RADIUS server for this wireles
63. by default To disable it select Wireless gt Rogue AP Detection select Disable next to AP Dectection for radio 1 2 and then select Save Rogue AP Detection Rogue AP configuration AP detection for radio 1 Enable Disable AP detection for radio 2 Enable Disable When enabled the AP initiates a scan on a single channel Every 60 seconds the AP scans the next sequential channel The scan duration is 10 ms per channel Note e Scanning is temporarily disabled when a trace is active see the Tool gt Network Trace page e Although the impact of scanning on AP performance is expected to be minimal to obtain the best possible wireless performance as needed for voice applications for example disable scanning Detected and known AP lists When the M330 discovers an AP during a scan it compares the MAC address of the AP against the Known AP list a list that you create or import using the capabilities on this page If the scanned AP does not appear in the list of known APs it is displayed in the Detected rogue AP list Detected rogue AP list MAC address Radio SSID Action Beacon Privacy Band TEENE Int WPA Channel 90 18 59 36 f3 d6 6d wiand 100 Radice On On 24 6 atll 93 Grant 58 Wireless configuration Note The following information displays for each detected rogue AP w pe o MAC address The MAC address of the neighboring AP detected during a scan Radio Displays
64. cel Load balancing Enables or disables load balancing To enable load balancing on this AP click Enable To disable load balancing on this AP click Disable Utilization threshold Provides the percentage of network bandwidth utilization allowed on the radio before the AP stops accepting new client associations The default is O which means that all new associations are allowed regardless of the utilization rate Atter contiguring load balancing settings click Save Changing settings can cause the AP to stop and restart temporarily losing connectivity for wireless clients HP recommends changing AP settings only at times when users are not inconvenienced Load balancing 57 Detecting rogue APs You can use the Rogue AP Detection feature to scan for other APs operating nearby Initially new APs on the network are identified as rogue APs If you are aware of an AP detected as a rogue AP and know that its existence on your network is legitimate you can identity it as a known AP so that it will not continue to be detected as a rogue AP This is usetul for monitoring the installation of wireless APs in your company s work areas to ensure that new APs which could be a security risk if improperly configured are not deployed without your knowledge This feature can also be used to determine the operating frequencies and signal strengths of nearby APs for site planning purposes Enabling scanning Scanning for rogue APs is enabled
65. ck Enable to resume automatic channel planning When automatic channel planning is enabled the Channel Manager periodically maps radio channels used by clustered access points and if necessary re assigns channels on clustered APs to reduce interference with cluster members or other APs outside the cluster Click Disable to stop automatic channel planning No channel usage maps or channel re assignments will be made Only manual updates will affect the channel assignment When automatic channel planning is enabled the channel policy for the radio is automatically set to static mode and the Auto option is not available for the Channel field on the Wireless Settings or Radio pages This allows the automatic channel feature to set the channels for the radios in the cluster 90 Clustering multiple M330s Contiguration Use this section to enable channel planning and contigure basic settings Channel Planning Channel planning configuration Channel planning 8 Enable Disable Channel change interval 1Hour w Interference threshold B 75 Vv Last proposed set of channel assignments Save Cancel Channel planning Enable or disable channel planning It is disabled by detault Channel change interval Select the schedule for automated updates At the selected interval channel usage is reassessed and the resulting channel plan is applied A range of intervals is provided from 30 minutes to 6 months Th
66. connections page directly on that AP AP MAC Media Access Control MAC address of the AP The address shown here is the MAC address for the Ethernet intertace and the default wireless community wlanO This is the address by which the AP is known externally to other networks User MAC The Media Access Control MAC address of the client Idle The time in seconds that has elapsed since the last client activity Rate Mbps The speed in Mbps at which this AP is transferring data to the specified client This value should fall within the range of the advertised rate set for the mode in use on the AP For example 6 to 54 Mbps for 802 11a Signal The strength of the radio frequency RF signal the client receives from the AP This measurement is known as Received Signal Strength Indication RSSI which is indicated by a value ranging from O to 100 RSSI is determined by a mechanism implemented on the wireless interface of the client Rx total The number of total packets received by the client during the current session Client connections 89 Channel Note Tx total The number of total packets transmitted to the client during the current session Error rate The percentage of time frames are dropped during transmission to or from this client planning When channel planning is enabled the M330 automatically assigns radio channels used by clustered APs Automatic channel assignment reduces mutual interference or inter
67. cy band Use this setting when support for 802 11b and 802 11g is necessary e 2 4 GHz IEEE 802 11n Pure 802 11n Up to 450 Mbps in the 2 4 GHz frequency band e IEEE 802 11a Up to 54 Mbps for 802 11a in the 5 GHz frequency band e IEEE 802 11 a n ae Compatibility mode Up to 1 3 Gbps for 802 1lac 450 Mbps for 802 11n and 54 Mbps for 802 11a in the 5 GHz frequency band IEEE 802 11n ae Compatibility mode Up to 450 Mbps for 802 11n and 1 3 Gbps for 802 llac in the 5 GHz frequency band In 2 4 GHz IEEE 802 11 n mode the M330 does not permit non 802 11n clients to associate Also in this mode the M330 does not use protection mechanisms RTS CTS or CTS to self to enable legacy APs to operate on the same frequency This can potentially cause problems with legacy 802 11a b g APs operating on the same channel but provides the best throughput for the M330 and its 802 11 n clients In IEEE 802 11 a n ac and IEEE 802 11 b g n modes the M330 permits both 802 11 n and legacy clients 802 11a b g to associate The M330 uses protection mechanisms RTS CTS or CTS to self when sending 802 11n data to prevent disruption to legacy 802 11a b g clients associated on the same channel For more information refer to 802 1ac and 802 11n best practices on page 48 Channel Select the channel for wireless services The range of available channels is determined by the mode of the radio interface and the country code setting e Aut
68. device Third party licenses and copyright notices GPL Version 2 License Click here to learn how to get GPLv2 sources Other Copyrights and Licenses 11 Tools System log The system log is a comprehensive list of system messages and kernel messages which may indicate error conditions such as dropped frames The M330 stores up to 512 system error messages in volatile memory RAM You can view these events using the M330 management tool and you can contigure M330 to relay them as syslog messages to a syslog server residing on the network You can also contigure the M330 to store up to 512 messages in nonvolatile memory flash When tull the oldest log message gets overwritten by the new log message Logged messages often indicate severe errors in M330 operation and they may prove useful in diagnosing system crashes All log messages are time stamped To configure system log settings and view a limited number of log messages from RAM select Tools gt System Log System log configuration Caution You can use the System log configuration section of the System Log page to configure the size of the system log and specify which system events result in messages to store in the log based on their severity level System Log System log configuration Persistence Enable Disable Severity Warming V Depth 512 1 512 entries Save Cancel You can configure the following log settings Persistence
69. dropped dropped WLAN bytes receive Number of bytes received by the AP that were dropped dropped WLAN packets Number of packets transmitted by the AP that were dropped transmit dropped Wireless contiguration fe ne WLAN bytes transmit Number of bytes transmitted by the AP that were dropped dropped Fragments received Count of successfully received MPDU frames of type data or management Fragments transmitted Number of transmitted MPDU with an individual address or an MPDU with a multicast address of type data or management Multicast frames Count of MSDU frames received with the multicast bit set in the received destination MAC address Multicast frames Count of successfully transmitted MSDU frames where the transmitted multicast bit is set in the destination MAC address Duplicate frame count Number of times a frame is received and the Sequence Control tield indicates it is a duplicate Failed transmit count Number of times an MSDU is not transmitted successfully due to transmit attempts exceeding either the short retry limit or the long retry limit Transmit retry count Number of times an MSDU is successtully transmitted atter one or more retries Multiple retry count Number of times an MSDU is successfully transmitted after more than one retry RTS success count Count of CTS frames received in response to an RTS frame RTS failure count Count of CTS frames not received in response to an RTS frame ACK failur
70. e The M330 always tries to boot with the primary image It it tails to load then the secondary image is used Whenever such a failover occurs the system creates a log message to help you troubleshoot the software failure Switching the sottware image The Software information area shows the active image and backup image versions To make the backup image the active image and the active image the backup image click Switch The AP reboots using the new image The process may take several minutes during which time the AP will be unavailable Do not power down the AP while the image switch is in progress When the image switch is complete the AP restarts The M330 resumes normal operation with the same configuration settings it had before the image switch Software upgrade Caution When a software upgrade is available you can download the image to the M330 e Before updating be sure to check for update issues in the Release Notes e Even though configuration settings are preserved during software updates HP recommends that you back up your configuration settings before updating See Configuration file management on page 117 To update the M330 software using HTTP click Browse to locate the software file with the extension img and then click Upgrade To update the software using TFTP specify the file path and file name on the TFTP server and enter the TFTP server address Then click Upgrade At the end of the update p
71. e 2 4 GHz band This could be a factor depending on the distance your WDS link span e All radios configured for WDS must be set to the same channel This means that on the Wireless gt Radio page under Channel you cannot select Auto e The Ethernet ports for all M330s must be connected to the same subnet and each M330 must have a unique IP address e If WPA PSK security is enabled the same link name and key must be defined on all M330s that are linked by the WDS connection e IEEE 802 11n uses frame aggregation whereby multiple frames are combined into one to reduce overhead and increase throughput WEP encrypted frames are not aggregated however so enabling WEP security over WDS will result in reduced throughput e Although the M330 can support up to four WDS links only one wireless link can be detined between any two M330s Creating WDS links WDS contiguration To view or add a WDS link select Wireless gt WDS Configure WDS Bridges To Other Access Points General Spanning tree mode O Enable Disable WDS link 1 Radio Local address Remote address Encryption WDS link 2 Radio Local address Remote address Encryption WDS link 3 Radio Local address Remote address Encryption WDS link 4 Radio Local address Remote address Encryption 28 80 23 99 62 30 None Plain text V 28 80 23 99 62 30 None Plain text V 28 80 23 99 62 30 None Plain text V
72. e Portal groups and enter a name of 1 32 characters in the Group name box Click Save to create the group The Captive Portal web locale parameters are then displayed and can be configured The following parameters on the Local User Group Association page are used to create a captive portal local group Captive Portal groups To create a new group select Create After you create a group or select an existing group trom the Captive Portal Groups list additional parameters display on the page Group name Specity a name for the new local group Delete group To delete the current group select this option and click Save Creating local captive portal users In the Local user section of the page select Create tor Captive Portal users and enter a name of 1 32 characters in the Username box Click Save to create the user The Captive Portal user parameters are then displayed and can be configured The following parameters on the Local User Group Association page are used to create a captive portal local user Captive Portal users To create a new user select Create To configure settings for a user select the name from the list Username Specify a name for the local user Enter 1 32 characters for the name After you create a user or select an existing user trom the Captive Portal Users menu additional fields display on the page Local user Captive Portal users Captive Portal user parameters User password 64 characters
73. e TFTP server and enter the TFTP server address Then click Restore The name of the configuration tile can have up to 255 characters including the xml file name extension and the path to the directory where the file is saved File names should not contain spaces or the these characters lt gt amp 2 aa 2 After restoring the configuration file the system automatically reboots The M330 automatically restarts when the upload is completed For maintenance purposes or as a troubleshooting measure you can reboot the M330 by clicking Reboot The process may take several minutes during which time the AP will be unavailable The M330 resumes normal operation with the same configuration settings it had before the reboot Sottware updates To update the M330 software select Maintenance gt Manage Software The Manage Software page displays The Manage Software page shows the AP model information as well as the current active primary image and backup secondary image versions This page also enables a new software image file to be uploaded to the AP using HTTP or TFTP protocols Manage Software Software information Model HP M330 802 11ac Access Point Primary image V1 0 0 0 M330 B000 1 Secondary image V0 0 0 39 M330 B000 0 Software upgrade Upload method HTTP TFTP New firmware image Browse 118 Maintenance Software information The M330 maintains both a primary software image and a backup imag
74. e count Count of ACK frames not received when expected FCS error count Count of FCS errors detected in a received MPDU frame Transmitted frame Count of each successtully transmitted MSDU count WEP undecryptable Count of encrypted frames received and the key contiguration count of the transmitter indicates that the frame should not have been encrypted or that frame was discarded due to the receiving station not implementing the privacy option Viewing wireless information 63 64 Wireless configuration 6 Creating WDS links Key concepts The Wireless Distribution System WDS feature enables you to create point to point wireless links between two or more M330s These links create a wireless bridge that interconnects the networks connected to the Ethernet port on each M330 For example in the following figure M330 2 and M330 3 use the WDS to create a wireless link between the main office network and a small network in a warehouse Main office area Warehouse WDS Wireless link T T a K 5 Wireless cuni 2 File server DHCP server Employee M330 M330 computers 3 _ Wireless community WDS links provide an effective solution for extending network coverage in situations where it is impractical or expensive to run cabling Each M330 can create up to four WDS links Note A network that includes WDS links should be distinguished from a group of clustered APs WDS enables wirelessly extending the netw
75. e default is 1 hour Interference threshold Select the minimum percentage of interference reduction a proposed plan must achieve to be applied The default is 75 percent You can select percentages ranging from 5 percent to 75 percent This setting lets you set a gating factor for channel reassignment so that the network is not continually disrupted for minimal gains in efficiency For example if channel interference must be reduced by 75 percent and the proposed channel assignments will only reduce interference by 30 percent then channels will not be reassigned However if you reset the minimal channel interference threshold to 25 percent the proposed channel plan will be implemented and channels will be reassigned as needed Last proposed set of channel aassignments It a channel plan was previously applied on the AP this field shows the number of hours and minutes that have passed since it was applied Current channel assignments Use this section to view the list of all APs in the cluster by IP address The display shows the band on which each AP is broadcasting a b g n ac the channel currently used by each AP and an option to lock an AP on its current radio channel so that it cannot be reassigned to another Current channel assignments IP address Band Channel Proposed channel Status Locked 192 168 1 1 28 80 23 99 62 38 36 up 192 168 1 1 28 80 23 99 62 30 6 up IP address The
76. e does not include 802 11 n wired VLANs e Static WEP see note WPA WPA2 Personal default Quick Setup wizard 15 Network environment Security methods Multiple wireless networks with If the wireless mode includes 802 11n on oo DIUS authentication WPA WPA2 Personal e WPA WPA2Z Enterprise default If the wireless mode does not include 802 11 n e Static WEP see note e 802 1X Dynamic WEP see note e WPA WPA2 Personal e WPA WPA2Z Enterprise default Add to wireless network with The AP will inherit its security settings trom the cluster existing AP cluster Note WEP based security is not available in 802 11n modes due to Wi Fi security requirements For more information on wireless security see Wireless protection on page 33 After you select a security method and complete the related settings the Quick setup wizard is complete 16 Using Quick setup System summary After you complete the Quick setup wizard when you log into the management tool again the System Summary page displays System Summary System information IP address 192 168 1 1 Static IPv6 address IPv6 autoconfigured global addresses IPv6 link local address fe80 2a80 23ff fe99 6230 64 MAC address 28 80 23 99 62 30 Firmware version V0 0 0 39 M330 B000 0 Product identifier JLO62A Hardware version ROB Serial number CN4ZGV8051 Device description HP M330 Wireless 802 11ac Access Point Country US United States Wireles
77. e of guest captive portal configuration sss sssssnsesssseiuesssrnsssstrirsstrrnsssrrrrrsssrirsssrreneserrrrserrrssrrrens 110 TEESE E gcse ees E es E or dg E E TE T EAEE AE S 110 BGS 1G Gin FIG UO seeria A E EE E E E E E AE A E E E A 110 Advanced COMMUNION sperprinp i Er EEE OA E EEE 111 Common YO ANN aenor n a EA AE ENT E wanes E E EEE E A A 112 Web customization ccccccccccccccccccacccccceaeceecaeeceeacaeeeaeaceeeeaeseeesescesseseeeseesesesessnsseceueneseneneceneeaeesaeneenss 112 Test captive portal GME nil GOCESS aaa encase cacuseaphasrwenuraed aaens E EAEE TNE EDE ESE 114 ONE e E eres E eran E E A EE 117 Contig ration file management sssrinin tika nnie Ieee oy odert andeedinizaes oeiienadaanvtaeenseessaaxeuaamutecites 117 FSS E AEE E E IEEE A E E E N ITE E E E A O N oem 117 ONE a A E E E A ee N eee 117 NES 0 Se E A EIE E A E E A E E AE E ee eee ee eee 118 FS eee E E wpe A EEEE A E E E E A 118 SOW CSCS IEEE ENEE EASE IE AEA AA E A EEE O EE 118 DOM WONG AMON ANON greine diei Enne ra EE EE E EAEE E E E ds 119 Switching the software MME OC cacascasiccsito sacceye baytcaen sled dJo ciloncnaGtaansonen sd abuat nisin atenndadsouinesaidhoamecedetsoveskeancas 119 Sotware Upgrade sesten e EA E 119 S E E S E NEEE ESEE CA OO EE ENA OEE A E 119 Viewing he EULA sineratan TEn 9 ened ase eas wel RE a 120 MEE E EE IEEE ENET 121 SIS TINO e E A E E E A A E E E 121 Syslemi log conigurathi OM wins ee ee E AE E AEAEE ARA 121 Remote syslog COM
78. e wireless connectivity for your users This option can be used to connect the M330 directly to a broadband router or to an existing wired network using static IP DHCP or IPv6 addressing This scenario supports clustering mode where multiple APs in the network are deployed and administered as a single entity Quickly setup the M330 Quick setup can help you to configure the M330 for several different networking environments Select the option that most closely matches your needs and then click OK Recommend wireless network settings based upon your network environment Network Environment Basic wireless network Vv Wireless id 1 ea Intern ieu D High security wireless network for employees using WPA WPA2 Router with M330 DHCP server providing 802 1 1a b g n ac wireless services O Manually configure wireless network settings Save Cancel 10 Multiple wireless networks Choose this option if you want to create multiple wireless networks to support users with different networking requirements For example you could create two wireless networks one for employees and one for guests This option can be used to connect the M330 to a network using static IP DHCP or IPv6 addressing This scenario also supports clustering mode where multiple APs in the network are deployed and administered as a single entity Quickly setup the M330 Quick setup can help you to configure the M330 for several different networking e
79. eless coverage is atfected by the tactors discussed in this section Interference Interference is caused by other APs or devices that operate in the same frequency band as the M330 and can substantially affect throughput Several tools are available to diagnose interterence problems as they occur Select Wireless gt Rogue AP Detection to view detailed information about all wireless APs operating in the immediate area so that you can effectively set the operating frequencies This feature also makes it easy for you to find rogue APs See Detecting rogue APs on page 58 e Select Status gt Wireless to view detailed information about packets sent and received transmission errors and other low level events APs that operate in the 2 4 GHz band may experience interference from devices including 2 4 GHz cordless phones and microwave ovens A smaller but growing number of devices are potential sources of interference in the 5 GHz band Physical characteristics of the location To maximize coverage of an M330 install it in an open area with as few obstructions as possible Try to choose a location that is central to the area being served Radio waves cannot penetrate metal they are retlected instead The M330 can transmit through wood or plaster walls and closed windows although window glazing or thickness may impair penetration However the steel reinforcing found in concrete walls and floors may block transmissions or reduce si
80. ending more RTS packets can help the network recover from interference or collisions that might occur on a busy network or on a network experiencing electromagnetic interference Transmit power Enter a percentage value for the transmit power level for this AP The default value which is 100 can be more cost efficient than a lower percentage since it gives the AP a maximum broadcast range and reduces the number of APs needed to cover an area To increase the capacity of the network place APs closer together and reduce the value of the transmit power This helps reduce overlap and interference among APs A lower transmit power setting can also keep your network more secure because weaker wireless signals are less likely to propagate outside of the physical location of your network Fixed multicast rate This value sets a fixed transmission rate in Mbps for broadcast and multicast packets This setting can be useful in an environment where wireless multicast video streaming occurs provided the wireless clients are capable of handling the configured rate Select Auto to have the M330 choose the best rate automatically The range of valid values is determined by the contigured radio mode The default value is Auto Bcast Mcast rate limiting Enabling multicast and broadcast rate limiting can improve overall network performance by limiting the number of packets transmitted across the network Note however that the performance of client applic
81. epending on which channel was selected as the primary In 5 GHz IEEE 802 11n mode the channels are paired for example channels 36 and AO are always used together 44 and 48 are always used together etc It the Country setting identifies a regulatory domain that does not support the 40 MHz channel bandwidth this setting does not apply The 802 lac standard in the 5 GHz band supports channel widths of 20 MHz 40 MHz and 80 MHz The 80 MHz option bonds two 40 MHz channels to form one high throughput channel Note that in the 5 GHz band a channel bandwidth of 80 MHz can reduce the number of available channels to four Wireless configuration Radio configuration Country Caution To define configuration settings for the M330 radio select Wireless gt Radio The radio settings page displays Radio Country Country US United States Basic settings Radio 1 w Status On Off Mode IEEE 802 11b g n Channel Auto V Channel bandwidth 20 MHz Vv Primary channel Lower V Current channel 1 2412 MHz Station isolation Advanced settings Save Cancel This page enables you to configure the country in which the M330 operates basic radio settings such as the radio mode and channel and advanced radio teatures The country of operation also known as the regulatory domain determines the availability of certain wireless settings on the M330 Once the c
82. ersonal WPA Enterprise 802 1X Dynamic WEP or Static WEP MAC authentication occurs after other authentication methods are applied RADIUS server based MAC authentication When RADIUS server based MAC authentication is enabled on a wireless community a wireless client MAC address is compared to the configured list stored on a RADIUS Server upon authentication When a client MAC address is found in the configured list the globally configured allow or deny action is applied to the client When a client MAC address is not found in the list the opposite allow or deny action is applied 40 Working with wireless communities and authentication The following attributes must be contigured on the RADIUS server e User Name 1 Ethernet MAC address of the client e User Password 2 A fixed password used to lookup a client MAC entry The M330 uses the password NOPASSWORD Local MAC authentication Select Wireless gt MAC authentication to configure the local MAC authentication list You can use this page to configure a local list which applies to every wireless community on which local MAC authentication is enabled MAC Authentication Local MAC authentication configuration Filter D Allow only stations in list Block all stations in list Local MAC authentication client list MAC address Client list Save Cancel Filter Select one of the following options Allow only stations in list Only users wh
83. estinations Trap community name 1 32 characters Enable Host type Hostname or IPv4 IPv6 address IPv4 V IPv4 V IPv4 V Save Cancel The following parameters are on the SNMP page Status Select to enable or disable the SNMP agent By default the SNMP agent is enabled If you disable the agent the M330 will not resoond to SNMP requests Read only community name This is the password that controls read only access to SNMP information on the M330 A network management program must supply this name when attempting to get SNMP information from the M330 By default the name is set to public Managing the M330 Read write community name This is the password that controls read write access to SNMP information on the M330 A network management program must supply this name when attempting to set SNMP parameters on the M330 By default the name is set to private Trap community name To send SNMP trap messages to trap destinations specify the global community name sent with the traps The community name can be in any alphanumeric string of 1 32 characters Special characters are not permitted Host type Specify whether the enabled trap destination host is an IPv4 or an IPv6 address Hostname or IPv4 IPv6 address Enter the DNS hostname or IPv4 IPv6 address of up to three computers to which SNMP traps will be sent The valid range is 1 256 characters Be sure to select the Enabled check box next to each hostname Su
84. ference with other APs outside of its cluster and maximizes Wi Fi bandwidth to help maintain the efficiency of communication over the wireless network You must start channel planning to get automatic channel assignments It is disabled by default At a specified interval the channel manager maps APs to channel use and measures interterence levels in the cluster If signiticant channel interference is detected the channel manager automatically reassigns some or all of the APs to new channels according to an efficiency algorithm or automated channel plan If the channel manager determines that a change is necessary it sends the new channel assignments to all members of the cluster and generates a syslog message that indicates the sender AP and the new and old channel assignments The Cluster gt Channel planning page shows current and planned channel assignments for clustered APs You can start channel planning to optimize channel usage across the cluster on a scheduled interval This page displays channel planning fields only if clustering is enabled on the Cluster gt Configuration page Stopping Starting Automatic Channel Assignment Note Note By default automatic channel planning is disabled off Channel planning overrides the detault cluster behavior which is to synchronize radio channels of all APs across a cluster When Channel planning is enabled the radio channel is not synced across the cluster to other APs Cli
85. fig File Management Config File Management Reset Restore the factory default configuration Save Save the current configuration to a backup file Download method HTTP TFTP Restore Restore the configuration from a previously saved file Upload method HTTP TFTP Configuration file Reboot Reboot the access point Reset See Resetting to factory defaults on page 137 Save The Save feature enables you to back up your contiguration settings so that they can be easily restored in case of failure Before you install new software you should always back up your current configuration To start the process selecta Download method and then click Download For HTTP downloads you are prompted for the location in which to save the contiguration file namely config xml For TFTP downloads specify the file path and file name under which to save the file and the TFTP server name The name of the configuration file can have up to 255 characters including the xml file name extension and the path to the directory where you want to save the tile File names should not contain spaces or the these characters lt gt amp 2 ee 7 Restore Note Reboot The Restore feature enables you to load a previously saved contiguration file For an HTTP restore click Browse to select to the configuration file that you want to restore then click Restore For a TFTP restore specify the file path and file name on th
86. form at the time interval specified by the Log duration The security level you select and all levels up to but not including the lowest urgent level are considered non urgent Messages below the security level you specify are not sent via email See the Urgent message severity description for information about the security levels Log duration This setting determines how frequently the non urgent messages are sent to the email SMTP server The range is 30 to 1440 minutes The default is 30 minutes Non urgent messages are sent when the time duration is reached or the number of messages exceeds the contigured Depth value on the System Log page whichever is first Mail server contiguration Mail server Mail server address Mail server security Mail server port 0 65535 Mail server address Specify the IP address or hostname of the SMTP server on the network Mail server security Specify whether to use SMTP over SSL TLSv1 or no security Open for authentication with the mail server The detault is Open Mail server port Configure the TCP port number for SMTP The range is a valid port number from O to 65535 The default is 25 which is the standard port for SMTP Username This field displays only when TLSv1 is selected as the Mail server security setting Specify the username to use for authentication with the mail server The username can be up to 64 characters long and can include any printable characters
87. g eseese eiA E N EE E EA meee 90 Stopping Starting Automatic Channel Assignment ccccccceseeccceceseeeceeeeseeeeeceeseeeeeeeeeseeeeeeesseeeeeeeaanees 90 IMO oiee a E E E E E 91 CurnenkchannelassignmeniS sesers renr r E E er ee ee 91 DP Caplive Pondi aa cates can cree cee aig secs EE NENEA ENEA EESE EEES 93 E E A E EA EN E EE ert Se vs E N A A E AE AAEE E ed ere 93 Seiling up caplive PONa serrr eis ueraia AE EAEE ER ESEE EEE EEEE ENEE 94 BSI CC OG ONGMOMN serrr E EE E EE T E R 95 Aavanced conigli ossa EEE EEE EE EE AENEAN E E EE 96 Creating a captive portal instance ssssssisssssissssstiiessssirissstirrsrritrsserirssstrrursrrirrssrirerresrrnrseseresssrens 96 Configuring a captive portal instance oa s scucwacacrsenensdeeucheassasdeenalssresbaeeeiuseicnweicidesenavbssanseedssatmsenadontanee 97 Communi BINANGONAN 100 Web cuon ZN e a NEER E A EA A E EAE ates aout E EEA 101 Creating a web Lo co ae ees ee ann ee eee eee 101 Bi Co nally alo feo WED locale eeen ern te are re ne Nn EEE O E SER SS 102 Previewing a web locale u5 tesszccncsxcatinteieesnsaniersieeiaetatemesandleaedpataiaadentedeaiceneinonstudielcoheRaphdesebeesteontaete 106 localuser group ASSOCIO OM ca teense n a E EE E S E EEEE RS 106 Creating local captive portal groups cee 107 Creating local captive portal users o cciactonscicnacasesdseredioadienbaseuaermoweas teens steaposeeaentancteionsevswmanreeatentoreons 107 S E E EN AEE T EEEE TAE E E E T 108 Exampl
88. ge background Click Upload web customization image to upload images to the AP for use with captive portal instances Logo image name The name of the image file that displays in the top left corner of the page This image is typically a company logo First upload your logo image to the AP and then select it from the list Foreground color The authentication page foreground color in a 6 digit hexadecimal format the field accepts 1 to 32 characters The default value is FFFFFF 103 Web customization 104 Background color The authentication page background color in a 6 digit hexadecimal format the field accepts 1 to 32 characters The default value is E5E8E8 Separator The 6 digit hexadecimal code for the color of the thick horizontal line between the page header and the page body The field accepts 1 to 32 characters and the default value is ESES8E8 Locale label A text description of 1 to 32 characters that identifies the locale The default is English Locale An abbreviation for the locale Range 1 to 32 characters The default is en Account image The tile name of the image indicating an authenticated login that displays above the login field Account label The displayed text that tells a user to enter a user name The range is from O to 32 characters User label A text description of O to 32 characters that identifies the user name field Password label A text description of O to 64 characters that identif
89. gnal quality by creating reflections This can make it difficult or impossible for a single M330 to serve users on different floors in a concrete building Such installations require a separate M330 on each floor Wireless coverage 43 Contiguring overlapping wireless APs Note 44 When the radio is operating in the 2 4 GHz band and two or more APs are within transmission range of each other they may use overlapping channels This may be under your control for example when you use several APs to cover a large location or out of your control for example when your neighbors set up their own wireless networks In either case the problems you face are similar Overlapping channels do not occur when the radio is operating in the 5 GHz band All 5 GHz channels are non overlapping Pertormance degradation and channel separation When two wireless APs operating on the same frequency overlap throughput can be reduced in both APs Reduced throughput occurs because a wireless user that is attempting to transmit data deters delays transmission if another station is transmitting In a network with many users and much trattic these delayed transmissions can severely affect performance because wireless users may defer several times before the channel becomes available If a wireless user is forced to delay transmission too many times data can be lost Delays and lost transmissions can severely reduce throughput on a network To view this i
90. hannel This alerts the associated 802 11n clients to use protection when transmitting The M330 also uses protection when necessary while sending HT data Compatibilty for 802 1lac in the 5 GHz band operates in a similar way as 802 11n in the 2 4 GHz band with the M330 using protection when sending VHT data Compatibility modes should be used when legacy clients are present in the network HP recommends IEEE 802 1la n ac or IEEE 802 11b g n as the typical operating mode Both modes allow for all wireless clients to connect and they use protection to avoid causing interterence IEEE 802 11n 2 4 GHz HP refers to this mode as Pure n When the M330 2 4 GHz radio is in this mode it will not allow non 802 11n clients to associate Legacy clients can see the M330 and may attempt to associate but they will be rejected The M330 makes this determination based on information on supported capabilities that the client presents during its association request If the client does not indicate support for 802 11n capabilities it is not allowed to associate In this mode the M330 will not use protection when sending HT frames to associated clients If legacy APs or clients are using the same channel this may lead to collisions In the 2 4 GHz band this mode may cause serious performance deterioration for everyone on the channel both the 802 11b g and 802 11n clients The M330 still signals associated clients to use protection when they send data
91. haracter cannot be a hyphen Daylight saving Use this section to enable daylight savings time DST if required for your location The AP automatically sets daylight saving start and end dates based on the time zone selected Alternatively you can manually set the dates for starting and ending the daylight saving The DST offset specifies how many minutes to move the clock forward or backward System time 27 28 Managing the M330 4 Working with wireless communities and authentication Overview The M330 allows you to create up to eight wireless communities or virtual service communities VSCs per radio Each wireless community defines the settings for a distinct wireless network with its own network name SSID settings for wireless protection user authentication VLANs and more For example in the following scenario four wireless communities are defined Each wireless community is configured with a different wireless network name SSID _ a a DHCP server Wireless community 1 Wireless community 2 SSID Employee SSID Guest Security WPA Security None Wireless community 3 Wireless community 4 SSID Admin SSID Phone Security WPA Security None Even though multiple wireless communities are in use all wireless users are on the same network 192 168 5 0 This means that all wireless users can reach resources on the corporate network However communication between wireless users may or may no
92. hark sessions and specify the following interfaces rpcap 192 168 1 10 58000 eth0 rpcap 192 168 1 10 58000 wlano When you are capturing traftic on the radio interface you can disable beacon trace but other 802 11 control frames are still sent to Wireshark You can set up a display filter to show only the following e Data frames in the trace e Traffic on specific BSSIDs e Traffic between two clients Some examples of useful display filters are the following e Exclude beacons and ACK RTS CTS frames wlan fc type subtype 8 wlan fc type 1 e Data frames only wlan fic type 2 e Traffic on a specific BSSID wlan bssid 00 02 bc 00 17 d0 e All traffic to and from a specific client wlan addr 00 00 e8 4e 5f 8e Performance and security considerations Tools In remote packet trace mode trattic is sent to the PC running Wireshark via one of the network interfaces Depending on where the Wireshark tool is located the traffic can be sent on an Ethernet interface or one of the radios To avoid a traffic flood caused by tracing the trace packets the M330 automatically installs a trace filter to filter out all packets destined to the Wireshark application For example if the Wireshark IP port is configured to be 58000 then the following trace filter is automatically installed on the M330 not portrange 58000 58004 Enabling the packet trace feature impacts M330 performance and can create a security issue unau
93. he Wireshark network analyzer tool for Windows A packet trace server runs on the M330 and sends the captured packets via a TCP connection to the Wireshark tool A Windows PC running Wireshark enables you to display log and analyze captured traffic When the remote trace mode is in use the M330 does not store any captured data locally in its file system up Wireshark sessions You can trace up to five interfaces on the M330 at the same time However you must start a separate Wireshark session for each interface You can configure the IP port number used for connecting Wireshark to the M330 The default port number is 2002 The system uses five consecutive port numbers starting with the configured port for the packet trace sessions If a firewall is installed between the Wireshark PC and the M330 these ports must be allowed to pass through the firewall The firewall must also be configured to allow the Wireshark PC to initiate TCP connection to the M330 Network trace configuration 129 130 To configure Wireshark to use the M330 as the source for captured packets you must specify the remote interface in the Capture Options menu For example to trace packets on an M330 with IP address 192 168 1 10 on radio 1 using the default IP port specify the following interface rpcap 192 168 1 10 radiol To trace packets on the Ethernet interface of the M330 and on the default wireless community wlanO using IP port 58000 start two Wires
94. ies the user password field Button label The text label for the page button that must be clicked to submit a user name and password for authentication The range is from 2 to 32 characters The default is Connect Fonts The name of the font to use for all text on the authentication page Multiple font names separated by commas can be listed When the first font is not available on a client system the next available font in the list is used Font names that include spaces must be enclosed in quotes You can enter 1 to 512 characters The default font list is MS UI Gothic arial sans serif Browser title The text that displays in the browser title bar Enter 1 to 128 characters The default text is Captive Portal Browser content The text that displays next to the logo in the page header Enter 1 to 128 characters The default is Welcome to the Wireless Network Content The text that displays below the user name and password fields Enter O to 256 characters The default text is To start using this service enter your credentials and click the connect button Acceptance use policy The text that is displayed in the Acceptance Use Policy box Enter O to 8192 characters The default text is Acceptance Use Policy Captive portal Accept label The text that instructs users to accept the Acceptance Use Policy by selecting the check box Enter O to 128 characters The default text is Check here to indicate that you have read and accep
95. igher are sent to the contigured syslog server When disabled a limited number of these messages will be stored locally and can be viewed in the Events section of the System Log page Syslog server Specity the IP address or DNS name of the remote log server Syslog port The syslog process uses logical port 514 by default HP recommends that you keep this default It you specify a different port number ensure that the port number is not being used by another protocol on your network and that your syslog server is also contigured to use that port The Events section of the System Log page shows real time system events on the AP such as wireless clients associating with the AP and being authenticated The log shows the date the event occurred its severity level the software program or process that caused the event message and the message text You can click Refresh to display the most recent data from the AP or Clear All to remove all entries from the list Email alert The Email alert feature allows the AP to automatically send email messages when an event at or above the contigured severity level occurs To configure email alert settings select Tools gt Email Alert General configuration Email Alert General Email alert Enable Disable From address Urgent message severity Alert v Non urgent severity Warning YV Log duration 30 30 1440 minutes Email alert Globally enable or disable the Emai
96. in March v at 02 w DST end 24 HR First V Sunday V in November Y at 02 w DST offset minutes 60 v Save Cancel Set system time 26 This section displays the current system time You can contigure the time manually or have it automatically configured by a Network Time Protocol NTP server Manually Select the date time in 24 hour notation and timezone Using network time protocol NTP This option enables the AP to use NTP to synchronize the system clock to global Internet time NTP servers transmit Coordinated Universal Time UTC also known as Greenwich Mean Time to their client systems NTP sends periodic time requests to servers using the returned time stamp to adjust its clock When you select the NTP option a field displays for you to specify the NTP server You can specity the NTP hostname or IP address although using the IP address is not recommended as this is more likely to change NTP server address name The IP address or name of an NTP server An actual NTP server host name pool ntp org is contigured by default and will provide the time when the AP is connected to the Internet If you specify a hostname note the following requirements e The length must be from 1 to 253 characters e Upper and lower case characters numbers and hyphens are accepted Managing the M330 The first character must be a letter a to z or A to Z and the last c
97. ion as shown in the following figure AP 1 AP 2 AP 3 AP 4 Channel 1 Channel Channel 11 Channel 1 Wireless coverage 47 This strategy can be expanded to cover an even larger area using three channels as shown in the following figure AP 1 AP 2 AP 3 AP 4 Channel 1 Channel 6 Channel 11 Channel 1 OTTON yA Weis AP 5 AP 6 AP 7 AP 8 Channel 11 Channel 1 Channel 6 Channel 11 802 1lac and 802 11n best practices This section provides recommendations on how to best use 802 11ac and 802 11n wireless technologies especially when legacy a b g clients must also be supported Supporting legacy wireless clients The 802 11n standard is very similar to the 802 11g standard in that both provide mechanisms to support older wireless standards In the case of 802 11g protection mechanisms were created to allow 802 11b and 802 11g wireless devices to co exist on the same frequencies despite using different signal modulation schemes Since older 802 11 b only clients cannot detect the newer 802 11g modulation scheme 802 11g clients must protect their transmissions by first sending a signal that alerts 802 11b clients to not attempt to transmit for a specified period of time If protection is not used 802 11b clients may transmit while an 802 11g frame is already being sent This leads to a collision and both devices need to re transmit If there are enough devices in the network the collision rate will g
98. ireless network with its own network name SSID settings for wireless protection user authentication VLANs and more Radio settings are shared by all wireless communities Default wireless communities are defined on the M330 The name or SSID for the 2 4 GHz radio is HP1_2 4G and the 5 GHz radio is HP1_5G Both are assigned to VLAN 1 The settings that initially display in the Wireless community settings pertain to the default communities Note Betore creating a new community ensure that the name SSID VLAN and security settings for the default community are configured as needed For more information on wireless communities see Managing wireless communities on page 3l For more information on mapping a wireless community to a VLAN see VLAN configuration on page 80 Secure the wireless network A security method or no security method can be associated with the default wireless community and any additional communities you create The available security methods and selected default settings vary depending on the selected network environment The following table lists the security options available with each environment Note You can also disable security on each wireless community However this is not recommended Network environment Security methods Basic If the wireless mode includes 802 11n Multiple wireless networks WPA WPA2 Personal default Multiple wireless networks with If the wireless mod
99. key The primary RADIUS server shared secret key Specify up to 63 alphanumeric and special characters that are case sensitive The key must match the key configured on the primary RADIUS server Radius backup key 1 3 The RADIUS shared secret keys for backup server IPs 1 3 Each key must match the key configured on the same numbered backup RADIUS server Community binding The Community Binding page associates a captive portal instance to a virtual service community VSC All users that attempt to authenticate on the community have the captive portal instance settings applied To configure captive portal community binding select Captive Portal gt Community Binding The Community Binding page displays Community Binding Radio iv vsc TestCP1 v TestCP1 Vv v lt 0 1 2 3 v 4 v 5 vV 6 T lt ET Cancel 100 Captive portal The following describes the fields on the captive portal Community Binding page Radio The radio associated with the wireless communities VSCs that are to be contigured VSC The list of VSC IDs A captive portal instance can be associated with multiple VSCs Instance name From the list select the instance to associate with each VSC If the list is blank no instance is associated with the VSC Web customization When users initiate access to a wireless community that is associated with a captive portal instance an authentic
100. l alert feature It is disabled by default From address Specity the email address that appears in the From field of alert messages sent trom the AP for example AP23 company com HP recommends that you use an email address that exists on your own network so that the address will receive a notification if an email from the AP is undeliverable and to prevent spam filters on the network from blocking the sending or delivery of emails from the AP Email alert 123 124 Tools The address can be a maximum of 255 characters and can contain only printable characters By default no address is configured Urgent message severity This setting determines the severity level for log messages that are considered to be urgent Messages in this category are sent immediately upon being generated The security level you select and all higher levels are considered urgent e Emergency indicates that the system is unusable It is the highest level of severity e Alert indicates action must be taken immediately e Critical indicates critical conditions e Error indicates error conditions e Warning indicates warning conditions e Notice indicates normal but significant conditions Informational indicates informational messages e Debug indicates debug level messages Non urgent severity This setting determines the severity level for log messages that are considered to be non urgent Messages in this category are collected and sent in a digest
101. l web page for guest users displays and the user must first accept the terms of use policy and optionally enter a user name Once connected to the network the guest user traffic is restricted to VLAN 20 and only has access to the Internet When an employee attempts to access the network a different captive portal web page for employee users displays An employee logs in using their user name and password and is first authenticated before being granted access to the network The employee user traffic is tagged as VLAN 10 which provides access to the Internet and other network resouces Setting up captive portal 94 Setting up captive portal on the M330 involves these basic steps l Captive portal Decide how you want to group the wireless users for login purposes The M330 supports up to two captive portal instances Each captive portal instance can be configured with one of three verification types as follows Guest No authentication but user must accept terms of use Local User authentication based on a list of users stored on the AP Radius User authentication based on an external RADIUS server It is common to configure a Guest captive portal instance for unauthenticated guests Verification set to Guest and a second captive portal instance for authenticated users Veritication set to either Local or RADIUS Enable the captive portal feature and set global parameters See Basic configuration on page 95 Create
102. line CS CUMS WN aO ean a EE E A AE NA AE AA 135 EON EE e A E E E E A E E ee eee 135 FD IOS E A N AE E E E N E E ATE IAA 135 Bo E EAEN E EE EE E E EE T E EA N E E NETE E A eae 136 A Resetting to factory defaults ccccccceeccccceeeeececeeeeecceeseeecceeeaeeeeeeeneeeeeeaes koy Factory tresel procedUrG S sap eececcnccesreace craven EATE EEEN A EE beers E EREN DENE PEER E SEEN EAEEREN EA 137 Using the reset button s nssonnnssonnnssssnensssrsnssssrensssrerssrrrrrsssrrressrtrensssrrnssstrersssrrnsserrrneerressrerrresss 137 Using the management tool ra cts srt ce iets nesPa ccm clase err ometedon oe anise Oe apo smabenaa gee ohaeattebapeaweate ahaa coms 137 1 Deploying the M330 In a small office the M330 can be directly connected to a broadband router DSL or cable to provide wireless networking for all employees In the following scenario employees can share data and resources with each other and access the Internet at the same time Wireless community High security wireless network for employees using WPA WPA2 Router with DHCP server With its wireless community feature the M330 can be configured to provide up to eight separate wireless networks all on the same wireless channel each with its own configuration settings for security VLAN support and more _ _ L Employees with secure access Wireless community 1 to all network resources and the Internet High security wireless network S WPA WPA2 for employees
103. locale name English 1 32 characters Captive Portal instances GuestCP Save Cancel Web preview Captive Portal web locale T Captive Portal web locale parameters preview Set Captive Portal web locale to Create and enter a Web locale name for example English Click Save The captive portal web lacale customization settings are displayed 112 Captive portal Web Customization Web binary upload Upload web customization image Delete web customization image Web customization Captive Portal web locale Captive Portal web locale parameters Locale ID Instance ID Instance name Background image name Logo image name Foreground color Background color Separator Locale label Locale Account image Account label Choose File No file chosen English T HPBackground gif English HPLogin gif Enter your Usemame Configure the web customization settings for the captive portal web locale For details on these settings see Customizing a web locale on page 102 Click Save Under Web preview at the bottom of the Web Customization page select English from the list for Captive Portal web lacale to view the customized web page Web preview Captive Portal web locale English Captive Portal web locale parameters preview Ap Make it matter Cae E Enter your Username sername To start using this service enter your credentials and click the connect button L
104. lso be entered for the AP at the other end of the WDS link If this key is not the same for both APs they will not be able to communicate and exchange data The WPA PSK key uses AES encryption It can be from 8 to 63 characters Acceptable characters include upper and lower case alphabetic letters the numeric digits and special symbols such as and The key cannot begin with or end with spaces and cannot contain only spaces e Confirm key Re enter the key Creating WDS links Example of a WDS Deployment This example shows you how to create a wireless link between two physically separate network segments M330 DHCP server General Information The following is assumed for the example provided e For initial configuration M330 1 and M330 2 are both connected to the same switch and subnet M330 1 is installed on the main network After configuration M330 2 serves a remote network e The switch is served by a DHCP server It no DHCP server is available preconfigure each AP with a static IP address following the instructions provided in the M330 Dual Radio 802 1lac Access Point Quick Start Guide e Whether a dynamic or static address is assigned it is necessary to determine the IP address of each AP The IP address is required to launch the web based management intertace to contigure each AP Note A WDS link that is successfully enabled between the two APs creates a loop on the switch HP strongly recommends tha
105. lt communities but you cannot delete them You can create and delete additional communities The default wireless communities do not have any security or authentication options enabled by default To protect the wireless network from malicious third party wireless users HP strongly recommends that you enable some form of wireless protection on the default wireless communities and on other communities you create Managing wireless communities 3 Wireless community configuration options Note 32 You can configure the following settings for each wireless community Network name SSID Specify a name to uniquely identify the wireless network associated with this community Each wireless user that wants to connect to this community must use the network name By default the M330 broadcasts this name so that wireless users can see it when they try to connect to the wireless network The name is case sensitive and must include between 2 and 32 alphanumeric characters including spaces The following characters are not allowed e only spaces e a space as the first character e a space as the last character Broadcast SSID This option controls whether the network name SSID is broadcast to all wireless users e When enabled the wireless network will be visible to wireless clients Wireless clients are usually configured to automatically discover APs that broadcast their names and connect to the one with the strongest signal e Whe
106. n 78 You can manually assign an IP address to the Ethernet port This requires that you also define the address of the default gateway and DNS server that are in use on your network To configure a static IP address select Network gt IP and configure the following fields IPv4 configuration Connection type Static IP V Static IP address 192 168 1 1 Subnet mask 255 255 255 0 Default gateway 192 168 1 254 DNS nameservers Dynamic Manual Connection type Select Static IP from the list to manually configure an IPv4 Ethernet address IP address Set an address that is on the same subnet as the network to which the M330 will connect once installed Respect any DHCP server mandated static address ranges Subnet mask Specify the mask for the IP address Contiguring Ethernet IP and VLAN settings Default gateway Set the IP address of the gateway on the network DNS nameservers Select Dynamic to have the DNS nameservers assigned through DHCP or select Manual to contigure up to two static DNS nameserver addresses IPv6 configuration If the attached network uses the IPv6 protocol you can enable IPv6 support on the M330 IPv functionality is enabled by default To configure IPv6 functionality select Network gt IP and configure the following fields IPv6 configuration IPv6 Enable Disable IPv6 connection type DHCPv6 YW Static IPv6 address Static IPv6 address prefix length 0 0
107. n select Radio on the sub menu Set Mode to IEEE 802 11n ac For the Mode setting select the IEEE 802 11 n ac trom the list 136 Support and other resources A Resetting to tactory detaults Factory reset procedures To force the M330 into its factory default state follow the procedures in this section Caution Resetting the M330 to factory defaults deletes all configuration settings resets the manager user name and password to admin and enables the DHCP client on the Ethernet port If no DHCP server assigns an address to the M330 its address defaults to 192 168 1 1 Using the reset button Using a tool such as a paper clip press and hold the reset button for a few seconds until the status lights blink three times Using the management tool To reset the M330 to factory defaults 1 Launch the management tool default https 192 168 1 1 2 Select Maintenance gt Config File Management 3 Under Reset click Reset Config File Management Reset Restore the factory default configuration 138
108. n disabled the network will not be visible to wireless clients Wireless users must manually specify the network name SSID to successfully connect to the network VLAN ID Use this option to set the default VLAN for traffic from this wireless community on the Ethernet port All traffic sent received on the Ethernet port by the wireless community will be assigned to this VLAN Depending on the security protocol in use for the wireless community members may be assigned to a VLAN other than the default the default VLAN ID is 1 Client VLAN assignments from a RADIUS server override the default VLAN assignment MAC authentication This feature enables you to authenticate wireless users based on the MAC addresses of their wireless devices Select one of the following authentication methods e Disabled Do not use MAC authentication e Local Use a MAC authentication list that you configure If you select this option you must specify a list of allowed or blocked users on the MAC authentication page See Local MAC authentication on page 41 for instructions e RADIUS Use the MAC authentication list on the external RADIUS server The M330 uses the RADIUS servers configured for the Security method option selected for this wireless community If no RADIUS servers are defined for the selected security method the global RADIUS servers are used See RADIUS server based MAC authentication on page 40 By default no global RADIUS server i
109. n multiple APs are present Wireless coverage 45 46 Sample channel selections For example when operating in 802 11b mode the M330 supports the following 14 channels in the 2 4 GHz band Channel Frequency Channel Frequency 1 2412 8 2447 2 2417 9 2452 3 2422 10 2457 4 2427 1 2462 5 2432 12 2467 6 2437 13 2472 7 2442 14 2477 However the number of channels available for use in a particular country are determined by regional regulations The following table shows the number of channels that are available in North America and Europe Region Available channels North America 1 to 1 Europe l to 13 Since the minimum recommended separation between overlapping channels is 25 MHz in other words they must be at least five channels apart the recommended maximum number of overlapping APs you can have in most regions is three The following table gives examples relevant to North America and Europe for channels in the 2 4 GHz band North America Europe e AP 1 on channel 1 e AP 1 on channel 1 e AP 2 on channel 6 e AP 2 on channel 7 e AP 3 on channel 11 e AP 3 on channel 13 Wireless configuration In North America you can reduce transmission delays by using different operating frequencies as shown in the following figure AP 1 AP 2 AP 3 Channel 1 Channel 6 Channel 11 Alternatively you can stagger APs to reduce overlap and increase channel separat
110. n yield a 10 improvement in data throughput If SGI is enabled on the M330 but a wireless client does not support SGI the client will be able to communicate with M330 at a data rate that is about 10 slower than SGl enabled clients Select one of the following options e Yes default AP transmits data using a 400 ns guard interval when communicating with clients that also support the short guard interval Wireless configuration Note e No The AP transmits data using an 800 ns guard interval STBC mode This setting is available only if the selected radio mode includes 802 11 n Space Time Block Coding STBC is an 802 11n technique that improves the reliability of data transmissions The data stream is transmitted on multiple antennas so the receiving system has a better chance of detecting at least one of the data streams Enabling STBC results in a lower but more stable throughput Select one of the following options e On AP transmits the same data stream on multiple antennas at the same time e Off The AP does not transmit the same data on multiple antennas Protection The protection feature provides rules to guarantee that 802 11n and 802 11g transmissions do not cause interference with legacy stations or applications By default these protection mechanisms are enabled Auto With protection enabled protection mechanisms will be invoked if legacy devices are within range of the AP You can disable these protection mecha
111. nformation about your network select Status gt Wireless The following example shows two overlapping wireless APs operating on the same frequency Since the APs are within range of each other the number of deferred transmissions can be large AP 1 AP 2 Channel 1 Channel 1 Wireless contiguration The solution to this problem is to set the two networks to different channels with as great a separation as possible in their operating frequencies This reduces crosstalk and enables wireless clients connected to each M330 to transmit at the same time AP 1 AP 2 Channel 1 Channel 6 Selecting channels For optimal pertormance when operating in the 2 4 GHz band select an operating frequency that is different by at least 25 MHz from the frequency used by neighboring APs Two channels with the minimum 25 MHz frequency separation always perform worse than two channels that use maximum separation It is always best to use the greatest separation possible between overlapping networks With the proliteration of wireless networks it is very possible that the areas of coverage of APs outside your control overlap your intended area of coverage To choose the best operating trequency select Wireless gt Rogue AP Dectection to generate a list of all APs that operate near you and their operating frequencies The number of non overlapping channels available to you varies by geographical location which affects how you set up your network whe
112. ng a remote packet trace To perform a remote packet trace 1 Set up the Wireshark session as described in Setting up Wireshark sessions on page 129 2 On the M330 management tool select Tools gt Network Trace Remote packet trace Remote capture port 1025 65530 Start Remote Trace Save 3 In the Remote packet trace section specity the Remote trace port Specity the remote port to use as the destination for packet captures The range is 1 to 65530 and the default port is 2002 If you change this value you must click Save prior to starting the remote trace 4 Select Start Remote Trace The trace session will run for the specitied duration You can view the trace status in the Packet trace status section Click Refresh to see the updated trace time You can also click Stop Trace to stop a trace before the specified duration has elapsed Packet trace status This section enables you to view the status of the packet trace on the AP Packet trace status Current trace status Not started Packet trace time 00 00 00 Packet trace file size 0 KB stop Trace Refresh Network trace contiguration 131 Current trace status Whether a packet trace is running or is stopped Packet trace time The elapsed trace time for a trace in progress Packet trace file size The current trace file size Packet trace file download This section enables you to download the trace file by TFTP to a configured TFTP server or by
113. nisms Off When protection is off however legacy clients or APs within range can be affected by 802 11n transmissions Protection is also available when the mode is 802 11b g When protection is enabled in this mode it protects 802 11b clients and APs from 802 11g transmissions This setting does not affect the ability of the client to associate with the AP Beacon interval Beacon frames are transmitted by an AP at regular intervals to announce the existence of the wireless network The default behavior is to send a beacon trame once every 100 milliseconds 10 per second Enter a value from 20 to 2000 milliseconds DTIM period Specify a DTIM period from 1 to 255 beacons The Delivery Traffic Information Map DTIM message is an element included in some beacon frames It indicates which wireless clients currently sleeping in low power mode have data buffered on the AP awaiting pickup The DTIM period you specify indicates how offen the clients served by this AP should check for buffered data still on the AP awaiting pickup The measurement is in beacons For example if you set this tield to 1 clients will check for buffered data on the AP at every beacon If you set this tield to 10 clients will check on every 10th beacon Fragmentation threshold Specify a number from 256 to 2 346 to set the frame size threshold in bytes The fragmentation threshold is a way of limiting the size of frames transmitted over the network It a
114. ntication Use global RADIUS server settings vi RADIUS IP address type Pv4 IPv6 RADIUS IP address RADIUS IP address 1 RADIUS IP address 2 RADIUS IP address 3 RADIUS key 1 64 characters RADIUS key 1 RADIUS key 2 RADIUS key 3 Enable RADIUS accounting Broadcast key refresh rate 300 0 86400 seconds Session key refresh rate 0 30 86400 seconds 0 disables WPA versions Select the types of wireless clients you want to support e WPA TKIP If all wireless clients on the network support WPA but none support WPA2 then select WPA WPA TKIP only is not allowed in 80211n and 802 11ac modes e WPA2 AES If all wireless clients on the network support WPA2 we suggest using WPA2 which provides the best security per the IEEE 802 11i standard 38 Working with wireless communities and authentication It you have a mix of clients some of which support WPA2 and others which support only the original WPA select both WPA TKIP and WPA2 AES This setting enables both WPA and WPA2 wireless clients to associate and authenticate but uses the more robust WPA for clients who support it This WPA configuration allows more interoperability at the expense of some security Protected management frames Provides security for the otherwise unprotected and unencrypted 802 11 management frames This contiguration parameter is visible only when WPA2 AES security is ena
115. nvironments Select the option that most closely matches your needs and then click OK Recommend wireless network settings based upon your network environment Network Environment Multiple wireless networks vV a S Wireless community 1 High security wireless network for employees using WPA WPA2 a N _ Router with Wireless community 2 DHCP server Low security wireless network M330 T for guests k providing P z 802 11a b g n ac wireless services Manually configure wireless network settings Save Cancel Multiple wireless networks with wired VLANs Choose this option if you want to e Create multiple wireless networks to support users with different requirements e Map the traffic from each wireless network to a specific VLAN As in Multiple wireless networks mode this option supports static IP DHCP or IPv addressing for the network connection and supports clustering mode Using Quick setup Quickly setup the M330 Quick setup can help you to configure the M330 for several different networking environments Select the option that most closely matches your needs and then click OK Recommend wireless network settings based upon your network environment Network Environment Multiple wireless networks with wired VLANs vV Employees with secure access to all network resources and the Internet Wireless community 1 High security wireless network for employees using WPA WPA2 VLAN 1 Swi
116. o SSID O through SSID 7 on radio 1 An additional eight MAC addresses are reserved for SSID O through SSID 7 on radio 2 All 16 SSID MAC addresses are in sequence and increment by 1 hexadecimal On M330 1 select Home gt System Summary The MAC address of M330 1 is provided on the System Summary page Write down this MAC address in the following format six pairs of hexadecimal numbers including numbers O to 9 and letters a to f or A to F with each pair separated by a colon For example 00 03 52 0a 0f 01 Increment this address by 8 Note that MAC addresses are hexadecimal so you must use a hexadecimal calculator when adding 8 to the MAC address Go to the Wireless gt WDS page of M330 2 and enter this modified SSID address in the Remote address box Follow the same process to calculate the SSID MAC address M330 2 and enter it in the Remote address box on the M330 1 Wireless gt WDS page An unencrypted a WDS link is now established between the two APs Example of a WDS Deployment 71 Encrypting wireless traffic across the WDS link The AP offers WPA PSK to encrypt wireless traffic on the WDS link HP recommends that you use encryption to secure traffic and the network Each AP must be configured with the same WPA PSK passphrase WDS link 1 Radio Local address 28 80 23 99 62 38 Remote address 70 72 cf e3 71 50 e Encryption WPA PSK v Link name M330_WDS1 1 32 characters Key 8 63 characters Confirm key
117. o configure up to four servers of each type If you configure both types this selection determines which set of servers is used RADIUS IP address 1 2 3 Enter up to four server IP addresses of the selected type The first address is the primary RADIUS server If it is unavailable the M330 will attempt to use the others in sequence RADIUS key 1 2 3 The RADIUS key is the shared secret key for the global RADIUS server The first key corresponds to the first IP address and so on Enter up to 64 alphanumeric and special characters The key is case sensitive and you must contigure the same key on the AP and on your RADIUS server Although you can configure four IPv4 and four IPv6 server IP addresses you can specify only four keys which are shared by each set of servers For example if you select IPv4 and specify RADIUS IP address 2 and the corresponding RADIUS key 2 and then select IPv6 the RADIUS key 2 field will retain the previously configured value for use with the IPv6 server If you specify a new value for the IPv6 configuration the value in the IPv4 configuration will be updated as well Enable RADIUS accounting When selected the RADIUS server will track and measure the resources a particular user has consumed such as system time the amount of data transmitted and received and so on 30 Working with wireless communities and authentication Managing wireless communities To manage wireless communities select Wireless g
118. ok Wh a The following parameters are on the Scheduler Association page Radio 1 2 The radio interface for profile association Radio 1 is the 2 4 GHz band and 2 is the 5 GHz band Scheduler association 23 Radio Select the radio interface for the VSC profile association VSC 0 7 The virtual service community wireless community for protile association Protile name Select the configured profile name to associate to the radio or VSC interface Only one profile can be selected per interface Operational status The current operational status of the interface SNMP configuration 24 The M330 supports Simple Network Management Protocol SNMP versions v1 and v2c The M330 can be enabled to respond to SNMP requests to return information or to set a parameter The M330 can also be configured to send information to host destinations through trap messages which informs an administrator that certain events have occurred Management access from SNMP v1 or v2c stations is controlled by community names To communicate with M330 an SNMP v1 or v2c management station must submit a valid community name for authentication Select Management gt SNMP to open the SNMP configuration page After you have configured the SNMP settings click Save to apply the changes SNMP SNMP configuration Status Enable Disable Read only community name public 1 32 characters Read write community name private 1 32 characters Trap d
119. omatic channel selection If you select Auto for the channel setting a channel is automatically selected as follows e Ifthe AP is operating in a 2 4 GHz radio mode the AP scans all valid channels in the current radio band and selects the channel with the least number of APs found e If the AP is operating in a 5 GHz radio mode and is deployed in a country where Dynamic Frequency Selection DFS is supported then the AP randomly selects a channel from the list of valid channels tor the country and radio mode If DFS is not supported then the AP scans all valid channels for the current radio band and selects the channel with the least number of APs found The channel defines the portion of the radio spectrum the radio uses for transmitting and receiving Each mode offers a number of channels depending on how the spectrum is licensed by national and transnational authorities such as the Federal Communications Commission FCC or the International Telecommunication Union ITU R Wireless configuration Note Note e Manual channel selection It setting the channel manually for optimal performance when operating in 2 4 GHz modes select a channel that is different by at least five channel numbers 25 MHz from the channels used on wireless APs that have overlapping coverage areas For example if another AP is operating on channel 1 set the M330 to channel 6 or higher Select Wireless gt Rogue AP Dectection to view a list of APs currentl
120. or Radio 2 to view traffic accumulated on wireless communities and on WDS interfaces The statistics accumulate until the AP is rebooted Port The LAN port is listed as Port 1 The Wireless port entry includes all wireless communities and WDS interfaces even when not configured Packets The total number of packets received or transmitted on the interface Dropped The number of packets dropped upon receipt or transmission Errors The number of packets received or transmitted that had errors Port statistics 83 84 Configuring Ethernet IP and VLAN settings 8 Clustering multiple M330s Overview The M330 supports AP clustering A cluster provides a single point of administration and lets you view deploy configure and secure the wireless network as a single entity rather than a series of separate wireless devices When APs are clustered you can also contigure channel planning which helps to reduce radio interference and maximize bandwidth on the wireless network The AP cluster is a dynamic configuration aware group of APs in the same subnet of a network Each cluster can have up to 16 members Only one cluster per wireless network is supported however a network subnet can have multiple clusters Clusters can share various contiguration settings such as VSC settings and QoS queue parameters Shared settings in a cluster When clustering is enabled some configuration items are shared by the entire cluster and other i
121. ork whereas clustering is used to simplify AP administration and optimize bandwidth use See Clustering multiple M330s on page 85 for more information Simultaneous AP and WDS support The M330 simultaneously supports wireless communities and one or more WDS links Although this offers flexibility note that the total available bandwidth on the radio is shared between all WDS links and wireless users This can result in reduced throughput if high volumes of traffic are being sent by both wireless users and the WDS links Using the 5 GHz band for WDS links When the M330 uses WDS only to extend the network by providing a dedicated link to another M330 that is it does not simultaneously act as an AP for wireless clients HP recommends that whenever possible the WDS links use 802 11a 802 11n or 802 1lac in the 5 GHz band This optimizes throughput and reduces the potential for interference as follows e Most Wi Fi clients support 802 11b g n in the 2 4 GHz band this frees the 5 GHz band for other applications such as WDS e Channels in the 5 GHz band are non overlapping e Assuming an optimal implementation 802 11a supports up to 54 Mbps 802 11n supports up to 450 Mbps and 802 1lac supports up to 1 3 Gbps providing a fat pipe for traffic exchange Contiguration considerations 66 The following guidelines apply when you create a WDS link between two or more M330s e The 5 GHz band has a shorter reach when compared to th
122. ose MAC addresses appear in the MAC address list can connect to the wireless network created by this community e Block all stations in list Users whose MAC address appear in the MAC address list are blocked from accessing the wireless network created by this community Stations list Up to 512 MAC addresses are supported To remove an address select it in the list and select Remove MAC address To add a MAC address specity six pairs of hexadecimal digits separated by colons for example 00 00 00 0a 0 01 and then select Add The added address appears in the Stations list Managing wireless communities 41 42 Working with wireless communities and authentication 5 Wireless contiguration Wireless coverage As a starting point for planning your network you can assume that when operating at high power the M330 radio provides a wireless networking area also called a wireless cell of up to 92 meters 300 feet in diameter Before creating a permanent installation you should always perform a site survey to determine the optimal settings and location for the M330 The following sections provide information on wireless coverage A tool that can help simplify planning a secure wireless network is the HP RF Planner available separately For more information see the HP Networking website at http www hp com go networking and search for RF Planner or contact your HP Partner Factors limiting wireless coverage Caution Wir
123. ound trip time for all packets Ping 133 134 Tools 12 Support and other resources Online documentation You can download documentation from the HP Support Center website www hp com support manuals Search by product number or name Contacting HP For worldwide technical support information see the HP Networking Support website www hp com networking support Before contacting HP collect the following information e Product model names and numbers e Technical support registration number it applicable e Product serial numbers e Error messages e Operating system type and revision level e Problem description and any detailed questions HP websites For additional information see the following HP websites e www hp com networking e www hp com Conventions The following conventions are used in this guide Management tool This guide uses specific syntax when directing you to interact with the web management user interface Refer to the following image for identification of key user interface elements and then the table below for example directions gt Home Main Communities MAC Authentication Client Connections Submenu Load Balancing WDS Rogue AP Detection Network gt Cluster Captive Portal Management Status Tool gt Maintenance Example directions in this guide What to do in the user interface Select Wireless gt Radio Select Wireless on the main menu and the
124. ountry has been set the M330 automatically limits the available wireless channels and channel width and adjusts the radio power level in accordance with the regulations of the selected country Incorrectly selecting the country may result in illegal operation and may cause harmful interterence to other systems Ensure that the M330 is operating in accordance with channel power indoor outdoor restrictions and license requirements for the intended country If you fail to heed this caution you may be held liable for violating the local regulatory compliance Basic settings Radio Selects the radio interface Select 1 for the 2 4 GHz radio or 2 for the 5 GHz radio Status By default both radios are set to On If you set the selected radio to Off all associated wireless clients are disassociated and no wireless clients can connect Mode Select the mode that best supports the wireless clients at your location Supported wireless modes are determined by the regulatory domain country Available options may include one or more of the following Radio configuration 51 Note 52 IEEE 802 11 b g Compatibility mode Up to 11 Mbps for 802 11b and 54 Mbps for 802 11g in the 2 4 GHz frequency band Use this setting only when support for 802 11b is necessary and support for 802 11n is not desired e IEEE 802 11b g n Compatibility mode Up to 11 Mbps for 802 11b 54 Mbps for 802 11g and 450 Mbps for 802 11n in the 2 4 GHz frequen
125. oviding network printer and the Internet pe for guests p 802 11a biginac wireless services Manually configure wireless network settings Save Cancel Overview 11 Add to wireless network with existing AP cluster Use this option if your network already has a defined cluster of M330 APs and you want this AP to join the cluster Quickly setup the M330 Quick setup can help you to configure the M330 for several different networking environments Select the option that most closely matches your needs and then click OK Recommend wireless network settings based upon your network environment Network Environment Add to wireless network with existing AP cluster vV Wireless community 1 High security wireless network for employees using WPA WPA2 5 Internet Router with Wireless community 2 DHCP server Low security wireless network M330 providing forguests es Aa 802 11a b g n ac wireless services Manually configure wireless network settings Save Cancel Accessing Quick Setup after your first log in When you log in subsequent to completing or cancelling out of the Quick Setup wizard the System Summary page displays by default You can view and configure the Quick Setup settings by selecting Home gt Quick Setup See also the HP M330 Dual Radio 802 1lac Access Point Quick Start Guide which describes the configuration procedure for a basic wireless network Quick Setup wiza
126. own Reason Disabled Profile configuration Profile name 1 32 characters Rule configuration Select profile Remove Set schedule start time End time Profile rule table Start time End time D Modify Rule Save Cancel The following parameters are on the Scheduler page Administrative mode Enables or disables the scheduler feature The default is disabled Status The current operational status of the scheduler either up or down Reason Codes that explain the reason for the scheduler status The following are the possible values e Disabled The administrative mode is set to disabled e System time not set The M330 system time is not set either through NTP or manually e Active The scheduler is properly configured and enabled Profile configuration Creates a profile to which you can add schedule rules Enter 1 32 alphanumeric characters Click Add to add the profile name Up to 16 profile names can be created By default there are no profiles Rule configuration Each scheduler profile can have up to 16 schedule rules The following parameters configure each rule to add to a profile Select Profile Selects the profile to which you want to add rules e Set Schedule Sets the day of the week Daily Weekday Monday to Friday Weekend Saturday and Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sunday The default is Daily Managing the M330 Note Start Time The time of day to ena
127. ployee groups access to the Internet through a router on the network The M330s are joined in a cluster which enables them to share a single configuration and to be administered as a single unit Channel planning may be implemented on the cluster to reduce interference and optimize wireless bandwidth usage Employee group 2 Empl 3 a mp oyee group g N Wireless community Wireless community oo lt Router Internet es a Wireless community Employee group 1 8 Deploying the M330 2 Using Quick setup Overview Quick setup provides an easy way to quickly configure settings on the M330 for several different networking scenarios Just pick the scenario that most closely resembles your installation and fill in the appropriate fields Automatically running Quick setup the first time you log in The first time you log in to the management tool see the HP M330 Dual Radio 802 1lac Access Point Quick Start Guide for first time login procedure the HP end user license agreement displays When you accept the agreement a page displays to enable you to select your country so that wireless radio settings are configured appropriately Select Save to display the first page in the Quick setup wizard This page lets you choose one of five contiguration scenarios to use as the basis for your setup as described in the following sections Basic wireless network Choose this option if you want to create a single wireless network to provid
128. pported MIBs The M330 supports the following standard MIBs BRIDGE MIB 802 1d NET SNMP MIB e ENTITY MIB RFC 2737 e SNMP FRAMEWORK MIB e ANAifType MIB e SNMP MPD MIB EEE802dot11 MIB e SNMP VIEW BASED ACM MIB F MIB e SNMP USER BASED SM MIB e NET ADDRESS MIB e SNMP USM DH OBJECTS MIB e LM SENSORS MIB SNMPv2 CONF e RFC1155 SMI e SNMPv2 MIB RFC 2418 e RFC1212 MIB e SNMPv2 SMI e RFC1213 MIB e SNMPv2 TC e RFC 1215 MIB e SNMPv2 TM e RFC4668 MIB P MIB e RFC4670 MIB e TCP MIB e IPV6 ICMP MIB UDP MIB e IPV6 MIB e UCD SNMP MIB e IPV6 TC MIB e UCD DISKIO MIB e SNMP FRAMEWORK MIB UCD DLMOD MIB e SNMP NOTIFICATION MIB e UCD PFILTER MIB e NET SNMP AGENT MIB UCD IPFWACC MIB SNMP configuration 25 System time The correct system time is important for proper operation of the M330 especially when using the logs to troubleshoot Select Management gt System time to open the System Time page This page enables you to contigure time server and time zone information After you have configured the system time settings click Save to apply the changes System Time Set system time System time 24 HR Tue Jan 1 2013 12 13 31 PST Set system time Using network time protocol NTP Manually System date January w 1 2013 v System time 24 HR 12 vi 2 13 v Time Zone USA Pacific Adjust time for daylight saving Enable v DST start 24 HR Second V Sunday W
129. ransmitted and received and so on It you enable RADIUS accounting it is enabled for the primary RADIUS server and all backup servers Broadcast key retresh rate Enter the interval at which the broadcast group key is refreshed for clients associated with this wireless community the default is 300 The valid range is O to 86400 seconds Specify a value of O to disable the refreshing of broadcast keys Session key refresh rate Enter the interval at which the AP will refresh session unicast keys for each client associate with the wireless community To enable session key refreshing specify a value in the range of 30 to 86400 seconds Specify a value of O to disable session key refresh MAC authentication Caution You can control access to the wireless network based on the MAC address of a user s wireless device You can either block access or allow access depending on your requirements For each wireless community you can select whether to disable MAC authentication use a MAC authentication list stored locally on the M330 or use a list stored on a RADIUS server see Wireless community contiguration options on page 32 MAC authentication is vulnerable to MAC address spoofing where users in the network who are not granted access to the M330 gain access by changing their MAC addresses to an authorized user s address For better security administrators should consider using an additional authentication method WPA P
130. rd 12 To use the Quick Setup wizard select one of the following options for the network environment as described in the previous sections and click Save e Basic wireless network on page 9 e Multiple wireless networks on page 10 e Multiple wireless networks with wired VLANs on page 10 e Multiple wireless networks with RADIUS authentication on page 11 e Add to wireless network with existing AP cluster on page 12 Using Quick setup Step 1 Specity access point settings For a complete description of all settings see the relevant section Step 1 Specify access point settings Get an IP address IPv4 configuration IPv6 Change administrator login credentials Current password New password 1 32 characters Confirm new password Get an IP address You can use these settings to contigure IP addresses and how they are assigned The IPv4 configuration field displays by default To configure IPv6 settings click the symbol to the left of IPv6 You can configure addresses for both protocol versions Only IPv4 supports DHCP For more information on setting an IPv4 address see IPv4 configuration on page 78 For more information on setting an IPv6 address see IPv6 configuration on page 79 Change administrator login credentials Note The M330 supports one administrator login with a default username and password admin Use this section to change the password
131. rity method set to WPA Enterprise or IEEE802 1 X For configuration details see Wireless protection on page 33 e Configure the RADIUS server information for the selected security type e On the RADIUS server configure user accounts with the appropriate VLAN attributes Note When a VLAN is defined in a user s RADIUS account it always overrides the VLAN defined for a wireless community This enables you to define an VLAN setting for a community and then override it on a per user basis as required RADIUS assigned VLANs are created and deleted dynamically as clients associate and disassociate with the M330 When the first client assigned by RADIUS to a particular VLAN authenticates with the M330 the M330 creates the VLAN When the last client using that VLAN disassociates the VLAN is deleted from the M330 The maximum number of dynamic VLANs is equal to the maximum number of configurable clients on the AP VLAN configuration 81 Example In the following scenario RADIUS user accounts are configured to assign employees to different VLANs depending on the workgroup to which an employee belongs Accounting R amp D papas ampiayep file server id VLAN 10 VLAN 10 a al a p aii Accounting Employee VLAN 15 file server Wireless community i VLAN 20 Switch VLAN 10 15 20 gt VLAN 10 15 20 Shared i printer Guest Wireless community VLAN 20 VLAN 20 Guest 1 Guest 2 No VLAN RADIUS
132. rmation related to wireless operation Viewing all connected wireless clients Select Wireless gt Client connections The following information is displayed for each client currently connected to the M330 fo en The wireless community the client is associated with For example an entry of wlanOvap2 means the client is associated with Radio 1 wireless community 2 An entry of wlanO means the client is associated with community O on Radio 1 An entry of wlan means the client is associated with community O on Radio 2 Station The MAC address of the associated wireless client 60 Wireless configuration fone Status Auth and The underlying IEEE 802 11 authentication and association Assoc status which is present no matter which type of security the client uses to connect to the AP This status does not show IEEE 802 1X authentication or association status Keep the following points in mind with regard to this field e If the Security method is None or Static WEP the authentication and association status of clients showing on the Client Connections page are in line with what is expected that is if a client shows as authenticated to the AP it is able to transmit and receive data This is because Static WEP uses only IEEE 802 11 authentication It the Security method is IEEE 802 1X WPA Personal or WPA Enterprise it is possible for a client to show on this tab as authenticated via the IEEE 802 11 security but
133. rocess the M330 automatically restarts disconnecting the current management session Once the M330 resumes operation you can reconnect System information The System page enables you to download logs settings system tools outputs and other information that customer support may find helpful in diagnosing problems To download system information select Maintenance gt System System Q Show Tech Download system information for technical support Save system information Download system information for troubleshooting purposes System information 119 120 In the Show tech area you can download a file that can be read in a text editor The file contains configuration settings including those that have been customized by the user The tile is named showtech rtf by default In the Save system information area you can download an encrypted binary file Although you cannot read this file you can provide it to customer support to assist in debugging etforts This file contains additional contiguration and device information It is named showdev out by default When you click Download in either section you are prompted to select a location to save the tile Viewing the EULA This page displays the HP End User License Agreement content and other third party licenses and copyright notices To view the notices and license information select Maintenance gt EULA Maintenance HP End User License Agreement HP End
134. row exponentially and prevent any useful throughput from the wireless network 48 Wireless configuration Note 802 11n clients face the same problem as described for 802 11g clients Legacy a b g clients cannot detect the High Throughput HT rates that 802 11n uses To avoid causing excessive collisions 802 11n clients must use the same protection mechanisms when a legacy client is present Even the most efficient protection mechanism CTS to self causes a substantial decline in throughput Performance can decline by as much as 50 percent The 802 11 n clients can achieve maximum data rates only when the legacy clients are not present The 802 11ac standard is an extension of the 802 11 n standard that operates only in the 5 GHz band As well as operating in the less crowded 5 GHz band the 802 1lac standard was designed to be seamlessly compatible with legacy 802 11a n devices The 802 1lac standard automatically falls back to 802 11a n operation when802 11 a n clients are detected Compatibility modes See Basic settings on page 51 for a list of supported modes Modes that support multiple 802 11 standards are reterred to as compatibility modes For the 2 4 GHz radio IEEE 802 11b g n is the default mode and for the 5 GHz radio 802 11 a n ac is the default mode For compatibility modes that support 802 11n clients the M330 advertises protection in its beacon frames when legacy clients are associated or operating on the same c
135. ry 10 seconds to announce its presence A Cluster members area displays a single entry for this AP if this is a newly created cluster If the cluster already exists information on each cluster member displays in a table Repeat steps 1 to 6 on each of up to 15 additional APs that you want to join the cluster As subsequent APs are configured with the same clustering information the Cluster members area displays a table with IP and other information for each cluster member Cluster members IP address MAC address 192 168 1 1 28 80 23 99 62 30 Clustering multiple M330s Removing an AP from the cluster To remove an AP trom the cluster 1 On the M330 that you want to remove from the cluster select Cluster gt Configuration 2 For the Clustering setting select Disable then select Save Client connections Note Note From any AP in a cluster you can select Cluster gt Client connections to view information about clients connected to any clustered AP This page displays data only if clustering is enabled on the Cluster gt Configuration page Client Connections gs Client connections status AP MAC UserMAC Idle Rate Mbps Signal Rx total Tx total Error rate Information shown in tables can be sorted by selecting the desired column label This page shows a maximum of 20 clients on each clustered AP To see all clients associated with a particular AP view the Wireless gt Client
136. ry in the list of SSIDs on both APs SSID O entry Encryption Select how traffic exchanged between the two M330s will be encrypted The options are as follows e None Data is transmitted unencrypted between M330 devices e WEP Note that IEEE 802 11n uses frame aggregation whereby multiple frames are combined into one to reduce overhead and increase throughput WEP encrypted frames are not aggregated however so enabling WEP security over WDS will result in reduced throughput WEP cannot be used when the radio operating mode supports 802 11 n or 802 lac To enable WEP contigure the following settings e Key length Select 64 bits or 128 bits e Key type Select ASCII or Hex e WEP key If you selected ASCII enter any combination of O to 9 a to z and A to Z and special characters such as and If you selected Hex enter hexadecimal digits any combination of O to 9 and a to f or A to F These are the RC4 encryption keys shared with the stations using the AP e Confirm key Re enter the key e WPA PSK Configure the following settings Link name Enter a name for the new WDS link you have created It is important that the same link name is entered at the other end of the WDS link If this name is not the same for both APs on the WDS link they will not be able to communicate and exchange data The name can be any alphanumeric combination e Key Enter a unique shared key for the WDS link This unique shared key must a
137. s Radio 1 Status Enable Mode IEEE 802 11b g n Channel 1 2412 MHz Operational bandwidth 20 Radio 2 Status Enable Mode IEEE 802 11a n ac Channel 132 5660 MHz Operational bandwidth 80 System information This page includes the following system information IP address The IP address assigned to the AP See the Network gt IP page to configure IP information Static IPv6 address The Pv address assigned to the AP if one is configured IPv6 autoconfigured global addresses The global IPv6 address if one or more has been assigned automatically using the network prefix that is sent by routers in router advertisements IPv 6 link local address The link local address is derived automatically using the prefix fe80 64 and the MAC address of the AP e MAC address The MAC address of the AP This is the address by which the AP is known externally to other networks This MAC address applies to the Ethernet port on the AP and to the first default wireless community referred to as wlanO The MAC address is incremented by 1 for each additional wireless community that you create For example if the Ethernet and wlanO intertaces are assigned MAC address 00 55 9A 3C 7A 00 then the next wireless community you create will be assigned MAC address 00 55 9A 3C 7A 01 and so on System summary 17 18 Firmware version The version of firmware installed on the AP Product identifier The AP hardware model ID number
138. s community It IPv4 is selected as the RADIUS IP address type enter the IP address of the RADIUS server that all wireless communities use by default for example 192 168 10 23 If IPv6 is selected enter the IPv6 address of the primary global RADIUS server for example 2001 0db8 1234 abcd RADIUS IP or IPv6 address 1 to 3 Enter up to three IPv4 and or IPv6 addresses to use as the backup RADIUS servers for this wireless community The field label is RADIUS IP address when IPv4 is selected as the RADIUS IP address type and RADIUS IPv6 address when IPv6 is selected It authentication fails with the primary server each contigured backup server is tried in sequence RADIUS key Enter the RADIUS key in the text box Managing wireless communities 39 The RADIUS key is the shared secret key for the global RADIUS server You can use up to 63 standard alphanumeric and special characters The key is case sensitive and you must contigure the same key on the AP and on your RADIUS server The text you enter will be displayed as characters to prevent others from seeing the RADIUS key as you type RADIUS key 1 to 3 Enter the RADIUS key associated with the configured backup RADIUS servers The server at RADIUS IP address 1 uses RADIUS key 1 RADIUS IP address 2 uses RADIUS key 2 and so on Enable RADIUS accounting Select this option to track and measure the resources a particular user has consumed such as system time amount of data t
139. s consumed such as system time amount of data transmitted and received and so on It you enable RADIUS accounting it is enabled for the primary RADIUS server and all backup servers Broadcast key refresh rate Enter the interval at which the broadcast group key is refreshed for clients associated with this wireless community the default is 300 The valid range is O to 86400 seconds Specify a value of O to disable the refreshing of broadcast keys Session key refresh rate Enter the interval at which the AP will retresh session unicast keys for each client associated with the wireless community To enable session key refreshing specify a value in the range of 30 to 86400 seconds Specify a value of O to disable the refreshing of session keys Working with wireless communities and authentication Note WPA Personal WPA Personal is a Wi Fi Alliance IEEE 802 11i standard which includes AES CCMP and TKIP mechanisms It employs a preshared key instead of using IEEE 802 1X and EAP as is used in the WPA Enterprise mode The preshared key PSK is used for an initial check of credentials only Network name SSID ee ID MAC auth Security Delete 0 HP1_2 4G Disabled WPA personal Z X SSID Off SSID On SSID On and configured for broadcast Add New Wireless Community Network name SSID HP1_2 4G Broadcast SSID Vv VLAN ID 1 1 4094 MAC authentication Disabled V Security method WPA personal V WPA
140. s defined To define one or more servers select Global RADIUS server settings and configure the RADIUS IP address type RADIUS IP address and RADIUS key Working with wireless communities and authentication Security method By default no security is detined for a wireless community HP strongly recommends that you configure a security method to provide encrypted data exchanges between wireless clients and the M330 See Wireless protection on page 33 for details on the available security methods Wireless protection The M330 provides several methods to protect wireless transmissions trom eavesdropping and to safeguard network access by unauthorized users To choose the method that best meets the needs of your network refer to the sections that follow Static WEP Static WEP enables you to encrypt wireless transmissions but does not provide for user authentication WEP is not as secure as the other security methods available Network name SSID VLAN ID Mac auth Security Delete 0 HP1_2 4G 1 Disabled Disabled 5 X SSID Off SSIDOn SSID On and configured for broadcast Add New Wireless Community Network name SSID HP1_2 4G Broadcast SSID v VLAN ID 1 1 4094 MAC authentication Disabled V Security method Static WEP v Transfer key index 1w Key length O 64 bits 128 bits Key type O ASCII Hex Key 1 26 characters Key 2 Key 3 Key 4 Authentication W Open system L Shared key
141. server _ DHCP server Employee wireless community e R amp D employees are assigned to VLAN 10 via attributes in their RADIUS account e Accounting employees are assigned to VLAN 15 via attributes in their RADIUS account e Employees without a VLAN assignment in their RADIUS account get assigned to the VLAN that is configured for the wireless community which in this example is 20 This enables these employees to access the shared printer and the Internet Guest wireless community e The Guest community does not use RADIUS All traffic on the Guest community is assigned to VLAN 20 providing access to the shared printer and the Internet 82 Configuring Ethernet IP and VLAN settings Port statistics To view statistics on Ethernet WDS packets received and transmitted on the wired and wireless ports select Status gt Ports The port statistics page displays Ports Ethernet statistics Receive Transmit DE Transmit Status Port Packets Propped Errors __ Packets Propped Errors _ Port 1 Community 0 Community 1 Community 2 Community 3 Community 4 Community 5 Community 6 Community 7 0O 0 0 0 0 0 0 0o olololololol olo Solo oo olol ooo olololololoj P lolol olol o oloo WDS statistics Receive Receive Transmit Y ae Ee Se Recents E E O EE down WDS interface 1 down WDS interface 2 WDS interface 3 Select Radio 1
142. since last email sent Email alert status Indicates whether the Email alert feature is administratively enabled or disabled Number of emails sent The number of alert emails sent since the feature was enabled Number of emails failed The number of alert emails sent since the feature was enabled that did not reach the intended destination Time since last email sent The date and time of the last alert email sent Network trace configuration Overview Network administrators can perform network traces to capture and analyze network traffic Network trace operates in two modes e Packet file trace mode Captured packets are stored in a file on the M330 The M330 can transfer the tile to a TFTP server The file is formatted in pcap format and can be examined using tools such as Wireshark and OmniPeek e Remote packet trace mode The captured packets are redirected in real time to an external PC running the Wireshark tool The AP can trace the following types of packets e 802 11 packets received and transmitted on radio interfaces Packets captured on radio interfaces include the 802 11 header e 802 3 packets received and transmitted on the Ethernet interface e 802 3 packets received and transmitted within wireless communities or on internal logical interfaces such as WDS interfaces To configure network trace settings and initiate packet captures select Tools gt Network Trace Packet trace contiguration Use this
143. ssion To begin using new parameter values an existing packet trace session must be stopped and restarted Packet tile trace In packet file trace mode the M330 stores captured packets in a file on the device Upon activation the packet trace proceeds until one of the following occurs e The trace time reaches configured duration e The trace file reaches its maximum size e The administrator stops the trace During the trace you can monitor the trace status elapsed trace time and the current trace file size You can click Refresh to update this information while the trace is in progress Performing a packet tile trace To perform a packet tile trace 1 Select Tools gt Network Trace Packet file trace Trace interface radiol V Trace duration 60 10 3600 seconds Max trace file size 1024 64 4096 KB i save 2 Select a Trace interface The following M330 interfaces are available for packet trace e radiol 802 11 traffic on the 2 4 GHz radio e radio2 802 11 traffic on the 5 GHz radio e ethO 802 3 traffic on the Ethernet port e wlan0 Traffic for the default wireless community on the 2 4 GHz radio e wlant Traffic for the default wireless community on the 5 GHz radio e wlanOvap Traffic for 2 4 GHz wireless community x where x is the community ID and can be from 1 to 7 Wireless community IDs are shown in the first column of the Communities table on the Wireless gt Communities page
144. t Communities Communities Radio 1 v Network name SSID VLANID MAC auth Security Delete 0 HP1_2 4G 1 Disabled Disabled yw X SSID Off SSIDOn SSID On and configured for broadcast Add New Wireless Community Network name SSID HP1_2 4G Broadcast SSID v VLAN ID 1 1 4094 MAC authentication Disabled V Security method Disabled You can define up to eight wireless communities per radio 16 total e To edit an existing community select its name in the list Settings are displayed for the community selected in the communities list Modify the settings as needed and select Update e To add a new community select Add New Wireless Community You can select Save to accept the default settings or modify the settings and select Add then Save It you select Cancel before selecting Add the new wireless community will be deleted It you change these settings after saving a new wireless community select Update then Save You can select Cancel betore selecting Update to undo any changes to these settings See Wireless community configuration options on page 32 for details on the settings About the detault wireless community Caution By default a single wireless community is defined for each radio The name for the 2 4 GHz radio SSID is HP1_2 4G and for the 5 GHz radio HP1_5G which are also the network names SSIDs You can modity settings for the defau
145. t be possible depending on the configuration settings defined for each wireless community Contiguring global RADIUS servers M330 communities can use third party RADIUS servers to validate user login credentials for the WPA enterprise 802 1X or MAC based authentication options The M330 enables you to define up to four IPv4 and four IPv6 global RADIUS servers which can be shared by each wireless community Note Caution One server acts as a primary while the others act as backup servers The network type IPv4 or IPv6 and accounting mode are common across all configured global RADIUS servers After configuring servers you can select which set to enable either the IPv4 or the IPv6 servers You cannot enable a combination of IPv4 and IPv servers Additional IPv4 or IPv6 RADIUS servers can be configured for each wireless community when 802 1X Dynamic WEP or WPA Enterprise is used as the authentication protocol See 802 1 X Dynamic WEP on page 35 and WPA Enterprise on page 38 Global RADIUS servers are contigured on the Wireless gt Communities page Select to the lett of Global RADIUS server settings Global RADIUS server settings RADIUS IP address type Pv4 IPv6 RADIUS IP address RADIUS IP address 1 RADIUS IP address 2 RADIUS IP address 3 RADIUS key 1 64 characters RADIUS key 1 RADIUS key 2 RADIUS key 3 Enable RADIUS accounting RADIUS IP address type Select IPv4 or IPv6 t
146. t you enable STP mode on both APs as described in this example Setting up a WDS link To establish a WDS link you must assign a common wireless community name SSID as the first entry in the list of SSIDs on both APs SSID O entry To configure an SSID select Wireless gt Communities Select the radio and enter the Network name SSID for example WDS_330 Repeat this step on the other AP using the same SSID For the APs to communicate both APs must transmit and receive on the same channel Select Wireless gt Radio Select the radio and select a channel that is unlikely to interfere with other devices in the nearby network Repeat this step on the other AP Example of a WDS Deployment 69 70 Radio Country Country US United States Basic settings Radio 2 wv Status On Off Mode IEEE 802 11in ac Vv Channel 36 v Channel bandwidth 80 MHz V Primary channel Lower V Current channel 132 5660 MHz Station isolation amp Advanced settings Save Cancel On M330 1 select Wireless gt WDS Select the button to enable Spanning tree mode Select the radio The AP s MAC address for SSID O is prepopulated Under WDS link 1 enter M330 2 s MAC address in the Remote address box To discover M330 2 s MAC address use one of the following options e f you are using radio 1 proceed to Option 1 for radio 1 recommended e If you are using radio 2
147. tabase can be stored locally on the M330 or on a RADIUS server A captive portal is often used for public access networks providing simple user name and password authentication through a web page log on Even for guest users that do not require authentication the Captive Portal web page can offer a number a benefits e Identity the wireless network and prevent users from logging on to rogue networks e Provide terms of use policies for users to accept e Provide additional information for users e Restrict bandwidth for users to prevent network abuse The following topology illustrates a basic captive portal configuration for both employee and guest access to a wireless network Two wireless communities are configured for the employee and guest users The employee community is assigned to VLAN 10 and the guest community assigned to VLAN 20 Ap Make it matter Acceptance Use Policy Enter your Username Username Employee 2 Connect To start using this service enter your Check here to indicate that you have read and credentials and click the connect accepted the Acceptance Use Policy button Employee 1 Employee wireless community VLAN 10 VLAN 10 20 Switch Guest wireless community VLAN 20 RADIUS server Guest 1 Guest 2 DHCP server A guest user can associate with the AP but cannot initially access the network When a guest attempts to access the Internet a captive porta
148. tch VLAN 2 Guests with access to a Wireless community 2 Low security wireless network M330 providing network printer and the Internet Bas a for guests A 802 11a bigin ac o tiis wireless services Manually configure wireless network settings Multiple wireless networks with RADIUS authentication Choose this option if you want to e Create multiple wireless networks to support users with different requirements e Map the traffic from each wireless network to a specific VLAN e Authenticate user login credentials using a third party RADIUS server This option can be used to connect the M330 to a network using static IP DHCP or IPv6 addressing This scenario also supports clustering mode where multiple APs in the network are deployed and administered as a single entity Quickly setup the M330 Quick setup can help you to configure the M330 for several different networking environments Select the option that most closely matches your needs and then click OK Recommend wireless network settings based upon your network environment Network Environment Multiple wireless networks with RADIUS authentication V 4 A RADI US Employees with secure rver access to all network resources and the Internet Authentication VLAN 1 Wireless community 1 High security wireless network 802 1X or WPA for employees Pe VLAN 2 Guests with access to a Wireless community 2 Low security wireless network M330 pr
149. te its configuration to the cluster That is if AP1 has more changes but AP2 has the most recent change AP1 is selected If they have an equal number of changes but AP2 has the most recent change then AP2 is selected Creating a cluster To create a cluster 1 On the first M330 that you want to be clustered select Cluster gt Configuration Configuration Clustering configuration Clustering Enable Disable Cluster name default Cluster location not set Clustering IP version Pv4 O IPv6 For the Clustering mode select Enable Enter a Cluster name required The cluster name must be the same on all APs It can consist of up to 64 alphanumeric and special characters Enter a Cluster location which describes where the AP is physically located This setting is used for information purposes only Select a Cluster IP version All members of a cluster must have the same IP version IPv4 or IPv6 It you choose IPv6 clustering can use the link local address autocontigured IPv6 global address and statically configured IPv6 global address Ensure that when using Pv6 for clustering all the APs in the cluster either use link local addresses only or use global addresses Clustering will not work with mixed address versions Select Save The M330 begins searching for other APs in the subnet that are configured with the same cluster name and IP version A potential cluster member sends advertisements eve
150. ted the Acceptance Use Policy No accept text The text that is displayed in a pop up window when a user tries to login without first selecting the Acceptance Use Policy check box Enter 1 to 128 characters The default text is Error You must acknowledge the Acceptance Use Policy before connecting Work in progress text The text that is displayed during authentication Enter 1 to 128 characters The default text is Connecting please be patient Denied text The text that is displayed when a user fails authentication Enter 1 to 128 characters The default text is Error Invalid Credentials please try again Welcome title The text that is displayed when a user has successfully authenticated to a wireless community Enter 1 to 128 characters The default text is Congratulations Welcome content The text that is displayed when a user is successfully connected to the network Enter O to 256 characters The default text is You are now authorized and connected to the network Delete locale To delete the current locale select this option and click Save Web preview To display a preview of the authentication page select the locale name trom the Captive Portal Web Locale list Web customization 105 Previewing a web locale Atter a web locale customization parameters are contigured you can view the locale web page in the Web preview section of the Web Customization page Select the locale name from the Captive Portal web locale
151. tems remain unique to each M330 In the management tool an icon displays next to items that are shared When clustering is disabled the icon does not display System Time Set system time System time 24 H Set system time B System date System time 24 HR Time Zone B Adjust time for daylight saving Enable 8 DST start 24 HR B DST end 24 HR B DST offset minutes B These items are shared when clustering is enabled Tue Jan 1 2013 12 40 36 PST Using network time protocol NTP Manually January 1 2013 v 7 w First vV Sunday vV in November v at 02 00 v Save Cancel 86 Settings that are shared not shared by the cluster Settings that are shared System Log settings Rogue AP Detection Wireless settings Exception Static channel configuration is not shared Network Time Protocol NTP time and daylight savings time settings Radio settings as follows e Status e Mode e Channel bandwidth e Primary channel e Station Isolation e Multidomain regulatory mode e Short guard interval supported e STBC mode e Protection e Fragmentation threshold e RTS threshold e Fixed multicast rate e Broadcast multicast rate limiting Wireless community settings MAC authentication Basic SNMP settings Channel planning Admin password to secure any new cluster members Email alert settings Captive Portal Management settings Clustering multiple M330s Settings th
152. ter the Quick setup wizard is complete Select Save to have the AP join the cluster Step 3 Specify wireless network settings Use this section to define wireless networks and to configure the security settings for client access and encryption This section displays different settings depending on the selected network environment Step 3 Specify wireless network settings Radio Wireless mode IEEE 802 11b g n W Network name SSID VLAN ID Security Delete 0 HP1_24G i WPA personal wi X SSID Off f SSIDOn SSID On and configured for broadcast Add New Wireless Community Wireless community settings Identify the wireless network Network name SSID HP1_2 4G Map wireless network to a VLAN VLAN ID 1 4094 secure the wireless network Security method WPA versions LIWPA TKIP MIWPA2 AES Protected management frames O Disabled M Supported O Mandatory Key eecccccees 65 63 characters Confirm key Using Quick setup Contigure the radio and wireless mode Select a radio to configure Select Radio 1 2 4 GHz band for 802 11b g n modes or Radio 2 5 GHz band for 802 1lac and 802 11n modes Select the mode that best supports the wireless clients at your location For more information on setting the Wireless mode see Radio configuration on page 51 Wireless community settings The M330 allows you to create up to eight wireless communities Each wireless community defines the settings for a distinct w
153. ters on the Web Customization page Captive portal Web customization Captive Portal web locale Captive Portal web locale parameters Locale ID Instance ID Instance name Background image name Logo image name Foreground color Background color Separator Locale label Locale Account image Account label User label Password label Button label 1 1 TestCP1 HPBackground gif W HPLogo gif v FFFFFF E5E8E8 E5E8E8 English en HPLogin gif v Enter your Username Username Password Connect MS Ul Gothic arial sans serif Fonts Browser title Captive Portal Welcome to the Wireless Network Browser content Panes To start using this service enter your cre Acceptance use policy Acceptance Use Policy Accept label Check here to indicate that you have rez No accept text Error You must acknowledge the Accep Work In progress text Connecting please be patient Denied text Error Invalid Credentials please try aga j l Welcome title Congratulations Aia ciii You are now authorized and connected Delete locale E ET Cancel Locale ID The ID that is automatically assigned to the locale when it is created The ID cannot be configured Instance ID The ID of the captive portal instance associated with the locale Instance name The user configured name of the captive portal instance Background image name The name of the image file that displays as the pa
154. the 2 4 GHz wlan0 or 5 GHz band wlan1 on which the AP is detected Beacon Int The Beacon interval being used by this AP Beacon frames are transmitted by an AP at regular intervals to announce the existence of the wireless network The default behavior is to send a beacon frame once every 100 milliseconds 10 per second SSID The Service Set Identifier SSID for the AP The SSID uniquely identities a wireless LAN and is also referred to as the Network Name It can be up to 32 alphanumeric characters Privacy Whether there is any security on the neighboring device e Off indicates that the Security mode on the neighboring device is set to None no security e On indicates that the neighboring device has some security in place Whether WPA security is on or off for this AP Band The 802 11 band used on this AP as follows e 2 4 indicates 802 11b 802 11g or 802 11n mode or a combination of the modes e 5 indicates 802 1la 802 11n or 802 11 ac mode or all modes Channel The channel on which the AP is currently broadcasting The channel defines the portion of the radio spectrum that the radio uses for transmitting and receiving The channel is set in the Radio settings See Radio configuration on page 51 The rate in megabits per second at which this AP is currently transmitting The detected strength of the radio signal from this AP in decibels dB For any AP that is known to you you can select Grant to move
155. the M330 Ethernet port and to the default wireless community wlanO The MAC address is also printed on the AP This page enables contiguring the following settings Management VLAN ID The management VLAN is VLAN 1 by default If you already have a management VLAN configured on your network with a different VLAN ID you must change the VLAN ID of the management VLAN on the M330 accordingly The VLAN ID can be any value from 1 to 4094 Any management traffic received on a different VLAN is ignored Untagged VLAN Untagged VLAN ID All trattic from wireless clients to the AP is associated with a VLAN ID The VLAN ID may be assigned by a RADIUS server or determined by the client s association with a wireless community Trattic between the wired network and the AP however might not be associated with a VLAN that is the traffic is untagged These settings determine how the AP forwards untagged traffic to the wireless network It the Untagged VLAN option is enabled and an Untagged VLAN ID is specified e When the M330 receives traffic from a wireless client and that traffic has a VLAN ID that matches the Untagged VLAN ID it forwards the traffic to the wired network with no VLAN tag e If the VLAN ID does not match the Untagged VLAN ID the M330 forwards the traffic to the wired network with the VLAN ID from the wireless client It the Untagged VLAN option is disabled all trattic that the M330 receives from a wireless client is for
156. the WDS link disconnect M330 2 from the switch On M330 1 select Tools gt Ping and ping the address of M330 2 If the ping succeeds the WDS link is working Alternatively connect a laptop to the Ethernet port of M330 2 open a browser and browse the network The remote AP provides network connectivity over the WDS link if properly configured Proceed to Encrypting wireless traffic across the WDS link Setting up a WDS link on radio 2 Configuring a WDS network on radio 2 is similar to the process described for a radio 1 configuration with the following exception When configuring WDS on radio 2 you must select Radio 2 in the Wireless Community Radio and WDS pages By default the radio setting is always radio 1 Entering the remote MAC address for radio 2 WDS configuration Option 1 recommended On M330 1 select Wireless gt WDS Under WDS link 1 click the left arrow next to the remote address box A list of SSIDs with their corresponding MAC address appears From the list select the SSID of M330 2 This populates the Remote address box with M330 2 s MAC address Repeat this step on the other AP Be sure to enable Spanning tree mode at the top of M330 2 s Wireless gt WDS page In the event the desired SSID is not present in the list proceed with Option 2 for radio 2 deployment Option 2 for Radio 2 WDS deployment Each SSID on the AP has a unique MAC address The first eight MAC addresses are assigned t
157. thorized clients may be able to connect to the AP and trace user data The M330 performance is negatively impacted even if there is no active Wireshark session with the AP The performance is negatively impacted to a greater extent when packet trace is in progress Note Due to performance and security issues the packet trace mode is not saved in nonvolatile memory on the M330 If the M330 resets the trace mode is disabled and you must re enable it to resume capturing traffic Packet trace parameters other than mode are saved in nonvolatile memory To minimize any pertormance impact on the M330 while trattic trace is in progress you should install trace filters to limit which traffic is sent to the Wireshark tool When capturing 802 11 trattic a large portion of the captured frames tend to be beacons typically sent every 100 ms by all APs Although Wireshark supports a display filter for beacon frames it does not support a trace filter to prevent the M330 from forwarding captured beacon packets to the Wireshark tool To reduce the performance impact of capturing the 802 11 beacons you can disable the trace beacons mode The remote packet trace facility is a standard feature of the Wireshark tool for Windows Remote packet trace is not standard on the Linux version of Wireshark The Linux version does not work with the AP Wireshark is an open source tool and is available for free It can be downloaded from www wireshark org Performi
158. tus Enable Disable HTTP port 80 1025 65535 Session timeout 1 1440 minutes Administrator login credentials Current password New password 1 32 characters Confirm new password ET Cancel Web server configuration Note Use this section to configure web access to the management tool HTTPS server status HTTP server status The M330 software includes HTTP and HTTPS functionality to enable communication with your web browser Unlike HTTP HTTPS enables secure sessions using a digital certificate to encrypt data exchanged between the M330 and your web browser HTTP and HTTPS are both enabled by default If you disable the protocol you are currently using to access the management interface and click Save the current connection is terminated and you cannot access the AP using that protocol until it is enabled HTTP port By detault the HTTP server uses the well known logical port number 80 for communication with clients You can specify a different port number if port 80 is blocked or used for a different protocol on your network Session timeout It there is no activity on the management session for the specitied time the administrator will be automatically logged off Specity a time in the range 1 1440 minutes The default is 5 minutes Administrator login credentials Note Caution The M330 supports one administrator login account Use the following settings to change the password As an immediate first
159. warded to the wired network with the same VLAN tag it used on the wireless network Note The M330 does not add VLAN tags when forwarding traffic to wireless clients regardless of whether the traffic was tagged or untagged on the wired network By default this option is enabled and the untagged VLAN ID is 1 It VLANs are not used on your network these settings have no effect on the forwarding of trattic IPv4 configuration Use this area to configure the M330 to be assigned an IPv4 address from a DHCP server on your network or to statically configure an IPv4 address Automatically assigning an IP address default method By default Connection type is set to DHCP and the M330 operates as a DHCP client This means that if the network has a DHCP server the M330 will automatically receive a new IP address in place of its default IP address 192 168 1 1 upon connecting to the network The DHCP server will assign an address from its pool of available addresses You can find the IP address of the M330 by looking for its Ethernet base MAC address in the DHCP server log The Ethernet MAC address is printed on the M330 label identitied as Ethernet Base MAC or listed on the management tool IP page as MAC address To have the DHCP server assign a specific IP address to the M330 you need to precontigure the DHCP server to associate the IP address you want to use with the MAC address of the Ethernet port on the M330 Static IP contiguratio
160. work The remote AP provides network connectivity over the WDS link if properly configured Enable encryption for the WDS links HP recommends that you use encryption on WDS links to secure traffic and the network Both ends of each WDS link must be contigured with the same WPA PSK passphrase However different WDS links can use different WPA PSK passphrases Go to the Wireless gt WDS page of each AP For each contigured WDS link click the Encryption drop down list and select WPA PSK In the Key box enter the same shared key for both ends of each WDS link 74 Creating WDS links For the Link name enter the same link name at both ends of each WDS link If this name is not the same for both APs on a WDS link they will not be able to communicate or exchange data The name can be any alphanumeric combination Multiple WDS link configuration 75 76 Creating WDS links 7 Configuring Ethernet IP and VLAN settings Ethernet contiguration The M330 connects wireless clients to a wired network through its Ethernet port You can configure the IP settings for this interface and the VLAN membership required for management access to the M330 To configure the Ethernet port settings select Network gt IP Ethernet configuration MAC address 28 80 23 99 62 30 Management VLAN ID 1 1 4094 Untagged VLAN Enable Disable Untagged VLAN ID 1 1 4094 The Ethernet configuration area shows the MAC address assigned to
161. y operating in your area When operating in 802 11a or 5 GHz 802 11n modes all channels are non overlapping so you can configure APs to operate on adjacent channels Channel selection for APs in a cluster When automatic channel assignment is enabled on the Cluster gt Channel planning page the channel policy for the radio is automatically set to static mode and the Auto option is not available tor the Channel setting This contiguration allows the automatic channel feature to set the channels for the radios in the cluster Channel bandwidth Only applicable when Wireless mode includes some type of 802 11n or 802 11 ac support Select the Channel width that will be used for 802 1 1n or 802 1lac users e 20 MHz Sets channel width to 20 MHz e 40 MHz Under most conditions this can double throughput by bonding adjacent channels to form a 40 MHz channel This option reduces the number of unoccupied channels available to neighboring APs e 80 MHz For 802 1lac channels a bandwidth of 80 MHz can be set for increased throughput This option bonds two 40 MHz channels to form an 80 MHz channel Although some 802 11n clients only support 20 MHz channels they can still associate with a M330 configured for 40 MHz Primary channel 802 11n modes only This setting can be changed only when the channel bandwidth is set to 40 MHz A 40 MHz channel can be considered to consist of two 20 MHz channels that are contiguous in the frequency domain
Download Pdf Manuals
Related Search