HP Vm200 User Manual
Have a look at the manual HP Vm200 User Manual online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 1114 HP manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
Configuring network settings and VLANs Discovery protocols 6-7 Discovery protocols The V-M200 supports the Link Layer Discovery Protocol (LLDP) and the Cisco Discovery Protocol (CDP). These protocols provide a mechanism for the V-M200 to exchange information about its identity, capabilities, and interconnection with other devices on the network. Information gathered via LLDP and CDP is stored in the V-M200 in a management information database (MIB) and can be retrieved with the simple network management protocol (SNMP). CDP CDP (Cisco Discovery Protocol) provides a mechanism for the V-M200 to advertise information about itself to other devices on the wired network. This information is useful for network administration purposes and is sent on the Ethernet port and any active WDS links. When the CDP support is enabled, the CDP settings are configured by default and cannot be changed. To enable CDP support 1.Select Network > Discovery protocols. 2.Select Enabled under CDP support and then select Save. LLDP The IEEE 802.1AB Link Layer Discovery Protocol (LLDP) provides a standards-based method for network devices to discover each other and exchange information about their capabilities. An LLDP device advertises itself to adjacent (neighbor) devices by transmitting LLDP data packets on all ports on which outbound LLDP is enabled, and reading LLDP advertisements from neighbor devices on ports that are inbound LLDP-enabled. An LLDP enabled port receiving LLDP packets inbound from neighbor devices stores the packet data in a Neighbor database (MIB). LLDP information is used by network management tools to create accurate physical network topologies by determining which devices are neighbors and through which ports they connect.
Configuring network settings and VLANs Discovery protocols 6-8 LLDP operates at layer 2 and requires an LLDP agent to be active on each network interface that will send and receive LLDP advertisements. LLDP advertisements can contain a variable number of TLV (type, length, value) information elements. Each TLV describes a single attribute of a device. When an LLDP agent receives information from another device, it stores the information locally in a special LLDP MIB (management information base). This information can then be queried by other devices via SNMP. For example, the HP Manager software retrieves this information to build an overview of a network and all its components. NoteLLDP information is only sent/received on the Ethernet port and active WDS links. LLDP information is not collected from wireless devices connected to an AP. SNMP support Support is provided for the following MIBs: LLDP MIB definition described in chapter 12 of the 802.1AB standard. Interfaces MIB (RFC 2863). Supported LLDP TLVs When the LLDP support is enabled, the LLDP agent supports the following mandatory and optional TLVs. Mandatory TLVs Chassis ID (Type 1): The MAC address of the V-M200. Port ID (Type 2): The MAC address of the port on which the TLV will be transmitted. Time to live (Type 3): Defines the length of time that neighbors will consider LLDP information sent by this agent to be valid. Calculated by multiplying Transmit interval by the Multiplier. Optional TLVs Port description (Type 4): A description of the port. System name (Type 5): Administrative name assigned to the device from which the TLV was transmitted. System description (Type 6): Description of the system, comprised of the following information: operational mode, hardware type, hardware revision, and firmware version. System capabilities (Type 7): Indicates the primary function of the device. Set to: WLAN access point. LLDP default settings When the LLDP support is enabled, the values of the following LLDP settings are configured by default. You cannot change these values.
Configuring network settings and VLANs Bridge spanning tree protocol 6-9 Transmit interval = 30 seconds. The interval at which local LLDP information is updated and TLVs are sent to neighboring network devices. Multiplier = 5 seconds. The value of Multiplier is multiplied by the Transmit interval to define Time to live. Time to live = 150 seconds. Length of time that neighbors consider LLDP information sent by this agent to be valid. Time to live is calculated by multiplying Transmit interval by Multiplier. Configuring LLDP support on the V-M200 LLDP settings are configured by selecting Network > Discovery protocols. To enable LLDP support, select Enabled under LLDP support. Bridge spanning tree protocol The V-M200 uses the Spanning-Tree Protocol (STP) to prevent undesirable loops from occurring in the network that may result in decreased throughput. Spanning tree is configured by selecting Network > IP.
Configuring network settings and VLANs DNS server configuration 6-10 Spanning tree can be enabled for: Untagged ports: Applies to all untagged traffic on the Ethernet port and active WDS links. VLAN ports: Applies to any traffic that has a VLAN assigned to it. VLANs can be assigned by setting the Ethernet VLAN option in a wireless community, or by setting a user-defined VLAN via RADIUS attributes. Priority Sets the priority of the V-M200 within the spanning tree network. Generally, the bridge with lowest priority is designated as the root bridge of the spanning tree. DNS server configuration The V-M200 provides several options to customize DNS handling. To configure these options, select Network > DNS. If static IP addressing is being used, the following page is displayed allowing you to define up to three DNS servers.
Configuring network settings and VLANs DNS server configuration 6-11 If DHCP IP addressing is being used, the following page is displayed. It shows the servers that have been dynamically assigned by the DHCP server. To manually assign your own DNS servers, select the Override dynamically assigned DNS option and then specify up to three DNS servers. DNS servers Server 1: Specify the IP address of the primary DNS server for the V-M200 to use. Server 2: Specify the IP address of the secondary DNS server for the V-M200 to use. Server 3: Specify the IP address of the tertiary DNS server for the V-M200 to use. DNS advanced settings DNS cache Enable this checkbox to activate the DNS cache. Once a host name is successfully resolved to an IP address by a remote DNS server, it is stored in the cache. This speeds up network performance, because the remote DNS server does not have to be queried for subsequent requests for this host. An entry stays in the cache until one of the following is true: An error occurs when connecting to the remote host. The time to live (TTL) of the DNS request expires. The V-M200 restarts.
Configuring network settings and VLANs DNS server configuration 6-12 DNS switch on server failure This setting controls how the V-M200 switches between the primary and secondary DNS servers. When enabled, the V-M200 switches servers if the current server replies with a DNS server failure message. When disabled, the V-M200 switches servers if the current server does not reply to a DNS request. DNS switch over This setting controls how the V-M200 switches back to the primary DNS server after it has switched to the secondary DNS server because the primary was unavailable. When enabled, the V-M200 switches back to the primary server after it becomes available again. When disabled, the V-M200 switches back to the primary server only if the secondary server becomes unavailable.
Chapter 7: Authentication services 7 Authentication services Contents Using a third-party RADIUS server ............................................................................ 7-2 Defining a RADIUS client profile on the V-M200 ............................................... 7-2 Configuring user accounts on a RADIUS server ............................................... 7-5 Global 802.1X settings ............................................................................................... 7-11 Supplicant timeout .............................................................................................. 7-11 Group key update ................................................................................................ 7-11 Reauthentication ................................................................................................. 7-12
Authentication services Using a third-party RADIUS server 7-2 Using a third-party RADIUS server The V-M200 can use third-party RADIUS servers to perform a number of authentication and configuration tasks, including the tasks shown in the table below. Defining a RADIUS client profile on the V-M200 The V-M200 enables you to define a maximum of 16 RADIUS profiles. Each profile defines the settings for a RADIUS client connection. To support a client connection, you must create a client account on the RADIUS server. The settings for this account must match the profile settings you define on the V-M200. For backup redundancy, each profile supports a primary and secondary server. The V-M200 can function with any RADIUS server that supports RFC 2865 and RFC 2866. Authentication occurs via authentication types such as: EAP-MD5, CHAP, MSCHAP v1/v2, PAP, EAP-TLS, EAP-TTLS, EAP-PEAP, EAP-SIM, EAP-AKA, EAP-FAST, and EAP-GTC. NoteIf you change a RADIUS profile to connect to a different server while users are active, all RADIUS traffic for active user sessions is immediately sent to the new server. To define a RADIUS profile 1.Select Authentication > RADIUS profiles. The RADIUS profiles page opens. Ta s kFor more information see Validating user login credentials for the WPA, 802.1X, or MAC-based authentication options.Wireless protection on page 4-7. MAC-based authentication on page 4-12. Storing custom configuration settings, such as a VLAN ID, for each user.Configuring user accounts on a RADIUS server on page 7-5. Storing accounting information for each user.Wireless protection on page 4-7 or MAC- based authentication on page 4-12 for information on how to enable accounting support.
Authentication services Using a third-party RADIUS server 7-3 2.Select Add New Profile. The Add/Edit RADIUS profile page opens. 3.Configure the profile settings as described in the following section. 4.Select Save. Configuration settings Profile name Specify a name to identify the profile. Settings Authentication port: Specify a port on the RADIUS server to use for authentication. By default RADIUS servers use port 1812. Accounting port: Specify a port on the RADIUS server to use for accounting. By default RADIUS servers use port 1813.
Authentication services Using a third-party RADIUS server 7-4 Retry interval: Specify the number of seconds that the RADIUS server waits before access and accounting requests time out. If the server does not receive a reply within this interval, the V-M200 switches between the primary and secondary RADIUS servers, if a secondary server is defined. A reply that is received after the retry interval expires is ignored. Retry interval applies to access and accounting requests that are generated by the following: 802.1x authentication. MAC-based authentication. You can determine the maximum number of retries as follows: MAC-based authentication: Number of retries is infinite. WPA/802.1X authentication: Retries are controlled by the 802.1X client software. Retry timeout: When enabled, this option allows the V-M200 to drop accounting requests after retrying (every retry interval) for the specified Retry timeout value. When disabled, the V-M200 retries forever. Retry timeout value: Specify the amount of time (in seconds) between retries. Authentication method: Select the default authentication method that the V-M200 uses when exchanging authentication packets with the RADIUS server defined for this profile. For 802.1X users, the authentication method is always determined by the 802.1X client software and is not controlled by this setting. If traffic between the V-M200 and the RADIUS server is not protected by a VPN, it is recommended that you use either EAP-MD5 or MSCHAPv2 (if supported by your RADIUS Server). PAP, MSCHAPv1, and CHAP are less secure protocols. NAS ID: Specify the identifier for the network access server that you want to use for the V-M200. By default, the serial number of the V-M200 is used. The V-M200 includes the NAS-ID attribute in all packets that it sends to the RADIUS server. Always try primary server first: Enable this option if you want to force the V-M200 to contact the primary server first. Otherwise, the V-M200 sends the first RADIUS access request to the last known RADIUS server that replied to any previous RADIUS access request. If the request times out, the next request is sent to the other RADIUS server if defined. For example, assume that the primary RADIUS server was not reachable and that the secondary server responded to the last RADIUS access request. When a new authentication request is received, the V-M200 sends the first RADIUS access request to the secondary RADIUS server. If the secondary RADIUS server does not reply, the V-M200 retransmits the RADIUS access request to the primary RADIUS server. When two servers are configured, the V-M200 always alternates between the two.