Manuals / Brands / Computer Equipment / Software / HP / Computer Equipment / Software

HP Cloud Network Manager Software You can configure the following options:, IDS, •Off, •Low, •High, •Medium, Custom settings, Custom settings, Containment Methods, Client Detection Policies

1 89

Download 89 pages, 1.03 Mb

You can configure the following options:

•Infrastructure Detection Policies — Specifies the policy for detecting wireless attacks on APs.

•Client Detection Policies — Specifies the policy for detecting wireless attacks on clients.

•Infrastructure Protection Policies — Specifies the policy for protecting APs from wireless attacks.

•Client Protection Policies — Specifies the policy for protecting clients from wireless attacks.

•Containment Methods — Prevents unauthorized stations from connecting to your Cloud Network Manager network.

Each of these options contains several default levels that enable different sets of policies. An administrator can customize enable or disable these options accordingly.

The detection levels can be configured using the IDS pane. The following levels of detection can be configured in the WIP Detection page:

•Off•Low•Medium•High

The following table describes the detection policies enabled in the Infrastructure Detection Custom settings field.

Table 17: Infrastructure detection policies

Detection level	Detection policy

Off	Rogue Classification

Low	•	Detect AP Spoofing
	•	Detect Windows Bridge
	• IDS Signature — Deauthentication Broadcast
	• IDS Signature — Deassociation Broadcast

Medium	•	Detect Adhoc networks using VALID SSID — Valid
		SSID list is auto-configured based on AP
		configuration
	• Detect Malformed Frame — Large Duration

High	•	Detect AP Impersonation
	•	Detect Adhoc Networks
	• Detect Valid SSID Misuse
	•	Detect Wireless Bridge
	• Detect 802.11 40MHz intolerance settings
	• Detect Active 802.11n Greenfield Mode
	• Detect AP Flood Attack
	• Detect Client Flood Attack
	•	Detect Bad WEP
	• Detect CTS Rate Anomaly
	• Detect RTS Rate Anomaly
	• Detect Invalid Address Combination
	• Detect Malformed Frame — HT IE
	• Detect Malformed Frame — Association Request
	• Detect Malformed Frame — Auth
	•	Detect Overflow IE
	• Detect Overflow EAPOL Key
	• Detect Beacon Wrong Channel
	• Detect devices with invalid MAC OUI

The following table describes the detection policies enabled in the Client Detection Custom settings field.

HP Cloud Network Manager User Guide

Wireless configuration 44

Contents

Page Document 5998-5742,edition 1 (July 2014) Acknowledgments Contents Intended audience Related documents Conventions HP websites Initial AP configuration Wireless network profiles General configuration tasks Advanced configuration tasks Advanced radio resource management Intrusion detection system Authentication Captive portal for guest access DHCP configuration Services Uplink configuration Mobility and client management Enterprise domain SNMP and logging Acronyms and abbreviations Glossary About this guide Intended audience Related documents Conventions HP websites About Cloud Network Manager Cloud Network Manager overview Cloud Network Manager user interface Activating your Cloud Network Manager subscriptions 8.Read and accept the End User License agreement, and then click Finish a.Your subscription(s) is activated in the HP Cloud Network Manager Activating your HP Cloud Network Manager account Wireless configuration on page To activate your HP Cloud Network Manager account: User interface Monitoring Wireless configuration Reports Maintenance Virtual Controller Help Help Data pane Wireless Configuration > Access Points Support Support Feedback Feedback Monitoring AP details Remote Console System pane Access Point Console Access Clients WIDS Event log The Event Log pane displays the event details that occur in the network Setting notification alerts Wireless configuration Initial AP configuration Wireless network profiles Network types 2.For TYPE, select Wireless 3.Enter a name that is used to identify the network in the Name (SSID) box Based on the type of network profile, select any of the following options under PRIMARY USAGE Employee Page Configuring VLAN settings for a WLAN SSID profile To configure VLAN settings for an SSID: 1.In VLAN, select any of the following options for CLIENT IP ASSIGNMENT: Virtual Controller Assigned DHCP configuration on page Configuring security settings for an employee or voice network Page Configuring access rules for a WLAN SSID profile on page Configuring access rules for a WLAN SSID profile Configuring a WLAN SSID for guest access on page To configure access rules for an employee or voice network: 1.In Access Rules, select any of the following types of access control: General configuration tasks Modifying the AP name Configuring VC IP address Configuring a preferred band Configuring VC VLAN Configuring auto join mode Advanced configuration tasks Configuring ARRM assigned radio profiles for an AP Configuring radio profiles manually for AP The following table describes various configuration modes for an AP 4.If the ACCESS mode is selected, perform the following actions: a.Select Administrator assigned in 2.4 GHz and 5 GHz BAND BAND From Advanced radio resource management Channel or power assignment Voice aware scanning Load aware scanning Band steering mode Page Monitoring the network with ARRM ARRM metrics 3. For AIRTIME FAIRNESS MODE specify any of the following values: 4. For additional options, specify the following parameters: 5. For ACCESS POINT CONTROL, specify the following parameters: Description 6.Click Save and reboot the AP 7.Click Save Settings Intrusion detection system logged information This chapter describes the following procedures: •Detecting and classifying rogue APs on page •OS fingerprinting on page •Configuring wireless intrusion protection and detection levels on page You can configure the following options: Infrastructure Detection Policies Client Detection Policies Infrastructure Protection Policies Client Protection Policies The following levels of detection can be configured in the WIP Protection page: Custom settings field field Authentication Page External RADIUS server Internal RADIUS server Authentication termination on AP Configuring an external server for authentication LDAP Server Configuring dynamic RADIUS proxy parameters 1.Enable dynamic RADIUS proxy Enabling dynamic RADIUS proxy To enable RADIUS RADIUS proxy: 1.Select Wireless Configuration > System. The System data pane is displayed data pane is displayed Configuring 802.1X authentication for a wireless network profile Configuring MAC authentication for wireless network profiles 6.Click ACCESS tab to define access rules Configuring MAC authentication with captive portal authentication This authentication method has the following features: For wireless network profile, select ENFORCE MAC AUTH ONLY ROLE Blacklisting clients manually Captive portal for guest access Types of captive portal Walled garden Page 6.Click Next to configure VLAN settings. The VLAN details are displayed 7.Select any of the following options for CLIENT IP ASSIGNMENT: Assigned • Network Assigned—Selectthis option to obtain the IP address from the network • STRING— Enter the string to match Configuring internal captive portal for guest network 1. In the SECURITY tab, assign values for the configuration parameters: External captive portal profiles Creating a captive portal profile 4. Click Save Configuring guest logon role and access rules for guest users You can configure up to 64 access rules for a guest network To configure access rules for a guest network: 4.Select Guest under PRIMARY USAGE and click Next 1. Create a user role: a.Click New in ROLE pane b.Enter a name for the new role and click Ok 2.Create access rules for a specific user role: 3.Create a role assignment rule •Select a profile from Captive Portal Profile If you want to edit the profile, click Configuring walled garden access DHCP configuration Configuring local and local, L3 DHCP scopes Local, L3 To configure a new DHCP scope: 1.Select Wireless Configuration > DHCP. The DHCP Server data pane is displayed To configure a Local Local DHCP Scopes Services Bonjour support overview Bonjour support with Cloud Network Manager Configuring Bonjour support and Bonjour support services on an AP Integration with Cloud Network Manager Configuring an AP for PAN integration Uplink configuration Wi-Fiuplink Ethernet uplink Enforcing uplinks Setting an uplink priority Enabling uplink pre-emption Switching uplinks based on internet availability Mobility and client management Configuring L3-mobility Home agent load balancing Enterprise domain SNMP and logging SNMP parameters for AP Configuring community string for SNMP Configuring SNMP traps Configuring TFTP dump server 1.Select Wireless Configuration > System > LOGGING TFTP DUMP SERVER Reports Deleting a report Reports > Network PCI Compliance Maintenance Device management User management User Management The user can perform following actions: •Add User: Add additional users to the Network Management System (NMS) Terminology Acronyms and abbreviations Glossary