Manuals / Brands / Computer Equipment / Software / HP / Computer Equipment / Software

HP Cloud Network Manager Software field, The following levels of detection can be configured in the WIP Protection page:, Off, Low, •Off, •Low, High, •High, Custom, settings field

1 89

Download 89 pages, 1.03 Mb

Table 18: Client detection policies

Detection level	Detection policy

Off	All detection policies are disabled.

Low	•	Detect Valid Station Misassociation

Medium	•	Detect Disconnect Station Attack
	•	Detect Omerta Attack
	• Detect FATA-Jack Attack
	• Detect Block ACK DOS
	•	Detect Hotspotter Attack
	• Detect unencrypted Valid Client
	• Detect Power Save DOS Attack

High	•	Detect EAP Rate Anomaly
	•	Detect Rate Anomaly
	• Detect Chop Chop Attack
	• Detect TKIP Replay Attack
	• IDS Signature — Air Jack
	• IDS Signature — ASLEAP

The following levels of detection can be configured in the WIP Protection page:

•Off

•Low

•High

The following table describes the protection policies that are enabled in the Infrastructure Protection Custom

settings field.

Table 19: Infrastructure protection policies

Protection level	Protection policy

Off	All protection policies are disabled

Low	• Protect SSID — Valid SSID list is auto derived from
		AP configuration
	•	Rogue Containment

High	• Protect from Adhoc Networks
	•	Protect AP Impersonation

The following table describes the detection policies that are enabled in the Client Protection Custom settings field.

Table 20: Client protection policies

Protection level	Protection policy

Off	All protection policies are disabled

Low	Protect Valid Station

High	Protect Windows Bridge

45 Wireless configuration

HP Cloud Network Manager User Guide

Contents

Page Document 5998-5742,edition 1 (July 2014) Acknowledgments Contents Intended audience Related documents Conventions HP websites Initial AP configuration Wireless network profiles General configuration tasks Advanced configuration tasks Advanced radio resource management Intrusion detection system Authentication Captive portal for guest access DHCP configuration Services Uplink configuration Mobility and client management Enterprise domain SNMP and logging Acronyms and abbreviations Glossary About this guide Intended audience Related documents Conventions HP websites About Cloud Network Manager Cloud Network Manager overview Cloud Network Manager user interface Activating your Cloud Network Manager subscriptions 8.Read and accept the End User License agreement, and then click Finish a.Your subscription(s) is activated in the HP Cloud Network Manager Activating your HP Cloud Network Manager account Wireless configuration on page To activate your HP Cloud Network Manager account: User interface Monitoring Wireless configuration Reports Maintenance Virtual Controller Help Help Data pane Wireless Configuration > Access Points Support Support Feedback Feedback Monitoring AP details Remote Console System pane Access Point Console Access Clients WIDS Event log The Event Log pane displays the event details that occur in the network Setting notification alerts Wireless configuration Initial AP configuration Wireless network profiles Network types 2.For TYPE, select Wireless 3.Enter a name that is used to identify the network in the Name (SSID) box Based on the type of network profile, select any of the following options under PRIMARY USAGE Employee Page Configuring VLAN settings for a WLAN SSID profile To configure VLAN settings for an SSID: 1.In VLAN, select any of the following options for CLIENT IP ASSIGNMENT: Virtual Controller Assigned DHCP configuration on page Configuring security settings for an employee or voice network Page Configuring access rules for a WLAN SSID profile on page Configuring access rules for a WLAN SSID profile Configuring a WLAN SSID for guest access on page To configure access rules for an employee or voice network: 1.In Access Rules, select any of the following types of access control: General configuration tasks Modifying the AP name Configuring VC IP address Configuring a preferred band Configuring VC VLAN Configuring auto join mode Advanced configuration tasks Configuring ARRM assigned radio profiles for an AP Configuring radio profiles manually for AP The following table describes various configuration modes for an AP 4.If the ACCESS mode is selected, perform the following actions: a.Select Administrator assigned in 2.4 GHz and 5 GHz BAND BAND From Advanced radio resource management Channel or power assignment Voice aware scanning Load aware scanning Band steering mode Page Monitoring the network with ARRM ARRM metrics 3. For AIRTIME FAIRNESS MODE specify any of the following values: 4. For additional options, specify the following parameters: 5. For ACCESS POINT CONTROL, specify the following parameters: Description 6.Click Save and reboot the AP 7.Click Save Settings Intrusion detection system logged information This chapter describes the following procedures: •Detecting and classifying rogue APs on page •OS fingerprinting on page •Configuring wireless intrusion protection and detection levels on page You can configure the following options: Infrastructure Detection Policies Client Detection Policies Infrastructure Protection Policies Client Protection Policies The following levels of detection can be configured in the WIP Protection page: Custom settings field field Authentication Page External RADIUS server Internal RADIUS server Authentication termination on AP Configuring an external server for authentication LDAP Server Configuring dynamic RADIUS proxy parameters 1.Enable dynamic RADIUS proxy Enabling dynamic RADIUS proxy To enable RADIUS RADIUS proxy: 1.Select Wireless Configuration > System. The System data pane is displayed data pane is displayed Configuring 802.1X authentication for a wireless network profile Configuring MAC authentication for wireless network profiles 6.Click ACCESS tab to define access rules Configuring MAC authentication with captive portal authentication This authentication method has the following features: For wireless network profile, select ENFORCE MAC AUTH ONLY ROLE Blacklisting clients manually Captive portal for guest access Types of captive portal Walled garden Page 6.Click Next to configure VLAN settings. The VLAN details are displayed 7.Select any of the following options for CLIENT IP ASSIGNMENT: Assigned • Network Assigned—Selectthis option to obtain the IP address from the network • STRING— Enter the string to match Configuring internal captive portal for guest network 1. In the SECURITY tab, assign values for the configuration parameters: External captive portal profiles Creating a captive portal profile 4. Click Save Configuring guest logon role and access rules for guest users You can configure up to 64 access rules for a guest network To configure access rules for a guest network: 4.Select Guest under PRIMARY USAGE and click Next 1. Create a user role: a.Click New in ROLE pane b.Enter a name for the new role and click Ok 2.Create access rules for a specific user role: 3.Create a role assignment rule •Select a profile from Captive Portal Profile If you want to edit the profile, click Configuring walled garden access DHCP configuration Configuring local and local, L3 DHCP scopes Local, L3 To configure a new DHCP scope: 1.Select Wireless Configuration > DHCP. The DHCP Server data pane is displayed To configure a Local Local DHCP Scopes Services Bonjour support overview Bonjour support with Cloud Network Manager Configuring Bonjour support and Bonjour support services on an AP Integration with Cloud Network Manager Configuring an AP for PAN integration Uplink configuration Wi-Fiuplink Ethernet uplink Enforcing uplinks Setting an uplink priority Enabling uplink pre-emption Switching uplinks based on internet availability Mobility and client management Configuring L3-mobility Home agent load balancing Enterprise domain SNMP and logging SNMP parameters for AP Configuring community string for SNMP Configuring SNMP traps Configuring TFTP dump server 1.Select Wireless Configuration > System > LOGGING TFTP DUMP SERVER Reports Deleting a report Reports > Network PCI Compliance Maintenance Device management User management User Management The user can perform following actions: •Add User: Add additional users to the Network Management System (NMS) Terminology Acronyms and abbreviations Glossary