RF Manager MCG Sep09 5900 0285

Management and Configuration Guide for HP ProCurve RF Manager and Sensors
ProCurve 5400zl Switches ProCurve RF Manager and Sensors

Installation and Getting Started Guide Management and Configuration Guide
HP ProCurve RF Manager and Sensors
Management and Configuration Guide
Copyright and Disclaimer Notices
Copyright 2009 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Disclaimer
HEWLETT-PACKARD COMPANY MAKES NO WARRANTY OF ANY KIND WITH REGARD TO THIS MATERIAL, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. Hewlett-Packard shall not be liable for errors contained herein or for incidental or consequential damages in connection with the furnishing, performance, or use of this material. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein. Hewlett-Packard assumes no responsibility for the use or reliability of its software on equipment that is not furnished by Hewlett-Packard.
This guide contains proprietary information, which is protected by copyright. No part of this guide may be photocopied, reproduced, or translated into another language without the prior written consent of Hewlett-Packard.
Publication Number
5900-0285 September 2009
Applicable Products
RF Manager IDS/IPS Controller J9521A USA part MSM320 Access Point with Sensor License MSM320-R Access Point with Sensor License MSM325 Access Point with Sensor MSM335 Access Point with Sensor MSM415 Sensor J9360A J9365A J9369A J9356A WW part J9364A J9368A J9373A J9357A J9522A
Warranty
See the Customer Support/Warranty booklet included with the product. A copy of the specific warranty terms applicable to your Hewlett-Packard products and replacement parts can be obtained from your HP Sales and Service Office or authorized dealer.
Trademark Credits
Windows NT, Windows, and MS Windows are US registered trademarks of Microsoft Corporation.
Hewlett-Packard Company 8000 Foothills Boulevard Roseville, California 95747-5552 www.procurve.com
Contents
1 Introduction About This Guide .........................................................................................................1-1
Products Covered ..................................................................................................1-1
HP ProCurve Networking Product Naming .......................................................1-1
Important Terms ....................................................................................................1-2
Conventions ...........................................................................................................1-3
Management Tool............................................................................................1-3
Warnings and Cautions...................................................................................1-3
Commands and Program Listings .................................................................1-3
Introducing RF Manager .............................................................................................1-4
New in This Release ....................................................................................................1-4
Draft 2.0 11n Capability ........................................................................................1-4
WEPGuardTM ........................................................................................................1-5
Devices in Ad hoc mode ......................................................................................1-5
Hotspot SSID List ..................................................................................................1-5
Live Event Architecture........................................................................................1-5
Offline Sensor Operation (Also Known as Standalone Sensor Operation).1-6
New Assessment and Compliance reports.........................................................1-6
Reports Enhancements and Archival..................................................................1-6
802.11w (Cisco Management Frame Protection) Capability ...........................1-6
220 Channel Scanning ...........................................................................................1-6
Font Internationalization......................................................................................1-6
Support for Multiple Email Addresses................................................................1-7
New Event for AP RSSI Drop...............................................................................1-7
UI enhancements ...................................................................................................1-7
Event List Paging ............................................................................................1-7
Progress Bar on Device List and RF View ...................................................1-7
Support for new Cisco AP in WLC integration ..................................................1-7
Safety information........................................................................................................1-8
Professional Installation Required ......................................................................1-8
Servicing .................................................................................................................1-8
HP ProCurve Networking support .............................................................................1-8
Before contacting support....................................................................................1-9
iii
Getting started ..............................................................................................................1-9

Online documentation .................................................................................................1-9
2 Additional Configuration Shutting Down ..............................................................................................................2-1

Shutdown Using the Keypad and LCD .........................................................2-1
Shutdown Using the CLI ................................................................................2-2
Sensor Information ......................................................................................................2-2
Zero Configuration of Sensors....................................................................................2-3
Sensor Modes of Operation ........................................................................................2-4
Guidelines for Using ND and SNDC ..........................................................................2-5
Guidelines for Configuring and Installing ND and SNDC .......................................2-7
VLAN States ................................................................................................................2-13
Useful Tips ..................................................................................................................2-14
3 Navigation Bar and Global Functions A Quick Tour of the Console.......................................................................................3-1

Navigation Bar ..............................................................................................................3-1
Global Functions ..........................................................................................................3-2
General....................................................................................................................3-2
Lists .........................................................................................................................3-2
Trees ........................................................................................................................3-3
Dialogs ....................................................................................................................3-3
Messages.................................................................................................................3-3
4 Dashboard Tab Introduction: Panel Displaying WLAN Snapshot .....................................................4-1

Dashboard Screen: Accessibility and Layout ...........................................................4-1
Dashboard: Location Tree ....................................................................................4-2
Summary Tab: Sections ........................................................................................4-2
Security Scorecard..........................................................................................4-3
iv
Quarantine .......................................................................................................4-4
Editing the Intrusion Prevention Policy.......................................................4-6
Ad hoc Networks ............................................................................................4-6
Uncategorized Devices...................................................................................4-7
Clients .............................................................................................................. 4-8
Events...............................................................................................................4-9
Categorized Devices .....................................................................................4-11
Working of the Filter ....................................................................................4-12
Charts Tab: Sections............................................................................................4-13
5 Events Tab Events: Panel Displaying Alerts .................................................................................5-1

Pagination of Events .............................................................................................5-1
Events Screen: Accessibility and Layout ..................................................................5-3
Events: Location Tree ...........................................................................................5-3
Event Categories, Event Lists, and Table Summary .........................................5-4
Viewing Events Lists ....................................................................................................5-4
Sorting Events ..............................................................................................................5-5
Filtering Events ............................................................................................................5-7
Working with Events....................................................................................................5-8
Events Context-Sensitive Menu...........................................................................5-8
Methods for Opening Events Context-Sensitive Menu ..............................5-9
Items in the Events Context-Sensitive Menu ..............................................5-9
Event Details Dialog............................................................................................5-11
Acknowledging an Event...........................................................................................5-12
Deleting an Event .......................................................................................................5-13
Undeleting an Event...................................................................................................5-14
Toggling an Event Contribution to Network Vulnerability ...................................5-14
Viewing Detailed Information for an Event ............................................................5-15
Tracking the Location of an Event ...........................................................................5-16
Viewing Properties of Devices Associated with an Event ....................................5-17
6 Locations Locations: Panel for Creating Locations ...................................................................6-1

Locations Screen: Accessibility and Layout.......................................................6-1
Working with Location Folders and Location Nodes ..............................................6-3
Adding a New Location.........................................................................................6-3
Moving a Location .................................................................................................6-5
Renaming a Location.............................................................................................6-6
Deleting a Location ...............................................................................................6-7
Working with Images ...................................................................................................6-7
Attaching an Image................................................................................................6-7
Zooming In/Zooming Out and Opacity Control of an Image............................6-9
Placing Locations on a Location Folder with an Attached Image...................6-9
Detaching an Image.............................................................................................6-10
Importing a Planner file into a Location Node ................................................6-11
Creating your Layout .................................................................................................6-12
Placing APs and Sensors on the Floor map and Viewing Details..................6-12
Setting Coordinates and Deleting Devices from a Floor map .......................6-13
Resetting your Canvas ........................................................................................6-14
Editing Floor Properties .....................................................................................6-14
Viewing RF Coverage Maps ......................................................................................6-15
AP Coverage View ...............................................................................................6-15
AP Channel View .................................................................................................6-16
AP Link Speed View ............................................................................................6-17
Sensor Coverage View ........................................................................................6-18
Calibrating RF Views .................................................................................................6-18
7 Devices Tab Devices: Panel Displaying WLAN Devices ................................................................7-1

Devices Screen: Accessibility and Layout.................................................................7-1
Devices: Location Tree..........................................................................................7-2
Device Categories, Device Lists, and Table Summary......................................7-2
Viewing APs/Clients List..............................................................................................7-3
Viewing Sensors List ....................................................................................................7-6
Sorting a Device List ....................................................................................................7-7
vi
Searching within a Device List ...................................................................................7-8

Location Tagging of a Device or Location Tag Assignment..................................7-10
Automatic Location Tagging (Auto Location Tagging)...................................7-10
Manual Location Tagging....................................................................................7-10
Working with Devices ................................................................................................7-10
AP Context-Sensitive Menu................................................................................7-10
AP Properties Dialog...........................................................................................7-14
Client Context-Sensitive Menu ..........................................................................7-16
Client Properties Dialog .....................................................................................7-19
Sensor Context-Sensitive Menu.........................................................................7-21
Sensor Properties Dialog ....................................................................................7-23
Troubleshooting a Device .........................................................................................7-25
Points to Note During Troubleshooting............................................................7-28
Viewing AP Details.....................................................................................................7-28
Viewing Client Details................................................................................................7-31
Viewing Sensor Details ..............................................................................................7-33
Locating an AP/Client Placed on the Floor map ....................................................7-35
Removing a Device from Quarantine.......................................................................7-37
Moving an AP/Client to a Different Folder .............................................................7-38
Merging APs ................................................................................................................7-38
Splitting APs................................................................................................................7-40
8 Reports Reports: Panel for Generating Reports .....................................................................8-1

Reports Screen: Accessibility and Layout.................................................................8-1
Location Tree .........................................................................................................8-2
Report Panel...........................................................................................................8-2
Managing Reports ........................................................................................................8-4
Adding a Report .....................................................................................................8-5
Editing a Report.....................................................................................................8-9
Deleting a Report.................................................................................................8-10
Moving a Report...................................................................................................8-10
vii
Working with Sections of a Report ..........................................................................8-11

Adding a Section to a Report .............................................................................8-11
Editing a Section of a Report .............................................................................8-13
Deleting a Section of a Report ...........................................................................8-13
Scheduling a Report...................................................................................................8-14
Setting a Report Schedule ..................................................................................8-14
Editing a Report Schedule..................................................................................8-16
Canceling a Report Schedule .............................................................................8-17
Generating a Report Instantly ..................................................................................8-17
Sample Report Generation........................................................................................8-20
Creating a Report.................................................................................................8-20
Adding a Section ..................................................................................................8-20
Specifying a Section Query ................................................................................8-20
Saving the Section ...............................................................................................8-21
Generating the Report.........................................................................................8-22
9 Administration Administration: Panel for Configuring Policies........................................................9-1

Administration Screen: Accessibility and Layout ....................................................9-1
Global Policies .......................................................................................................9-3
Local Policies .........................................................................................................9-3
Location Based Policy (LBP) License ..........................................................9-3
Location Move .................................................................................................9-4
Exporting RF Manager Configuration ..............................................................9-11
Global Policies............................................................................................................9-14
Event Settings ......................................................................................................9-14
Device Settings ....................................................................................................9-18
User Management................................................................................................9-27
Location Settings .................................................................................................9-37
System Settings....................................................................................................9-43
Reports ...........................................................................................................9-43
Auto Deletion ................................................................................................9-44
Vendors...........................................................................................................9-46
SMTP ..............................................................................................................9-46
License ...........................................................................................................9-48
viii
Server .............................................................................................................9-49
Manage Logs ..................................................................................................9-50
Upgrade ..........................................................................................................9-52
Login Message ...............................................................................................9-57
Wizards ...........................................................................................................9-59
WLAN Integration................................................................................................9-59
ESM Integration ...................................................................................................9-64
Local Policies..............................................................................................................9-74
Wireless Policies ..................................................................................................9-74
Operating Policies ...............................................................................................9-83
Event Settings ......................................................................................................9-88
Sensor Configuration ..........................................................................................9-92
Location Properties .............................................................................................9-99
10 High Availability Understanding High Availability...............................................................................10-1

What is High Availability (HA)? .........................................................................10-1
HA and RF Manager ............................................................................................10-1
Definition of terms in HA ...................................................................................10-1
How does HA work in RF Manager? .................................................................10-2
Configuring High Availability in RF Manager .........................................................10-3
How to obtain an RF Manager license with HA...............................................10-3
Preparing for HA..................................................................................................10-4
Command Usage..................................................................................................10-7
Determining if RF Manager is in Active or Standby mode .........................10-8
Verifying if the HA Cluster is in Normal State .................................................10-8
HA Configuration Scenarios .....................................................................................10-9
Scenario 1: Configuring two brand new RF Managers in HA mode............10-10
Scenario 2: Migrating from a Standalone RF Manager to HA ......................10-13
Scenario 3: Disabling HA ..................................................................................10-15
Scenario 4: Replacing a Server from an HA Cluster......................................10-17
Scenario 5: Reconfiguring RF Managers in an HA Cluster...........................10-18
Scenario 6: Upgrading an HA Cluster .............................................................10-19
High Availability Events ..........................................................................................10-20
HA RF Manager Switch.....................................................................................10-20
HA Link Down....................................................................................................10-20
ix
HA Link Up .........................................................................................................10-21
Scenarios After Take Over and Reconnection......................................................10-21
Split Brain Scenario.........................................................................................10-21
A RF Manager Legacy Systems Introduction ................................................................................................................. A-1

Pre-requisites ........................................................................................................ A-1
Upgrading pre 5.0 System.................................................................................... A-1
Upgrading 5.0, 5.2, or 5.5 System........................................................................ A-1
Download the Upgrade Package ............................................................................... A-2
Prerequisites.......................................................................................................... A-2
High Availability Cluster Upgrade............................................................................. A-3
Prepare for Upgrade ................................................................................................... A-3
Upgrade the RF Manager using Console.................................................................. A-4
Upgrade Sensors ......................................................................................................... A-5
Finish Upgrade ............................................................................................................ A-7
Legacy RF Manager Quickstart ................................................................................. A-9
Hardware overview .............................................................................................. A-9
Package contents ........................................................................................... A-9
Ethernet ports ................................................................................................ A-9
Console port ................................................................................................... A-9
Reset button ................................................................................................... A-9
Status LEDs .................................................................................................. A-10
Mounting tips ...................................................................................................... A-10
Initial configuration............................................................................................ A-10
Initial configuration of the Integrated Sensor................................................. A-12
B SNMP Interface
C Glossary Acronyms: .................................................................................................................... C-1

Terms ............................................................................................................................ C-2
Icons.............................................................................................................................. C-4
Navigation Bar Icons............................................................................................ C-4
General Icons ........................................................................................................ C-5
Dashboard Tab Icons ........................................................................................... C-5
Events Tab Icons .................................................................................................. C-6
Devices Tab Icons................................................................................................. C-7
Locations Tab Icons ........................................................................................... C-10
Reports Tab Icons............................................................................................... C-10
Administration Tab Icons .................................................................................. C-11
xi
xii
Chapter 1: Introduction
1
Introduction
About This Guide

This guide explains how to configure and operate the HP ProCurve RF Manager IDS/IPS Controller (J9521A), typically called RF Manager, RF Manager Server, or Server in this document. RF Manager comes with a 50-sensor license to assist you to effectively monitor, troubleshoot, administer, and protect your wireless network. Additional 50 Security Sensor License(s) (J9399A) are available on request.
Products Covered
This guide applies to the RF Manager IDS/IPS Controller and the following MSM4xx and MSM3xx Sensors (USA identifies USA versions, WW identifies worldwide versions for the rest of the world):
Model
MSM415 Sensor MSM325 Access Point with Sensor MSM335 Access Point with Sensor 802.11 a/b/g MSM320 Access Point with Sensor License 802.11 a/b/g MSM320-R Access Point with Sensor License
USA part
J9522A J9369A J9356A
J9360A J9384A J9365A J9384A
WW part
J9522A J9373A J9357A
J9364A J9384A J9368A J9384A
HP ProCurve Networking Product Naming

As of October 1st, 2008, Colubris Networks was acquired by HP ProCurve Networking. HP ProCurve Networking has integrated the Colubris product line into its Networking product portfolio (www.procurve.com/news/colubris-10-01-08.htm). In the online help and this manual, Colubris product names have been changed to their equivalent HP ProCurve Networking product names.
Note
SOAP and SNMP MIBs retain the Colubris naming so you do not need to change your existing SOAP and MIB usage.
Introduction About This Guide
The Colubris Networks product names and their corresponding new HP ProCurve Networking product names are as follows:
Colubris name
MSC-5100 MultiService Controller MSC-5200 MultiService Controller MSC-5500 MultiService Controller MAP-320 MultiService Access Point MAP-320R MultiService Access Point MAP-330 MultiService Access Point MAP-330R MultiService Access Point MAP-330 AP+Sensor MultiService Access Point MAP-625 MultiService Access Point MAP-630 AP+Sensor MultiService Access Point WCB-200 Wireless Client Bridge Visitor Management Tool RF Manager 1500 Enterprise RF Manager 1300 Basic RF Planner
HP ProCurve Networking name

MSM710 Controller MSM730 Controller MSM750 Controller MSM310 Access Point MSM310-R Access Point MSM320 Access Point MSM320-R Access Point MSM325 Access Point with Sensor MSM422 Access Point MSM335 Access Point with Sensor M111 Client Bridge Guest Management Software RF Manager 100 IDS/IPS system RF Manager 50 IDS/IPS system RF Planner
Important Terms
The following terms are used in this guide.
Term
AP
Description
Refers to any MSM3xx or MSM4xx Access Point or the MSM317 Access Device which is an Access Point with integrated Ethernet switch. Specific model references are used where appropriate. Non-HP ProCurve access points are identified as third-party APs. These APs do not support controlled-mode operation. Refers to a RF security sensor that continuously scans the 2.4 or 5GHz bands to detect and counter-attack security threats for 802.11a/b/g/n wireless devices and APs. The MSM415 is a dedicated sensor, while the MSM325 and MSM335 are combination sensor and AP.
sensor
service controller Refers to any MSM7xx Controller, including both Access Controller and Mobility Controller variants.
1-2
Introduction About This Guide
Conventions
Management Tool
This guide uses specific syntax when directing you to interact with the RF Manager user interface. Key user-interface elements are identified as follows:
Example directions in this guide

Select Administration > Global > Location Settings. For Password specify secret22.
What to do in the user interface

Select the Administration tab, then select Global, and then select Location Settings on the sub-menu. In the Password field enter the text secret22 exactly as shown.
Warnings and Cautions

Do not proceed beyond a WARNING or CAUTION notice until you fully understand the hazardous conditions and have taken appropriate steps.
Warning Caution
Identifies a hazard that can cause physical injury or death.
Identifies a hazard that can cause the loss of data or configuration information, create a non compliant condition, or hardware damage.
Commands and Program Listings

Monospaced text identifies commands and program listings as follows:
Example
use-access-list ip_address
Description
Command name. Specify it as shown. Items in italics are parameters for which you must supply a value. Items enclosed in square brackets are optional. You can either include them or not. Do not include the brackets. In this example you can either include the %s or omit it. Items separated by a vertical line indicate a choice. Specify only one of the items. Do not include the vertical line.
ssl-certificate=URL [%s]
[ONE | TWO]
1-3
Introduction Introducing RF Manager
Introducing RF Manager
Thank you for purchasing the RF Manager IDS/IPS Controller. RF Manager enables you to effectively monitor, troubleshoot, administer, and protect your wireless network. Before using this Management and Configuration Guide, it is recommended that you first perform the installation and configuration as described in the HP ProCurve RF Manager and Sensors Installation and Configuration Guide. All documentation is available on the HP ProCurve Manuals web site under HP ProCurve RF Manager IDS/IPS Controller at: www.hp.com/go/procurve/manuals. This guide describes how to manage and configure RF manager. It is organized as follows:

Additional Configuration: Provides information on setting up your RF Manager. Navigation Bar and Global Functions: Provides an overview of the various tabs and buttons in the RF Manager GUI, hereafter called the Console. Dashboard Tab: Provides wireless vulnerability assessment at-a-glance and displays key findings about your wireless deployment security. Events Tab: Lists various events generated by the RF Manager for your deployment. Devices Tab: Provides information on wireless devices such as Access Points (APs), Clients, Sensors, Network Detectors (NDs), and Sensor and ND combinations (SNDCs) visible to the RF Manager. Locations Tab: Enables you to organize your office locations into a hierarchical tree and displays live RF maps for each location. Reports Tab: Enables you to view predefined reports and create customized reports. Administration Tab: Enables you to view and set various policies for your deployment. HA Availability: Provides information on configuring high availability to minimize your RF Manager downtime. Upgrade Instructions: Provides information on how to upgrade legacy systems to version 5.9. Appendices include SNMP information and a glossary of terms and icons.
New in This Release

The following new features and enhancements have been added in this release:
Draft 2.0 11n Capability

802.11n Support with the introduction of the new sensor product MSM415.
1-4
Introduction New in This Release
RF Manager now detects if an AP is capable of operating in Draft 2.0 802.11n modes and manages the MSM415 security sensor, in addition to the a/b/g MSM325 and MSM335 sensors.
WEPGuardTM
New WEPGuardTM features include: 1. Active WEP cracking attacks The system can detect such attacks, location track the attacker, and take automatic defensive measures. 2. Client fingerprinting The system builds RF signatures of Authorized Clients and is able to thus detect an impersonation attack even if the original Client is inactive. Such attacks can be automatically prevented as well. 3. Enhancements to Weak IV Event The Event Details indicate the level of risk of WEP key cracking. 4. Publicly Secure Packet Forwarding (PSPF) detection for Authorized WEP APs The AP Details indicate if it relays packets among wireless Clients. 5. New WEPGuard Report Summarizes WEP related vulnerabilities in the wireless infrastructure.
Devices in Ad hoc mode

Users can now select the SSIDs used by devices in Ad hoc mode to be displayed in the reports.
Hotspot SSID List

The list of known Hotspot SSIDs has been augmented with new Hotspot SSIDs.
Live Event Architecture

This release provides Live event architecture, an advanced event architecture where a start/ stop event is raised for each incident. As well all related events to an incident are combined and presented as a single event to the administrator. This Interpreted Forensics capability enables administrators to view all details related to a particular incident (example: rogue AP detected and all related events associated to it) as well as dive into details regarding that incident (chronological order of events, device details, event time or current location of devices, etc). Live event architecture provides clear visibility into active (i.e. live) versus expired threats and thereby ensures focused and timely action for the active threats.
1-5
Offline Sensor Operation (Also Known as Standalone Sensor Operation)

This feature provides full security coverage even when there is no connectivity between a Sensor and the RF Manager. The Sensor provides detection, classification, and prevention capabilities when it is disconnected from the RF Manager. The Sensor also raises alerts/events, stores them, and synchronizes them back to the RF Manager on reconnection.
New Assessment and Compliance reports

The following new reports have been added.

Airspace Risk Assessment Wireless Vulnerability Assessment
The contents of the built-in compliance reports have been enhanced for better content and organization.
Reports Enhancements and Archival

In this release, the administrator has extensive flexibility to customize the look and feel of reports. This includes selecting different foreground and background colors, specifying customized text for headings, and selecting only those parameters that need to appear in the generated report. Collated data can be viewed either as bar or pie charts. Reports are now available in PDF format, in addition to HTML and XML formats, available earlier. Reports Archival is also available in this release of RF Manager.
802.11w (Cisco Management Frame Protection) Capability

This release provides basic support for 802.11w devices. This includes 802.11w specific information on the Devices and Administration (SSID Templates) screens of the SGE UI.
220 Channel Scanning

Sensors now additionally scan non-allowed channels, thereby detecting any devices operating on these channels. The RF Manager raises an event displaying the channel number when it detects any device operating on an illegal channel.
Font Internationalization
This feature enables RF Manager to support double byte languages such as Chinese, Korean, and Taiwanese. This allows importing of filenames, SSIDs, and device names with nonEnglish characters.
1-6
Support for Multiple Email Addresses

In this release, the administrator has the flexibility to add multiple email addresses to a report schedule. The RF Manager delivers the report at the scheduled time to all specified email addresses.
New Event for AP RSSI Drop

A new event has been added to detect and report if the RSSI being observed for an AP drops. This can be caused due to faulty radios or AP antenna being disconnected or broken causing a performance hit or loss of connectivity for users.
UI enhancements
Event List Paging
Large number of events had caused the response time for listing these events to be slow. RF Manager v5.9 introduces paging for events listing to improve the response time.
Progress Bar on Device List and RF View

Large number of devices and large number of obstacles in RF view had caused the response time to be slow. A progress bar has been added to these screens.
Support for new Cisco AP in WLC integration

Support for Cisco LWAPP AP 1010 has been added.
1-7
Introduction Safety information
Safety information
Warning
Professional Installation Required

Prior to installing or using the RF Manager, consult with a professional installer trained in RF installation and knowledgeable in local regulations including building and wiring codes, safety, channel, power, indoor/outdoor restrictions, and license requirements for the intended country. It is the responsibility of the end user to ensure that installation and use comply with local safety and radio regulations. Cabling: You must use the appropriate cables, and where applicable, surge protection, for your given region. For compliance with EN55022 Class-B emissions requirements use shielded Ethernet cables. Country of use: In some regions, you are prompted to select the country of use during setup. Once the country has been set, the service controller will automatically limit the available wireless channels, ensuring compliant operation in the selected country. Entering the incorrect country may result in illegal operation and may cause harmful interference to other systems. Safety: Take note of the following safety information during installation:

If your network covers an area served by more than one power distribution system, be sure all safety grounds are securely interconnected. Network cables may occasionally be subject to hazardous transient voltages (caused by lightning or disturbances in the electrical power grid). Handle exposed metal components of the network with caution. The RF Manager and all interconnected equipment must be installed indoors within the same building (except for outdoor models / antennas), including all PoE-powered network connections as described by Environment A of the IEEE 802.3af standard.
Servicing
There are no user-serviceable parts inside HP ProCurve Networking products. Any servicing, adjustment, maintenance, or repair must be performed only by trained service personnel.
HP ProCurve Networking support

HP ProCurve Networking offers support 24 hours a day, seven days a week through a number of automated electronic services. See the Customer Support/Warranty booklet included with your product. The HP ProCurve Networking Web site, www.procurve.com/customercare provides up-to-date support information. Additionally, your HP-authorized network reseller can provide you with assistance, both with services that they offer and with services offered by HP.
1-8
Introduction Getting started
Before contacting support

To make the support process most efficient, before calling your networking dealer or HP Support, you first should collect the following information:
Collect this information

Product identification. Software version. Network topology map, including the addresses assigned to all relevant devices.
Where to find it
On the rear of the product. The product management tool Login page. Your network administrator.
Getting started
Get started by following the directions in the HP ProCurve RF Manager and Sensors Installation and Configuration Guide. Then continue with the information in this guide.
Online documentation
For the latest documentation, visit the HP ProCurve Networking manuals Web page at: www.hp.com/go/procurve/manuals.
1-9
Introduction Online documentation
1-10
Chapter 2: Additional Configuration
2
Additional Configuration
Shutting Down
Caution
Always use either the keypad and LCD display, located on the front of the RF Manager, or the Command Line Interface (CLI) to shut down RF Manager. This is particularly important during initial bootup. Do not shut down RF Manager by disconnecting its power.
Shutdown Using the Keypad and LCD

See also LCD Display in the Hardware Installation chapter of the HP ProCurve RF Manager and Sensors Installation and Getting Started Guide. 1. On the keypad located on the front of RF Manager, press the check key to display the menu on the LCD. 2. Use the up and down arrow keys to navigate to the Reboot/Shutdown menu. 3. Press the check key to select Reboot/Shutdown, and follow the LCD prompts to perform the shutdown, confirming the shutdown.
Additional Configuration Sensor Information
Shutdown Using the CLI

1. Open an SSH session with RF Manager using its assigned IP address as shown in the figure below.
2. Log in with your Username and Password. The default Username and Password is config. 3. Once you are logged in, enter shutdown at the command prompt and press Enter and confirm the operation. RF Manager shuts down.
Sensor Information
Note
The information here assumes that you have already read and completed the HP ProCurve RF Manager and Sensors Installation and Getting Started Guide. There are two types of Sensors available for deployment:

MSM415 Sensor or 802.11n Sensors MSM325 and MSM335 Sensors or 802.11 a/b/g sensors.
RF Sensors are probes that monitor your wireless network and communicate with the RF Manager to guard your corporate network against over-the-air attacks. For most of the monitoring operations to be performed effectively the Sensor must be plugged to your corporate network. However, the Sensor can perform some level of monitoring while it is not communicating with the RF Manager. Sensors can be configured in one of the following three modes:

Sensor Only (SO) Mode: This is the default mode. In this mode Sensor monitors wireless interface and wired interface
2-2
Additional Configuration Zero Configuration of Sensors

Network Detector (ND) Mode: In this mode the Sensor monitors multiple VLANs on the Ethernet interface (Port 1) only. The wireless interface is not monitored in this mode. Sensor/ND Combo (SNDC) Mode: In this mode the Sensor monitors wireless interface and limited number of VLANs on the Ethernet interface (Port 1).
Important
To prevent abuse and intrusion by unauthorized personnel, it is extremely important to install the Sensor such that it is difficult to unplug the device from the network or from the power outlet.
Zero Configuration of Sensors

The zero configuration is applicable if the following conditions are satisfied:

The Sensor is in SO mode. A DNS entry wifi-security-server is set up on all DNS Servers. This entry should point to the IP address of the ProCurve RF Manager. By default the Sensor looks for the RF Manager DNS entry wifi-security-server. Sensor is placed on a subnet that is DHCP enabled.
Important
If a Sensor is placed on a network segment that is separated from the RF Manager by a firewall, you must first open port 3851 for User Datagram Protocol (UDP) and Transport Control Protocol (TCP) bidirectional traffic on that firewall. This port is used for communication Between sensor and RF Manager. If multiple Sensors are set up to connect to multiple RF Managers, zero configuration is not possible. In which case manual configuration of Sensors is needed. See Manually Configuring the Sensor in the HP ProCurve RF Manager and Sensors Installation and Configuration Guide.
2-3
Additional Configuration Sensor Modes of Operation
Sensor Modes of Operation

Sensors (MSM325, MSM335 and MSM415) can operate in three modes. 1. Sensor Only Mode (Sensor)This is the default mode. In this mode, the Sensor should be connected into an access port on a switch. It then monitors a single VLAN that is configured on that access port. The wireless inter*face of the Sensor is enabled.
2. Network Detector Mode (ND)This mode needs to be explicitly configured. In this mode, the ND should be connected into a trunk port (802.1Q capable) on a switch. It then monitors multiple VLANs that are configured on that trunk port and are chosen by the user using the ND CLI. The wireless interface of the ND is disabled. An MSM325, MSM335 Sensor in ND mode can detect and monitor up to 32 VLANs.The MSM415 Sensor in ND mode can detect and monitor up to 100 VLANs as shown in the following images.
MSM325, MSM335
MSM415
3. Sensor/ND Combo Mode (SNDC)This mode needs to be explicitly configured. In this mode, the Sensor should be connected into a trunk port (802.1Q capable) on a switch. It then monitors multiple VLANs that are configured on that trunk port and are chosen by the user using the ND CLI. The wireless interface of the Sensor is enabled. An MSM325, MSM335 Sensor in SNDC mode can monitor up to 4 VLANs. The MSM415 Sensor in SNDC mode can monitor up to 16 VLANs as shown in the following images.
2-4
Additional Configuration Guidelines for Using ND and SNDC
Monitored interface Model

SO (Sensor Only) Default ND mode
Description Wireless
Default mode Yes
Wired
Only the (untagged) VLAN that is configured on the Ethernet port. Yes (up to 32 for the MSM325 and MSM335, up to 100 for the MSM415) Yes (up to 4 for the MSM325 and MSM335, and up to 16 for the MSM415)
This mode needs to be explicitly configured. The ND should be connected into a trunk port (802.1Q capable) on a switch. This mode needs to be explicitly configured. The Sensor should be connected into a trunk port (802.1Q capable) on a switch.
No
SNDC Mode
Yes
Guidelines for Using ND and SNDC

For good wireless security cover, the following are required:

Good air coverage (radio coverage) Good network coverage (coverage of enterprise subnets/VLANs).
Guideline 1
Determine the Sensor count and placement using air coverage criterionYou can achieve good air coverage by using appropriate number of Sensors that are strategically placed on the enterprise premises. You can use HP ProCurve RF Planner to suggest the right placement of Sensors for your floor plan.
Guideline 2
Attempt to cover as many VLANs as possible with the Sensors on the wired side
Each Sensor is connected into an access port that is conveniently located near it. This Sensor then monitors on its wired side, the VLAN configured on this access port, in addition to monitoring wireless signals within its radio coverage area.
Guideline 3
Use a ND to cover the remaining VLANs on the wired sideIn large enterprise networks, the total number of VLANs can be more than the number of VLANs that can be covered using the Sensors as mentioned in Guideline 2 above. This can be attributed to two factors: first, the total number of VLANs being more than the total number of Sensors required for adequate air coverage and/or second, lack of an access port of a particular VLAN conveniently located near the Sensor. The latter usually results in multiple Sensors being
2-5
Additional Configuration Guidelines for Using ND and SNDC
connected into the same VLAN (which is allowed). Thus, the remaining VLANs, the VLANs that are not covered (i.e., monitored on the wired side) by any of the Sensors can then be monitored using a ND. One MSM325, MSM335 in an ND mode can monitor a maximum of 32 VLANs, whereas one MSM415 monitors a maximum of 100 VLANs.
Guideline 4
Use SNDC in remote sitesRemote sites are generally small. Hence, a single Sensor is sufficient to provide good air coverage. Additionally, the total number of VLANs at remote sites is usually small (less than 5). It is thus judicious to deploy an SNDC at remote sites, as one MSM325, MSM335 can monitor wireless signals and monitor up to 4 VLANs on the wired side simultaneously, whereas one MSM415 can monitor wireless signals and monitor up to 16 VLANs on the wired side. The following figures show air cover using Sensors only and network cover using Sensors and NDs.
2-6
Additional Configuration Guidelines for Configuring and Installing ND and SNDC
Guidelines for Configuring and Installing ND and SNDC

Note
In this section, we describe the configuration and installation of ND in detail. Similar steps also apply to SNDC.
A. ConfiguretheSensor (MSM325, MSM335 & MSM415) inNDmode

a. Power the MSM325, MSM335 using either a 5V 3A DC Power adapter or an 802.3af compliant PoE source and MSM415 using an 802.3af Class 0 Power Over Ethernet of Nominal input voltage 48V DC. b. Connect a Serial (straight through DB9 console) cable to the Serial (DB9) port on the Sensor. c. Using a serial application such as HyperTerminal, SecureCRT, TeraTerm, minicom, etc., make the following serial port settings:

For MSM325, MSM335: 9600 bps, 8 data bits, None parity, 1 stop bit For MSM415: 115200 bps, 8 data bits, None parity, 1 stop bit.
d. Allow the Sensor to boot.
2-7
e. Enter the username config and the password config, at the login prompt. f. Type the command set mode to change the mode to ND (The default mode is Sensor). The device needs to reboot for the new setting to take effect. g. Press Enter at subsequent prompts until the device reboots and you get the login prompt.
Note
You are prompted for IP configurations before reboot. Enter the IP configuration settings on the CLI prompt. However, note that the IP routing table cannot be changed after you change the mode. Any changes to the IP routing table must be done before you change the mode to ND/SNDC. Changes in the IP settings during the mode change (i.e. when the mode is changed from Sensor to ND/SNDC) are applied to the untagged VLAN.
h. Type the command get mode to ensure that the mode has correctly changed to ND before proceeding to next step.
B. Deployment
Provide the RF Manager Server IP/Hostname to the ND. a. Type the command set server discovery. b. Choose option 2 (which is the default option) and press Enter. c. Enter the IP/Hostname of the RF Manager Server on the next line and press Enter.
2-8
Note
In the Onsite deployment, either Primary or Secondary Server IP/Hostname should be specified with the Server address.
C. ConfigureVLANs
Type the command set vlan config to configure all the VLANs. Choose option 1 to configure VLANs for DHCP and option 2 to configure VLANs with static IP address. Sensor will restart / reboot after the VLAN configuration.
2-9
D. Configure/ChangetheCommunicationVLAN
Note
By default untagged VLAN is the Communication VLAN. Perform this step only if you want to change the Communication VLAN to a tagged VLAN. Before configuring the Communication VLAN of ND, ensure that there exists a route to the RF Manager Server VLAN from the Communication VLAN of ND. SSH works only for the IP address of the Communication VLAN, hence note the IP address of the Communication VLAN to access the ND. a. Type the command setvlanconfig. b. Choose option 3 from the menu that appears.
c. EntertheCommunicationVLANID. d. Enter y to confirm the new ID of the Communication VLAN. e. Select option 5 to exit. The ND goes for reboot.
E. Create a trunk port on the switch for the ND

Create a trunk port on the switch keeping in mind the following points:

Configure only those VLANs that you want the ND to monitor (up to a maximum of 32 for MSM325, MSM335 and 100 for MSM415) on this trunk port. ND will monitor only those VLANs that are configured. A VLAN must be configured on the trunk port such that a route exists from the VLAN to the Server VLAN. This VLAN can be tagged or untagged VLAN. This VLAN is referred to as Communication VLAN of ND. To configure/change Communication VLAN, see Configure/Change the Communication VLAN on page 2-10.
2-10
F. Connect the ND into the trunk port

Wait till the ND connects to the Server. Once connected, the first two LEDs (PWR and Link) glow stable green. Hereafter you can actually login into the ND using SSH, username config, password config. For this, type the command get vlan config and note down the IP address of the Communication VLAN from the VLAN table.
G. Get VLAN status

Type the command get vlan config and look at the status of the VLANs. If any of the VLANs show Inactive status, type get vlan status to get the details.
Note
VLAN will be reported as Inactive if there is no activity seen by ND and/or IP settings have not been obtained for that VLAN. A VLAN will be monitored only if it is active and no other Sensor or ND is monitoring that VLAN.
H. Use the command get vlan id to get the list of VLANs seen by ND
2-11
I. Deletion of VLAN
To delete a VLAN, type the command set vlan config and choose option 4 from the menu that appears. Now enter the list of VLANs that are presently configured, but need not be monitored.
J. Ensure that all VLANs display properly in the Console

a. Go to the Devices > Sensors tab and locate the entry for the ND. in the device icon column. The ND entry has a superscript N and is indicated by You can also locate the entry for your ND by matching the Ethernet MAC address displayed on the physical device with the MAC address displayed in the Console. b. Right click the ND entry, choose Properties and name the ND uniquely in the Console. c. Right click the ND entry and choose Details > Visible VLANs.
2-12
Additional Configuration VLAN States
d. You should see all the VLANs that you wanted ND to monitor, along with their correct IP Addresses, Net Mask, and Status as Monitored.
VLAN States
The status of the VLAN configured by the user can be seen using the command get vlan status. The status of the VLAN can be any of the following:

Inactive and Unmonitored: In this state a VLAN is configured by the user and is not detected. All the VLANs configured by the user will be in this state, when the ND starts. Active and Unmonitored: In this state a VLAN is configured by the user and is detected, but not yet monitored. Active and Monitored: In this state a VLAN is configured by the user and is monitored by the ND.
Note
The command get vlan status displays the status of the VLAN at that given instance. This status changes randomly and ND will automatically switch in monitoring the VLANs. Various messages, their VLAN states, and descriptions of these states are described in the table below:
Message Activity seen, but DHCP request failed
VLAN State Inactive and Unmonitored
Description There is activity on the VLAN, but the IP address cannot be obtained through DHCP. This can happen when the VLAN is configured for DHCP. There is no activity seen on the VLAN and the IP address could not be obtained through DHCP. This can happen when the VLAN is configured for DHCP. There is no activity seen on the VLAN and the VLAN is configured for static IP settings. This happens when the ND is not monitoring the VLAN as any other Sensor/ND/SNDC is monitoring the same VLAN.
Activity not seen and DHCP request failed
Inactive and Unmonitored Inactive and Unmonitored Active and Unmonitored
IP address configured, but no activity seen
Activity seen, but not locally monitored
2-13
Additional Configuration Useful Tips
Useful Tips
1. The Communication VLAN of ND is used for communication with the Server. 2. The untagged VLAN is also called native VLAN in some switches. 3. Do not configure a tagged VLAN on the ND trunk port, when the same VLAN is monitored by another Sensor, ND, or SNDC. The exception to this guideline is an untagged VLAN on the trunk port, where it is often required for an untagged VLAN to be overlapping across different trunk ports. 4. Do not use Ctrl+C while configuring the VLANs using the command set vlan config.
2-14
Chapter 3: Navigation Bar and Global Functions
3
Navigation Bar and Global Functions
A Quick Tour of the Console
The Console consists of six top-level tabs and additional buttons. This section explains how to use the Console navigation bar and global functions.
Navigation Bar
The Console navigation bar includes the following tabs: Dashboard, Events, Devices, Locations, Reports, and Administration.
Figure 1.Navigation Bar
The following table describes the items in the navigation bar.

Table 1Items in the Navigation Bar
Item Item No.

1 2 3 4 5 6 7 Dashboard Events Devices Locations Reports Administration Troubleshooting in Progress
Description
Provides a summary view of the WLAN environment Lists various Events in the deployed WLAN environment Provides information on the wireless devices visible to the RF Manager Enables you to organize the network into a list of locations and displays live RF maps for each location node Enables you to generate various reports based on 802.11 data Enables you to perform various administrative activities When displayed, alerts you that a troubleshooting session is in progress
Navigation Bar and Global Functions Global Functions
Item Item No.

8 9 10 11 12 13 Current Date and Time Refresh Help Legends About RF Manager Logout
Description
Shows the current date and time in the format: Month Date, Hour: Minute AM/PM (Time Zone) Refreshes all the panels globally Shows the Help file for the RF Manager Describes the icons used in the RF Manager Shows version and patent number and license information of the RF Manager Logs out the current user and opens the Login screen
Global Functions
The Console contains several common functions that apply to the Dashboard, Events, Devices, Locations, Reports, and Administration tabs.
General
The following functions apply to all screens in the RF Manager. On any screen, you can perform the following:

Resize panes horizontally. Scroll only if there is data that overflows the screen. Edit some user-defined fields. Press the Tab or Enter key to save changes in dialogs.
Lists
The following functions apply to all lists in the RF Manager. In any list, you can perform the following:

Sort a column by clicking the column header. Sort a column of icons by clicking the dot in the header row. Resize a text column except the one that contains a checkbox or an icon by dragging the column separator in the header Move through the list using the arrow keys.
3-2

Select a single item by clicking it or by pressing the Tab key, which enables you to
navigate through the list.
Select consecutive items using click-and-drag or by using the Shift + Down Arrow keys. Select random list items using the Ctrl key + click. Select a range of items by selecting the first item, pressing the Shift key, and then
selecting the last item of the range, using click.
When one or more items are selected, you can right-click to open a menu. When you select more than one item, the menu applies to all items that are selected. Menu options that cannot be applied to multiple items are unavailable.
Trees
The following functions apply to all trees in the RF Manager. In any tree, you can perform the following:

Click
to expand the sub nodes.
Click
to collapse the sub nodes.
Double-click the node text to either expand or collapse sub nodes.
Dialogs
The following functions apply to all dialogs in the RF Manager. Depending on options available in a particular dialog, you can:

Click OK to save all the changes and close the dialog. Click Cancel to discard the changes and close the dialog. Click Apply to save all changes and keep the dialog open. Click Delete to remove a selected item. Click Close to close the dialog. Click Restore Defaults to reset to factory defaults. Click to view more information. Some screens have more than one such icon. Click each of these icons in the relevant sections to view information depicted graphically.
Messages
The following functions apply to all message boxes in the RF Manager. The RF Manager divides messages into the following classes:

Confirmation: Signals an application level event that needs immediate user input. Error: Signals an application level event that needs immediate remedial action. Warning: Signals an application level event that needs attention.
3-3
Information: Signals an informational level event that may not need immediate action. button to close the message.
For all informational messages, click the
For all messages that require a Yes or No, you can:
Click OK for Yes.

Click Cancel for No.
3-4
Chapter 4: Dashboard Tab
4
Dashboard Tab
Introduction: Panel Displaying WLAN Snapshot

The Dashboard screen enables you to view a snapshot of your WLAN security status. It also shows how devices in your WLAN are currently categorized and quarantined and a count of events.
Dashboard Screen: Accessibility and Layout

The Dashboard appears by default when you log into the RF Manager. You can return to the Dashboard from other screens by clicking the Dashboard tab. The Dashboard screen includes two panes:

On the left, the Location tree On the right,

Selected Location shows the path for the location selected in the Location tree. Event Generation and Intrusion Prevention icons indicate whether Event Generation and Intrusion Prevention have been turned ON or OFF at a selected location.
Dashboard Tab Dashboard Screen: Accessibility and Layout
Summary and Charts tabs depict a macro view and statistical information of your WLAN respectively.
Figure 1.
Dashboard Screen showing Summary and Charts Tabs
Dashboard: Location Tree

The Location tree shows the complete list of locations created for your WLAN in the RF Manager. To view the Dashboard for a particular location, select the appropriate node in the Location tree.
Summary Tab: Sections

The Summary screen appears by default when you log into the RF Manager. Alternatively, click the Summary tab on the Dashboard screen to view the Summary screen. The Summary screen consists of six sections.

Security Scorecard Quarantine Ad hoc Networks Uncategorized Devices Events Categorized Devices.
4-2
Security Scorecard
The Security Scorecard lets you view a snapshot of your WLAN security status.
Figure 2.
Security Scorecard Section
Your WLAN can be in either of the following states:

Secure: Unacknowledged events do not appear in the list of specified events. Vulnerable: One or more unacknowledged events that cause the network to be
vulnerable appear in the list of specified events.
You can customize the list of events that cause the network to be vulnerable by changing the types of events that contribute to that status. You can also specify if events that are read but not acknowledged contribute to that status.
Editing the Security Scorecard

To specify the types of events that are considered when determining the Security Scorecard status at a particular location, select a location in the Location tree and then click the icon to open Edit Security Scorecard Settings.
Figure 3.
Edit Security Scorecard Settings Dialog
4-3
Network Status: Tell Me More To view more information about the events that contribute to the Secure or Vulnerable status of a particular location, select a location in the Location tree and then click Tell Me More.
Figure 4.
Secure Location Dialog
If the location is vulnerable, select an event row and click Remove from Scorecard so that the RF Manager does not consider this event when computing the Vulnerable status.
Figure 5.
Vulnerable Location Dialog
Quarantine
The RF Manager can proactively block an AP or a Client and automatically protect the network against various wireless security threats. The Intrusion Prevention Policy selected in the RF Manager Setup Wizard determines the APs and Clients that are quarantined.
4-4
The Quarantine section enables you to view a count of APs and Clients that are blocked, that is, Quarantined, as well as a count of APs and Clients that need to be quarantined but are not yet, that is, Quarantine Pending.
Figure 6.
Quarantine Section
Viewing Quarantined Devices To view a list of APs and Clients with status Quarantined or Quarantine Pending, under APs or Clients, click any number in the right column of the Quarantine section.
Figure 7.
List of Quarantined APs and Clients
4-5
Editing the Intrusion Prevention Policy

To edit the Intrusion Prevention Policy and the Intrusion Prevention Level for a particular location, select a location in the Location tree and then click the Intrusion Prevention Policy dialog. icon to open the
Figure 8.
Edit Intrusion Prevention Policy Dialog
Ad hoc Networks
The Ad hoc Networks section displays all peer-to-peer wireless, that is, ad hoc connections between wireless devices in the network.
Figure 9.
Ad hoc Networks Section
4-6
Viewing Ad hoc Networks

To view a list of ad hoc networks and the details of the devices in these ad hoc networks, click a number in the right column of the Ad hoc Networks section.
Figure 10. List of Ad hoc Connections
Uncategorized Devices
The Uncategorized Devices section enables you to view lists of all the APs that do not belong to any category based on their wired status and AP classification policy settings. It also lists all the Clients that do not belong to any category based on their association status and Client classification policy settings. You can select to view either or all those APs that use 802.11a, 802.11b only, or 802.11b or 802.11g protocols. Entries are color coded according to the specified classification policies.
Figure 11. Uncategorized Devices Section
Potential Classification
In the Uncategorized Devices APs section, APs are classified using the following criteria:
4-7

Whether the AP is connected to your wired network. The RF Manager can automatically determine if an AP is connected to the network. Non-networked APs are generally not a threat to the wired network. Whether the AP conforms to the WLAN Policy settings for the wireless network.
New APs appear in one of four categories:

Potentially Authorized APs: APs treated as Authorized based on the AP classification policy settings chosen by the administrator; that is, APs, which are manually classified as Authorized, imported from an Authorized AP list, and those reported by the AP Management Server. You should inspect these APs before manually moving them to the Authorized folder. Potentially Rogue APs: APs connected to your wired network but do not conform to the Wireless Policies. Based on the AP Classification policy, you can move these APs automatically to the Rogue folder. Potentially External APs: APs that are not connected to your wired network, that is, APs that belong to a neighbor and do not pose a threat to your wired network. Indeterminate APs: APs for which the RF Manager cannot determine connectivity to your wired network. You should inspect these APs before manually moving them to the appropriate AP folder.
Clients New Clients that do not belong to any category based on their association status and Client classification policy settings appear under Clients as Uncategorized Clients. The RF Manager cannot determine whether these Clients are authorized or unauthorized. You should manually inspect and move these Clients to the appropriate Client folder.
4-8
Viewing Uncategorized Devices To view a list of Uncategorized devices, click any number in the Total column of the Uncategorized Devices section. See Viewing APs/Clients List on page 7-3.
Figure 12. List of Uncategorized Devices
Events
The Events section enables you to view information about events. You can view events by their type: Security and Monitoring and activity status: Active or Past. You can view event data as a Bar or a Pie chart.
Event Types: Events are categorized as follows:

Security Events: Indicate impending or actual breach of network security and must be addressed immediately, for example, Rogue AP, DoS attacks, and MAC Spoofing. Monitoring Events: Display the health of the wireless network, informative events used for troubleshooting that need not be addressed immediately, for example, detection of APs going up and down, changes in SSID or Beacon interval.
Activity Status: The RF Manager follows a Live Event Architecture (LEA) where active or live events are used to classify events based on the duration of their occurrence as follows:
Active: Have a valid start time stamp and are denoted by the icon. An active event indicates that the triggers that raised the event are operational or continue to exist. On expiry, a valid stop time stamp is assigned to it. One or more conditions can trigger the start and stop of an active event. For example, consider the event Rogue AP is Active. This event will have a start and stop time and hence, it is easy to figure
4-9
out that the Rogue AP is still operating. An active event designated by the icon indicates an event that has been updated, that is, some activity has occurred after the event has been read.
Past: Have a valid start and stop time stamp and are denoted by the icon. A past event indicates that the triggers that raised the event are not operational or have ceased to exist. For example, Potential 802.11 n AP detected. The blue icon indicates that the event has already occurred.
Figure 13. Events Section
Viewing Events To view a list of events, click the hyperlinks Security or Monitoring. The Events section allows you to view the following:

Events that are New or detected, Read, and/or Acknowledged Events that have occurred during a specific period by selecting Last 5 minutes, Last 1 hour, Last 1 day, or All Events from the Display drop-down list
4-10

Events based on their activity status by selecting one of the radio buttons: Active, Past, or All. See Viewing Events Lists on page 5-4.
Figure 14. List of Security Events
Categorized Devices
The Categorized Devices section enables you to view Active, Inactive, and Total number of APs, Clients, Sensors, NDs, and SNDCs.
Figure 15. Categorized Devices Section
The Categorized Devices section is further divided as follows: APs, which shows the following:

Number of Authorized APs Number of Mis-configured APs Number of Rogue APs Number of External APs
4-11
Clients, which shows the following:

Number of Authorized Clients Number of Unauthorized Clients
Sensors, which shows the following:

Number of Sensors Number of Network Detectors Number of Sensor ND Combs icon to segregate APs/Clients operating on the
In the APs/Clients section, click the following protocols:

802.11a 802.11b only 802.11b/g 802.11n Unknown icon to segregate Sensors operating on either of the
In the Sensors section, click the following protocols:

802.11a/b/g
802.11n
Working of the Filter

On selecting any filter element other that 802.11n, the count of devices, which have
protocols as selected in the filter, and not having n capability is displayed.
On selecting the filter element 802.11n, the count of all the devices having n capability irrespective of their protocol is displayed. On selecting the filter as a combination of (any item from 802.11a, 802.11b only, 802.11b/g or Unknown) and 802.11n, for example, on selecting 802.11a and 802.11n, the count of devices with protocol a (and not having n capability) and devices having n capability (irrespective of the protocol) are displayed.
4-12
Viewing Categorized Devices To view a list of Categorized devices, click any number in the Total column of the Categorized Devices section. See Viewing APs/Clients List on page 7-3.
Figure 16. List of Categorized Devices
Charts Tab: Sections

The Charts screen appears by clicking the Charts tab on the Dashboard screen. The Charts screen enables you to:

View current and historical information about various devices and events in the RF
Manager.
4-13
Select the period over which you need to aggregate and display the information.
Figure 17. Charts Screen
The RF Manager maintains historical data for up to last 7 days. The Charts screen consists of four configurable widgets. For each of the widgets, you can choose to view the charts listed in the following table.
Table 2Charts and Filters available on the Dashboard Screen
Chart Type
Top Devices by Events
Available Filters
APs: Event Category Filter Clients: Event Category Filter
Top Event Sub-categories Top Devices by Bandwidth Usage Number of Associated Clients for AP(s) Bandwidth Usage for Devices
Event Category Filter No Filter Multiple Select AP Filter APs: Multiple Select AP Filter Clients: Multiple Select Client Filter
Average Signal Strength for Device seen by Sensors
APs: Single Select AP Filter & Multiple Select Sensor Filter Clients: Single Select Client Filter & Multiple Select Sensor Filter
4-14
Chart Type
Average Noise Level for Channel seen by Sensors
Available Filters
Single Select Channel Filter & Multiple Select Sensor Filter
Using Filters
The RF Manager allows you to drill down to details of a specific device or event. You can use the Device Type filter to choose between an AP and Client. For advanced filtering, use the filter icon to configure the data to be viewed in the chart. Each chart has a set of filters associated to it. You can use one or more filter classes to render a graph. The RF Manager has the following filters. 1. Single Select AP Filter: Has the following sub-filters

Category Protocol AP list (single select)
2. Multiple Select AP Filter: Has the following sub-filters

Category Protocol AP list (multiple select maximum 5)
3. Single Select Client Filter: Has the following sub-filters

Category Protocol Client list (single select)
4. Multiple Select Client Filter: Has the following sub-filters

Category Protocol Client list (multiple select maximum 5)
5. Multiple Select Sensor Filter
Sensor List (multiple select maximum 5)
6. Single Select Channel Filter

Protocol List (multiple select) Channel List (single select)
7. Multiple Select Channel Filter

Protocol List (multiple select) Channel List (multiple select)
4-15
8. Event Category Filter
Category list (multiple select)
Selecting the Duration to View Data

You can view the data for the following periods.

Last 1 Hour Last 1 Day (Data point is available until the last completed hour before the current time, e.g. 11:00, 12:00, 13:00, etc.) Last 7 days (Data point is available until the last completed day before the current time).
Note
The RF Manager aggregates the information for Top category charts on a daily basis. Information for these charts is not available for Last Hour granularity.
4-16
Chapter 5: Events Tab
5
Events Tab
Events: Panel Displaying Alerts

The Events screen provides information about events generated by the RF Manager. The RF Manager classifies events into two types: Security and Monitoring. On this screen, you can view, filter, locate, acknowledge, delete, and undelete events. The option of Event-Pagination is also present.
Pagination of Events
To reduce the load on the RF Manager Server, the Events can be configured in such a way that a distinct number of Events (User-configurable) appear in a Page format. The Events screen has a new toolbar to configure the Pagination. as shown in the figure below
Figure 1. Toolbar for Configuring the Pagination of Events
Click the Click the
icon, to go to the First Page of the Events screen from any Page. icon, to go to the Previous Page from a Page in the Events screen.
The icon signifies the Page number of the Events List. You can manually put in a number to visit that page in the Events List. Click the Click the Click the icon, to go to the Next Page from a Page in the Events screen. icon, to go to the Last Page of the Events screen from any Page. icon, to disable the Paging option. A Confirmation screen appears.
Figure 2.
Confirm turning off Pagination
Events Tab Events: Panel Displaying Alerts

Click Yes to turn off the Pagination of Events. Click the icon, to Configure Events Page size as shown in the figure. The value selected is the number of Events that would be displayed in the Events screen. (Minimum: 25; Maximum: 100, Default: 25 Events per Page)
Figure 3.
Configure Events Page Size Screen
The events Page Size can be configured either by the above option or from the Events Page Size option in the Events Settings in the Administration tab. If the Page number is manually changed through the option in the Events tab, the settings in the Administration tab automatically changes and vice versa.
Note
The Event Pagination feature will appear whenever the Events screen is displayed that is, Tell me more, Events Tab, and in the details of the Devices. The Event Page Size Configuration option in the Administration tab and the icon under the Devices tab is only visible to a user (any) who has rights on the root location. The Graphs under the Events page depict all the events that have taken place and do not only show the number of Events that have been configured to be seen in a Page.
5-2
Events Tab Events Screen: Accessibility and Layout
Events Screen: Accessibility and Layout

You can open the Events screen in either of the following ways:

On the navigation bar, select the Events tab On the Dashboard under the Events section, click the hyperlinks Security or Monitoring
Figure 4.
Events Screen
The Events screen includes two panes:

On the left, the Location tree On the right, the event tabs: All, Security, and Monitoring, event lists, and table
summary
Events: Location Tree

The Location tree shows the complete list of locations created for your WLAN in the RF Manager. To view a list of events, select a location in the Location tree, and then in the right pane select an event type. A list of events appears for the selected location and event category.
5-3
Events Tab Viewing Events Lists
Event Categories, Event Lists, and Table Summary

This pane shows:
Path of the selected location

List of events that have occurred at that location
You can view the following events:

All: Shows all events Security: Shows events that indicate impending or actual breach of network security; you must address these events immediately. Monitoring: Shows informational events that indicate changes in network operating parameters or settings, such as change in SSID or beacon interval.
You can view the following information for all the events on the bar charts under Table Summary.
Event Severity: High, Medium, or Low

Event Status: New, Read, or Acknowledged
Activity Status: Active or Past
Viewing Events Lists

You must view events in order to take corrective actions. Use the following steps to view an event list: 9. In the Location tree, select a location. 10. In the right pane, select a tab All, Security, or Monitoring. An event list has the following columns:

Severity Icon: Specifies the severity of an event as high, medium, or low. Read Status Icon: Specifies if an event is new that is, unread, read, or acknowledged, or a combination of these options. Activity Status Icon: Specifies if an event is active (in progress), is active and an
activity has occurred since it was last read, or past (already occurred).
Contribution to Vulnerability: Indicates if an event is considered when defining the network status. If an event is selected to contribute to the network security status, on occurrence of the event the location becomes vulnerable; else, the location is secure. Type Icon: Indicates the type of the event Monitoring or Security. This column is
visible only if you select the tab All in step 2.
Location: Shows the probable location of the devices participating in the event when the event occurred.
5-4
Events Tab Sorting Events

Event Details: Gives a short description of the event. Category: Specifies the event sub-category within a selected event type. Date: Shows the date and time when the event occurred.
Note
All new events appear in blue; an event that is read appears in black; while a selected row appears in bold.
Figure 5.
List of Events
Sorting Events
The RF Manager sorts events by columns, which helps you arrange information according to your requirements. Use the following steps to sort events: 1. In the Location tree, select a location. 2. Select an event type tab, for example, Security. 3. Optionally, to drill down further, select an event category tab, for example, Rogue AP. 4. To sort a column, click the column header, for example, Date.
5-5
Events Tab Sorting Events
Note
When you sort the list for the first time, the RF Manager sorts it in the ascending order. Click a column header again to re-sort in descending order.
Figure 6.
Sorted Events List
5-6
Events Tab Filtering Events
Filtering Events
To view all the events that occurred on a particular day and at a particular time or between specified periods, you may need to filter events. Use the following steps to filter events: 1. On the Events screen, click the icon to open the Filter Events dialog.
Figure 7.
Filtering Events
2. In the Time Filter dialog, do one of the following:
Select By maximum number of events and then a number from the drop-down list to view the selected number of most recent events. Default: Events in last 1 Hour Select By duration (clicking Customize under the drop-down menu) and then choose either of the following:
Under From Date, click the
icon to specify a start date and time and then icon to specify an end date and time and
click OK. Under To Date, click the then click OK.
3. Under Activity Status, select one or more of the following checkboxes:

Active Past All
5-7
Events Tab Working with Events
4. Under Event Status, select one or more of the following checkboxes:

Read Unread Acknowledged All
5. Under Severity Status, select one or more of the following checkboxes:

Low Medium High All
6. Select the checkbox, Text Filter, to enter details manually for searching data related to it. 7. Select the checkbox, Causes Vulnerability?, to select those Events which have been selected to contribute to Vulnerability. 8. Select the checkbox, Show deleted events, to view deleted events. Event text appears as strikethrough when you select this checkbox. 9. To effect the filter process, click OK.
Working with Events

Events occur when Sensors detect any unexpected change in the WLAN. The RF Manager classifies events into two categories:

Security events, for example, Rogue APs and Denial of Service (DoS) attacks Monitoring events, for example, APs going up and down and change in network settings
Events Context-Sensitive Menu

Context-sensitive menus for Events enable you to:

View an events details Locate an event Acknowledge an event Change the location of an event Delete or undelete an event Mark an event as
5-8

Unread Read
Methods for Opening Events Context-Sensitive Menu

You can open the Events context-sensitive menu in either of the following ways:

Click the Events tab and then right-click an event row to open the context-sensitive menu. Click the Dashboard tab, and then under the Events section, click the hyperlinks Security or Monitoring to open the Events screen. Now, right-click an event row to open the context-sensitive menu.
Figure 8.
Events Context-Sensitive Menu
Items in the Events Context-Sensitive Menu

The Events context-sensitive menu includes the following items.

Details: Opens the Events Details dialog. This option is unavailable if you select
multiple events. See Event Details Dialog on page 5-11.
Locate: Opens the Locate Event dialog, which enables you to track the location of an event by tracking the location of devices involved in that event. See Tracking the Location of an Event on page 5-16.
5-9
Acknowledge: Enables you to add comments to an event. These could be to record actions to be taken in response to an event. Acknowledged events do not contribute to a locations vulnerability. Change Location: Opens the Location Tag dialog that enables you to:

View the complete list of locations Change the location of the selected event
Delete: Enables you to delete an event. HP ProCurve recommends that you delete an event only after you have taken the recommended action for that event. Undelete: Available only if one or more events are deleted; this option enables you to un delete event(s). Mark as Unread: Available only if an event is read; this option enables you to mark an event as a new event. Mark as Read: Enables you to mark a new event as read. Toggle Vulnerability: Enables you select/deselect a checkbox so that the RF Manager should or should not consider an event when computing the vulnerability status.
5-10
Event Details Dialog

You can open the Events Details dialog in either of the following ways:

On the Events screen, double-click an event row. On the Devices screen, right-click and select the Events menu item. On the Device Details screen, double-click an event row.
Figure 9.
Events Details Dialog
The Events Details dialog gives information about the selected event, which helps you determine the appropriate response. The various fields and buttons in this dialog are:

Short Description: Provides a brief description of the event. Event Detailed Description: Gives a detailed description of the event. Location: Displays the location where the event has occurred. Severity: Displays the severity level of the event. Start-Time: Shows the date and the time when the event started. End-Time: Shows the date and time (only for expired events) when the event ended. Is Vulnerable: Indicates if the event contributes to the vulnerability status of the network.
5-11
Events Tab Acknowledging an Event
Under Sub Events column, you can view a list of activities or sub-events associated with the event. The sub events display historic data that varies over time. For example, consider a past event Rogue AP is Active; this event contains an AP classification (category) as time varying data. To capture this change in classification, the event will have sub-events such as:

Event started Classification of AP changed to Rogue AP has become inactive Event expired
Under Updated Date/Time column, you can view the date and time of generation of the sub-event. Participating Devices: Displays the following information for each device involved in the sub-event:

Icon Name MAC address Current Location (current location of the device involved in the sub-event) Event Time Location (location of the device at the time of occurrence of the subevent)
Under Recommended Action tab, view the recommended action that you can take in response to the event. Under Acknowledgement Trail tab:
Enter Acknowledgement Note: Enables you to type acknowledgement notes for the event and acknowledge the event. Acknowledgement Notes Trail: Provides a history of acknowledgement notes. The maximum limit for this field is 1024 characters.
Click Delete to delete the event after confirmation.
Acknowledging an Event
Acknowledge an event so that you can refer to these notes in future. Acknowledged events do not contribute to vulnerability. Use the following steps to acknowledge an event: 1. On the Events screen, right-click an event row.
5-12
Events Tab Deleting an Event
2. From the resulting menu, select Acknowledge.
Figure 10. Event Acknowledgement Dialog
3. In the Enter Comment dialog, under Enter Comment, enter informative text. 4. To save the text click OK.
Note
An administrator can read, select, and add comments (acknowledgment notes) for multiple events. A read event appears in black color. A read and acknowledged event, appears in brown color.
Deleting an Event
When you delete an event manually, the RF Manager does not remove it from the RF Manager but only marks it as deleted. A deleted event does not contribute to the vulnerability status for a location. Deleted events are also visible in a report. Permanent deletion of events from the database happens only automatically based on the configured policy for events. See Auto Deletion on page 9-44. Use the following steps to delete an event: 1. On the Events screen, right-click an event row. 2. From the resulting menu, select Delete. 3. In the Confirm dialog, click Yes to delete the event. If you have selected the Show deleted events checkbox on the Filter Events dialog, the text for this deleted event row appears as strikethrough.
Tip
HP ProCurve recommends that you delete an event only after you view it and have taken the necessary action.
5-13
Events Tab Undeleting an Event
Undeleting an Event
Use the following steps to undelete an event: 1. On the Events screen, right-click an event row that is deleted. 2. From the resulting menu, select Undelete.
Toggling an Event Contribution to Network Vulnerability

You can manage events that contribute to security vulnerabilities. Selected events define the security policy, and the network status is evaluated as secure or vulnerable against these events. You can uncheck events to exclude them from the vulnerability test. Use the following steps to toggle the vulnerability of an event: 1. On the Events screen, right-click an event row. 2. From the resulting menu, select Toggle Vulnerability.
Figure 11. Toggling Event Vulnerability
3. In the Enter Comment, select/deselect the checkbox Participate in Vulnerability Assessment. 4. In the space provided below the checkbox, enter informative text. 5. To save the changes, click OK.
5-14
Events Tab Viewing Detailed Information for an Event
Viewing Detailed Information for an Event

You can view detailed information for an event to understand its cause and effect. Use the following steps to view detailed information for an event: 1. On the Events screen, double-click an event row. 2. On the Event Details dialog that appears, click the detailed information for that event appears. icon. A dialog that shows
Figure 12. Viewing Detailed Event Information
5-15
Events Tab Tracking the Location of an Event
Tracking the Location of an Event

You can track the location of an event by tracking the location of each participating AP, Client, or attacker device. Use the following steps to track the location of an event: 1. On the Events screen, right-click an event row and then from the resulting menu, select Locate.
Figure 13. Tracking the Location of an Event
2. On the Event Details dialog, perform the following:

Under Sub Events, select a sub-event Under Participating Devices, select a device participating in the selected sub-event Click Current Location to view the current location of the device or click Event Time Location to view the location of the device at the time of occurrence of the sub-event.
5-16
Events Tab Viewing Properties of Devices Associated with an Event
3. A Location tracking result window appears. The Distance from Locating Device tab shows the distance of the selected device (in meter and feet) from the locating device. Click the Location on a Floor Map tab to view the current location of the device or the location of the device at the time the event occurred.
Figure 14. Floor map showing the Location of a Device Participating in an Event
Viewing Properties of Devices Associated with an Event

To edit the properties of an AP, Client, or Sensor associated with an event use the following steps to access the corresponding device menu: 1. On the Events screen, double-click an event row.
5-17
Events Tab Viewing Properties of Devices Associated with an Event
2. On the Event Details dialog, under Participating Devices, right-click a device row and select Properties from the resulting menu.
Figure 15. Viewing Device Properties from Events Details Dialog
5-18
Chapter 6: Locations
6
Locations
Locations: Panel for Creating Locations

The Locations screen enables you to organize your network into a list of locations and view live 802.11 RF coverage maps for each location node. On this screen, from the Designer tab, you can add, delete, and move a location folder or node, import a floor map on a location node, attach or detach an image from a location, place available locations on an attached image, and place devices on the floor map. From the Viewer tab, you can view live RF maps.
Locations Screen: Accessibility and Layout

Open the Locations screen by selecting the Locations tab on the navigation bar.
Figure 1. Locations Screen
The Locations screen includes two panes:

On the left, the two tabs: Designer and Viewer, the Locations tree, and a list of available locations and devices. On the right, the image attached to the selected location, locations placed on a location folder and devices placed on a location node.
Locations Locations: Panel for Creating Locations
The following table lists the names and description of each component.
Table 1Name and description of components on the Locations screen
Sr. No.
1
Name
Designer Mode
Enables you to . . .
(1) Create a list of locations: that is, new location folders and location nodes (2) Import layouts (3) Place APs and Sensors on the floor map. View live 802.11 RF Coverage maps of the floor map. Create a new location in the list of locations. Import an RF Planner file in .SPM format from a specified path. Delete a location folder or a location node. View location folders and location nodes/APs and Sensors available for that node. View a list of Authorized APs that are not tagged or placed on any location node. View list of available Sensors that are not tagged or placed on any location node. Look for a device or location in the table. Sort devices or locations in ascending/descending order. View the list of locations of a specific location node. View the dimensions of the floor map: in feet. Estimate the location of the AP or Sensor on the floor map. Control the Opacity of the image: Decrease the value to better comprehend RF coverage or increase the value to pinpoint exact device information on the floor map. Attach an image of a floor map to a location node. Detach an attached image. Save the properties of a location node. Fit the layout image to the window/page. This is the default mode in which the layout image appears on the right pane. Zoom out of a layout image. Enter or choose a value from the drop-down combo box, to view the layout image in terms of an exact zoom percentage (Minimum: 1%; Maximum: 1000%. Zoom into a layout image for an enlarged view.
2 3 4 5 6 7 8 9 10 11 12 13 14
Viewer Mode Add New Location Import Location Delete Available Locations/ Available Devices Available APs Available Sensors Search Sort Location Details Ruler Grid Lines Image Opacity
15 16 17 18 19 20
Attach Image on floor Detach Image from floor Save Best Fit Zoom Out Choose/Enter Value to Zoom In/Zoom Out Zoom In
21
6-2
Locations Working with Location Folders and Location Nodes
Working with Location Folders and Location Nodes

A list of locations comprises location folders and location nodes.

Location folders represent organizational components such as buildings, cities, or

countries.
Root Location: This is the root location. The factory default name for this location is Locations. You can rename this location. However, you cannot delete or move this location. Unknown: This is the default location folder of the root location. You cannot create, delete, rename, move, or add a location to the Unknown folder. When the RF Manager detects a new untagged Sensor, it tags this Sensor to the Unknown location folder. In other words, when the location tag of a location-aware entity is not known or cannot be determined, it is tagged to the Unknown folder. By default, the Unknown folder inherits all the policies except the Operating Policies from the root location. You can customize these policies. See Customizing v/s Inheriting Policies on page 9-4.
Location nodes represent component details such as a floor in a building. For example, Hawaii Conference Room, Bldg 15Cubicle G2, or Executive Area.
Adding a New Location

Use the following steps to add a location: 1. In the Location tree, select the location under which you wish to add a new location. 2. Do one of the following:

Right-click and from the resulting context-sensitive menu, select Add New
Location.
6-3
Click the Add New Location icon (
) below the Designer mode tab.
Figure 2. Adding a New Location
Figure 3. Specifying Location Properties
3. In the Add New Location dialog, select the type of location, that is, Location Folder or Location Node. 4. Enter a name for the new location and optionally enter the following details.
Select Image File: Click Browse to navigate to the path of the image that you wish to attach to the location folder or node. You can attach the image later. See Attaching an Image on page 6-7. Unit: Specify the unit of measurement (feet or meters) for the location node. Length: Specify the length of the location node. Width: Specify the width of the location node.
6-4

Select SPM: Click Browse to navigate to the path of the .SPM file that you wish to import from Planner into the new location node.
Note
Unit, Length, Width, and Select SPM options are available only for a location node. They are grayed out for a location folder. 5. Click OK to create a new location.
Moving a Location
The RF Manager enables you to move a location to a different location folder. Use the following steps to move a location to a specific folder: 1. In the Location tree, select the location that you wish to move. 2. Right-click and from the resulting context-sensitive menu, select Move.
Figure 4. Moving a Location
Figure 5. Selecting a Destination Location
6-5
3. In the Location Move dialog, select the destination location folder to which you want to move the selected location. See Location Move on page 9-4.
Note
You cannot move the Unknown location or any location into this location. 4. Click OK to move the location.
Renaming a Location
Use the following steps to rename a location. 1. In the Location tree, select the location that you wish to rename. 2. Right-click and from the resulting context-sensitive menu, select Rename.
Figure 6. Renaming a Location
Figure 7. Specifying a New Name for a Location
3. In the Rename Location dialog, enter the new name for the location. 4. Click OK to rename the location.
Note
You cannot rename the location folder Unknown.
6-6
Locations Working with Images
Deleting a Location
When you delete a location folder, the RF Manager deletes all subfolders and location nodes below that folder. If there are any devices tagged to the location being deleted, these devices would either be auto tagged (according to the tagging logic) or they will be tagged to the Unknown location folder. Use the following steps to remove a location folder and/or a location node.
Note
You cannot delete the Root Location and Unknown location folders. 1. In the Location tree, select the location that you wish to delete. 2. Do one of the following:

Right-click and from the resulting context-sensitive menu, select Delete. Click the Delete icon ( ) below the Viewer mode tab.
Figure 8. Deleting a location
3. Click Yes in the Confirm dialog to remove the selected location.
Working with Images

This section shows you how to add an image to a location, delete an image from the location, and import a Planner file into a location node. It also shows you how to use the zoom feature while viewing a layout image.
Attaching an Image
Use the following steps to attach an image:
6-7
1. In the Location tree, select the location to which you wish to attach an image. 2. Do one of the following:

Right-click and from the resulting context-sensitive menu, select Attach Image. Click the Attach Image on floor icon ( ) in the right corner.
Figure 9. Attaching an Image to a Location
Figure 10. Specifying a Path to attach an Image
3. On the Select image file to attach to attach to this location dialog, browse to the appropriate image and then click Open.
6-8
Zooming In/Zooming Out and Opacity Control of an Image

Considerable screen area is required to display a large sized layout (for example, 3000 x 2000 sq. ft.) defined or imported in the RF Manager. The zooming in/zooming out feature makes it easier to comprehend the RF coverage and device placement information. It also avoids excessive scrolling. These three features are available in the Designer and Viewer mode and on the Location tracking dialog. Use the following steps to zoom in/zoom out of an image and control its opacity. 1. In the Location tree, select the location node that has a .SPM file imported or attached image and devices placed on it. 2. Do one of the following for zooming out or zooming in:
Select a zoom percentage (%) from the drop-down list and then click the Zoom out icon or Zoom in icon
.
Enter a zoom % between 1% to 1000% in the editable drop-down box and then click the Zoom out icon or Zoom in icon
.
3. To change the opacity of the image, select an Image Opacity value. Decrease this value to better comprehend RF coverage or increase this value to pinpoint exact device placement information.
Note
The RF Manager proportionately resizes the RF layout display area depending on the zoom % specified by the user. Additionally, attached image, if any, and scale markings change accordingly. The RF Manager also readjusts scrollbars to keep the displayed objects center point invariant.
Placing Locations on a Location Folder with an Attached Image

The RF Manager enables you to place locations on a location folder that has an attached image. This helps you identify the physical position of each of the locations. The locations placed on the attached image are indicated by colored circles. A green circle indicates that the location is Secure, while a red circle indicates that the location is Vulnerable. Use the following steps to place locations on the attached image and view their details: 1. In the Location tree, select a location folder. 2. Under Available Locations, drag and drop the required locations on the attached image. 3. To view details about the location hold the mouse cursor over the colored circle. 4. To go to a particular location placed on the image, do one of the following:
Click the colored circle representing the location.
6-9
Point to colored circle representing the location, right-click and select Jump to this location.
Note
You can traverse to a particular location node by following step 4 until you reach the destination location node.
Figure 11. Placing Locations on a Location Folder with an Attached Image and Viewing Details
Detaching an Image
Use the following steps to detach an image: 1. In the Location tree, select the location from which you wish to detach an image. 2. Do one of the following:
Right-click and from the resulting context-sensitive menu, select Detach Image.
6-10
Click the Detach Image from floor icon (
) in the right corner.
Figure 12. Detaching an Image from a Location
3. Click Yes in the Confirm dialog to remove the selected image.
Note
On detaching an image, all the placed locations go back to the Available Locations list.
Importing a Planner file into a Location Node

The RF Manager enables you to specify a layout for each location node using a blank canvas, a layout image, or a .SPM file exported from Planner. Use the following steps to import a Planner file: 1. In the Location tree, select the location node into which you wish to import the .SPM file and then right-click. 2. Do one of the following:
From the resulting context-sensitive menu, select Import Location.
6-11
Locations Creating your Layout
Click the Import Location icon (
) below the Viewer mode tab.
Figure 13. Importing a Location
3. In the Select HP ProCurve RF Planner (.spm) File dialog, browse to the appropriate Planner exported .SPM file and then click Open.
Creating your Layout

This section shows you how to place devices on your floor map, view details of the layout, reset your canvas, and edit floor properties.
Placing APs and Sensors on the Floor map and Viewing Details
The RF Manager enables you to place APs and Sensors on the floor map to view live RF coverage maps for a location node and perform on-floor location tracking of visible 802.11 devices. Use the following steps to place APs and Sensors on the floor map and view their details: 1. In the Location tree, select a location node. 2. Under Available Devices, select either the APs or the Sensors tab, then drag and drop the APs or Sensors on your floor map.
6-12
3. To view details about the AP or Sensor hold the mouse cursor over the appropriate device.
Figure 14. Placing APs and Sensors on the Floor map and Viewing Details
Setting Coordinates and Deleting Devices from a Floor map

The RF Manager enables you to set the coordinates of APs and Sensors placed on the floor map for precise positioning. You can delete APs and Sensors from your floor map, so that the deleted devices can be placed again on the floor map. Such devices become available under Available Devices. Use the following steps to set the coordinates of a device or delete a device. 4. Right-click an AP/Sensor placed on the floor map. Do one of the following from the
resulting menu:
Select Set Coordinates to open a dialog box where you can specify the X and Y coordinates of the selected device. To set the coordinates, click OK. Select Delete to remove the AP/Sensor from the floor map.
6-13
Resetting your Canvas

The RF Manager enables you to reset a canvas to revert to a blank canvas. This option removes all folders and location information from a location folder. It removes all device and location information, including the background image and/or any imported Planner file from a location node. All placed devices go back to the Available Devices list. The RF Manager retains the original size and the location name in the sub-list of locations. Use the following steps to reset a canvas: 1. In the Location tree, select the location at which you wish to reset the canvas and then right-click. 2. From the resulting context-sensitive menu, select Reset Canvas. 3. Click Yes on the Confirm dialog to reset the canvas.
Editing Floor Properties

The RF Manager enables you to edit the properties of an existing floor map to change its name and dimensions. Use the following steps to edit the floor properties: 1. In the Location tree, select the location node whose properties you wish to edit and then right-click. 2. From the resulting context-sensitive menu, select Edit Properties. 3. On the Location Node Properties dialog, edit the required properties.
Figure 15. Editing the Properties of a Location Node
4. To change the properties, click OK.
Note
If you resize a location node to a smaller dimension, the objects placed on the floor map are drawn beyond the floor boundaries. The RF Manager removes all the devices that fall outside the resized area. The RF Manager scales the attached image according to the new size. The size of the objects placed on the floor map however, remains unaltered.
6-14
Locations Viewing RF Coverage Maps
Viewing RF Coverage Maps

To view a live RF coverage map for a location node, Authorized APs and Sensors must be placed on the floor map. Use the following steps to view live RF coverage maps: 1. Place devices on the floor map. See Placing APs and Sensors on the Floor map and
Viewing Details on page 6-12.
2. Select the Viewer tab. 3. Select one of the following views.
AP Coverage View
The AP Coverage View enables you to view an 802.11 RF coverage map based on the dBm at each point on the layout. This information is useful to find out available signal strength at each point. The color-coding scheme used enhances the readability of the map.
Figure 16. AP Coverage View
6-15
AP Channel View
The AP Channel View enables you to view all the 802.11 channels available for connection at each point on the floor. It helps in preventing potential channel interference scenarios.
Figure 17. AP Channel View
6-16
AP Link Speed View

The AP Link Speed View enables you to view the maximum downlink rate with which a Client at a particular point can connect to an AP on the floor.
Figure 18. AP Link Speed View
6-17
Locations Calibrating RF Views
Sensor Coverage View

The Sensor Coverage View enables you to view the detection and prevention zones of visibility for selected Sensors.
Figure 19. Sensor Coverage View
Detection Range is the area over which Sensors can reliably detect wireless activity of devices operating at a power level greater than the value set in the Transmit Power slider. The Intrusion Detection Display Threshold determines the threshold for this range. Prevention Range is the area over which Sensors can prevent unauthorized wireless activity. The Intrusion Prevention Display Threshold determines the threshold for this range. Both detection and prevention ranges are affected by various parameters under Administration > Global > Location Settings > RF Propagation. The reliability of the prevention also depends on the Intrusion Prevention Level chosen under Administration > Local > Operating Policies > Intrusion Prevention > Intrusion Prevention Level.
Calibrating RF Views
Calibration helps in tuning RF parameters used by the RF Manager to compare the AP and Sensor predictions to actual observations. The RF Manager has a robust calibration technique that also allows manual intervention in case of discrepancy. Use the following steps to calibrate RF views:
6-18
1. Generate the RF Coverage map. See Viewing RF Coverage Maps on page 6-15 and then click Calibration. 2. To improve predictions, fine-tune the Min. Signal Decay Constant and the Max. Signal Decay Constant.
Note
Min. Signal Decay Constant specifies the amount of signal loss that is acceptable for regions close to the transmitter (Sensor). Max. Signal Decay Constant specifies the amount of signal loss that is acceptable for regions away from the transmitter. Signal loss is directly proportional to the signal decay constants. 3. Change the values of the Signal Decay Slope (Beta) and the Signal Decay Inflection (Alpha). The RF Manager uses these parameters when computing the RF and defines the region around the transmitter that is unobstructed.
Note
When you change the Min. Signal Decay Constant, Max. Signal Decay Constant, Signal Decay Slope (Beta), and Signal Decay Inflection (Alpha) the RF view and location tracking for unobstructed regions is affected. In the obstructed regions, only Location Tracking is affected, RF view is not affected. 4. Click Update Graph to view your selection against the predicted values.
Important
The Predicted value curve should overlap the Observed value curve as much as possible. 1. Click Calibrate to complete calibration if you have adjusted the parameters manually such that the two curves are parallel (but not coinciding).
6-19
2. Click Apply to commit your changes.
Figure 20. RF Calibration Dialog
6-20
Chapter 7: Devices Tab
7
Devices Tab
Devices: Panel Displaying WLAN Devices

The Devices screen provides information about APs, Clients, and Sensors visible to the RF Manager. On this screen, you can view devices and their details, sort devices, locate and move devices, and troubleshoot an AP/Client.
Devices Screen: Accessibility and Layout

You can open the Devices screen in either of the following ways:

On the navigation bar, select the Devices tab On the Dashboard screen under the Categorized Devices or Uncategorized Devices section, click a non-zero number in the Total column.
Figure 1. Devices Screen
Devices Tab Devices Screen: Accessibility and Layout
The Devices screen includes two panes:

On the left, the Location tree On the right, device category tabs, device lists, and table summary
Devices: Location Tree

The Location tree shows the complete list of locations for your WLAN in the RF Manager. To view a list of devices, select a location in the Location tree, and then in the pane on the right, select a device category. A list of devices appears for the selected location and device category.
Device Categories, Device Lists, and Table Summary

The right pane of the Devices screen shows a list of devices tagged to the selected location. Tabbed views enable you to view device lists for Uncategorized and Categorized APs and Clients, as well as a list of all the Sensors. The Table Summary displays information about APs, Clients, and Sensors in the network.
APs Chart Name

Potential Classification
Uncategorized Categorized APs APs

Yes
Display Information
Potentially Authorized Potentially Rogue Potentially External Indeterminate
Category
Yes
Authorized Mis-configured Rogue External Networked Non-Networked Indeterminate
Network Connectivity Active Status 802.11 Protocol, with or without 802.11n capability. (Draft 802.11n shown in brackets where applicable)
Yes
Yes Yes Yes
Active Inactive a b only b/g a/b/g Other
7-2
Devices Tab Viewing APs/Clients List
APs Chart Name

Security Settings
Uncategorized Categorized APs APs

Yes Yes
Display Information
802.11i Wi-Fi Protected Access (WPA) Wired Equivalent Privacy (WEP) Open Multi Unknown
Note
The RF Manager labels APs that are imported and whose protocol information is not available as Other.
Clients
Chart Name Active Status Category Quarantine Status Yes Uncategorized Clients Yes Categorized Clients Yes Yes Chart Name Active Inactive Authorized Unauthorized Quarantined Not Quarantined
Sensors Chart Name Sensor Type Display Information

Sensor ND SNDC Active Inactive
Active Status
Viewing APs/Clients List

Use the following steps to open a APs/Clients list: 1. In the Location tree, select a location.
7-3
2. On the right, a list of APs/Clients tagged to that location appears; select either the APs or Clients tab. 3. Select either the Uncategorized or Categorized tab under APs or Clients to organize devices.

For Categorized APs, select one of these tabs: All, Authorized, Rogue, or External. For Categorized Clients, select one of these tabs: All, Authorized, or Unauthorized.
Figure 2. Categorized Clients List
The Devices screen shows the following information about APs or Clients.

Device Status Icon: Identifies the type of AP Rogue, External, Authorized,

Indeterminate, Dual Radio or the type of Client Authorized or Unauthorized.
Additionally, this icon specifies the status of APs/Clients as Active/Inactive.
Network Status Icon: Identifies if the AP is connected to the wired network. RSSI: Displays the RSSI (Received Signal Strength Indicator) value observed by the AP or Client. Quarantine Status Icon: Identifies the quarantine status of the AP or Client Quarantined, Quarantine Pending, or Not in Quarantine. Quarantining an AP or Client utilizes the Sensor computation resources. If no Sensor is currently available to quarantine the AP or Client, this icon shows Quarantine Pending. Banned List/Troubleshooting Status Icon: Identifies if the AP or Client is added to
the Banned AP List or Banned Client List or if troubleshooting is in progress on the
specified AP or Client, or both. See Troubleshooting a Device on page 7-25.
7-4

Name: Specifies the user-defined name for the AP or Client. MAC Address: Specifies the unique 48-bit IEEE format address of the AP or Client burned into the network adapter by the manufacturer. Security: Shows the security settings for the AP or Client such as Open, WEP, WPA, 802.11i, or Unknown. SSID: For an AP, it specifies the operating SSID, which is the unique identity that prospective Clients use to recognize the network. When several WLANs operate in the same space, SSID helps Clients in deciding which one to join. However, SSID alone does not provide any meaningful security. For a Client, it specifies the operating SSID of the AP with which the Client is associated. Channel: Specifies the channel number on which the AP or Client operates. The channel is shown as Dual for an AP or Client that operates on both 802.11a and 802.11b/g simultaneously. Protocol: For an AP, it specifies the 802.11 protocol used 802.11a, 802.11b only, 802.11b/g, or 802.11a/b/g, with or without 802.11n capability. For a Client, it specifies the 802.11 protocol (with or without 802.11n capability) used by the AP with which the Client is associated. Vendor: Specifies the name of the AP or Client manufacturer. The vendor name is inferred from the first three bytes of the MAC address. Network: Shows the Network Tag of the network to which the AP is connected. This value is blank if the AP is not connected to a network. Location: Gives the user-defined location name of the AP or Client. Up/Down Since: Specifies the date and time since the AP or Client is up or down. # Associated Clients: Specifies the number of Clients associated to the AP. Associated AP: Specifies the name of the AP with which a Client is associated. This is the AP through which the Client communicates with other Clients and other networked devices. Cell ID: Specifies an ID for Clients in ad hoc mode. The Cell ID is common for all the Clients that form a single ad hoc connection.
Note
The columns Network Status Icon, Security, Channel, Network, and Associated Clients appear only in the APs list. Associated AP and Cell ID appear only in the Clients list.
7-5
Devices Tab Viewing Sensors List
Viewing Sensors List

Use the following steps to open a Sensors list. 1. In the Location tree, select a location. 2. On the right, a list of devices tagged to that location appears; select the Sensors tab.
Figure 3. Sensors List
The Devices screen shows the following information about Sensors:
Device Status Icon: Identifies the type of Sensor Sensor, ND, or SNDC and its status Active, Inactive, Upgrade Required, or Upgrade in Progress. Troubleshooting Status Icon: Identifies if troubleshooting is in progress on the specified Sensor. Name: Specifies the user-defined name for the Sensor. MAC Address: Specifies the unique 48-bit IEEE format address of the Sensor burned into the network adapter by the manufacturer. IP Address: Specifies the IP Address of the Sensor. Capability: Specifies if the Sensor has 802.11n capability. Location: Gives the user-defined location name of the Sensor. Template: Specifies the Configuration template assigned to the Sensor. Build: Specifies the build number of the software running on the Sensor.
7-6
Devices Tab Sorting a Device List
Up/Down Since: Specifies the date and time since the Sensor is up/down.
Sorting a Device List

The RF Manager enables you to sort a device list so that you can arrange information according to your requirements. Use the following steps to sort a device list: 1. Open a device list. See Viewing APs/Clients List on page 7-3. 2. Click a column header to sort the list.
Figure 4. Sorted Device List
7-7
Devices Tab Searching within a Device List
Searching within a Device List

The RF Manager enables you to search multiple text entries and icons to locate the target text within large amount of data. The search is not case sensitive. Use the following steps to search multiple items in a device list: 1. On the Devices screen, click the icon on the top right to open a Search dialog.
Figure 5. Searching within a Device List
2. In the Search dialog, under Search In, select the required column from the drop-down list. 3. Under Search For, you can do the following:

Select multiple text entries or icons under Available and then click the arrow button to move the chosen item(s) under Selected.
Figure 6. Specifying Available Search Values
7-8
Devices Tab Searching within a Device List

Click Add to open Add To Search List dialog where you can specify a user-defined search value and then click OK. You can add multiple user-defined values to search several items at a time.
Figure 7. Specifying User-Defined Search Values
4. To effect the search, click Search. Once the search completes, the . To begin a new search, click the icon and then click
icon changes to
the icon.
Note
If you enter text in Search For, you can use ^ before the text or $ after the text to specify special search semantics. Use ^ before the text to indicate that the text being searched for should be at the beginning. Use $ after the text to indicate that the text being searched for should be at the end. 5. To effect the search, click Search.
7-9
Devices Tab Location Tagging of a Device or Location Tag Assignment
Location Tagging of a Device or Location Tag Assignment

Device tagging refers to the process by which a device obtains the label of a location. Tagging is of two types: Automatic and Manual.
Automatic Location Tagging (Auto Location Tagging)

The RF Manager automatically assigns a location to a device depending on the Auto Location Tagging policy (see Auto Location Tagging on page 9-38) selected and the signal strength of the Sensors reporting the device. If all the Sensors reporting a device are tagged to the Unknown location, the device is also tagged to the Unknown location.
Manual Location Tagging

You can change the location tag of a device manually in one of the following ways:

On the Devices screen, right-click the device row and select Change Location. On the Locations, screen, place the Authorized AP on the floor map. On the Administration > Global tab > Device Settings > Import Devices screen, specify the location to which the device must be tagged.
If an AP or Client is manually tagged, the RF Manager never again auto-tags it. To re-enable auto-tagging for that device, you must delete the device and let the RF Manager re-discover it.
Working with Devices

This section shows how to access various context-sensitive menus and dialogs associated with the devices in your network.
AP Context-Sensitive Menu
APs are wireless devices to which wireless Clients (laptops or PDAs) connect and communicate with other devices on the Local Area Network (LAN). The context-sensitive menu for APs enables you to:
View an AP

Properties Details Associated events
Edit an AP properties
7-10
Devices Tab Working with Devices

Locate an AP Quarantine an AP Enable/disable Auto-quarantine on an AP Troubleshoot an AP Delete an AP Change an AP

Location Category
Methods for Opening AP Context-Sensitive Menu

You can open an AP context-sensitive menu in one of the following ways:

Click the Devices tab and then right-click an AP row to open the context-sensitive menu. Click the Dashboard tab, and then under the Uncategorized Devices APs or Categorized Devices APs section, click any number in the Total column to open the Devices screen. Now, right-click an AP row to open the context-sensitive menu. Click the Dashboard tab, and then under the Quarantine APs section, click any
number to open the Quarantined Devices dialog. Now, right-click an AP row to open
the context-sensitive menu.
Figure 8. AP Context-Sensitive Menu on Devices Screen
7-11
Items in the AP Context-Sensitive Menu

The AP context-sensitive menus include the following items.
Properties: Opens the AP Properties dialog that enables you to

Edit the AP name Change the AP classification Assign a user-defined location tag so that you can easily locate the AP; the location of a manually tagged AP is shown with an asterisk (*) under the Location column
Details: Enables you to view

Primary details of the AP Associated devices Packet Statistics showing Packet Distribution and Data Packet Rates
Events: Enables you to view events associated with the AP, so that you can take the necessary actions. Locate: Opens the Location Tracking dialog that shows

Distance in feet from the Sensor(s) to which the AP is visible Probable location of the AP on the floor map, if the Sensor monitoring the AP is on the floor map
Block Wired Port: Enables you to disconnect the AP from the network by blocking the wired side Ethernet port to which the AP is connected using integrated Cisco WLSE APIs. Mark Port as Unblocked: Available only if the wired port of the AP is Blocked, this option enables you to connect the AP to the network by unblocking the wired side Ethernet port to which the AP is connected using integrated Cisco WLSE APIs. Move to Quarantine: Enables you to block any wireless communication to the AP, that is, quarantine the AP.
If a Sensor is available, the RF Manager automatically selects a defending Sensor for an Authorized AP. The Quarantine status of the AP then appears as Quarantined. If a Sensor is not currently available, the Quarantine status of the AP appears as Quarantine Pending. As soon as a Sensor is available, it starts defending the AP. The AP may appear as Quarantine Pending if it is not currently an active threat (the AP is inactive). The RF Manager keeps quarantining the AP until you manually remove it from quarantine.
Remove from Quarantine: Available only if the AP is manually Quarantined, this option enables you to stop quarantine on the AP, thereby enabling wireless communication. Start DoS quarantine: Available only if the RF Manager has determined an AP to be under a DoS attack and DoS countermeasures have not already been started. This option enables you to start DoS countermeasure on a selected AP.
7-12

Stop DoS quarantine: Available only if DoS Quarantine is initiated on the AP, this option enables you to manually terminate DoS countermeasure on a selected AP. Enable Auto-quarantine: Enabled by default, this option ensures that the RF Manager automatically quarantines an AP, thereby honoring the specified Intrusion Prevention policy. Disable Auto-quarantine: This option ensures that the RF Manager does not automatically quarantine an AP (regardless of the policies). Add to Banned List: Enables you to add the selected AP to the Banned List to prevent the AP from engaging in wireless communication. Remove from Banned List: Available only if the AP is already in the Banned List, this option enables you to remove the selected AP from the Banned List. Start Troubleshooting: Enables you to start a troubleshooting session in either Packet Level Mode or Event Level Mode. Stop Troubleshooting: Available only if a troubleshooting session is in progress, this option enables manual termination of the session. Delete: Enables you to delete a selected AP. Change Location: Opens the Location Tag dialog that enables you to:

View the complete list of locations Change the location of the selected AP. See Manual Location Tagging on page 7-10.
Move to: Enables you to categorize the AP in your network by moving it to the Authorized, Rogue, or External folder.
Note
The menu items Block Wired Port, Mark Port as Unblocked, and Move to Quarantine appear only in the AP context-sensitive menu on the Devices screen and not in the AP context-sensitive menu on the Quarantined Devices dialog. All other items are available on both the menus.
7-13
AP Properties Dialog
You can open the AP Properties dialog in the following manner:
On the Devices screen, right-click an AP row and select the Properties menu item
Figure 9. AP Properties Dialog
Fields in the Device Properties Section

The AP Properties dialog enables you to view and edit the properties of an AP. Under AP Properties, you can modify the following:

Device Name: Specifies the name that is used to identify the AP. Classification: Specifies the classification of the APAuthorized, Rogue, External, or Indeterminate.
7-14

Click Move to to open the AP Classification dialog. Here, you can change the AP classification to Authorized, Rogue, or External. Click OK to move the AP to the selected folder.
Figure 10.AP Classification Dialog
Location: Enables you to view the name of the AP location and the complete list of
locations.
Click Change to open the Location Tag dialog. Here, you can view the complete list of locations and choose a location for the AP. To view the list of locations, you must first set up your list of locations on the Locations screen. See Working with Location Folders and Location Nodes on page 6-3.
Figure 11.AP Location Tag Dialog
Device Tag: Enables you to specify text that provides additional information about the AP; for example, Hawaii Conference Room, Bldg 15 Cubicle G2, or Executive Area. Vendor: Specifies the name of the AP manufacturer, which is inferred from the first three bytes of the MAC address. IP Address: Enables you to specify the IP address for an Authorized or Indeterminate AP. This field is disabled for Rogue and External APs.
Fields in the Prevention Status Section

Under Prevention Status, you can view the following:

Quarantine Status: Specifies whether the AP is quarantined.
7-15
Note
The RF Manager quarantines only those interfaces that are mis-configured (non-policy compliant). The RF Manager allows policy compliant interfaces to operate unhindered.

Defending Sensor: If an AP is quarantined, it specifies the name of the Sensor that is actively preventing the AP from engaging in wireless communication. Port Block Status: Specifies the block/unblock status of the port to which the AP is connected. Port Block Details: Specifies the IP address of the switch and the port to which the AP is connected. Click Move To Quarantine to quarantine the selected AP if a Sensor is available. If a Sensor is not available, the Quarantine Status of the AP is Quarantine Pending.
Note
If the selected AP is currently quarantined, a Remove from Quarantine button appears in the AP Properties dialog. Click Remove from Quarantine to view an Information message and to enable wireless communication to the AP.

Click Block Wired Port to block the wired side Ethernet port to which the AP is connected.
Fields in the Interfaces Properties Section

Under Interface Properties, you can view the following:
MAC/Protocol: Specifies the unique 48-bit address of the AP/ 802.11 PHY modes used by the AP Security: Shows the security settings for the AP. If this option is enabled, the AP enforces WEP encryption on the wireless link. SSID: Specifies the unique identity that prospective Clients use to recognize the network. Channel: Specifies the channel number on which the AP operates. Network: Shows additional information about the IP Address and subnet that identifies the network on which the AP is located.
Client Context-Sensitive Menu

A Client is a laptop, a handheld device, or any other system that uses the 802.11 wireless medium for communication. The context-sensitive menu for Clients enables you to:
View Client

Edit Client properties Locate a Client Quarantine a Client
7-16

Enable/disable Auto-quarantine on a Client Troubleshoot a Client Delete a Client Change a Client

Location
Category
Methods for Opening Client Context-Sensitive Menu

You can open a Client context-sensitive menu in one of the following ways:

Click the Devices tab and then right-click a Client row to open the context-sensitive
menu.
Click the Dashboard tab, and then under the Uncategorized Devices Clients or Categorized Devices Clients section, click any number in the Total column to open the Devices screen. Right-click a Client row to open the context-sensitive menu. Click the Dashboard tab, and then under the Quarantine Clients section, click any number to open the Quarantined Devices dialog. Right-click a Client row to open the context-sensitive menu.
Figure 12.Client Context-Sensitive Menu on Devices Screen
Items in the Client Context-Sensitive Menu

The Client context-sensitive menus include the following items.
7-17
Properties: Opens the Client Properties dialog that enables you to:

Edit the Client name Change the Client classification Assign a user-defined location tag so that you can easily locate the Client; the location of a manually tagged Client is shown with an asterisk (*) under the Location column

Primary details of the Client Associated APs Pie charts showing packet distribution and packet rates
Events: Enables you to view events associated with the Client, so that you can take the necessary actions. Locate: Opens the Location Tracking dialog that shows

Distance in feet from the Sensor(s) to which the Client is visible Probable location of the Client on the floor map - if the Sensor monitoring the Client is on the floor map
Move to Quarantine: Enables you to block any wireless communication to the Client, that is, quarantine the Client.
If a Sensor is available, the RF Manager automatically selects a defending Sensor for an Authorized Client. The Quarantine status of the Client is then Quarantined. If a Sensor is not currently available, the Quarantine status of the Client is Quarantine Pending. As soon as a Sensor is available, it starts defending the Client. The Client may appear as Quarantine Pending if it is not currently an active threat (the Client is inactive). The RF Manager keeps quarantining the Client until you manually remove it from quarantine.
Remove from Quarantine: Available only if the Client is manually Quarantined, this option enables you to stop quarantine on the Client, thereby enabling wireless communication. Enable Auto-quarantine: Enabled by default, this option ensures that the RF Manager automatically quarantines a Client, thereby honoring the specified Intrusion Prevention policy. Disable Auto-quarantine: This option ensures that the RF Manager does not automatically quarantine a Client (regardless of the policies). Reset Fingerprint: Resets the data transmitted by the Client. Add to Banned List: Enables you to add the selected Client to the Banned List to prevent the Client from engaging in wireless communication. Remove from Banned List: Available only if the Client is already in the Banned List, this option enables you to remove the selected Client from the Banned List.
7-18

Start Troubleshooting: Enables you to start a troubleshooting session in either Packet Level Mode or Event Level Mode. Stop Troubleshooting: Available only if a troubleshooting session is in progress, this
option enables you manually terminate the session.
Delete: Enables you to delete a selected Client. Change Location: Opens the Location Tag dialog that enables you to:

View the complete list of locations Change the location of the selected Client. See Manual Location Tagging on page 7-10.
Move to: Enables you to categorize a Client in your network by moving it to the Authorized or Unauthorized folder. If you move a Client manually, the RF Manager never re-classifies that Client automatically based on the Client classification policy. To enable automatic re-classification, you must delete that Client and let the RF Manager re discover it.
Client Properties Dialog

You can open the Client Properties dialog in the following manner:

On the Devices screen, right-click a Client row and select the Properties menu item
Figure 13.Client Properties Dialog
Fields in the Client Properties Section

The Client Properties dialog enables you to view and edit the properties of a Client. Under Client Properties, you can modify the following:

Device Name: Specifies the name that is used to identify the Client.
7-19
MAC Address: Specifies the unique 48-bit IEEE format address of the Client burned into the network adapter by the manufacturer. Classification: Specifies the classification of the Client Authorized or Unauthorized.
Click Move to to open the Client Classification dialog. Here, you can change the Client classification to Authorized or Unauthorized. Click OK to move the Client to the selected folder.
Figure 14.Client Classification Dialog
Usual Location: Enables you to view the name of the Client usual location.

Click Change to open the Location Tag dialog. Here, you can view the complete list of locations and choose a location for the Client. To view the list of locations, you must first set up your list of locations on the Locations screen. See Working with Location Folders and Location Nodes on page 6-3.
Figure 15.Client Location Tag Dialog
Device Tag: Enables you to specify text that provides additional information about the
Client.
Vendor: Specifies the name of the Client manufacturer. The vendor name is inferred from the first three bytes of the MAC address. Associated to AP: Specifies the AP with which the Client is associated. This is the AP through which the Client communicates with other Clients and other networked devices.
Fields in the Prevention Status Section

Under Prevention Status, you can view the following:

Quarantine Status: Specifies whether the Client is quarantined.
7-20

Defending Sensor: If a Client is quarantined, it specifies the name of the Sensor that is actively preventing the Client from engaging in wireless communication. Click Move To Quarantine to quarantine the selected Client if a Sensor is available. If a Sensor is not available, the Quarantine Status of the Client is Quarantine Pending.
Note
If the Client is quarantined a Remove from Quarantine button appears in the Client Properties dialog. Click Remove from Quarantine to view an Information message and to enable wireless communication to the Client.
Sensor Context-Sensitive Menu

Sensors proactively scan the network and generate events. Sensors communicate event information to the RF Manager. The context-sensitive menu for Sensors enables you to:
View Sensor

Edit Sensor properties Troubleshoot a Sensor Reboot a Sensor Delete a Sensor Change a Sensor

Template Location
Upgrade
Method for Opening Sensor Menu

You can open a Sensor context-sensitive menu in one of the following ways:

Click the Devices tab and then right-click a Sensor row to open the context-sensitive menu.
7-21

Click the Dashboard tab, and then under the Categorized Devices Sensors section, click any number in the Total column to open the Devices screen. Now, right-click a Sensor row to open the context-sensitive menu.
Figure 16.Sensor Context-Sensitive Menu
Items in the Sensor Context-Sensitive Menu

The Sensor context-sensitive menu includes the following items.
Properties: Opens the Sensor Properties dialog that enables you to:

Edit the Sensor name Change the template assigned to the Senor. Assign a user-defined location tag so that you can easily locate the Sensor; the location of a manually tagged Sensor is shown with an asterisk (*) under the Location column.

Primary details of the Sensor Associated APs and Clients Pie charts showing packet distribution and packet rates
Events: Enables you to view events associated with the Sensor, so that you can take whatever actions are necessary.
7-22
Start Troubleshooting: Enables you to start a troubleshooting session in Packet Level Mode. Stop Troubleshooting: Available only if a troubleshooting session is in progress, this option enables you to manually terminate the session. Reboot: Enables you to restart the Sensor. Delete: Enables you to delete a selected Sensor; you are prompted to confirm this action. Change Sensor Template: Opens the Select Sensor Template dialog. See Sensor Configuration on page 9-92. The Select Sensor Template dialog enables you to:

View the list of configured Sensor templates Change the Sensor template of the selected Sensor(s)
Change Location: Opens the Location Tag dialog that enables you to:

View a complete list of locations Change the location of the selected Sensor. See Manual Location Tagging on page 7-10.
Upgrade/Repair: Opens the Confirm Upgrade/Repair of Sensor(s) to Build X dialog that enables you to upgrade the Sensor version or repair a Sensor.
Note
The menu item Upgrade/Repair is available only for the 802.11n Sensors.

Cancel Upgrade/Repair: Enables you to cancel the repair/upgrade process for a Sensor in Upgrade/Repair Pending state.
Sensor Properties Dialog

You can open the Sensor Properties dialog in the following manner:
On the Devices screen, right-click a Sensor row, and select the Properties menu item
Figure 17.Sensor Properties Dialog
Fields in the Sensor Properties Dialog

The Sensor Properties dialog enables you to edit the properties of a Sensor and consists the following.
7-23

Device Name: Specifies the name that is used to identify the Sensor. MAC Address: Specifies the unique 48-bit IEEE format address of the Sensor burned into the network adapter by the manufacturer. IP Address: Specifies the Sensor IP address, that is, the IP Layer or Layer 3 address. Location: Enables you to view the name of the Sensor location and a complete list of locations.
Click Change to open the Location Tag dialog. Here, you can view the complete list of locations and choose a location for the Sensor. To view the list of locations, you must first set up your list of locations on the Locations screen. See Working with Location Folders and Location Nodes on page 6-3.
Figure 18.Sensor Location Tag Dialog
You cannot change the location of a Sensor placed on a floor map. If you attempt to do so, an error message appears. A Sensor placed on a floor map is automatically assigned the location tag of that location. To change the location tag, you must first delete the Sensor from the floor map.

Configuration Template: Shows the configured Sensor templates. See Sensor

Configuration on page 9-92.
7-24
Devices Tab Troubleshooting a Device
Click Change to open the Select Sensor Template dialog. Select the appropriate Sensor template and click OK to assign that Sensor template to the Sensor.
Figure 19.Select Sensor Template Dialog
Device Tag: Enables you to specify additional information about the Sensor.
Troubleshooting a Device
The RF Manager provides Knowledgebased Troubleshooting (KBT) which enables you to precisely identify the cause of common problems in your wireless network. KBT uses a knowledge base of wireless problem symptoms and their root causes. The knowledge base is derived from extensive experimentation with WLANs. You can initiate knowledge-based troubleshooting in one of the following modes:

Packet Level Mode: Enables you to remotely capture all packets seen by a selected
Sensor that is in the vicinity of a device. Selection of the Sensor can be manual or
automatic.
Event Level Mode: Triggers the generation of detailed monitoring events for a device in the Troubleshooting event sub-category.
Use the following steps to initiate troubleshooting: 1. Open a device list. See Viewing APs/Clients List on page 7-3. 2. Select the device that you want to troubleshoot and right-click the corresponding device row.
7-25
3. From the resulting context-sensitive menu, select Start Troubleshooting. The Troubleshooting Options dialog appears.
Figure 20.Packet Level Troubleshooting for an AP
4. Select the Troubleshooting Mode and set the corresponding Timeout interval. If you select Packet Level Troubleshooting, ensure that the Sensor used for troubleshooting is reachable from the computer used to launch the Console.
Note
A troubleshooting session automatically times out or terminates after the Timeout irrespective of the activity. You can manually stop troubleshooting from the device contextsensitive menu by selecting Stop Troubleshooting. 5. Under Sensor Selection, select the Sensor to use for troubleshooting. Sensor Status appears as Normal Operation, Busy in Quarantine, or Busy in Troubleshooting. Within each category, Sensors are sorted based on availability and signal strength.
Note
Do not select a Sensor that is Busy in Quarantine or Busy in Troubleshooting. If you select a Sensor that is Busy in Quarantine, the troubleshooting operation fails. 6. Under Protocol and Channel Selection, select the 802.11 protocol and the corresponding channel(s) on which the chosen Sensor should initiate troubleshooting.
7-26
Note
A Configuration template is assigned to each Sensor. The Channels list contains only those channels that are enabled for scanning in that Configuration template. If no channel in a Protocol is enabled, then the Protocol option is disabled. Thus, the Channels list and the status of the Protocol checkboxes change with the Sensor selected. 7. Under Packet Selection, choose to view all the packets visible to the selected Sensor or only the packets from the selected device visible to the Sensor. 8. Click Start Troubleshooting to begin the session. If the Sensor is assigned a Configuration template, where no channels are selected for scanning, an error message is displayed.
Figure 21.Packet Level Troubleshooting Confirm Dialog
9. If you click Yes, and the application is correctly installed, RF Manager launches the application and the packet capture session begins immediately. Alternatively, if you do not have Wireshark installed, an Error dialog appears.
Figure 22.RF Manager unable to Launch Wireshark Dialog
7-27
Devices Tab Viewing AP Details
10. On the Error dialog, there are three possibilities: You can download and install Wireshark and optionally install WinPcap. Wireshark requires a compatible version of WinPcap. If the installed version and expected version mismatch, you need to install the suggested and expected version of WinPcap. If RF Manager does not find Wireshark installed at the default location, C:\Program Files\Wireshark, Wireshark is not launched automatically. To launch Wireshark manually, click Browse to specify the appropriate location and click OK. To launch Wireshark manually from the command prompt, you need to copy and paste the link to set up a direct connection with the Sensor and view live packets.
Points to Note During Troubleshooting

When a troubleshooting session is in progress, a blinking bar. icon appears on the navigation
Once the packet capture based troubleshooting session begins from the Console and the packet capture tool is either interrupted or terminated (gracefully or abruptly) to start another packet capture session, you have to first stop the ongoing troubleshooting session from the Console either manually (if it is still going on) or ensure that the session has indeed ended. You must then restart the fresh troubleshooting session from the Console.

If a troubleshooting session is in progress with a chosen tool (Wireshark or user specified tool), another capture from the command prompt, using user specified capture parameters (viz. rpcap://sensor-ip/iface) will not succeed from the same or another computer.
Viewing AP Details
The RF Manager enables you to access a single dialog to do view the details and events for a selected AP. Use the following steps to open such a dialog: 1. Open an AP list. See Viewing APs/Clients List on page 7-3. 2. Right-click an AP row.
7-28
3. From the resulting context-sensitive menu, select Details. The Device Details dialog appears. The pie charts show live data starting from the time of launching the form.
Figure 23.AP Details Screen
4. Select the Primary Details tab to view the following details for the selected AP.

AP Name Classification Device Tag MAC Address Vendor Name Security Cisco MFP (Draft 11w) AP capability SSID Protocol Channel Network Quarantine Status Location Up/Down since
7-29

Turbo Capability
Super AG Capability
Draft 802.11n Capability
Note
You will see Turbo Capability, Super AG Capability and Pre-11n Capability only if the selected AP has these capabilities. 5. Select the Advanced Details tab to view the following details for the selected AP.

Currently Active: Indicates if the AP is currently active. Authentication: Specifies the procedure used by APs to verify the identity of a Client. Pairwise Encryption: Specifies the encryption used for unicast communication between the AP and a Client. Group Encryption: Specifies the encryption used for broadcast or multicast communication from the AP. Beacon Interval (ms): Specifies in milliseconds the time interval between successive beacons of the AP. Placed on Floormap?: Indicates if the AP is placed on the floor map. Supported Connection Speeds (Mbps): Specifies the connection speeds supported by the selected AP. First Detected At: Specifies the date and time when the AP was first detected by the RF Manager. Publicly Secure Packet Forwarding: Specifies if the AP relays packets among wireless Clients, that is, specifies if Publicly Secure Packet Forwarding (PSPF) is disabled on the Client. Inter-Client Communication Last Detected: For WEP enabled APs, specifies the date and time when communication between two wireless Clients was last seen.
Note
For Authorized but Mis-configured APs, any properties that violate the specified Authorized SSID template for that location are shown in red under Primary Details and Advanced Details. Read the tool tip on the Console for more information. 6. Select the Assoc Clients tab to view a list of Clients associated to the selected AP. To view details of a specific Client, in the corresponding Client row, click Details. 7. Select the Sensors seeing AP tab to view a list of Sensors that can see the selected AP. To view details of a specific Sensor, in the corresponding Sensor row, click Details. 8. To refresh the pie charts showing live Packet Distribution and Data Packet Rates views, click . These charts are refreshed after every pre-defined interval. .
9. To delete data for the selected AP and re-initialize data gathering, click
7-30
Devices Tab Viewing Client Details
10. To initiate troubleshooting on the selected AP, click
11. To view the list of events associated with the selected AP, select the Events tab.
Note
You can search for multiple text entries in the list of events, as well as delete and acknowledge events.
Viewing Client Details

The RF Manager enables you to access a single dialog to view the details and events for a selected Client. Use the following steps to open such a dialog: 1. Open a Client list. See Viewing APs/Clients List on page 7-3. 2. Right-click a Client row. 3. From the resulting context-sensitive menu, select Details. The Device Details dialog appears. The pie charts show live data starting from the time of launching the form.
Figure 24.Client Details Screen
4. Select the Primary Details tab to view the following details for the selected Client.

Client Name Classification Device Tag
7-31
Devices Tab Viewing Client Details

MAC Address
Vendor Name
Security
Channel
Network
Quarantine Status
Protocol
SSID
Ad hoc mode?
Location
Up/Down since
5. Select the Advanced Details tab to view the following details for the selected Client.

Currently Active?: Indicates if the Client is currently active. First Detected at: Specifies the date and time when the RF Manager first detects the Client. Ad hoc Cell ID: Specifies the unique ID of the ad hoc network connection of which the selected Client is a member.
6. Select the Assoc AP tab to view a list of APs associated to the selected Client. To view details about a specific AP, in the corresponding AP row, click Details. 7. Select the Sensors seeing Client tab to view a list of Sensors that can see the selected Client. To view details about a specific Sensor, in the corresponding Sensor row, click Details. 8. Select the Assoc Clients tab to view a list of Clients associated to the selected Client. To view details about a specific Client, in the corresponding Client row, click Details. 9. To refresh the pie charts showing live Packet Distribution and Data Packet Rates
views, click . These charts are refreshed after every pre-defined interval.
.
10. To delete data for the selected Client and re-initialize data gathering, click 11. To initiate troubleshooting on the selected Client, click .
12. To see the list of events associated with the selected Client, select the Events tab.
7-32
Devices Tab Viewing Sensor Details
Viewing Sensor Details

Sensors monitor various channels in which the 802.11 devices operate. The RF Manager enables you to access a single dialog to view the details and events for a selected Sensor. Use the following steps to open such a dialog: 1. Open a Sensor list. See Viewing Sensors List on page 7-6. 2. Right-click a Sensor row. 3. From the resulting context-sensitive menu, select Details. The Device Details dialog
appears. The pie charts show live data starting from the time of launching the form.
Figure 25.Sensor Details Screen
4. Select the Primary Details tab to view the following details for the selected Sensor.

Sensor Name MAC Address Sensor IP Address Location Device Tag Up/Down since
7-33
Devices Tab Viewing Sensor Details
5. Select the Advanced Details tab to view the following details for the selected Sensor.

Currently Active?: Indicates if the Sensor is currently active. Placed on Floormap?: Indicates if the Sensor is placed on the floor map. Channels Scanned (a): Specifies the channels on which the 802.11 a protocol operates that are scanned by the Sensor. Channels Defended (a): Specifies the channels on which the 802.11 a protocol operates that are defended by the Sensor. Channels Scanned (b/g): Specifies the channels on which the 802.11 b/g protocol operates that are scanned by the Sensor. Channels Defended (b/g): Specifies the channels on which the 802.11 b/g protocol operates that are defended by the Sensor. Channels Scanned (Turbo a): For turbo APs, specifies the channels on which the 802.11 a protocol operates that are scanned by the Sensor. Channels Scanned (Turbo b/g): For Turbo APs, specifies the channels on which the 802.11 b/g protocol operates that are scanned by the Sensor. Since 802.11n is an extension to b/g and a (b/g [Draft 802.11n] and a [Draft 802.11n]), the channels are the same.
Note

Country of Operation: Specifies the country in which the Sensor operates. Busy in Quarantine?: Indicates if the Sensor is currently busy quarantining a device. Busy in Troubleshooting?: Indicates whether the Sensor is currently busy capturing packets for troubleshooting. Sensor Software Build: Shows you the build number of software loaded in the Sensor. First Detected At: Specifies the date and time when the RF Manager first detected the Sensor.
6. Select the Visible APs tab to view a list of APs that the selected Sensor can see. To view details about a specific AP, in the corresponding AP row, click Details. 7. Select the Visible Clients tab to view a list of Clients that the selected Sensor can see. To view details about a specific Client, in the corresponding Client row, click Details. 8. Select the Visible VLANs tab to view a list of VLANs that the selected Sensor can see. A table displays the VLAN ID, IP Address, Netmask, and Status. 9. To refresh the pie charts showing live Packet Distribution and Data Packet Rates views, click . These charts are refreshed after every pre-defined interval. .
10. To delete data for the selected Sensor and re-initialize data gathering, click
7-34
Devices Tab Locating an AP/Client Placed on the Floor map
11. To initiate troubleshooting on the selected Sensor, click
12. To view the list of events associated with the selected Sensor, select the Events tab.
Locating an AP/Client Placed on the Floor map

The RF Manager enables you to find the distance of a device from various Sensors to which it is visible and determine the possibility that the tracked device is present at a certain location on the floor map. Location tracking in a dynamic wireless environment works on probabilities. Use the following steps to locate a device: 1. Open an AP/Client list. See Viewing APs/Clients List on page 7-3. 2. Right-click an AP/Client row. 3. From the context-sensitive menu, select Locate. A Tracking Location progress bar followed by a Location tracking dialog appears. Select the Distance from Locating Device tab to view the distance in feet and meter of the selected device from the locating device. Alternatively, if the device for which you are searching is not visible to any Sensor, a message appears.
Figure 26.Distance from Sensors Tab
4. Select the Location on a Floor Map tab to:
7-35
Devices Tab Locating an AP/Client Placed on the Floor map

View a graph that shows a variety of colors to indicate different location probabilities. View Location Probability, which indicates the possibility of the tracked AP/Client being present at a certain location on the floor map.
Note
The Location on a Floor Map tab appears only if you have placed Authorized APs and Sensors on the floor map.
Figure 27.Location on a Floor Map Tab
5. Click the icon to open the Monitoring Device Filter dialog. In this dialog, you can do one of the following to track the location of a device:

To use APs and/or Sensors from the current floor only, select Use signal data from devices at this location only. This option computes the best possible position for the selected device on the current floor.
7-36
Devices Tab Removing a Device from Quarantine

To use APs and/or Sensors from the other floors also, select Use signal data from devices at other locations also. This option computes the best possible position for the selected device using monitoring devices from other floors too. This may result in the selected device being tracked on some other floor.
Figure 28.Monitoring Device Filter Dialog
6. At the bottom of the Location Tracking dialog is a Location Probability slider. The RF Manager highlights only those locations where the probability of locating the device is higher than the value set in this slider bar. You can move the Location Probability slider to High to select regions where the probability of locating the device is higher.
Note
If you move the slider to Low, you see locations with both low and high probabilities. The number and placement of Sensors helps determine the accuracy of location tracking. Increasing the number of Sensors enhances the location tracking accuracy.
Removing a Device from Quarantine

The RF Manager enables you to remove a device from quarantine so that wireless communication can start on that device. You can remove a device from quarantine in several ways. 1. If the device is automatically quarantined, you can do one of the following:
Right-click the device row and select Disable Auto-quarantine

Change the Intrusion Prevention policy that quarantines the device
Deselect the checkbox Activate Intrusion Prevention for location selected
location on the Administration > Local tab > Location Properties > Activation Flags screen
7-37
Devices Tab Moving an AP/Client to a Different Folder
2. Change the classification of a device manually. For example, manually move an AP from the Rogue folder to the External folder by right-clicking the Rogue AP row and selecting Move to and then External. The External AP will move out of quarantine. 3. Change the security settings on the SSID template so that the AP no longer violates the specified security settings. For example, consider an AP that has become misconfigured by virtue of following the Security Settings, say WEP at location Floor 1. This AP violates the Security Settings, say WPA in its SSID template. You now edit the SSID template in such a way that it now matches the configuration of the existing Misconfigured AP. This Misconfigured AP will now become policy-compliant and hence Authorized. As a result, this AP will move out of quarantine. 4. Delete the AP and let the RF Manager re-discover it. For example, consider an AP that has become a Rogue by virtue of following the Security Settings, say WEP at location Floor 1. This AP violates the Security Settings, say WPA in its SSID template. You now, edit the SSID template in such a way that the Rogue AP now becomes policy compliant. As the RF Manager does not automatically remove Rogue APs out of quarantine, delete this Rogue AP. The RF Manager will re-discover this AP. The AP may appear in some other device folder and may be moved out of quarantine. 5. If the device is manually quarantined, right-click the device row and select Remove from Quarantine.
Moving an AP/Client to a Different Folder

The RF Manager enables you to re-classify a device, that is, move a device to a different folder based on fresh information. You cannot however move Categorized APs/Clients to the Uncategorized folder. Use the following steps to move a device to a specific folder: 1. Open an AP/Client list. See Viewing APs/Clients List on page 7-3. 2. Right-click an AP/Client row. 3. From the resulting context sensitive menu, select Move to. 4. Select the category to which you want to move the AP/Client. Note If you move an AP placed on a floor map, an Error dialog appears.
Merging APs
Many modern APs have multiple network interfaces and SSIDs on a single device to support 802.11a and 802.11b/g or even 802.11n simultaneously. Each interface has a different MAC address, which causes the RF Manager to identify them as different APs. The RF Manager displays such APs in separate rows on the Console. This may lead to confusion. Merge can be of two types:
7-38
Devices Tab Merging APs

Automatic: The RF Manager performs automatic merge of certain APs based on their
MAC addresses or other available information.
Manual: The RF Manager allows you to manually merge APs based on their IP addresses or if the RF Manager does not automatically merge them based on the available information.
On selecting two or more AP rows under the Authorized tab, the AP context-sensitive menu shows the Merge option. Merge allows you to do the following:

Merge two or more MAC addresses (network interfaces) of one or more APs into a single AP Select a primary AP to complete the merge operation
Figure 29.AP Context-Sensitive Menu for Multiple AP Selection
A merged AP has the following characteristics:

Inherits common properties such as location, AP name, and IP address from the primary AP Identified by the icon on the Console
Can merge with more APs Can be separated into its individual interfaces using the Split option
Use the following steps to merge APs into a single AP: 1. Open an Authorized AP list. See Viewing APs/Clients List on page 7-3. 2. Select the APs that you want to merge and right-click one of the selected AP rows.
7-39
Devices Tab Splitting APs
3. From the resulting context-sensitive menu, select Merge. A Merge APs dialog appears.
Figure 30.Merging an AP Dialog
4. Select the Primary AP. 5. Click OK to merge the selected APs.
Splitting APs
You need to split APs if they have been merged incorrectly either manually or automatically based on the information available with the RF Manager. Use the following steps to split merged APs into individual APs: 1. Open an Authorized AP list. SeeViewing APs/Clients List on page 7-3. 2. Select the merged APs that you want to split and right-click the corresponding AP row. 3. From the resulting context-sensitive menu, select Split. A Confirm dialog appears. 4. Click Yes to split the selected APs.
7-40
Chapter 8: Reports
8
Reports
Reports: Panel for Generating Reports

The Reports screen enables you to generate predefined and customized reports. The RF Manager uses a query-based mechanism to generate various reports. The RF Manager provides predefined compliance reports namely, Health Insurance Portability and Accountability Act (HIPAA), Sarbanes-Oxley (SOX), Gramm-Leach-Bliley (GLBA), Payment Card Industry (PCI) Standard, etc. Additionally, information about devices and events is also available in the form of ready made reports.
Reports Screen: Accessibility and Layout

You can open the Reports screen by selecting the Reports tab on the navigation bar.
Figure 1. Report Definitions Screen: Shared Reports Tab
Reports Reports Screen: Accessibility and Layout
The Reports screen includes two panes.

On the left, the Location tree On the right, the report panel
Location Tree
The Location tree shows the complete list of locations created for your WLAN in the RF Manager. Users who do not have permission on the root location or do not have a Location Based Policy License (LBP) cannot select the root location. You can select other locations for which you need to generate the report. See Location Tree View and Location-Based Policy License (LBP) on page 9-3.
Report Panel
On the top of the Reports screen, Selected Location gives the path of the selected location. The Reports screen includes two tabs:

Report Definitions: This tab consists of two sub-tabs:

Shared Reports: Contains reports that all the users can view and schedule. These include Compliance Reports, Incident Reports, Infrastructure Reports, Client Reports, and Custom Reports. My Reports: Contains reports available only to those users who have generated them.
Figure 2. Report Definitions Screen: My Reports Tab
8-2
Reports Reports Screen: Accessibility and Layout

Archived Reports: This tab allows you to view saved or archived reports generated on the RF Manager. These reports are useful for trend analysis. An archived report is visible to a user if the user has generated the report. A superuser can see the all archived reports.
On the two tabs Shared Reports and My Reports are two tables described in the following sections.
List of Reports
The List of Reports table displays reports available for all the locations. This table consists of the following columns:

Report Name: Displays the name of each report Report Description: Displays a brief description of each report Report Delivery Schedule: Displays the delivery schedule of each report for the selected location. The schedule is only visible to the user who created it
In the List of Reports table, you can perform the following operations under Shared ReportsCustom Reports tab or My Reports:

Add, edit, delete, and move a report to a different tab Add, edit, and cancel a report schedule
Under Shared Reports Assessment Reports, Compliance Reports, Incident Reports, Infrastructure Reports, and Client Reports tabs, you can only view a report and add a report delivery schedule.
List of Sections
The List of Sections table displays sections created for a selected report. This table consists of the following columns:

Section Name: Displays the name of the section contained in the selected report Section Description: Displays a brief description of each section Section Query Type: Indicates whether the section query is a Device or Event query
In the List of Sections table, you can perform the following operations under Shared ReportsCustom Reports tab or My Reports:

Add, edit, and delete a section of a report Organize the sections in the report using and
Generate a report, save a report with the same, or different name
Under Shared Reports Assessment Reports, Compliance Reports, Incident Reports, Infrastructure Reports, and Client Reports tabs, you can only view a section of a report, generate a report, and save a report with a different name. The saved report is available under Shared Reports Custom Reports tab.
8-3
Reports Managing Reports
On the Archived Reports tab, the following information is available:
Figure 3. Archived Reports Tab
User Name: Displays the name of the user who generated the report. Location: Displays the name of the location at which the report is generated. If the Location tree is updated after a report is generated, this field is not updated. Report Name: Displays the name of the report that appears at the time of report generation. Updating the report name does not update the name here. Format: Specifies the format of the report; that is HTML, XML, or PDF. Generation Date: Indicates the time of report generation. Size (KB): Displays the report size. This parameter is useful when deleting reports.
Managing Reports
This section shows how to add a report, edit a report, delete, and move a report. You can perform these operations either under the My Reports tab or the Shared ReportsCustom Reports tab.
8-4
Adding a Report
The RF Manager enables you to define customized reports so that you can view precise details that you require. Use the following steps to add a report: 5. Select the tab My Reports. 6. Under List of Reports, click Add Report.
Figure 4. Report Details Screen showing Report Header Tab
7. On the Report Details dialog, under Report Name, enter a unique, user-friendly name for the report. 8. Under Report Description, enter brief notes to help identify the report. 9. Click Use default look and feel, to retain the default text, title, and colors for the
reports.
10. Alternatively, click Customize look and feel, to customize the appearance of the report. 11. Select the Report Header tab.

Under Report Header, specify the following parameters to be customized in the generated report:
8-5

Title Text: Specify the text that should appear in the header on the left side. Text on Right: Specify the text that should appear in the header on the right side. Click Pick and select the Text Color and Background colors for the Report Header.
Under Report Title, specify the following parameters to be customized in the generated report:
Title Text: Specify a title that appears below the header on the left side. The Report Description follows this title. Click Pick and select the Text Color and Background colors for the Report Title.
Select the checkbox, Display Report Generation Information to view the following information below the Report Title
Duration for which the report is generated

Location for which the report is generated
User who generated the report
Date and time when the report is generated
Select the checkbox, Display Report Description Text to view a detailed description of the report.
8-6
12. Select the Report Summary tab.
Figure 5. Report Details Screen showing Report Summary Tab
De-select the checkbox, Display Report Summary if you do not wish to view the Report Summary in a tabular form. Alternatively, select the checkbox, Display Report Summary to customize parameters in the Report Summary table in the generated report.

Specify the Report Summary Text that should appear as the Report Summary table heading. Click Pick and select the Text Color and Background colors for the Report Summary table heading.
Under Summary Table, select the checkbox, Include Section with zero results to view sections in which the result count is zero. Under Summary Table Header, click Pick, select the Text Color, and
Background colors for the Report Summary table row header.
Under Summary Table Column Header Definition, select the checkbox, Display Report Summary Table to customize the following column names in the Report Summary table in the generated report.

Section Name Section Description
8-7

Query Type Result Count Jump to Under Summary Charts, select a radio button to view the charts in the desired format.
13. Select the Report Sections tab.
Figure 6. Report Details Screen showing Report Sections Tab
Under Section Title, specify the following parameters to be customized in the generated report:

Section Name Title: Specify the text that should appear as a common heading for all the Section Names. Click Pick and select the Text Color and Background colors for the Section Name Title.
Under Section Header, specify the following parameters to be customized in the generated report:

Click Pick, select the Text Color, and Background colors for the table row headers in the Section Summary and Section Results sections. Select Display Section Description text to view a brief description for each section of the report.
8-8

Select Display Section Query to view all the constraints specified in the database query for that section. Select Display Section Summary to view a graphical and tabular at-a-glance view of the results of the section. Select Display Section Results to view all the entries in the database that satisfy the constraints specified by the section query.

Select Display details of Section Results to view additional details for each entry in the Section Results table.
14. To add the report to the List of Reports, click Save. The new report appears under the List of Reports table.
Editing a Report
The RF Manager enables you to edit user-defined reports. You cannot edit pre-defined reports. HP ProCurve recommends that you do not edit a shared report scheduled by multiple users for delivery. Instead, save the report under a different name and then modify that report. Use the following steps to edit a selected report: 1. From the List of Reports table select the report that you want to edit. 2. Click Edit Report.
8-9
3. On the Report Details dialog, change the Report Name, Report Description, default look and feel, or customize the look and feel.
Figure 7. Editing a Report
4. To save the changes, click Save.
Deleting a Report
The RF Manager enables you to delete a user-defined report. You cannot delete pre-defined reports or a shared report scheduled by some other user. Use the following steps to delete a report: 1. From the List of Reports table, select the report that you want to delete. 2. Click Delete Report. 3. Click Yes on the Confirm dialog to delete the report.
Moving a Report
The RF Manager enables you to move a report from Shared ReportsCustom Reports to My Reports and vice versa. Use the following steps to move a report: 1. From the List of Reports table, select the report that you want to move. 2. Click Move Report.
8-10
Reports Working with Sections of a Report
3. Click Yes on the Confirm dialog to move the report. You cannot move:
A report from Shared ReportsCustom Reports to My Reports if more than one user share or schedule it for delivery at that location A report from My Reports to Shared ReportsCustom Reports if a user schedules it for delivery at that location Reports provided under Shared ReportsCompliance Reports, Incident Reports,
Infrastructure Reports, and Client Reports to My Reports
Working with Sections of a Report

This section shows you how to add a section to a report, edit a section of a report, and delete a section of a report.
Adding a Section to a Report

A report consists of one or more sections. Each section is a query to the database. The RF Manager then searches its database for those records that satisfy the conditions that you impose. However, you cannot add sections to predefined reports. Use the following steps to add a section to a report: 1. From the List of Reports table, select the report to which you need to add a section.
8-11
2. Click Add Section to Report.
Figure 8. Adding a Section to a Report
3. On the Add Section to Report dialog, enter a Section Name and a Section
Description for the newly added section.
4. Select the checkbox Display this section to view this section in the generated report. 5. Under Section Query Type, select Device or Event as the query type. 6. Select any combination of the AP, Client, and Sensor checkboxes to include these
device types in the results.
7. Describe the Section Query construction logic by selecting the following:
A column from Select Column

A condition from Select Condition
An object for the query, which you can select or enter
8. Optionally, select one or more Boolean connectors (OR or AND) to join two or more queries. Click Delete to delete a query. 9. Under Select Columns to be displayed in Section Results, do the following:
8-12

Click Add to view a list of attributes and select an attribute.

Select the checkbox Display to view the selected attribute in the generated report.
Under Summary, you can choose to do the following:
Select the type of chart from the drop-down list to view a graph for the selected attribute. Select the checkbox Table to view a tabulated count for the selected attribute.
Note
Pie charts are not visible in an HTML report. You can view pie charts only in a PDF report.

Select an attribute and click Delete to delete that attribute. Select an attribute and click Up or Down to organize the attributes that appear as columns in the Section Results table of the generated report.
10. To save the section to an existing report, click Save Section to Report. To save the section with a new name, click Save to Report as New Section.
Editing a Section of a Report

The RF Manager enables you to edit a section information, query, or attributes to be displayed in the generated report. HP ProCurve recommends that you do not edit a shared report scheduled by multiple users for delivery. Use the following steps to edit a section of a report: 1. From the List of Sections table, select the section that you want to edit. 2. Click Edit Section. 3. On the Edit Section in Report dialog, make changes to the required field(s). 4. To save the changes in an existing section, click Save Section to Report. To save the edited section with a new name, click Save to Report as New Section.
Deleting a Section of a Report

The RF Manager enables you to delete a section from a report if you no longer need the query defined in that section.
Note
Be careful when deleting a section of a report. The RF Manager cancels any existing delivery schedules for the selected report in the selected location. Further, if you delete the last section of a report, scheduling and report generation functions are disabled. Use the following steps to delete a section from a report: 5. From the List of Sections table, select the section that you want to delete. 6. Click Delete Section. 7. Click OK on the Confirm dialog to delete the section.
8-13
Reports Scheduling a Report
Scheduling a Report
The RF Manager enables you to schedule email delivery of a report. You can select one time delivery or recurring delivery.
Important
It is essential that correct time zone settings are configured in the Server Initialization and Configuration Wizard from the Server Config shell. Otherwise, scheduled reports will be emailed at incorrect times. Choose the time zone carefully.
Setting a Report Schedule

Use the following steps to schedule email delivery of a report: 1. From the List of Reports table, select the report that you want to schedule. 2. Click Add Schedule. The Generation and Delivery Options for Selected Location dialog appears.
Figure 9. Scheduling a Report for One Time Generation
3. From the Format drop-down list, select the output type for the report, that is, HTML, XML, or PDF.
Note
The RF Manager does not support PDF report generation on older versions of IE (versions lower than 7.0). 4. Select either One Time Generation or Recurring Generation.
To schedule a report for One Time Generation, perform the following:
8-14
Under Schedule Report, click the calendar icon on which to generate the report.
to specify the date and the time
Under Report Time Period, customize the duration for which the report should be generated by doing either of the following:

Select Last and then the number of hours, days, or months before the report delivery time. Select Customize and then the exact date and time in From Date and To Date fields.
Figure 10.Scheduling a Report for Recurring Generation
To schedule a report for Recurring Generation, perform the following:

Under Schedule Report, from the Generate Report Every drop-down list, select the number of hours, days, or months over which to deliver the report. Click the calendar icon next to Start Date to select the start date and time for the report. Click the calendar icon next to End Date to select the end date and time for the report. The End Date must be greater than the Start Date. The RF Manager automatically selects the End Date and Time from the Start Date. Under Report Time Period, customize the duration for which the report should be generated by selecting Last and then the number of hours, days, or months before the report delivery time.
8-15
5. Under Delivery Options, perform the following:
Select Archive Report and then choose from the following:

Never Delete to retain the report forever Delete after n days to delete the report after the specified number of days
Select Email Report to email a copy of the report to the selected user(s).
Select Zip before email to compress the report before emailing it.
6. Click Add Recipients to open Report Delivery dialog. Here, you can do the following:

Select one or more email addresses under System Users and then click the arrow to move the chosen email address(s) to Recipients. The RF Manager delivers scheduled reports to the users under Recipients. Click Add to open Additional Email Addresses dialog where you can specify a custom email address for a non-RF Manager user who will receive a scheduled report. In this dialog, you can add multiple email addresses one at a time.
Figure 11.Specifying Additional Email Addresses for Report Delivery
7. Click OK to close the Additional Email Addresses dialog. 8. Click OK to close the Report Delivery dialog. 9. To schedule the report, click Save.
Editing a Report Schedule

The RF Manager enables you to edit a report schedule in response to your requirements. Use the following steps to edit a report schedule: 1. From the List of Reports table, select the report whose schedule you want to edit. 2. Click Edit Schedule.
8-16
Reports Generating a Report Instantly
3. On the Generation and Delivery Options for Selected Location dialog, make the
necessary changes. See Setting a Report Schedule on page 8-14.
4. To save the changes, click Save.
Canceling a Report Schedule

The RF Manager enables you to cancel a report schedule based on your requirements. Use the following steps to cancel a schedule: 1. From the List of Reports table, select the report whose schedule you want to cancel. 2. Click Cancel Schedule. 3. Click Yes on the Confirm dialog to cancel the schedule.
Generating a Report Instantly

The RF Manager enables you to generate a report instantly to display detailed information about your WLAN for a selected period. Use the following steps to generate a report: 1. From the List of Reports table, select a report that has at least one section. 2. Click Generate.
Figure 12.Generating a Report
3. On the Generate Report dialog, select the Report Time Period by doing one of the
following:
Select the number of days or hours from the drop-down list over which to collect data. Use the calendar icons to the right of the From and To fields to select the start time and end time for which to collect the data.
4. Select the Format in which to generate the report, that is, HTML, XML, or PDF.
8-17
Note
The RF Manager does not support PDF report generation on older versions of IE (versions lower than 7.0). 5. Under Report Archival, select Archive Report and then select one of the following:

Never Delete to retain the archived report in the database forever Delete after n days to delete the archived report after the selected number of days
6. Click OK to generate the report. 7. An HTML or PDF report opens in another browser window.
Figure 13.Report in HTML Format
8-18
Figure 14.Report in PDF Format
8. Alternatively, to save a report in XML format, in the Save dialog, specify the path where you want to save the report.
Figure 15.Report in XML Format
8-19
Reports Sample Report Generation
Sample Report Generation

The example given in this section walks you through the process of creating a new report and shows you how to add a new section consisting of several database queries to the report. These are the steps involved in generating a report:

Creating a report Adding a section Specifying a section query Selecting columns Saving the section Generating the report
We illustrate these steps with an example of a report that lists of all the Rogue APs in the WLAN that:

Operate only on the 802.11b protocol Use either Channel 6 or Channel 11 for wireless communication
Creating a Report
1. Select the tab My Reports. 2. Add a new report to the List of Reports table by clicking Add Report. 3. On the Report Details dialog, enter a Report Name for the new report (for example,
Rogue AP Associations), a Report Description to identify the report, and optionally
customize the look and feel of the report.
4. Click Save. The new report appears under the List of Report table.
Adding a Section
1. Select the newly added report. 2. Click Add Section to Report. 3. On the Add Section to Report dialog, enter a Section Name and a brief Section
Description.
4. Select the checkbox Display this section to view this new section in the generated
report.
Specifying a Section Query

1. Under Section Query Type, select Device Query. 2. Under Select Device Type to include in Results, select the AP checkbox. By default, the RF Manager selects this checkbox.
8-20
3. Under Section Query, from left to right, select the following: Violates Security Policy? is equal to Yes; the Boolean connector AND to join the first query to the second Active Status is equal to Inactive; the Boolean connector AND to join the second query to the third Channel is equal to 6; the Boolean connector OR to join the third query to the fourth Channel is equal to 11
Note
The following steps explain a suggested method of implementing this query. You can implement the same query by changing the order of the queries. 4. Under Select Columns to be displayed in Section Results, do the following

Click Add to view a list of attributes. Select the following attributes one at a time and click OK.

MAC Address SSID Network Status Protocol Channel Device Folder
Ensure that you select the following under Select Columns to be displayed in Section Results.
Attribute
Display
Summary Chart Table

Selected Selected Selected Selected Selected
MAC Address SSID Network Status Protocol Channel Device Folder
Selected Selected Selected Selected Selected Selected
Pie Bar Pie Bar Bar
Saving the Section

5. To save this section to the report (Rogue AP Associations), click Save Section to Report. The new section appears under the List of Sections table.
8-21
Generating the Report

6. Select the newly created report (Rogue AP Associations). 7. Click Generate. The Generate Report dialog appears. 8. Under Report Time Period, select 7 days. 9. Under Format, select PDF. 10. Under Report Archival, select Archive Report and then select Delete after 360 days to retain the archived report for 360 days. 11. Click OK. The PDF report opens in a different browser window.
Figure 16.Report in PDF format for Rogue AP Associations
12. To view the Section Summary and Section Results of a section, click the corresponding link(s) in the Jump to column in the Report Summary table.
8-22
Figure 17.Report for Rogue AP Associations showing Section Summary
Figure 18.Report for Rogue AP Associations showing Section Results
8-23
8-24
Chapter 9: Administration
9
Administration
Administration: Panel for Configuring Policies

The RF Manager is highly customizable and can be configured to suit the needs of your enterprise. The Administration screen allows you to perform various administrative activities such as event, device, and user management, configure the RF Manager and location settings, and enable integration with third party applications.
Administration Screen: Accessibility and Layout

The Administration screen includes two panes:

On the left, Policy Groups that are categorized into Global Policies and Local Policies; Global policies are grouped under the Global tab while Local policies are grouped under the Local tab.
Administration Administration Screen: Accessibility and Layout
On the right, the details of the selected policy node
Figure 1. Administration ScreenGlobal Tab
Figure 2.
Administration ScreenLocal Tab
9-2
Global Policies
Global Policies are those that are applicable to the entire RF Manager. Only users with Superuser rights or an administrator with rights to the root location can modify these policies.
Local Policies
Local Policies are those that you can customize for a particular location. When you create a new location, by default, all the policies for this new location are always the same as its parent location. In other words, this newly created location inherits policies from its parent. You can change these inherited policies. A user with administrative rights can change these inherited policies, configuring them for a location.
Location Based Policy (LBP) License

If you have an LBP license, you can modify policies under the Local tab to suit different locations. As a result, different locations can have different policies. If you have an LBP license, you can customize, inherit, or copy-paste polices from one location to another. See Customizing v/s Inheriting Policies on page 9-4, and Copying and Pasting of Local Policies on page 9-8. This feature is suitable for deployments that are spread over large geographical areas and where different policies are required in different areas. If you do not have an LBP license, you can only modify the policies under the Local tab for the root location. You cannot modify policies under the Local tab to suit different locations. As a result, all the locations will inherit policies from the root location. If you do not have an LBP license and you attempt to customize polices, a message pops-up. The message informs you that since you do not have a license that has location based policy management, you cannot customize local policies for each location. Irrespective of the type of license, you can edit the policies in the policy group Location Properties. You cannot inherit, customize, and copy and paste policies from Location Properties, as these policies are unique for each location.
Figure 3.
Non-availability of Location Based Policy Management Message
Location Tree View and Location-Based Policy License (LBP)

In a large deployment spanning across multiple locations, LBP feature means that users can be created to manage separate locations without allowing them access to other locations. This limits the users ability to perform location operations and policy configurations only to those locations where access is granted. User access is added from Administration > Global Policies > User Management > Users screen. Without an LBP license, all the users have access to all the locations.
9-3
Location Move
The RF Manager enables you to change the position of a location in the Location tree. When you move a location, the inherited policies will be inherited from the new parent location and customized policies will be carried over and remain customized.
Behavior of Template Based Policies During Location Move

During the location move, for template based policies, (for example, Authorized WLAN Setup and Sensor Configuration), copies of applied/default templates are created at the destination location, if these templates are not available in any of the ancestor locations in the location hierarchy. See Authorized WLAN Setup on page 9-75 and Sensor Configuration on page 9-92. If a template already exists at the destination location, that template is not copied to the new location.
Tip
Do not use distinct policies for two locations that represent geographically close-by areas. This is because if two locations are very close, it is possible that Sensors from both these locations see a device, thereby affecting the accuracy of location tagging for the device. See Location Tagging of a Device or Location Tag Assignment on page 7-10.
Policy and Policy Groups

The RF Manager clubs policies in Local Policies with related functionality into groups called Policy Groups. Examples of policy groups and policies within them are as shown below.
Example 1
Operating Policies (Policy Group). See Operating Policies on page 9-83

AP Auto-classification(Policy1) Client Auto-classification (Policy 2) Intrusion Prevention (Policy 3)
Example 2
Event Settings (Policy Group). See Event Settings on page 9-88.

Configuration (Policy 1) Email Notification (Policy 2)
Customizing v/s Inheriting Policies

By default, a location inherits policies from its parent location. You can break the inheritance and customize the policies at a location. You can customize or inherit policies only at the policy group level. Customization or inheriting of individual policies is not allowed at the individual policy level within the policy group. By customizing or inheriting a policy in a policy group, the policy group gets customized or inherited.
9-4
Figure 4.
Policy Inheritance v/s Customization
Customizing Policies Use the following steps to customize policies in a policy group for a location that inherits policies from its parent: 1. Select the Local tab. 2. Select a location in the Location tree for which you want to customize the policies. 3. Select a policy group from the Administration tree.
9-5
4. Right-click either the selected location or the selected policy group. A context sensitive menu appears. Click Customize Policy Group > Policy Group Name.
Figure 5.
Customizing a Policy Group
5. Alternatively, click
on the right side of the policy group pane.
6. Alternatively click the hyperlink Customize in the sentence Click Customize to re define this policy at this location. on the individual policy page. By customizing the individual policy, the entire policy group is customized. You can now custom define the individual policies within the policy node. Inheriting Policies: (Re)establishing Inheritance Use the following steps to inherit policies in a policy group for a location which has customized policies: 1. Select the Local tab. 2. Select a location in the Location tree for which you want to inherit policies from its parent. 3. Select a policy group from the Administration tree.
9-6
4. Right-click either the selected location or the selected policy group. A context sensitive menu appears. Click Inherit Policy Group > Policy Group Name.
Figure 6.
Inhering Policies for a Policy Group
5. Alternatively, click
on the right side of the policy group pane.
6. Alternatively click the hyperlink Inherit in the sentence Click Inherit to inherit this policy from its parent location. on the individual policy page. By inheriting the individual policy, the entire policy group is inherited from its parent location. This re-establishes the inheritance link for the selected policy group. The policy group loses any existing customization for the selected location and starts using the parent policies instead. Once policies are inherited, action items like checkboxes, buttons, and so on are de activated in the policy pane. You will see the policies in a Read-only mode.
Template Based Policies

In the RF Manager, some policies are made up of one or more templates. In a large setup with several locations, the administrator would like to create templates on a single location and reuse these templates, if other locations in the sub-tree need to have similar templates to define their policies. Applying a Template A user can create templates at locations to which access has been granted. You can then select one or more such templates to be applied at a particular location. Thus, when you apply one or more templates to a location, you define the policy for that location.
9-7
Template Availability at Sub-locations When you create a new template at a location, it is available for viewing and applying to all the locations in its sub-tree. Templates can only be modified and deleted at the location at which they are created.
Copying and Pasting of Local Policies

In a large setup with several locations, the administrator would like to custom define policies for just one location. If other locations need to have policies similar to the ones already defined, you can Copy the policies from the first location and Paste them to the other locations. Copy allows you to copy one or all policy groups customized for a particular location to another location. If all the policy groups for a location are inherited from its parent, you cannot copy policies from that location. Paste allows you to paste the policies to a policy group on any location. By pasting a policy group on a location inheriting that policy group, the inheritance is broken.
Copying and Pasting all Local Policies

Use the following steps to copy and paste all Local policies: 7. Right-click a location from the Location tree which you choose to copy (source
location).
8. From the resultant context-sensitive menu, select Copy Local Policies for > Location Name.
9-8
9. Select All Local Policy Groups or Policy Group > Policy Group Name. The Policy Group > Policy Group Name option is available only if a policy group node is selected in the Administration tree.
Figure 7.
Copying all Local Policies
10. Right-click a location to which you want to paste the copied policies.
9-9
11. From the resultant context-sensitive menu, select Paste All Policies from <Location Name> or Paste <Policy Group Name> from <Location Name>. The Paste All Policies from <Location Name> is displayed if all the policies were copied during the copy operation. The Paste <Policy Group Name> from <Location Name> option is displayed if only a policy group is copied during the copy operation.
Figure 8.
Pasting all Local Policies
Copying and Pasting a Local Policy Group

Use the following steps to copy and paste a Local policy group: 12. Right-click a location from the Location tree. 13. Right-click a policy group from the Administration tree which you choose to copy.
9-10
14. From the resultant context-sensitive menu, select Copy Policy Group-<Policy Group Name>.
Figure 9.
Copying a Local Policy Group
15. Right-click a location to which you want to paste the copied policies. 16. From the resultant context-sensitive menu, select Paste <Policy Group> from <Location Name>.
Note
The copy operation is not allowed if no local policy group is custom defined or customized on that location.
Exporting RF Manager Configuration

The Export Configuration feature enables the superuser and the administrator to export all policy related information in a single click and gather the same information from a single file, rather than having to go through the policies for all locations. This exported information can later be used for auditing purposes.
Exporting Global and Local Policies

Use the following steps to export the RF Manager configuration at the root location: 1. Click the Global or Local tab.
9-11
2. In the Global tab, right-click Global Policies or in the Local tab, select the root location and right-click Local Policies.
Figure 10. Exporting RF Manager Configuration of the Root Location
3. Select Export Configuration. 4. Click Yes on the Export Configuration dialog to export the configuration parameters. 5. Select the location where you want to save the exported XML file. 6. Click Save.
Exporting Local Policies for a Selected Location

Use the following steps to export the RF Manager configuration for a selected location: 1. Click the Local tab.
9-12
2. Select the location whose configuration you want to export and right-click.
Figure 11. Exporting RF Manager Configuration of a Selected Location
3. Select Export Configuration. 4. Click Yes on the Export Configuration dialog to export the configuration parameters. 5. Select the location where you want to save the exported XML file. 6. Click Save. Structure of the Exported XML File The XML file hierarchy reflects the Policy Groups hierarchy on the Administration screen. It includes policies and report scheduling information for a location and similar information for its child nodes. The XML file shows all the detailed configurations of the selected location. However, if this location has any sub-location folders, then the XML file shows only those policies that have been customized. Policies that are inherited from the parent location are shown as being inherited in the XML file. The detailed configurations for such locations can be viewed by traversing the list of locations in the upward direction.
9-13
Administration Global Policies
Figure 12. Viewing an Exported XML File for a Selected Location
Global Policies
Click the Global tab in the Administration screen to view the policies groups under this tab.
Note
In the Administration tree, items marked with an asterisk contain advanced settings. You should modify these settings only if you fully understand the parameters included on these screens. Otherwise, HP ProCurve recommends that you retain the defaults.
Event Settings
Select the Event Settings screen to configure the following event settings in the RF Manager.
Vulnerable SSIDs
APs from popular vendors have default SSIDs that are publicly known. Using such known defaults allows hackers to easily guess the SSIDs of your APs, resulting in vulnerability in your network. If you consider an SSID to be vulnerable to hackers, you can open the Vulnerable SSIDs screen and enter the SSID under SSID (ASCII character string). Click Add and then Apply to place the SSID in your database. If an AP point with a vulnerable SSID is detected, the RF Manager generates an event.
9-14
Note:
By default, commonly known SSIDs are listed. To enter a blank SSID: no string, click Add without entering any text. The list shows the SSID as NULL. Remove SSIDs from this list by selecting the SSIDs and clicking Delete. To remove the SSIDs from the database, click Apply.
Figure 13. Vulnerable SSIDs
Regeneration
Some events are generated repeatedly when the cause persists; for example, Denial of Service (DoS) (Security) and traffic events (Monitoring).
9-15
The Regeneration screen enables you to specify how often an event is repeated if the cause persists under the Event Regeneration Interval. (Minimum: 1 hour; Maximum: 168 hours; Default: 24 hours)
Figure 14. Event Regeneration Interval
Hotspot SSIDs
Typical SSIDs advertised by APs at various hotspots are publicly known. Using such known defaults in your network allows hackers to easily guess the SSIDs of your APs, resulting in vulnerability in your network. If you consider an SSID to be vulnerable to hackers, you can open the Hotspot SSIDs screen and enter the SSID under SSID (ASCII character string). Click Add and then Apply to place the SSID in your database. If an AP with a vulnerable SSID is detected, the RF Manager generates an event.
9-16
Note
By default, commonly known SSIDs are listed. To enter a blank SSID: that is, with no string, click Add without entering any text. The list shows the SSID as NULL.
Figure 15. Hotspot SSIDs
Remove SSIDs from this list by selecting the SSIDs and clicking Delete. To remove the SSIDs from the database, click Apply.
9-17
Event Page Size

Event Page Size allows you to configure the Page size of an Events screen and all the related screens which have a mention of Events. Page Size refers to the number of Events reported per page.
Figure 16. Events Page Size
Device Settings
Select the Device Settings screen to configure the following device settings in the RF Manager.
9-18
Import Devices
Importing an Authorized AP List and an Authorized or Unauthorized Clients List is an efficient alternative to manual movement of these devices into the Authorized/ Unauthorized bins. After successfully importing these lists, the RF Manager automatically classifies the APs and Clients in the respective lists as Authorized/Unauthorized.
Figure 17. Import Devices
You can move Authorized APs to the Authorized folder using one of the following methods:

Move an AP to the Authorized folder using right click and Move option Import the Authorized AP list Synchronize with an AP Management Server
Note
Once you move an AP to the Authorized folder, the RF Manager never automatically removes it from the Authorized folder, even if it later detects that the AP is unwired from the enterprise network.
9-19
Under Import AP List, click Import Authorized AP List to open Import Authorized AP List dialog.
Figure 18. Import Authorized AP List
In the Import Authorized AP List dialog: Under Tag Devices, select one of the following:

Auto Tag Devices: To automatically tag the AP to the corresponding location. Manually Tag Devices to: Click Change to manually tag the AP to the desired location.
Under Enter AP details
To add AP details, type the AP MAC address, IP Address, and Name and click Add to List>>>. To add AP details from a file, click Browse. On the Select Authorized AP_Device_List_File dialog, select the .txt file from the desired location and click Open. Then click Add to List>>>.
Under Authorized AP Import List
To delete AP details, select the corresponding row and click Delete.
To import Authorized APs from the Authorized AP Import List, click OK.
Note
When you import APs from a list, policy settings in the Setup Wizard do not affect these APs. In the Import Devices dialog, under Import Client List, click Import Authorized Client List to open Import Authorized Client List dialog and/or click Import Unauthorized Client List to open Import Unauthorized Client List dialog. In the Import Authorized/Unauthorized Client List dialog:
9-20
Under Tag Devices, select one of the following:

Auto Tag Devices: To automatically tag the AP to the corresponding location. Manually Tag Devices to: Click Change to manually tag the AP to the desired location.
Under Enter Client details
To add Client details, type the Client MAC Address, IP Address, and Name and click Add to List>>>. To add Client details from a file, click Browse. On the Select Authorized/ Unauthorized Client_Device_List_File dialog, select the .txt file from the desired location and click Open. Then click Add to List>>>.
Under Authorized/Unauthorized Client Import List
To delete Client details, select the corresponding row and click Delete.
To import Authorized/Unauthorized Clients from the Authorized/Unauthorized Client Import List, click OK.
Note
Policy settings in the Setup Wizard do not affect Clients imported from a list. In the Import Devices dialog, under Import Sensor List, click Import Sensor List to open
the Import Sensor List dialog:
In the Import Sensor List dialog:
Under Tag Devices, select one of the following:
Auto Tag Devices: To automatically tag the Sensor to the corresponding location. Manually Tag Devices to: Click Change to manually tag the Sensor to the desired location.
Under Enter Sensor details
To add Sensor details, type the Sensor MAC address and Name and click Add to List>>>. To add Sensor details from a file, click Browse. On the Select Sensor_Device_List_File dialog, select the .txt file from the desired location and click Open. Then click Add to List>>>.
Under Authorized Sensor Import List
To delete Sensor details, select the corresponding row and click Delete.
To import Sensors from the Sensor Import List, click OK.
Note
Sensors imported from a list, can be deleted from the Devices screen only
9-21
Thresholds
Threshold settings determine the status of devices in terms of up-down association and connectivity. The Thresholds screen enables you to set parameters for APs, Clients, and Sensors.
Figure 19. Device Thresholds
Device Threshold Parameters contains the following settings: AP Timeout
Activity Timeout: If the RF Manager senses no activity of the AP for the period specified here, it declares the AP inactive. (Minimum: 60 seconds; Maximum: 600 seconds; Default: 300 seconds)
Client Timeouts
Activity Timeout: If the RF Manager senses no activity from a Client for the period specified here, it declares the Client inactive. (Minimum: 120 seconds; Maximum: 1200 seconds; Default: 600 seconds) Association Timeout: If the RF Manager sees no communication between an associated AP and Client pair for the period specified here, it declares the association as timed out. (Minimum: 120 seconds; Maximum: 1200 seconds; Default: 600 seconds)
9-22
Sensor Parameters
Maximum Number of Sensors Allowed: Maximum number of Sensors allowed to connect to the RF Manager at a given time. (Maximum: 200) Sensor Timeout: The Sensor sends keep alive information to the Server at a regular time interval specified here, to tell the Server that it is alive. If the RF Manager does not receive this keep alive information within the specified time span, it declares the Sensor inactive. (Minimum: 25 seconds; Maximum: 900 seconds; Default: 600)
Note
HP ProCurve has disabled Sensor Timeout for this release.

RF Signal Computation Constants

Moving Average Constant: A constant used to find the weighted average of signal strength as seen by a Sensor for a transmitter. Higher value gives more weight to more recently seen signal strength values. (Minimum: 0; Maximum: 1; Default: 0.05)
Sensor observes signal strengths as RSSI reported by the driver. The RF Manager converts this information to dBm values for further use. The conversion formula for this is different for 2.4 GHz and 5 GHz frequency spectrum. The formula is dBm = RSSI + dBm Conversion Constant.

RSSI <-> dBm Conversion Constant for 802.11a: This value used for 5 GHz band is set to -98. RSSI <-> dBm Conversion Constant for 802.11b/g: This value used for 2.4 GHz band is set to -90.
Sensor Server Communication

Time to wait for Initial Statistics: The Sensor periodically sends information to the RF Manager Here you can set the time for the Sensor to send the information to the RF Manager for the first time. (Minimum: 120 seconds; Maximum: 600 seconds; Default: 300 seconds) Frequency of Device Updates: The RF Manager is informed immediately when device attributes change or when a device is first detected. If no such changes take place, the RF Manager should still be informed about the device updates. Here you can set the time after which the RF Manager is notified of the updates. (Minimum: 1 day; Maximum: 365 days; Default: 36 days) Frequency of Signal Strength Updates: The RF Manager should be periodically informed about the signal strength updates. Here you can set the time after which the RF Manager is notified. (Minimum: 1 minute; Maximum: 5 minutes; Default: 2 minutes) Frequency of Network Performance Updates: The Server should be periodically informed about the network performance updates. Here you can set the time after
9-23
which the RF Manager is notified. (Minimum: 4 hours; Maximum: 24 hours; Default: 12 hours)

Records Constant: A Sensor maintains records for APs, Clients, and associations. The constants below define the maximum number of APs, Clients, and associations for which to maintain records with the Sensor(s).

Maximum Number of AP records to keep: Specifies the maximum number of APs for which to maintain records with the Sensor(s). (Minimum: 100; Maximum: 500; Default: 128) Maximum Number of Client records to keep: Specifies the maximum number of Clients for which to maintain records are with the Sensor(s). (Minimum: 100; Maximum: 500; Default: 256) Maximum Number of Association records to keep: Specifies the maximum number of associations for which to maintain records with the Sensor(s). (Minimum: 100; Maximum: 500; Default: 128)
Discovery
Sensors and NDs inject discovery (ARP) broadcast packets in bursts on the network at regular intervals. These packets detect the presence of wireless devices connected to the network. If there are multiple Sensors and NDs on a network, only one injects discovery packets on the network.
Figure 20. Device Discovery
9-24
The following options are available:

Number of packets in a discovery burst: Specifies the number of packets that the RF Manager sends in each discovery burst. (Minimum: 10; Maximum: 1000; Default: 300) Time interval for packets in a discovery burst: Specifies the time interval between
two consecutive packets sent in a discovery burst.
(Minimum: 10 milliseconds; Maximum: 110 milliseconds; Default: 50 milliseconds) Time to wait between two discovery bursts: Specifies the time interval between two consecutive discovery bursts. This time also determines the time taken to detect rogue devices connected to your network. More the time to wait between two discovery bursts means more time is required to detect the connectivity of the wireless devices. (Minimum: 3 seconds; Maximum: 1200 seconds; Default: 75 seconds)
MAC Spoofing
In MAC spoofing, an unauthorized AP fakes as an Authorized AP by advertising the same identity information: that is, MAC address.
Figure 21. MAC Spoofing
The MAC Spoofing screen enables you to specify the following options:

MAC Spoofing Tolerance: The RF Manager detects MAC Spoofing if the Authorized AP starts at least half a second before the AP that is spoofing it. You can change this time gap called MAC Spoofing Tolerance to fine-tune detection of MAC Spoofing APs. (Minimum: 600 seconds; Maximum: 3600 seconds; Default: 3600 seconds)
9-25

MAC Spoofing Session Interval: Specifies the timeout period for MAC Spoofing. If the RF Manager does not observe MAC Spoofing activity for this period, any current distributed MAC spoof session terminates. (Minimum: 5 minutes; Maximum: 15 minutes; Default: 5 minutes)
Note
The RF Manager may quarantine an Authorized AP if an attacker AP placed close to the Authorized AP spoofs its MAC address and is operating in a nearby or same channel.
Banned AP List
The Banned AP List enables you to import a list of banned APs to the database. You define the wireless MAC addresses of APs that are blacklisted in your organization. If APs with these MAC addresses become visible, the RF Manager generates an alert.
Figure 22. Banned AP List
In the Banned AP List under Enter AP MAC addresses, enter the MAC address of a prohibited AP and click Add to List>>>. The MAC address is added to the Banned AP List. You can also:

Use Ctrl + V to paste a list. Add the MAC addresses from a file by clicking Browse and then selecting the file.
Note
Separate MAC addresses by a comma, space, tab, semicolon, or new line.
9-26
Banned Client List

The Banned Client List enables you to import a list of banned Clients to the database. You define the wireless MAC addresses of Clients that are blacklisted in your organization. For example, such MAC addresses could belong to laptops of employees who are no longer with the organization. If Clients with these MAC addresses become visible, the RF Manager generates an alert.
Figure 23. Banned Client List
In the Banned Client List under Enter Client MAC addresses, enter the MAC address of a prohibited Client and click Add to List>>>. The MAC address is added to the Banned Client List. You can also

Use Ctrl + V to paste a list Add the MAC addresses from a file by clicking Browse and then selecting the file
Note
Separate MAC addresses by a comma, space, tab, semicolon, or new line.
User Management
Select the User Management screen to set various user settings. For example, you can
manage users and set the password and account locking policies.
Users
The Users screen enables you to add, edit, and delete user accounts.
9-27
Figure 24. Manage Users
Adding a User
Click Add to open the Add User Details dialog.
Figure 25. Adding User Details: User Properties Tab
Under Add User Details, you can create user accounts to be authenticated either locally or via Lightweight Directory Access Protocol (LDAP).
9-28
For an LDAP User, the superuser must specify the following fields:

Login ID User Role List of allowed locations the user can access Session Timeout (Session Never Expires or Session Timeout) Language preference Time Zone
Note
The user can edit the list of locations only if the user has an LBP license. Other fields are not required for LDAP authentication. For a Local User, the superuser must specify the following fields:

Login ID: Login ID of the user User Role: Enables you to specify the type of user. The following table shows the user roles and their respective rights.
Table 1User Roles and User Rights
User Roles User Rights Superuser Administrator

Add, delete, modify, and manage users Modify all screens on the Administration tab (excluding User Management screens) Modify and delete events Y Y Y N Y Y Y Y Y Y Y Y Y
Operator
N N Y Y Y Y Y Y Y Y
Viewer
N N N N N N N N N Y
Add, delete, and modify devices (APs and Clients) Y Add, delete, and modify locations Calibrate location tracking Add, delete, and modify scheduled reports Move devices in and out of quarantine Troubleshoot devices View all product screens (excluding User Management screens) Y Y Y Y Y Y
If the LBP license is enabled, the administrator, operator, and viewer users also need access to locations to perform location specific operations.
You can select one of the following four roles.
Superuser
9-29

Administrator
Operator
Viewer
First Name: First name of the user Last Name: Last name of the user Locations: Displays the list of locations to which the user has access rights.
Click Change to open the Assign Locations dialog. Here, you can view the complete list of locations and select the locations to which you have access rights. Allowing access to a particular location means allowing access to that location and all its sub-locations. Click OK to assign the selected location(s) to the user. This option is available only if you have an LBP license.
Figure 26. Assigning Locations to a User
Under User Properties tab, specify the following:

Password: Password used for login Confirm Password: Password confirmation Email Address: Email address of the user. You must specify an email address for password recovery, scheduled reports, and event notification. Session Timeout: Enables you to specify the time after which the user is logged out automatically if the RF Manager does not detect any activity
Session Never Expires: Select this checkbox if you do not want the session to expire. Session Timeout: Enables you to specify the number of minutes after which the RF Manager automatically logs out the currently logged in user when there is no activity on the Console. (Minimum: 10 minutes; Maximum: 120 minutes)
9-30

Language preference: Select English or Multilingual support from the drop-down list Time Zone: Select the appropriate time zone for the user
Under Password Settings tab, specify the following:
Figure 27. Adding User Details: Password Settings Tab
Password never expires: If selected, the password does not expire over time. This option disables the fields Password Expiry Duration, Password Expiry Warning, and Expiry Date. Password Expiry Details: If selected, specify the following parameters:

Password Expiry Duration: Enables you to specify the duration for which the specified password is valid. If the Password Expiry Duration is less than 15 days, the RF Manager raises a Password Expiry Warning message every time the user logs into the Console (Minimum: 1 day; Maximum: 365 days) Expiry Date: Shows the password expiry date and time Password Expiry Warning: Enables you to specify the number of days before the password expiry date that a password expiry warning should appear. The warning appears every day until you change the password. Once you change the password, the RF Manager updates the Expiry Date depending on the value specified in the Password Expiry Duration field (Minimum: 1 day; Maximum: 60 days)
Click Add to add the details for a new local user. Editing a User To edit the details of an existing user, double-click a row or select a row and click Edit to open the Edit User Details dialog.
9-31
Figure 28. Editing User Details
The Edit User Details dialog is similar to the Add User Details dialog. Additionally, in this dialog, if the Change Password checkbox is selected, you can change the password. Under Lock User Account, the superuser can do the following for other user roles.

Enable a user account that has been disabled due to failed login attempts Enable/disable a user account permanently
Click Save to save all the changes.
Note
A dark highlight for an entry in the user list indicates that the user account is disabled or locked permanently. Deleting a User
Select a row and click Delete to discard the details of an existing user.
LDAP
The RF Manager can use an LDAP Server for user authentication.
The LDAP Configuration screen enables you to set the LDAP Authentication Details.
9-32
Figure 29. LDAP Configuration
If you select Enable LDAP, the RF Manager authenticates user login using an LDAP compliant directory.

Default Privileges for LDAP Users: This section specifies the default role and the default locations that are assigned when new LDAP users log in. Once a user is registered in the RF Manager, administrators having rights to the root location can change the individual users role and allowed locations using the Edit User dialog. LDAP integration is used only for user authentication. The roles and the assigned locations must be defined within the RF Manager. Each time a user is authenticated using LDAP, the users name and email address are synchronized with the LDAP Server. If you delete a user from the directory serviced by the LDAP Server, the RF Manager continues to send emails to this user until the corresponding user is manually deleted from the Server.

User Role: Enables you to specify the default role for new LDAP users. You can select one of the following four options. The default user role is Viewer.

Superuser Administrator Operator Viewer
Locations: Displays the list of locations to which a new LDAP user has access rights
9-33

Click Change to open the Assign Locations dialog. Here, you can view the complete list of locations and select the locations to which the LDAP user can have access rights. Click OK to assign the selected location(s) to the user. This option is available only if you have an LBP license.
Connection Details

LDAP Server IP Address: Specifies the name or the IP address of the LDAP Server. (Default: localhost) Port: Specifies the port number of the LDAP Server. (Default: 389)
LDAP Configuration Details: Specifies the identifiers required to authenticate users using the LDAP compliant directory.

Base Distinguished Name: Specifies the base distinguished name of the directory to which you want to connect, for example, o=democorp, c=au.
Note
Distinguished Name is a unique identifier of an entry in the Directory Information Tree (DIT). The name is the concatenation of Relative Distinguished Names (RDNs) from the top of the DIT down to the entry in question.

User ID Attribute: Specifies the user ID attributes string that the RF Manager uses to identify the user, as defined in your LDAP schema. (Default: cn) Authentication Mechanism: Specifies a read-only field with the default authentication mechanism. (Default: NO-SSL) Filter String: Specifies certain attributes: existing or new: that you can use for different users, based on which the Server filters the users, for example, (IsUser=A). This feature can help restrict the use of the RF Manager to a certain set of users.
LDAP Authentication Details: Specify user credentials required to search the LDAP compliant directory. This is required only in case the directory does not allow anonymous search.

Select Authentication Required to search LDAP? if the LDAP Server requires administrator login to search the LDAP compliant directory. Specify the Admin User DN and Password to log in. If you select Append Base DN, the Base Distinguished Name specified in LDAP Configuration Details is appended to the Admin User DN.
Test Settings: Enables you to test whether the specified settings are correct. To verify the settings, enter the User Name and Password for a specific user and click Test.
Note
Test is not available unless you change the settings. Apply is unavailable until you use Test. By default, LDAP users log into the Server with Superuser rights. However, an LDAP user cannot add or edit users. The list of users on the User Management screen for LDAP users shows other LDAP users and does not include users logged in via application authentication.
9-34
Password Policy
The Password Policy determines the minimum requirements for RF Manager passwords. This policy applies to all User Roles: Superuser, Administrator, Operator, and Viewer. If you change this policy, older passwords are not affected. Only passwords created after a policy change are subject to the new policy.
Figure 30. Password Policy
Under Password Policy, you can specify the following:

Minimum number of characters: Enables you to specify the minimum number of

characters to be used for constructing passwords.
(Minimum: 4; Maximum: 15; Default: 6) Numeric Characters required?: Enables you to enforce the use of numeric characters for constructing passwords. (Default: No) Special Characters required?: Enables you to enforce the use of special characters for constructing passwords. (Default: No)
9-35
Account Locking
Account Locking allows the superuser to specify the account locking policy for the selected user type Superuser, Administrator, Operator, or Viewer. Account locking protects the RF Manager from spurious logins through dictionary attacks.
Figure 31. Account Locking
Under Account Locking, you can select the User Type and then specify the following:

Allowed Number of Login Failures: Enables the superuser to define the rate of login failure attempts above which the RF Manager is locked. (Minimum: 3 times in 5 minutes; Maximum: 10 times in 30 minutes; Default: 3 times in 10 minutes) Lockout Time: Enables the superuser to define the amount of time for which the
selected user type is prevented from accessing the RF Manager.
(Minimum: 5 minutes; Maximum: 30 minutes; Default: 15 minutes)
9-36
User Preferences
The User Preferences screen enables a user to change the login password and other preferences setup for oneself.
Figure 32. User Preferences
Under Password Details, you can specify the following:
Email Address
Old Password
New Password
Confirm Password
Under User Preferences, you can change your session timeout interval, language settings,
or time zone.
To save to the new password and user preferences, click Apply.
Location Settings
Select the Location Settings screen to set the following location settings in the RF Manager.
9-37
Auto Location Tagging

A location tag that is attached to a device or an event helps identify the location of that event or device. The RF Manager has an Auto Location Tagging feature, which refers to the capability of the RF Manager to automatically tag the devices and events to the locations where they have been detected. The Auto Location Tagging screen enables you to configure the settings for automatic tagging of devices discovered by the RF Manager and events generated by the RF Manager.
Figure 33. Auto Location Tagging
Auto Location Tagging Configuration contains the following options:

Devices: Based on the initial location of the device, the APs and Clients are auto-tagged immediately upon discovery. You can select how the RF Manager should compute the initial location tag of the APs or Clients. The RF Manager never auto-tags an AP or Client, if it is tagged manually. To re-enable auto location-tagging for a device, you must delete the device and let the RF Manager re-discover it. You must manually tag Sensors. You can do one of the following:

Choose the location tag of the Sensor that sees the highest RSSI value for that device Choose the location tag of the selected number of Sensors that see the highest RSSI values for that device. (Minimum: 2; Maximum: 10; Default: 2)
You can also discard the Sensors that see a lower RSSI after comparing the value with a Sensor that reports a higher RSSI. (Minimum: 20 dB; Maximum: 40 dB; Default: 30 dB)
9-38

Events: The RF Manager tags events based on the location of the devices that participate in the events. The RF Manager initially identifies a primary device AP, Client, or Sensor for each event. The RF Manager automatically tags the location of events based on the tag for the primary device associated with the event.
Note
The RF Manager never retags an event. You can tag the location of an event manually on the Events screen by right-clicking the event and from the resulting menu by selecting Change Location.
Location Tracking
The location of a particular device can be tracked using the location tracking feature. The RF Manager needs at least three Sensors to perform location tracking. The Location Tracking screen enables you to define the parameters that control location tracking.
Figure 34. Location Tracking
Default Location Tracking Parameters contains the following options:

Location Tracking Technique: Select the technique used for location tracking. The
technique available is Generalized Likelihood.
Maximum number of Sensors to use for Location Tracking: Select the maximum number of Sensors used for location tracking. Sensors track down the location of a device and the RF Manager uses Sensors that see the maximum values. A higher value is likely to give better results. (Minimum: 3; Maximum: 10; Default: 4)
9-39

Default Transmit Power of AP (mW): Location tracking needs as input the transmit
power of the AP being located. When transmit power is unknown, the default value set
here is used.
(Minimum: 1 mW/0 dBm; Maximum: 100 mW/20 dBm; Default: 30 mW/15 dBm) Default Transmit Power of Client (mW): Location tracking needs as input the transmit power of the Client being located. When transmit power is unknown, the default value set here is used. (Minimum: 1 mW/0 dBm; Maximum: 100 mW/20 dBm; Default: 10 mW/ dBm) Signal Strength Monitoring Devices: Location tracking is based on the signal strength of the monitoring devices. This value can deviate from the actual values because of subtle variations in the RF environment. You can specify APs only, Sensors only, and Sensors and/or APs to be used to control location tracking. Using the RF Manager Application Programming Interface (API), APs can be reported as a source of signal strength. Information from these APs can be used for location tracking.
Live RF Views
The Live RF Views screen enables you to define the parameters that are used in live RF views. These parameters are specific to each environment. Tuning the parameters enables you to see more accurate views.
Figure 35. Live RF Views
Default Live RF Views Parameters contains the following options:
9-40

Intrusion Detection and Prevention Regions: Specify the dBm values for which the RF Manager shows the intrusion detection and prevention regions in the Sensor coverage views. Intrusion Detection Display Threshold (dBm): Detection Range is the area over which Sensors can reliably detect wireless activity. Intrusion Detection Display Threshold determines the threshold for this range. (Default: -85 dBm) Intrusion Prevention Display Threshold (dBm): Prevention Range is the area over which Sensors can prevent unauthorized wireless activity. Intrusion Prevention Display Threshold determines the threshold for this range. (Default: -75 dBm)
Both the Detection and Prevention ranges are affected by parameters in the RF Propagation section. See RF Propagation on page 9-41.
Note
The reliability of the prevention also depends on the Intrusion Prevention Level selected on Administration > Local tab > Operating Policies > Intrusion Prevention > Intrusion Prevention Level tab.
RF Propagation
The RF Propagation screen enables you to define default AP, Client, and Sensor antenna gain values.
Figure 36. RF Propagation
Default RF Propagation Settings contains the following options:
9-41

Default Antenna Gain Values: Specify the default Sensor, AP, and Client antenna gain values. Antenna gain is a characteristic of an antenna used for transmitting or receiving signal, defined as gain in power when signal is received (or transmitted) using the antenna.

Sensor Antenna Gain (dB): Specifies the gain of antenna attached to the Sensor. (Default: 2.3 dB) AP Antenna Gain (dB): Specifies the gain of antenna attached to the AP. (Default: 2.3 dB) Client Antenna Gain (dB): Specifies the gain of antenna attached to the Client. (Default: 0 dBm)
Note
If better antennas are used, you should increase the gain.

Transmitter Losses: Select the transmitter signal loss value suited to your environment.

If your environment has metal or concrete walls, select a higher signal value If your environment has large spaces where the signal can propagate without much obstruction, select a lower signal loss value When a device transmits, some loss in power occurs due to antenna connectors, electromagnetic, and environmental factors. This loss might be different in different frequency bands. You can also specify the approximate loss in each band.
Loss at Source for 802.11a Transmitter (dB): (Default: 10 dB) Loss at Source for 802.11b/g Transmitter (dB): (Default: 10 dB)
Signal Decay Values: Signal propagation depends heavily on environment. The obstacles present in environment might impede signal propagation, limiting its range. It is very difficult to accurately model signal propagation in all kinds of environment, but by fine-tuning the following four constants, you can more or less characterize your environment for signal propagation.
Note
The RF Manager uses the first set of parameters when the Planner file is imported; the second set for blank, gif, or jpeg files. Minimum and Maximum Signal Decay Constants specify the range for the decay exponent, that is, the exponent at which signal decays with distance. Signal Decay Slope (Beta) and Signal Decay Inflection (Alpha) control how the decay exponent changes from its minimum value to maximum value.
For Nodes imported with HP ProCurve RF Planner:

Minimum Signal Decay Constant: (Default: 2.0 dBm) Maximum Signal Decay Constant: (Default: 2.0 dBm) Signal Decay Slope (Beta): (Default: 0.08 dBm) Signal Decay Inflection (Alpha): (Default: -4 dBm)
For Nodes with GIF, JPEG or Blank layout:
9-42

Minimum Signal Decay Constant: (Default: 2.0 dBm) Maximum Signal Decay Constant: (Default: 2.5 dBm) Signal Decay Slope (Beta): (Default: 0.08 dBm) Signal Decay Inflection (Alpha): (Default: -4 dBm)
Note
Planner models most significant objects; hence, Maximum Signal Decay Constant should be close to 2.0.
System Settings
Select the System Settings screen to set the following system settings in the RF Manager.
Reports
The RF Manager can display a rich set of reports. The Reports screen enables you to modify the appearance and text in the generated reports. See Adding a Report on page 8-5.
Figure 37. Reports Configuration
9-43
Auto Deletion
The RF Manager is designed to store information about devices seen and quarantined over a period of time. The rate of growth of this information is dependent on the volatility of the wireless environment. This information also becomes obsolete after a certain time. It is necessary to delete this information periodically. Based on the event-related configuration done by you, the RF Manager also raises and stores a number of events. If the configuration is such that there is a significant number of events generated and stored, the size of stored event data grows significantly faster. This event data requires regular cleanup. Auto Deletion allows you to specify values of various auto deletion parameters to control the frequency of information deletion. RF Manager generates an event for tracking the action of auto deletion. This event gives information only about device deletion. There is no event separately generated that indicates event deletion, also referred to as Event Purging.
Figure 38. Auto Deletion
The Auto Deletion Parameters window contains the following options:

Access Point Deletion Parameters: Select the checkboxes to choose the category of APs that you would like the RF Manager to delete automatically. Specify the number of days of inactivity after which the AP records will be automatically deleted. (Minimum: 1 day; Maximum: 30 days)

Uncategorized
Rogue
External
9-44
Note
Authorized APs are not auto deleted from the RF Manager. If you want to delete inactive authorized Access Points, you have to delete them manually.

Client Deletion Parameters: Select the checkboxes to choose the category of wireless Client devices that you would like the RF Manager to automatically delete. Specify the number of days of inactivity after which the wireless Client records will be deleted automatically. (Minimum: 1 day; Maximum: 30 day)

Uncategorized Authorized Unauthorized
Events Deletion Parameters: Specify the number of days for which an event should be kept before deleting it automatically.

Visible Events Threshold (number of events): Specifies the maximum event threshold (number) crossing which the RF Manager would auto delete the event data. After the total number of RF Manager-raised events reaches this threshold, the RF Manager deletes the N oldest events from the RF Manager maintained events database. This makes it possible to accommodate newer events. N here is equal to X Y. (X minus Y); where X is the current number of events in the RF Manager and Y is the user specified events threshold of events shown on the Console. (Minimum: 20000; Maximum: 50000; Default: 20000) Permanent Event Deletion Threshold (days): Specifies the number of days for which data about raised event is available in the RF Manager. Events older than this threshold are completely purged. (Minimum: 1 day; Maximum: 365 days; Default: 30 days)
So auto deletion at the preset hour of the day or night, deletes data associated with N oldest events and data associated with events older than the Permanent Event Deletion Threshold.

Quarantine History Deletion Parameters: The RF Manager maintains a history of the quarantine actions taken by the user or the RF Manager to prevent against threats. You can configure the deletion parameter for quarantine history in number of days such that the RF Manager deletes quarantine history older than the specified number of days.

Device Quarantine History Deletion Threshold (days): Specify the number of days for which device quarantine history is maintained, before deleting it automatically. (Minimum: 7 days; Maximum: 365 days; Default: 30 days)
Auto Deletion Action Tracking You can track auto deletion of inactive APs, Clients, events, and quarantine history by monitoring the special event generated by the RF Manager. The RF Manager generates an event containing the summary of the actions performed during the Auto Deletion operation, if and only if any physical deletion of information actually took place.
9-45
Vendors
The Vendors screen enables you to view a list of vendors with their MAC prefixes. The 3-byte MAC prefix typically identifies the vendor for any given 802.11 device
Figure 39. Vendors
To add a new pair of vendor name and MAC prefix, click Add. The Add Vendor dialog opens. Specify the Vendor Name and the MAC Prefix and click Add.
Figure 40. Add Vendor Dialog
To delete any pair from the existing list, select the relevant row and click Delete.
SMTP
The SMTP screen enables you to set Simple Mail Transfer Protocol (SMTP) Server settings to send emails when events occur. You must have administrator privileges to set these values.
9-46
Figure 41. SMTP
Note
If you want the RF Manager to notify you by an events email, you need to specify SMTP Server details. The RF Manager does not email events by default. If you do not want to receive email for the events, select Restore Defaults and Apply. SMTP Configuration contains the following options:

SMTP Server (IP address/Hostname: Port): Specifies the IP address or the hostname and the port number of the SMTP Server to be used by the RF Manager for sending email alerts. (Default: 127.0.0.1:25)
The following are the authentication protocols for SMTP Server:

PLAIN (For sendmail 8.10 and above) LOGIN (For sendmail 8.10 and above) NTLM (Windows proprietary authentication method)
Email Address in From field: Specifies the source address from which email alerts are sent. Authentication Required: If enabled, specifies whether the SMTP Server requires authentication.

Username: Specifies the user name for SMTP Server authentication. Password: Specifies the password for SMTP Server authentication.
9-47
To send a test e-mail, click Test SMTP Settings. The settings used for this mail are those
that you have specified.
License
The License Update screen enables you to change the license key.
To update the license, click Browse and navigate to the location of the License Key File. To
finish, click Apply.
Figure 42. License
9-48
Server
The Server screen enables you to view RF Manager information.
Figure 43. Server Details
Server Details: This is a read only section and displays the following information:
Server ID: Unique identifier for the RF Manager Server. If you have installed a single Server, then retain the default Server ID, that is, 1. Port: The User Datagram Protocol (UDP) port number used. Max Sensors: Maximum number of Sensors that can connect to the RF Manager.
Server Status: Enables you to view the Current Status of the Server Running or
Stopped. The administrator can Change Status, that is, start or stop the Server.
9-49
Manage Logs
The RF Manager retains log files of RF Manager activities. Log files are restricted by size. When the maximum allowed size of a log file is reached, the log file is rotated and the next log file is selected.
Figure 44. Manage Logs
Under Manage Logs, you can specify the following:

Maximum size of log file: Enables you to specify the maximum size of the log file used for recording RF Manager activities. (Minimum: 5MB; Maximum: 10MB; Default: 10MB) Number of log files to rotate: Enables you to specify the number of log files through which to rotate once the maximum allowed size of a log file is reached. (Minimum: 3; Maximum: 10; Default: 10)
9-50
View Logs
The RF Manager enables you to view log files that you have created for storing RF Manager activities.
Figure 45. View Logs
Click Download to download the log file in text format.
Figure 46. Log File Example
The format of the text message is as shown below: MMM DD hh:mm:ss Hostname: [Tag]: Message
9-51
where,

MMM DD hh:mm:ss: Specifies the date and the time of the log Hostname: Specifies the Source IP/Hostname Tag: Specifies if the user action was taken from the Console (GUI) or the Config Shell (CLI) Message: For a user action from the Console (GUI), the IP address of the Client browser is prefixed to the message, for example, [192.168.2.45] user admin logged in to the RF Manager successfully, user config rebooted the Server, and so on.
Upgrade
RF Manager enables you to upgrade the existing version of the RF Manager to a newer version, if available. Go to Administration > Global Policies > System Settings > Upgrade and follow the on-screen prompts.
Figure 47. Upgrade
Prerequisites: 1. Sun Java Runtime Environment (JRE) version 1.6 or above must be installed on the
computer from where you access the Console.
2. Popup blockers on the computer from which the Console is accessed must allow popup windows from the Server. 3. If there is a firewall between the computer from which the Console is accessed and the RF Manager, TCP port 8080 of the Server must be accessible from that computer.
9-52
4. Only users with the Superuser role can initiate Server upgrade using this method.
Tip
To upgrade the Server to a higher version, ensure that you access the Console using a computer whose IP address is not behind Network Address Translation (NAT). If you access the Console, using a NATed IP, upgrade will continue in the background but you cannot view the upgrade progress messages. Steps for Server Upgrade 1. Click Browse to select the Upgrade Bundle. 2. Click Upgrade Now to transfer the Upgrade Bundle to the Server. 3. On the Confirm Upgrade dialog, click Yes to proceed with the upgrade.
Figure 48. Confirm Upgrade Dialog
4. The Uploading Upgrade Bundle message with the progress bar appears.
Figure 49. Uploading Upgrade Bundle Progress Bar
5. You can cancel the upgrade by clicking Cancel anytime while the Upgrade Bundle upload is in progress. 6. After the Server Upgrade Bundle upload is complete, Server Upgrade starts
automatically.
9-53
7. Close the current browser window. A new window, Server Upgrade Progress, is launched which displays the status of the Server Upgrade process. Follow the instructions displayed on the Server Upgrade Progress window.
Figure 50. Server Upgrade Progress Window
Note
You cannot abort or cancel the Server Upgrade process once the Server Upgrade Progress window is launched. Additionally, the Server Upgrade process continues even if the Server Upgrade Progress window is closed. 8. After the Server upgrade is successful, the Server reboots automatically. 9. After you have read all instructions on the Server Upgrade Progress window, close all the Web browser windows including the Server Upgrade Progress window. 10. Wait for five minutes for the Server to reboot. After this, you can access the Server again.
9-54
HA Status
High Availability (HA) mode allows two RF Managers to be connected in a redundant configuration to form an HA cluster. One RF Manager acts as the Active Server, while the other as a Standby Server. If the Active Server fails, the Standby Server takes over. This screen shows the status of the Servers in HA cluster.
Figure 51. HA Status
HA Status: This is a read only section and displays the following information:

HA Status: Displays the status of the HA Cluster.

Standalone: This state indicates that the Server is in Standalone mode. Up: This state indicates that the HA Cluster is up and running. Other Server Not Reachable: This state indicates that the Standby Server is not reachable over the HA interface link. Check whether the HA interfaces of both the Servers are securely connected using a crossover Ethernet cable. Temporarily In Transition: This is an intermediate state. You need to wait for up to 30 minutes and then check the HA Status again. If this state persists, contact Technical Support. HA Setup In Progress: This state indicates that an HA setup is in progress using Config Shell or an earlier HA setup session was abnormally terminated. If you are sure HA setup is not in progress, reboot both the Servers. After reboot, both the Servers come up in the 'Standalone' mode. You need to wait for 5 minutes after the reboot and then login to these Servers.
9-55

Server Upgrade In Progress: This state indicates that Server Upgrade is in progress or an earlier Server Upgrade session was abnormally terminated. If you are sure Server Upgrade is not in progress, reboot the Server. After reboot, the Server will come up in the 'Standalone' mode. You need to wait for 5 minutes after the reboot and then login to the Server. Database Operation In Progress: This state indicates that some database operation is in progress. If you are sure no database operation is in progress, contact Technical Support. Internal System Recovery In Progress: This state indicates that internal system recovery is in progress. If the same state persists for more than 30 minutes, ensure that both the HA Servers are up and the HA interfaces of these Servers are securely connected using a crossover Ethernet cable. If the same state persists even after the above checks, contact Technical Support. Error: This state indicates an error in HA state. Contact Technical Support.
Cluster IP Address: This IP address is used by the Console and Sensors to connect to the HA cluster. This is a virtual IP Address used by the HA cluster. This value must be the same on both the Servers. An erroneous value in these settings may result in inconsistency in the HA system. This may also make both the Servers inaccessible. Data Sync State: Displays the status of the initial data synchronization from the Active Server to the Standby Server after enabling HA service or after Server reboot. HA Link State: Indicates the status of the HA Interface Link between the two Servers Up, Down, or NA.
Under Active Server, you can view the network configuration parameters of the Active Server:

Network IP Address: This is the IP Address of the network interface of the Active
Server.
HA IP Address: This is the IP Address of the HA interface of the Active Server.
Under Standby Server, you can view the network configuration parameters of the Standby Server:

Network IP Address: This is the IP Address of the network interface of the Standby
Server.
HA IP Address: This is the IP Address of the HA interface of the Standby Server.
9-56
Login Message
The RF Manager enables you to configure a login message through the Login Message screen. Superuser of the RF Manager has the right to enter the login message that will be flashed in the Login screen.
Figure 52. Login Message
Select the checkbox, View Login Message to view the login message on the Console. Console Login Message: Specifies the login message to be displayed on the Console.
9-57
The Login screen with the specified Console Login Message.
Figure 53. Login Screen with the Console Login Message
9-58
Wizards
The RF Manager Setup Wizard systematically takes you through a recommended sequence of configuration screens that enable you to set up your RF Manager completely This wizard does not remember or apply any configuration changes. It is simply a tour guide. You must explicitly apply changes on the individual configuration screens for them to take effect. You can exit the wizard or skip a step at any time.
Figure 54. Wizards
Click Start Setup Wizard to open a Confirm message dialog that confirms your navigation through the wizard.
WLAN Integration
The WLAN Integration screen allows the RF Manager to be integrated with various WLAN Management tools.
Cisco WLSE
Wireless LAN Solution Engine (WLSE) is a centralized, systems-level application that manages and controls an entire Cisco WLAN infrastructure. WLSE eases Ciscos WLAN deployments, enhances network security, maximizes network availability, and reduces operating expenses.
9-59
Integration with Cisco WLSE allows the RF Manager to automatically classify WLSE managed APs and enables manual switch port blocking to contain Rogue APs.
Figure 55. Cisco WLSE
WLSE Integration Status: If WLSE integration is enabled, the RF Manager interacts with the configured WLSE Server. Otherwise, WLSE integration services are shut off.
If you select WLSE Integration Enabled, you can configure the following WLSE Server Settings. The RF Manager disables WLSE by default. Current Status: Displays the Current Status of the WLSE Server: Running or Stopped.
WLSE Server Settings: If a valid WLSE Server is not specified, the RF Manager does not interface with the WLSE Server.
WLSE Server IP Address/Hostname: Port: Specifies the IP address or the name and the port number of the WLSE Server Username: Specifies the username for the WLSE Server Password: Specifies the password for the WLSE Server
To test the WLSE Server settings, click Test WLSE Server Settings. The settings used for this test are those that you have specified. A dialog appears on completion of the test.
Note
The user created for the RF Manager should have XML API privileges on the WLSE Server. You should add the IP address of the Server to the Access Control List of the WLSE Server.
9-60

WLSE Operating Policies: Specifies policies to integrate the RF Manager with the WLSE Server.

If you select Enable AP Classification integrated with WLSE, you can integrate the RF Manager AP Classification and Intrusion Prevention policies with the WLSE sever such that:

WLSE-managed APs that are Potentially Authorized automatically move to the Authorized AP folder All WLSE-managed APs automatically move to the Authorized AP folder
Note
When you select the option All WLSE-managed APs automatically move to the Authorized AP folder and connect a Rogue AP to the network, the port to which the AP is connected is not blocked. This is a limitation of the WLSE API. In other words, the WLSE API provides only tracing functionality and not shutdown functionality.

Automatic Synchronization Settings: Specifies the interval at which the Server should automatically synchronize with the WLSE Server.

Synchronization Interval (Days): Specifies the number of days: that is, the interval for which the Server synchronizes with the WLSE Server. (Minimum: 1 day; Maximum: 30 days; Default: 7 Days) Synchronization Start Date and Time: Specifies the start date and time for the synchronization interval. (Default: Current Date and Time)
Manual Synchronization: Click Synchronize to manually synchronize the Server with the WLSE Server.
Cisco WLC
The Wireless LAN Controller (WLC) governs a collection of thin AP. LWAPP defines the network protocol between the APs and WLC. The advantages of this solution are:

Increased scalability Simplified, centralized management Zero-touch AP deployment and configuration
9-61

Network-wide monitoring
Figure 56. Cisco WLC
The Cisco Unified WLAN architecture consists of Wireless LAN Controllers (WLC) and APs. The APs are managed using LWAPP (Light Weight Access Point Protocol). At any time, the WLC has all the information about the APs and devices seen/associated with these APs. Integration with Cisco WLC allows the RF Manager to fetch this information from WLC. Using this information the RF Manager can automatically classify devices managed by WLC and do location tracking of devices seen by LWAPP APs in Sensor-less or Sensor and AP mixed environment.
Important
Currently, the RF Manager supports the following managed APs: AP 1010, AIR-AP 1030-A-K9, AIR-AP 1242 AG-A, AIR-LAP-1131 AG-A-K9, AIR-LAP-1231G-A-K9, AIR-LAP-1242 AG-A, AIR LAP-1310 G-A-K9, AIR-AP-1121G-A-K9, and AS-1200. The RF Manager supports version 4.1.171.0 of WLC.

WLC Integration Status: If WLC integration is enabled, the RF Manager obtains data from the configured WLCs, which are individually enabled.

If you select WLC Integration Enabled, you can configure Automatic Synchronization Settings. The RF Manager disables WLC by default. However, automatically enables WLC Integration when you add a new WLC. Current Status: Displays the Current Status of the WLC: Running or Stopped. An Error status is shown in one of the following cases:
9-62
One of the configured and enabled WLCs has a hostname, which cannot be resolved One of the configured and enabled WLCs is not reachable RF Manager Server is stopped Internal error, in which case you need to contact Technical Support
Under Automatic Synchronization Settings, select the RF Manager-WLC synchronization interval.
Synchronization Interval (Minutes): Specifies the interval for which the Server synchronizes with the WLC (Minimum: 5 minutes; Maximum: 30 minutes; Default: 10 minutes)
Adding a WLAN Controller Under Wireless LAN Controllers, click Add to open WLAN Controller dialog where you can add WLC details.
Figure 57. WLAN Controller Dialog
WLAN Controller contains the following fields:

Controller (IP Address/Hostname): Specifies the IP address or the hostname of the WLC with which the RF Manager communicates.
9-63
Note
Configured WLCs will use the DNS names and DNS suffixes configured by the user in the Server Initialization and Setup Wizard on the Config Shell.

Community String: Specifies the user-defined community string with which the RF Manager communicates with the WLC. (Default: public) Port Number: Specifies the port number of the WLC from which data is imported. (Default: 161) Enabled?: Indicates if the WLC is enabled to communicate with the RF Manager. (Default: Enabled) Import Managed APs?: Indicates if WLC managed APs managed are to be imported into the RF Manager. (Default: Enabled) Import Clients Associated to Managed APs?: Indicates if Clients associated to APs managed by a WLC are to be imported into the RF Manager. (Default: Enabled) Import Unmanaged APs?: Indicates if APs not managed by a WLC are to be imported into the RF Manager. (Default: Enabled) Import Unmanaged Clients?: Indicates if Clients associated with APs not managed by a WLC are to be imported into the RF Manager. (Default: Disabled) Import Signal Strength Information?: Indicates if the signal strength of the managed devices is to be imported into the RF Manager. (Default: Enabled)
Note
Location Tracking results may vary depending on the Channel scan settings set on the WLC. Click Add to add the details for a new WLC. Editing a WLAN Controller Double-click a row or click Edit to open an LWAPP Configuration dialog similar to the one shown above, to update the WLC details. Click Save to save all settings. Deleting a WLAN Controller Select a row and click Delete to discard the details of an existing WLC. You can delete multiple WLC details using click-and-drag or using the Shift + Down Arrow keys and then clicking Delete.
ESM Integration
The ESM (Enterprise Security Management) Integration screen allows configuration of various ESM integrations that collect, analyze, and display events.
9-64
ArcSight SEM Server

The RF Manager integrates with ArcSights Security Enterprise Management (SEM) infrastructure by sending events to the designated ArcSight Server. The ArcSight Server is configured to accept syslog messages having detailed event information in ArcSights Common Event Format (CEF). The RF Manager needs the IP Address or the hostname and the port on which the ArcSight Server receives events.
Figure 58. ArcSight SEM Server
ArcSight Integration Status: If ArcSight integration is enabled, the RF Manager sends messages to the configured ArcSight Servers. Otherwise, ArcSight integration services are shut off.

If you select ArcSight Integration Enabled, you can manage ArcSight Servers. The RF Manager enables ArcSight by default. Current Status: Displays the Current Status of the ArcSight Server: Running or Stopped. An Error status is shown in one of the following cases:

One of the configured and enabled ArcSight Servers has a hostname, which cannot be resolved RF Manager Server is stopped Internal error, in which case you need to contact Technical Support
9-65
Adding an ArcSight Server Under ArcSight Servers, click Add to open to ArcSight Configuration dialog where you can add ArcSight Server details.
Figure 59. ArcSight Configuration Dialog
ArcSight Configuration dialog contains the following fields:

ArcSight Server (IP Address/Hostname): Specifies the IP Address or the hostname of the destination ArcSight Server to which the CEF formatted messages are sent, if enabled.
Note
Configured ArcSight Servers will use the DNS names and DNS suffixes configured by the user in the Server Initialization and Setup Wizard on the Config Shell.

Port Number: Specifies the port number of the ArcSight Server to which the RF Manager should send CEF messages. Enabled?: If the checkbox is selected, the RF Manager sends CEF messages to the configured and enabled ArcSight Servers. There is no guarantee that the configured ArcSight Servers will receive those messages. (Default: Enabled)
Click Add to add the details for a new ArcSight Server. Editing an ArcSight Server Double-click a row or click Edit to open ArcSight Configuration dialog similar to the one shown above. Click Save to save all settings. Deleting an ArcSight Server Select a row and click Delete to discard the details of an existing ArcSight Server. You can delete multiple ArcSight Server details using click-and-drag or using the Shift + Down Arrow keys and then clicking Delete.
Note
Total gives the total number of ArcSight Servers configured to receive events from the RF Manager.
9-66
SNMP
The SNMP screen enables the RF Manager to send events as SNMP traps to designated SNMP trap receivers. It also allows SNMP managers to query Server operating parameters using IF-MIB, MIB-II, and Host Resources MIB.
Figure 60. SNMP
SNMP Integration Status: If SNMP integration is enabled, the RF Manager sends SNMP traps to the configured SNMP Servers. Other systems can do an SNMP Get to this Server. Otherwise, SNMP integration services are shut off.
If you select SNMP Integration Enabled, you can edit and manage SNMP Server details. The RF Manager enables SNMP by default. Current Status: Displays the Current Status of the SNMP Server: Running or Stopped. An Error status is shown in one of the following cases:

RF Manager Server is stopped Internal error, in which case you need to contact Technical Support
Under SNMP Settings, configure SNMP Gets or Traps.

SNMP Gets Enabled: Allows SNMP managers to query Server-operating parameters enlisted in IF-MIB, MIB-II, and Host Resources MIB. You can block queries related to all of the above listed MIBs by de-selecting the check box. SNMP Traps Enabled: Allows SNMP traps to be sent to configured SNMP Servers.
9-67
Additionally, select the SNMP versions to be enabled and configure the relevant settings. The SNMP agent residing on the Server uses the SNMP version parameters to deliver traps to the SNMP Trap receivers.

SNMP v1, v2: If selected, traps are sent to all Trap receivers accepting traps using SNMP v1, v2 protocol. You can change the Community String for the SNMP agent. All configured SNMP v1, v2 Trap receivers, should use this community string to receive traps. (Default: public) SNMP v3: If selected, traps are sent to all Trap receivers accepting traps using SNMP v3 protocol. You can change the Engine ID, Username, and Password for the SNMP agent. All configured SNMP v3 Trap receivers, should use these three parameters to receive traps. (Default Username: admin; Default Password: password)
Under SNMP MIBs, you can choose to query by enabling or disabling the following SNMP MIBs individually.

IF MIB Host Resources MIB RF Manager MIB: If selected, the RF Manager enables the external SNMP Trap receivers to receive traps MIB-II: If selected, configure the System Contact, System Name, and System Location. (Default System Name: Wifi Security Sever)
Note
IF MIB, Host Resources MIB, an MIB II are standard MIBs that you can download from the Internet. For RF Manager MIB, contact HP ProCurve Networking Technical Support. Adding an SNMP Trap Destination Server Under SNMP Trap Destination Servers, click Add to open SNMP Configuration dialog where you can add SNMP Server details.
Figure 61. Add SNMP Configuration Dialog
9-68
Trap Destination Details contains the following fields:

Destination Server (IP Address/Hostname): Specifies the IP address or the

hostname of the SNMP Server to which events should be sent.
Note
Configured SNMP Servers will use the DNS names and DNS suffixes configured by the user in the Server Initialization and Setup Wizard on the Config Shell.

SNMP Protocol Version: Specifies the SNMP protocol version for the SNMP agent. (Default: SNMP v1, v2) Port Number: Specifies the port number on the receiving RF Manager to which the SNMP trap is sent. (Default: 162) Enabled?: Specifies if the SNMP Server is enabled to receive SNMP traps. (Default: Enabled)
Note
You must specify a different port number if another application uses the default port. Click Add to add the details for a new SNMP Server. Editing an SNMP Trap Destination Server
Double-click a row or click Edit to open SNMP Configuration dialog similar to the one
shown above to update the SNMP Server details. Click Save to save all settings.
Deleting an SNMP Trap Destination Server
Select a row and click Delete to discard the details of an existing SNMP Server.
9-69
Syslog
The Syslog screen allows the Server to send events to designated Syslog receivers.
Figure 62. Syslog
Syslog Integration Status: If Syslog integration is enabled, the RF Manager sends

messages to the configured Syslog Servers. Otherwise, Syslog integration services are
shut off.
If you select Syslog Integration Enabled, you can manage Syslog Servers. The RF Manager enables Syslog by default. Current Status: Displays the Current Status of the Syslog Server: Running or Stopped. An Error status is shown in one of the following cases:

One of the configured and enabled Syslog Servers has a hostname, which cannot be resolved RF Manager Server is stopped Internal error, in which case you need to contact Technical Support
9-70
Adding a Syslog Server Under Manage Syslog Severs, click Add to open Syslog Configuration dialog where you can add Syslog Server details.
Figure 63. Syslog Configuration Dialog
Syslog Configuration contains the following fields:

Syslog Server (IP Address/Hostname): Specifies the IP address or the hostname of the Syslog Server to which events should be sent.
Note
Configured Syslog Servers will use the DNS names and DNS suffixes configured by the user in the Server Initialization and Setup Wizard on the Config Shell.

Port Number: Specifies the port number of the Syslog Server to which the RF Manager sends events. (Default: 514) Message Format: Specifies the format in which the event is sent, which is either Intrusion Detection Message Exchange Format (IDMEF) or Plain text. (Default: Plain text)
Note
If you upgrade a Server pre-5.6 to 5.6, all previously configured Syslog Servers would send events in Plain text Message Format by default. You can select the IDMEF format by editing the Syslog Server settings.
Enabled?: Specifies if the events are to be sent to this Syslog Server. (Default: Enabled)
Click Add to add the details for a new Syslog Server. Editing a Syslog Server Double-click a row or select a row and click Edit to open Syslog Configuration dialog similar to the one shown above. Click Save to save all settings.
9-71
Deleting a Syslog Server

Select a row and click Delete to discard the details of an existing Syslog Server.
OPSEC
Operations Security (OPSEC) is an analytic process used to deny an adversary information generally unclassified - concerning our intentions and capabilities by identifying, controlling, and protecting indicators associated with our planning processes or operations. OPSEC does not replace other security disciplines - it supplements them.
Figure 64. OPSEC
Integration with OPSEC enables the RF Manager to send events to the specified OPSEC Server.

OPSEC Integration Status: If OPSEC integration is enabled, the RF Manager sends events to the configured OPSEC Servers. Otherwise, OPSEC integration services are shut off.

If you select OPSEC Integration Enabled, you can configure OPSEC Server settings. The RF Manager disables OPSEC by default. Current Status: Displays the Current Status of the OPSEC Server: Running or Stopped. An Error status is shown in one of the following cases:

RF Manager Server is stopped
9-72
OPSEC configuration is either incomplete or incorrect or if the OPSEC Server is stopped Internal error, in which case you need to contact Technical Support
Under OPSEC Server Settings specify the OPSEC Server details. Server Name: Specifies the name of the OPSEC Server Server IP: Specifies the IP Address of the OPSEC Server Authentication Port: Specifies the OPSEC Server authentication port used for communication with the RF Manager Specify the authentication type you can select one of the following types of authentication: Clear
SSL
SSL OPSEC
SSL Clear
SSL Clear OPSEC
FWN
Auth OPSEC
SSL CA
SSL CA Comp
SSL CA RC4
SSL CA RC4 Comp
Asymmetric SSL CA
Asymmetric SSL CA Comp
Asymmetric SSL CA RC4
Asymmetric SSL CA RC4 Comp
SSLA Clear
Under SIC Settings, you need to specify the following settings for the Simple Instructional Computer (SIC) for all the authentication types except Clear:

Server SIC Name: Specifies the Server name of the SIC Client SIC Name: Specifies the Client name of the SIC
Under CA Settings, if you have selected an authentication type that has a CA in it, select Create new digital certificate, then, you need to configure the following parameters for the Certifying Authority (CA).

IP/Hostname: Specifies the IP address or the hostname of the CA
9-73
Administration Local Policies

Object Name: Specifies the object name of the CA Password: Specifies the one time password needed to acquire the certificate
Under Symmetric Key Based Settings, if you have selected an authentication type that does not have a CA in it, select Create New Secret Key. Then, you need to create a new secret key.
Local Policies
Click the Local tab in the Administration screen to view the policies groups under this tab. The Local tab consists of two trees:

Location tree on the top Administration tree at the bottom
The entire local policies configuration is for the selected location in Location tree.
Wireless Policies
Select the Wireless Policies screen to specify the Authorized Wi-Fi policies for a particular location.
9-74
Authorized WLAN Setup

The RF Manager uses the details of the Authorized Wi-Fi setup at a particular location to detect the presence of Mis-configured or Rogue APs in your network. You can specify the details of authorized SSIDs and a list of networks to which Authorized APs can connect.
Figure 65. Authorized WLAN Setup
Select one of the following to characterize a particular location:

This is a No Wi-Fi location: If no Authorized Wi-Fi APs are installed at this location. If you configure a location as a no Wi-Fi location, the Specify Authorized SSID section is grayed out. Wi-Fi is allowed at this location: To specify the details of the Authorized Wi-Fi APs in this location.
Specify Authorized SSIDs Under this tab, specify the Authorized SSIDs at this location. For each SSID, you can specify the detailed configuration. This per SSID configuration is called an SSID template. Creating a Configuration Template for an Authorized 802.11 SSID Add Authorized SSIDs allows you to create an SSID template in one of the following ways:
Add Visible SSID: To create an SSID template from a list of visible SSIDs. The visible SSID list is built using the data received from Sensors. Add Custom SSID: To create a template using a user-defined SSID.
9-75
Click Add New to create a new SSID template. The Template for an Authorized 802.11 SSID dialog appears where you can select multiple items in some fields.
Figure 66. Creating a Configuration Template for an Authorized SSID
Create SSID Template allows you to specify the details for creating a new SSID as
follows:
Authorized SSID: Displays the name of the SSID that you have added earlier This is a Guest SSID: Select this option if this SSID is a Guest SSID used to provide Wi-Fi connectivity to visitors and guests. Though APs with Guest SSID are Authorized, they may be treated differently than APs that are used by employees for corporate access. Making an SSID as Guest allows you to specify additional classification and prevention policies related to Guest SSIDs. See Client AutoClassification on page 9-84 and Intrusion Prevention Policy on page 9-85.
9-76

Template Name: Name of the SSID template Apply this SSID template at current location: Select this option to apply this SSID template to the current location. The WLAN policy at a location consists of SSID templates applied at that location. If the template is not applied at this location, it will not be a part of the WLAN policy Description: Write a short description to help identify the SSID template
Network Protocol allows you to select the allowed 802.11 protocols for the SSID:

Any: Allow APs with any network protocol for this SSID Select: Specify the 802.11 protocol on which the RF Manager allows the APs connected to the network to operate802.11 a, 802.11 b, and 802.11g
Authentication Framework allows you to select the security framework for the SSID:

Any: Allow APs with any authentication framework to connect to the RF Manager Select: Specify the authentication frameworkPSK and 802.1x (EAP). The authentication framework is only applicable if the template supports WPA/WPA2 and 802.11i privacy
Encryption Protocols allows you to select the allowed encryption protocols for the SSID:

Any: Allow APs with any encryption protocol for this SSID Select: Specify the encryption protocolsWEP40, WEP108, TKIP, and CCMP. TKIP and CCMP are available only if the template supports WPA/WPA2 and 802.11i privacy
Security Settings allows you to select the security protocol(s) for the SSID:

Any: Allow APs with any security settings to connect Select: Specify the privacy mechanismOpen, WEP, WPA, and 802.11i for the APs connected to the SSID
Cisco MFP allows you to make classification decisions on Cisco Management Frame Protection (MFP) capability if 802.11i checkbox is selected under Security Settings:
Any: Policy does not check for MFP; both Cisco MFP enabled and disabled APs are classified as Authorized Select: Policy checks for MFP
Cisco MFP Enabled: Select to classify only Cisco MFP supporting APs as Authorized APs Cisco MFP Disabled: Select to classify non-Cisco MFP supporting APs as Authorized APs
AP Capabilities allows you to select the additional capabilities that Authorized APs may have. If you select any of these advanced capabilities, the classification logic allows APs with and without these capabilities. Select one of the following:

Any: Allow APs with any special capability for this SSID
9-77

Select: Specify if the AP uses any Turbo/Super techniques used by Atheros to get higher throughputsTurbo, SuperAG, and Dot11n (802.11n)
Authentication Types allows you to select the allowed authentication types that Clients can use. Authentication types do not determine the classification of APs, but are used to raise an event if a Client is authenticated via a non-allowed authentication type. The RF Manager raises this event only if the RF Manager sees authentication protocol handshake frames.

Any: Allow Clients with any authentication type for this SSID Select: Specify the authentication types that Clients can use (only if 802.1x is selected)PEAP, EAP-TLS, LEAP, EAP-TTLS, EAP-FAST, and EAP-SIM Selection is allowed
Allowed Networks allows you to select the networks where Authorized APs with this
SSID are connected:
Any: Allow APs with this SSID to connect to any network Select Networks: Specify the networks where Authorized APs with this SSID are connected. You can either choose from networks that are discovered automatically by the RF Manager or add new networks that are not yet discovered by the RF Manager

Click Select Networks to open Allowed Networks for SSID dialog where you can move a network from Networks Monitored by the System to Allowed Networks for this SSID and add or delete networks.
Under Allowed AP Vendors, select one of the following:

Any: Allow APs manufactured by any vendor to connect to the RF Manager Select Vendors: Select the manufacturer of the AP with the specified SSID. If an AP with the specified SSID is discovered at this location, the RF Manager declares it as a Rogue, unless one of the manufacturers listed manufactures it.
SSID Templates A policy is collection of SSID templates attached to a location. To customize the WLAN policy for a location, you can apply an SSID template from the parent or create it locally. Other available templates may be attached, but if they are not part of the WLAN policy they will not be used for AP classification. The SSID Templates section lists the SSID templates that are available at a particular location. You must apply the templates from the available list to create the WLAN policy at that location. A new AP or an existing Authorized AP is compared against the applied SSID templates to determine if it is a Rogue or Mis-configured AP. The SSID templates created at other locations can be applied to a selected location but cannot be edited or deleted. The edit and delete operations are possible only at the location where the template is created. The table shows the following details:

SSID: Name of the SSID Guest SSID?: Indicates if it is a Guest SSID
9-78

Template Name: Name of the SSID template Apply Here?: Enables you to apply the SSID template to the selected location. New and existing Authorized APs are evaluated against all applied SSID templates to determine if they are Rogue or Mis-configured. : Click these icons to perform the following:

Copy the selected SSID template to another location. Edit the SSID template. This option is enabled only at the location where the template was created. View the SSID template. Delete the template. This option is enabled only at the location where the template was created and only if the template is not applied at any other child locations of the location where it was created.
Determining Policy Compliance An AP is considered as being compliant to the Authorized WLAN Policy if:

It is not connected to a No Wi-Fi network for its location Its SSID matches with one of the templates attached at that location It is connected to one of the networks specified in that template It conforms to the other settings in the template (except the Authentication Framework, as this setting is not a property of the AP itself but of the backend authentication RF Manager)
Note
If the template specifies certain allowed AP capabilities (such as Turbo, 802.11n, etc.), the AP may or may not have those capabilities. However, if a capability is not selected, the AP must not have that capability to be considered as compliant.
9-79
With location-based policies, you can specify (or attach) different sets of SSID templates for different locations. However, you cannot attach more than one template with the same SSID at any one location.
Figure 67. Determining Policy Compliance
9-80
Select No Wi-Fi Networks This section allows you to specify the list of networks at the selected location where no Wi-Fi APs are allowed to be connected. The No Wi-Fi Networks list at a location takes precedence over the list of networks in SSID templates applied at that location. In other words, if a network is included in a no Wi-Fi list for a location and happens to be in the list of networks in one or more applied SSIDs at that location, the network will be still treated as a no Wi-Fi network.
Figure 68. No Wi-Fi Network
Networks Monitored by the System: Specifies the networks monitored by the RF

Manager.
No Wi-Fi Networks at this Location: Specifies the networks to which no Wi-Fi AP
should be connected at the selected location.
You can move a network from Networks Monitored by the System to No Wi-Fi Networks at this Location. Click Add to enter a new network address to add a No Wi-Fi network at the selected location. RSSI based Classification APs are further classified based on the RSSI value that the Sensors receive. If the signal strength exceeds a maximum threshold, the Sensor appropriately classifies the AP. HP ProCurve highly recommends that you turn on network connectivity based classification as it is the most reliable mechanism to classify wireless devices when most of your network is monitored using Sensors and NDs.
9-81
Under RSSI Threshold, select one or both (recommend) of the following checkboxes:
Pre-classify APs with signal strength stronger than threshold as Rogue or Authorized APs to specify the threshold RSSI value based on which the RF Manager further classifies APs. Pre-classify APs connected to monitored subnet as Rogue or Authorized APs to classify APs based on their network connectivity.
Figure 69. RSSI based Classification
9-82
Operating Policies
Select the Operating Policies screen to set the operating policies in the RF Manager.
AP Auto-Classification
The AP Auto-Classification policy function enables you to specify the AP classification policy for different AP categories.
Figure 70. AP Auto-Classification Policy
Under External APs, HP ProCurve recommends that you select Automatically move Potentially External APs in the Uncategorized list to the External Folder. The RF Manager automatically removes an AP from the External folder and moves it to an appropriate AP folder if it later detects that the AP is wired to the enterprise network. Under Rogue APs, HP ProCurve recommends that you select Automatically move Potentially External APs in the Uncategorized list to the Rogue Folder.
Note
Once you move an AP to the Rogue folder, the RF Manager never automatically removes it from the Rogue folder, even if it later detects that the AP is unwired from the enterprise network or its security settings have changed.
9-83
Client Auto-Classification
The Client Classification policy determines how Clients are classified upon initial discovery and subsequent associations with APs.
Figure 71. Client Auto-Classification Policy
Under Initial Client Classification, specify if newly discovered Clients at a particular location, which are Uncategorized by default should be classified as Authorized or Unauthorized. Under Automatic Client Classification, select one or more options to enable the RF Manager automatically to re-classify Uncategorized and Unauthorized Clients based on their associations with APs. You can categorize the following types of Clients.
Clients connecting to Authorized APs
All Unauthorized Clients that connect to an Authorized AP are re-classified as

Authorized
All Uncategorized Clients that connect to an Authorized AP are classified as
Authorized
You can select the following Exceptions

Do not re-classify a Client connecting to a Guest AP as Authorized Do not re-classify a Client connecting to a Mis-configured AP as Authorized Do not re-classify a Client as Authorized if its wireless data packets are not detected on the wired network
9-84

Clients connecting to External or Rogue APs

All Uncategorized Clients that connect to an External AP are classified as

Unauthorized
All Uncategorized Clients that connect to a Rogue AP are classified as Unauthorized All Uncategorized Clients that connect to a Potentially External AP are classified as Unauthorized All Uncategorized Clients that connect to a Potentially Rogue AP are classified as Unauthorized
Intrusion Prevention
Intrusion Prevention Policy The Intrusion Prevention policy determines the wireless threats against which the RF Manager protects the network automatically. The RF Manager automatically moves such threat-posing APs and Clients to quarantine. The RF Manager can protect against multiple threats simultaneously based on the selected Intrusion Prevention level. If the Server quarantines an AP or Client based on the Intrusion Prevention policy, the Disable Auto-quarantine option ensures that the RF Manager will not automatically quarantine this AP or Client (regardless of the specified Intrusion Prevention policies).
Figure 72. Intrusion Prevention Policy
You can enable intrusion prevention against the following threats:
9-85

Rogue APs: APs that are connected to your network but not authorized by the administrator. An attacker can gain access to your network through the Rogue APs. You can also automatically quarantine Uncategorized Indeterminate and Banned APs connected to the network. Mis-configured APs: APs that are authorized by the administrator but do not conform to the security policy. An attacker can gain access to your network through misconfigured APs. This could happen if the APs are reset, tampered with, or if there is a change in the security policy. Client Mis-association: Authorized Clients that connect to Rogue or External (neighboring) APs. Corporate data on the Authorized Client is under threat due to such connections. HP ProCurve recommends that you provide automatic intrusion prevention against Authorized Clients that connect to External APs. Unauthorized Associations: Unauthorized and Banned Clients that connect to Authorized APs. An attacker can gain access to your network through Authorized APs if the security mechanisms are weak. Unauthorized or Uncategorized Client connections to an Authorized AP using a Guest SSID are not treated as unauthorized associations. Ad hoc Connections: Peer-to-peer connections between Clients. Corporate data on the Authorized Client is under threat if it is involved in an ad hoc connection. MAC Spoofing: An AP that spoofs the wireless MAC address of an Authorized AP. An
attacker can launch an attack through a MAC spoofing AP.
Honeypot/Evil Twin APs: Neighboring APs that have the same SSID as an Authorized AP. Authorized Clients can connect to Honeypot/Evil Twin APs. Corporate data on these Authorized Clients is under threat due to such connections. Denial of Service (DoS) Attacks: DoS attacks degrade the performance of an official WLAN. WEPGuardTM: Active WEP cracking tools allow attackers to crack the WEP key and gain access to confidential data in a matter of minutes or even seconds. Compromised WEP keys are used to gain entry into the authorized WLAN by spoofing the MAC address of an inactive Authorized Client.
Intrusion Prevention Level The RF Manager can prevent any unwanted communication in your 802.11 network. It provides you various levels of prevention-blocking mechanisms of varying effectiveness. Intrusion Prevention Level enables you to specify a trade-off between the desired level of prevention and the desired number of multiple simultaneous preventions across radio channels.
9-86
The greater the number of channels across which simultaneous prevention is desired, the lesser is the effectiveness of prevention in inhibiting unwanted communication. Scanning for new devices continues regardless of the chosen prevention level.
Figure 73. Intrusion Prevention Level
You can select the following prevention levels:

Block: A single Sensor can block unwanted communication on any one channel in the
802.11b/g band and any one channel in the 802.11a band.
Disrupt: A single Sensor can disrupt unwanted communication on any two channels in
the 802.11b/g band and any two channels in the 802.11a band.
Interrupt: A single Sensor can interrupt unwanted communication on any three
channels in the 802.11b/g band and any three channels in the 802.11a band.
Degrade: A single Sensor can degrade the performance of unwanted communication on any four channels in 802.11b/g band and any four channels in the 802.11a band.
Block is the most powerful prevention level, that is, it can severely block almost all popular Internet applications including ping, SSH, telnet, FTP, HTTP, and the like. However, at this level, a single Sensor can simultaneously prevent unwanted communication on only one channel in the 802.11b/g band and one channel in the 802.11a band. If you want the Sensor to prevent unwanted communication on multiple channels simultaneously in the 802.11 b/g and/ or the 802.11a band, you must select other prevention levels.
9-87
Note
Prevention Type determines the blocking strength to prevent communication from unwanted APs and Clients. The RF Manager can prevent multiple APs and Clients on each channel. Prevention Type is not applicable for Denial of Service (DoS) attacks or ad hoc networks. You must select a lower blocking level to prevent devices on more channels. Choosing a lower blocking level means that some packets from the blocked device may go through.
Event Settings
Configuration
Event Configuration comprises two main tabs:

Security Monitoring
Security Security enables you to view events that pose a threat to your network. Security events are further divided into the following sub-categories:

Rogue AP Mis-Configured AP Misbehaving Clients DOS Ad hoc Network Man-in-the-Middle MAC Spoofing Reconnaissance System
Monitoring Monitoring enables you to view events that are informative in nature. Monitoring events are further divided into the following sub-categories:

AP Client Sensor Server Traffic Troubleshooting
9-88
Once you select an event type and then a sub-category, a list of events under that sub category appears.
Figure 74. Event Configuration
The events list displays the following columns:

Display: Select the checkboxes that correspond to the types of events that you want to appear in the main Events screen. E-mail: Select the checkboxes that correspond to the types of events for which you want emails notifications sent to all users whose email addresses you have configured in the Administration > Event Settings > Email Notification. Notify: Select the checkboxes that correspond to the types of events for which you want notifications sent to external agents such as SNMP, Syslog, ArcSight, and OPSEC. Vulnerability: Select checkboxes to indicate which types of events make the RF Manager Vulnerable. The Security Scorecard shows Vulnerable status if any events of the selected type occur. Severity: Select the severity of each event as High, Medium, or Low. This function
helps you to organize events in the most useful way.
Event: Provides a short description of each event. Click for Details: Click category. to view a detailed description of the corresponding event
9-89

Advanced Settings: Click Edit to open the Event Advanced Settings dialog and change the configuration parameters of the corresponding event category. Edit is disabled when the event has no configuration parameters.
Note
The parameters in the Event Advanced Settings dialog changes according to the settings for the selected event.
Figure 75. Event Advanced Settings
9-90
Email Notification
The Email Notification screen enables you to select the email addresses that should be notified when an event occurs at a particular location. You can select from the email addresses of RF Manager users or add a new email address.
Figure 76. Email Notification
Click Add to open Custom Email Address for Notification dialog where you can add a new email address.
Figure 77. Custom Email Addresses for Notification Dialog
Click OK to add the new email address. Select an email address and click Delete to delete an existing email address. You can delete multiple email addresses using click-and-drag or using the Shift + Down Arrow keys and then clicking Delete.
9-91
Sensor Configuration
This screen enables you to define templates for Sensor configuration.
Manage Sensor Configuration Templates

This screen allows administrators to create different Sensor configuration templates. This allows the user to apply different settings to different Sensors by applying different templates. Each configuration template allows settings for operating region, channels to monitor, channels to defend, and offline Sensor operation. At any location, you can choose a template as a default template. This template will be applied to any new Sensor tagged to that location.
Figure 78. Sensor Configuration
Note
Sensors prior to Version 5.2 do not support additional channels (802.11j & Turbo channels) features. If you apply templates containing these settings to older Sensors, older Sensors will ignore the additional settings.
9-92
Click Add New Sensor Template to open the Sensor Configuration Template dialog.
Figure 79. Channel Settings Tab
Under Create Configuration Template, specify the following:

Name: Unique name of the Sensor Configuration template (less than 40 characters) Description: Brief description of the Sensor Configuration template (less than 500 characters)
Note
The RF Manager stores the default Sensor configuration in a predefined template System Template. You cannot delete the System Template nor edit its name; it is unique. When a Sensor is added or discovered, it is automatically assigned the configuration settings in this template. You are allowed to edit the configuration settings in the System Template to effect default configuration of your choice. Whenever you delete a user-defined Sensor configuration template, all the Sensors associated with that template are assigned the System Template. You can override the template applied to a Sensor manually from the Devices > Sensors tab. If you modify the settings in a template, the new settings are applied to the Sensors to which this template is applied.
9-93
Channel Settings Channel Settings displays the 802.11a/802.11b/g and Turbo channels on which scanning and defending is enabled/disabled. Sensors scan WLAN traffic on channels specified under Channels to Monitor and defend the network against various WLAN threats on channels specified under Channels to Defend.

Under Channel Settings tab, specify the following:

Select Operating Region: Specifies the region: country: of operation. Each region has its own laws governing the use of the unlicensed frequency spectrum for 802.11 communications and Turbo mode. The RF Manager automatically selects the channels that are allowed by the regulatory domain in the selected region.
(DefaultOperatingRegion:UnitedStates)
Click the link Channel Frequency Table to view a list of channels, protocols, frequencies, and capabilities.
Figure 80. Channel Frequency Table
Channels to Monitor: Specifies the 802.11a and b/g channels to be used by Sensors to monitor WLAN traffic.
9-94

Select the checkbox Select All Standard Channels to select a superset of all the channels. For 802.11a, the standard sets of channels are 184 216 and 34 165. By default, this checkbox is selected. Select the checkbox Select All Allowed Channels to select all the allowed channels in the selected operating region. By default, this checkbox is selected. Select the checkbox Additionally, select intermediate channels for 802.11 a only to select the channels between the allowed channels that are non-allowed in the selected operating region. Selecting the option helps the RF Manager detect devices operating on illegal channels. For 802.11a, the intermediate channels are 185, 186, 187, 35, 37, and so on. By default, this checkbox is deselected.
Turbo Mode: Certain Atheros Chipset based devices use wider frequency bands on certain channels in 802.11 b/g and 802.11a band of channels. The RF Manager is capable of monitoring channels that support Turbo Mode of operation and detecting any unauthorized communication on these channels. You can select specific or all channels to monitor wireless activity on Turbo channels. There are ten Turbo channels in a-mode. These channels are 40, 42, 48, 50, 56, 58, 152, 153, 160, and 161. There is only one Turbo channel in b/g-mode i.e. 6. Channels to Defend: Specifies the channels to be used by Sensors to defend WLAN traffic to protect your network against various WLAN threats.
Note
It is mandatory that channels selected for defending be selected for scanning. If a channel is selected for defending and is not already selected for scanning, the RF Manager automatically selects that channel for scanning as well. If you deselect a channel from Channels to Monitor, then this channel is also deselected from Channels to Defend section.
9-95
Offline Sensor Configuration This feature provides some security coverage even when there is no connectivity between a Sensor and the Server. The Sensor provides some classification and prevention capabilities when it is disconnected from the Server. The Sensor also raises events, stores them, and pushes them back to the Server on reconnection.
Figure 81. Offline Sensor Configuration Tab
Enable offline Sensor mode: Select this checkbox to enable the offline Sensor mode. When the offline Sensor mode is enabled, the Sensor continues to detect and classify devices, raise event alerts, and prevent ongoing threats. (Default: Selected) Online-Offline mode switch delay: Specify the time after which, if the Sensor does not receive any communication from the Server and Enable offline Sensor mode is enabled, the Sensor switches to the offline mode. (Minimum: 5 minutes; Maximum: 60 minutes; Default: 5 minutes) Under Offline Sensor Parameters tab, you can view the following:

Number of APs to be stored: Number of APs that the Sensor will continue to detect in Offline mode (Default: 128)
9-96

Number of Clients to be stored: Number of Clients that the Sensor will continue to detect in Offline mode (Default: 256) Number of events to be stored: Number of events that the Sensor will continue to raise in Offline mode (Default: 256) Number of prevention records to be stored: Number of prevention records that the Sensor will continue to store in Offline mode to prevent ongoing threats (Default: 256)
Figure 82. Offline Sensor Configuration: Device Classification Policy Tab
Under Device Classification Policy tab specify the desired classification policies to
move APs and Clients from the Uncategorized list to the Categorized list:
Under AP Classification Policy, select one or more options to enable the RF Manager automatically move APs from the Uncategorized AP list to the Categorized AP list:

Move networked APs to the Rogue or Authorized AP folder in the Categorized AP List Move non-networked APs to the External AP folder in the Categorized AP List
Under Client Classification Policy, select one or more options to enable the RF Manager automatically classify Clients based on their associations with APs:
9-97

On association with an Authorized AP, classify an Uncategorized Client as Authorized On association with a Rogue AP, classify an Uncategorized Client as Unauthorized On association with an External AP, classify an Uncategorized Client as Unauthorized
Figure 83. Offline Sensor Configuration: Intrusion Prevention Policy Tab
Under Intrusion Prevention Policy tab enable intrusion prevention against the following threats:

Rogue APs

APs categorized as Rogue Uncategorized APs that are connected to the network
Misconfigured APs

APs categorized as Authorized but using no security mechanism (Open) APs categorized as Authorized but using weak security mechanism (WEP)
Client Mis-associations

Authorized Client connections to APs categorized as External
9-98
Unauthorized Associations
Unauthorized Client connections to APs categorized as Authorized
Adhoc Connections
Authorized Clients participating in any ad hoc network
Honeypot/Evil Twin APs
Authorized Client connection to Honeypot/Evil Twin APs
Additionally, specify the intrusion prevention level that allows you to choose a trade-off between the desired level of prevention and the desired number of multiple simultaneous preventions across radio channels. You can choose either of the following prevention levels:

Block Disrupt Interrupt Degrade
See Intrusion Prevention on page 9-85. Click Save to save all settings. Click the icon to edit an existing Sensor template. When an existing Sensor template is edited a Confirmation Save dialog appears indicating the modifications, by selecting the tabs that were modified. You are allowed to uncheck a tab if you wish to cancel those modifications. Click OK to save the changes for the selected tab.
Note
Name and Description of the Sensor template are automatically saved. Click Save As to save the Sensor template with a different name without modifying the original template. Click Restore Default to revert to the System Template. The RF Manager enables you to select tabs to control the settings that will be restored to the default values. If you click Restore Default on the System Template, parameters under the selected tabs are restored to their factory default settings. A Confirmation Restore Default dialog appears with a list of tabs selected, for which default settings will be applied.
Important
The RF Manager has the ability to scan and defend on 4.920-4.980 GHz and 5.470-5.725 GHz channels in US/Canada and IEEE 802.11j channels 4.920-4.980 GHz and 5.040-5.080GHz channels in Japan. Click the icon to view an existing Sensor template. Click the Sensor template. icon to delete an existing
Location Properties
This screen enables you to define high-level administrative settings for a selected location.
9-99
Event Activation
HP ProCurve recommends that you select the checkbox Activate Event Generation for location selected location only after the deployment is stable and fully configured. If you are modifying a deployment, deselect the checkbox to avoid spurious activity during the transient phase.
Figure 84. Event Activation
Intrusion Prevention Activation

HP ProCurve recommends that you select the checkbox Activate Intrusion Prevention for location selected location only after the deployment is stable and fully configured. If you are modifying a deployment, deselect the checkbox to avoid spurious activity during the transient phase. Authorized APs should be in the Authorized folder before activating intrusion prevention. Their network connectivity icon may show the status as Wired, Unwired, or Indeterminate.
9-100
Note
If you deploy new Authorized APs later, you do not have to deactivate intrusion prevention. However, you need to ensure that the newly deployed APs are moved to the Authorized folder.
Figure 85. Intrusion Prevention Activation
9-101
Device List Locking

You can lock the list of Authorized APs and Clients for a selected location by checking the two checkboxes Lock AP List for location selected location and Lock Client List for location selected location. If you lock a particular device list, no more devices of that type can be subsequently automatically Authorized for that location. As APs are not automatically moved to Authorized folder, locking the Authorized AP list means that no wired APs will be tagged as Potentially Authorized at this location; they will become Potentially Rogue and may be automatically moved to the Rogue folder based on the AP Auto-Classification policy. You should use this feature only after you have identified and categorized all authorized devices. Any new devices added after the list is locked must be manually moved to the Authorized category.
Figure 86. Device Flags
9-102
Chapter 10: High Availability
10
High Availability
Understanding High Availability

What is High Availability (HA)?
In the 24x7 world, many businesses need round the clock data processing. High Availability (HA) is a solution that minimizes RF Manager downtime. HA can be achieved in many ways, including fault tolerance and computer clustering. To achieve HA, computer clusters are usually used in a Failover Server (FOS) configuration where one computer (the Backup or Standby Server) backs up another one (the Active Server).
HA and RF Manager
The RF Manager architecture consists of an RF Manager and Sensors. Sensors, such as the MSM415, MSM335 and MSM325, are spatially distributed over the enterprise premises. They communicate with RF Manager over the enterprise LAN. The Sensors continuously monitor the wireless activity and send summarized reports to RF Manager. RF Manager aggregates, correlates, analyzes, and stores the data reported by different Sensors. RF Manager also sends important operational instructions to the Sensors. RF Manager and the Sensors must be operational for the proper functioning of RF Manager. Further, the Sensors need to be in constant communication with RF Manager. For organizations requiring 24x7 high reliability of the WLAN security system, HA configuration is available. In HA configuration, one RF Manager is configured as Active and the other as Standby. When the Active RF Manager fails, the Standby RF Manager takes over ensuring the availability of WLAN security system. This section explains HA for RF Manager version 5.9.
Definition of terms in HA
This section provides definition of terms used in this document for describing configuration and working of HA.
Active RF Manager
RF Manager on which the services (e.g. server, web-server) are running is the Active RF Manager. All configuration and status data are continuously mirrored from the Active RF Manager to Standby RF Manager.
High Availability Understanding High Availability
Standby RF Manager
The Standby RF Manager works in hot standby mode and continuously monitors the status of the Active RF Manager. Whenever the Active RF Manager fails (due to power failure, failure of a monitored service, etc.), the Standby RF Manager takes over and functions as the Active RF Manager.
HA Cluster
In RF Manager, HA is supported by Active and Standby RF Managers working in Fail Over Services (FOS) mode to form the HA Cluster.
HA Cluster IP Address
This is a floating virtual IP Address used to access the HA Cluster. The Sensors and Console communicate with the HA Cluster using the HA Cluster IP Address. At any point of time, the HA Cluster IP Address is bound to the Active RF Manager. HA Cluster IP Address should be reachable from the Sensors and the Console.
Network Interface
Network Interface is used to connect the RF Managers to the enterprise LAN. The Sensors and the Console connect to the HA Cluster over the Network Interface. Network IP Address is assigned to this interface.
HA Interface
HA Interface is used for internal communication and data synchronization between the RF Managers. It is used only to connect the Active and Standby RF Managers. HA IP Address is assigned to this interface.
How does HA work in RF Manager?

This section provides an overview of how HA works in RF Manager. The HA configuration in RF Manager is shown in the following figure.
Figure 1. RF Manager HA Configuration
10-2
High Availability Configuring High Availability in RF Manager
Note
The HA interfaces of both the RF Managers should be connected to each other only through an Ethernet crossover cable. Connecting the HA interfaces over LAN or VPN is not supported. The Sensors and Console communicate with the HA Cluster using HA Cluster IP Address (IP0). The two RF Managers are identified by their own Network IP Addresses (IP1 and IP2). The two RF Managers communicate with each other over a sync channel which is provided by connecting the HA interface of both the RF Managers via an Ethernet crossover cable. The Active RF Manager responds to all the requests on the HA Cluster IP address and has the latest operational and configuration data. If the Active RF Manager fails (hardware or software), the Standby RF Manager takes over the function of the Active RF Manager. This process is transparent to the end user, as the HA Cluster IP Address is always mapped to the Active RF Manager. The end user still connects to the same HA Cluster IP Address and sees no difference as the same services and data are available on the Standby RF Manager, which has now taken over as the Active RF Manager.
Configuring High Availability in RF Manager

How to obtain an RF Manager license with HA
1. To know whether the existing license on the RF Manager supports HA, login to the RF Manager Console. 2. Go to Administration > Global Policies > System Settings tab. 3. Under System Settings if you see the HA Status tab, you already have a license for HA feature. In this case, you do not need to do anything. You can skip the remaining steps in this section. 4. If you don not see the HA Status tab, the existing license does not support HA feature. You need to obtain a new license that supports HA feature. 5. To obtain the license for HA, you need to note down the serial numbers of both the RF Managers which will form the HA Cluster. To get the serial number, login to the Config Shell of each RF Manager. 6. From the Welcome banner displayed after login, note the serial number of one RF Manager.
|----------------------------------------------------------------------|
| Server Version : [5.9] | | Server Build : [5.9.16] | | Serial Number : xxxxxxxxxxxx | | Network Interface (eth0) MAC : xx:xx:xx:xx:xx:xx | | HA Interface (eth1) MAC : xx:xx:xx:xx:xx:xx | |-----------------------------------------------------------------------------|
Last login: ...
Welcome to the Server Config Shell.
10-3
7. Similarly, note the Serial Number of the other RF Manager. 8. To obtain the HA license, visit www.procurve.com/contact-support with the serial numbers of both RF Managers.
Preparing for HA
Before you configure HA, HP ProCurve recommends that you note down the HA configuration parameters in the template provided in the table below. This will help you during HA configuration.
Note
Do not proceed with any HA configuration until you have read the following information. If you have any questions, visit www.procurve.com/contact-support for details. If you perform HA configuration without completely understanding the details, the RF Managers may reach an inconsistent or irrecoverable state.
Important
For the correct functioning of HA, please ensure the following points. Otherwise, the RF Managers may reach an inconsistent state and may become irrecoverable. 1. Software version on both the RF Managers is 5.9 and they have same build number. To get the version and build number, use the Config Shell or CLI command 'get version' on both the RF Managers. If the build numbers do not match, please upgrade the RF Manager having a lower build number to the higher build number. 2. You have applied a valid HA license on the RF Manager which you intend to use as Active RF Manager. 3. Network IP addresses and HA IP addresses are on different subnets. 4. The HA Cluster IP Address and the Network Interface IP Address are different but on the same subnet. 5. SSH service is set to 'ON' on both RF Managers. To check the status of the SSH service, use the CLI command 'get status'. To set SSH service to 'ON', use the CLI command 'set ssh'. 6. Both the RF Managers can reach each other over the Network Interface. 7. A crossover Ethernet cable is securely connected to the HA interface of both the RF Managers. 8. On each RF Manager, set the date and time using the NTP Server. Manual time setting will lead to time inconsistency between the two RF Managers. To fill the required information for the Active RF Manager, use the Server 1 Information column and for the Standby RF Manager use the Server 2 Information column in the following table. To identify the Active and Standby RF Managers, use the guidelines in applicable HA configuration scenario listed in HA Configuration Scenarios on page 10-9.
10-4

Table 1. HA Configuration Table
Required Input
Initial HA Server Mode
Server 1 Information
Notes
Active? = Standby? = For the Server that has been identified as the ______________ ______________ Active Server, use the Server 1 Information column to fill the required information and for the Standby Server use the Server 2 Information column. Location 1 = Location 2 = Note down the physical location of each RF ______________ ______________ Manager. For example, Shelf-C Slot-8 Serial Number 1 Serial Number 2 Serial Number used to physically identify each =____________ =____________ RF Manager. This number can be found on the RF Manager Config Shell Login screen or on the RF Manager sticker label. If you are not sure about this, visit www.procurve.com/contact-support before configuring HA. Version Number 1 =___________ Build Number 1 =____________ Yes/No? =_____ Version Number To find the current software version and build 2 =___________ number, use the get version command on the Build Number 2 RF Manager Config Shell. =____________ Yes/No? =_____ The software version and build number must be the same on both the RF Managers. If the build numbers do not match, upgrade the RF Manager, which has a lower build number to the higher build number. You cannot configure HA if the build number on the two RF Managers does not match. Before you configure HA, on the Active RF Manager, you must activate a license that is generated using serial numbers of both the RF Managers. How to obtain an RF Manager license with HA on page 10-3 describes how to obtain license for HA. This is a special license key for an HA configuration. It is a single license key that is valid for both the serial numbers. You need not activate this license key on the Standby RF Manager. If you are not sure about this, visit www.procurve.com/contact-support before configuring HA.
Location Name of RF Manager Serial Number
Software Version
Is the software version and build number same on both RF Managers?
On the Active RF Manager, have you activated a license key that has serial numbers of both RF Managers?
Yes/No? =_____
Not Applicable for the Standby RF Manager
10-5
Required Input
Yes/No? =_____
Notes
The Network Interface of each RF Manager must be connected to the desired subnet using an Ethernet cable. The HA Interfaces of the two RF Managers must be connected via a crossover Ethernet cable. Do not use a straight Ethernet cable to connect the HA interfaces to each other.
Have you connected the Yes/No? =____ Network Interface of each RF Manager to the desired subnet? Have you securely connected the HA Interfaces of both the RF Managers via a crossover Ethernet cable? HA Interface IP Addresses Yes/No? =____
Yes/No? =_____
HA Interface IP Address 1 = _____________
HA Interface IP Address 2 = _____________
The HA Interface IP Address and the Network Interface IP Address must be on different subnets. The HA Interface IP Address of the two RF Managers must be on the same subnet. An erroneous value in these settings can make the RF Managers unreachable. It may also make the HA system inconsistent and irrecoverable. Subnet mask to be used for HA Interfaces of both the RF Managers. This is the actual IP Address of the Network Interface for both the RF Managers. The Cluster IP Address, Network Interface IP Address 1, and Network Interface IP Address 2 must be different and belong to the same subnet. An erroneous value in these settings can make the RF Managers unreachable. It may also make the HA system inconsistent and irrecoverable. This IP address is used by the Sensors and Console to connect to the HA cluster. This is the virtual IP Address used to access the HA cluster. Subnet mask to be used for the Network Interfaces of both the RF Managers. Gateway IP Address to be used for the Network Interfaces of both the RF Managers.
HA Interface Subnet Mask Network Interface IP Addresses
HA Interface Subnet Mask = _____________________ Network Interface IP Address 1 = ______________ Network Interface IP Address 2 = ______________
HA Cluster IP Address
Cluster IP Address = ____________________________
Network Interface Subnet Mask Network Interface Gateway IP Address
Network Interface Subnet Mask = __________________________ Network Interface Gateway IP Address = __________________________
10-6
On successful completion of the above table, you can proceed to configure HA using the RF Manager Config Shell.
Note
While configuring HA, use the Required Inputs values from the appropriate box in Inputs required for each RF Manager for HA Configuration for each RF Manager. Read and follow the instructions displayed during HA configuration carefully. The following figure depicts the inputs required to configure RF Managers in HA mode.
Figure 2. Inputs required for each RF Manager for HA Configuration
Command Usage
This section describes the usage of HA related commands in RF Manager Config Shell.
Table 2. Usage of HA commands Command Description
get ha help get ha set ha
Describes 'ha' command usage, related definitions and scenarios in which the 'ha' commands are used Shows HA configuration parameters and status Sets the HA mode to ON or OFF; if set to ON, HA Setup Wizard guides you through HA Cluster setup
10-7
Determining if RF Manager is in Active or Standby mode

1. Access the RF Manager Config shell using its Network Interface IP Address. 2. On the RF Manager Config Shell, execute the command get ha. The output of this command displays the State of the selected RF Manager as Active or Standby as shown in the following example:
[config]$ get ha
Displays High Availability (HA) Cluster configuration and service status.
Configuration of HA Cluster:
---------------------------...
This HA Server: [State: Active ] [IP: xxx.xxx.xxx.xxx]
...
Verifying if the HA Cluster is in Normal State

1. Access the Console using the HA Cluster IP Address. 2. Go to Administration > Global Policies > System Settings > HA Status. The HA
Status screen displays the HA Cluster status and values of the HA configuration
parameters.
Figure 3. HA Status Screen
3. TheHAStatus parameters display the overall status of the HA Cluster. If HAStatusis Up,it indicates that the HA Cluster is working in a normal state. HA Status can have the following values:
StandaloneThis state indicates that the RF Manager is in Standalone mode.
10-8
High Availability HA Configuration Scenarios

UpThis state indicates that the HA Cluster is up and running in normal state. Other Server Not ReachableThis state indicates that the Standby RF Manager is not reachable over the HA interface link. Check whether the HA interfaces of both the RF Managers are securely connected using a crossover Ethernet cable. Temporarily In TransitionThis is an intermediate state. You need to wait for up to 30 minutes and then check the HA Status again. If this state persists, contact Technical Support. HA Setup In ProgressThis state indicates that HA setup is in progress using Config Shell or an earlier HA setup session was abnormally terminated. If you are sure that HA setup is currently not in progress, reboot both the RF Managers. After reboot, both the RF Managers will come up in the 'Standalone' mode. You need to wait for 5 minutes after the reboot and then login to these RF Managers. Server Upgrade In ProgressThis state indicates that RF Manager Upgrade is in progress or an earlier RF Manager Upgrade session was abnormally terminated. If you are sure RF Manager Upgrade is currently not in progress, reboot the RF Manager. After reboot, the RF Manager will come up in Standalone mode. You need to wait for 5 minutes after the reboot and then login to the RF Manager. Database Operation In ProgressThis state indicates that some database operation is in progress. If you are sure that no database operation is currently in progress, contact Technical Support. Internal System Recovery In ProgressThis state indicates that internal system recovery is currently in progress. If this state persists for more than 30 minutes, ensure that both RF Managers are up and the HA interfaces of these RF Managers are securely connected using a crossover Ethernet cable. If the same state persists even after above checks, contact Technical Support. ErrorThis state indicates an error in HA state. Contact Technical Support.
HA Configuration Scenarios
Before proceeding further, make sure that you have read and followed the steps explained in How to obtain an RF Manager license with HA on page 10-3. In RF Manager setup, the set ha command is used in any of the following cases:

Scenario 1: Configuring two brand new RF Managers in HA mode on page 10-10 Scenario 2: Migrating from a Standalone RF Manager to HA on page 10-13 Scenario 3: Disabling HA on page 10-15 Scenario 4: Replacing a Server from an HA Cluster on page 10-17 Scenario 5: Reconfiguring RF Managers in an HA Cluster on page 10-18 Scenario 6: Upgrading an HA Cluster on page 10-19.
10-9
Scenario 1: Configuring two brand new RF Managers in HA mode

When both the RF Managers are brand new, any one of them can be chosen to become the Active RF Manager, since there is no operational data on either of these RF Managers. 1. Identify any one RF Manager to be the Active RF Manager and fill up all the required data for this RF Manager in the Server 1 Information column of HA Configuration Table on page 10-5. 2. The other RF Manager is then the Standby RF Manager. Fill up all the required data for this RF Manager in the Server 2 Information column of HA Configuration Table on page 10-5. 3. Obtain a license key file that is generated using the serial numbers of both these RF Managers. If you are not sure about this, visit www.procurve.com/contact-support before configuring HA. 4. On the Active RF Manager,

Install and configure the RF Manager by using the Initialization and Setup Wizard. On the RF Manager Config Shell, during the Server Initialization and Setup Wizard procedure, in Step 2 Change Network Settings, use the parameter values from the following table.
Table 3. Parameters required for configuring the Active RF Manager
Server Initialization and Setup Wizard Parameter

IP Address Subnet Mask Gateway IP Address

Value to be used from the Server 1 (Active) Information column of HA Configuration Table
Cluster IP Address Network Interface Subnet Mask Network Interface Gateway IP Address
During the license activation step, make sure that you apply the license key file that was generated using the serial numbers of both these RF Managers. If you are not sure about this, visitwww.procurve.com/contactsupport before configuring HA. Setup the RF Manager Console.
5. On the Standby RF Manager,

Install and configure the RF Manager by using the Initialization and Setup Wizard. However, skip the sections Launching the HP ProCurve RF Manager Console (GUI) and Activating the License. On the RF Manager Config Shell, during the Server Initialization and Setup Wizard procedure, in Step 2 - Change Network Settings, use the parameter values from the following table.
10-10

Table 4. Parameters required for configuring the Standby RF Manager

Value to be used from the Server 2 (Standby) Information column of HA Configuration Table
Network Interface IP Address 2 Network Interface Subnet Mask Network Interface Gateway IP Address
6. Securely connect a crossover Ethernet cable between the HA interfaces of these RF Managers. 7. On the Config Shell of the Active RF Manager, execute the command set ha. Set HA Status to ON. This will launch the HA Setup Wizard.
10-11
8. In Step [2 of 5]Set up Failover Configuration of HA Cluster of the HA Setup Wizard, configure this RF Manager as Active. For other steps, use values for parameters noted in HA Configuration Table on page 10-5.
[config]$set ha
Enables or disables High Availability (HA) service.
For detailed help on HA configuration, use 'get ha help'
HA Status [OFF]: on
Set: HA Status = [ON]
Set HA Status to ON? (y/[n]): y
IMPORTANT
Before you set HA Status to [ON], ensure the following:
Both Servers have the same Version and Build numbers.
To check this, use CLI command 'get version' on both the Servers.
You have all configuration parameters required during HA setup.
See 'High Availability Configuration' guide for more details about
parameters required during HA setup.
You have applied a valid HA license on the Server which you intend to use as Active Server.
The HA interface and the Network interface of each HA Server must be on different subnets.
5. 'ssh' service is set to ON on both HA Servers.
To do this, use CLI command 'set ssh'.
Both HA servers can reach each other over the Network interface.
A cross-over Ethernet cable is connected between HA interfaces of the two HA Servers.
It is recommended that both HA Servers are configured to synchronize time from same NTP Server and both have same time-zone value.
You should not continue with HA Setup Wizard until all you have read
the above steps and prepared for HA Setup.
Do you want to continue with HA Setup Wizard? (y/[n]): y
This Step Step Step Step Step HA Setup Wizard will take you through the following steps:
[1]: Set up communication between HA Servers
[2]: Set up Failover Configuration of HA Cluster
[3]: Validate HA License on both HA Servers
[4]: Set up Network Configuration of HA Cluster
[5]: Enable HA Service
Do you want to continue with HA Setup Wizard? (y/[n]): y
9. After successful completion of HA Setup Wizard, the HA Cluster will be setup and can be accessed using the HA Cluster IP Address. 10. To verify that the HA Cluster is setup successfully, see Verifying if the HA Cluster is in Normal State on page 10-8.
10-12
Press Enter to continue to next step:

Step [5 of 5]: Enable HA Service:
--------------------------------The HA Cluster with two HA Servers is now completely configured.
However, it cannot be accessed using the HA Cluster IP Address until
the HA Service is enabled. This step enables the HA Service.
Users and Sensors can then access the HA Cluster using HA Cluster IP Address [192.168.8.192]. Continue with HA Setup Wizard? (y/[n]): y Enabling HA Service. This step may take up to 15 minutes. Please wait... Modifying configuration on other HA Server... Modifying configuration on this HA Server... Stopping services on other HA Server... Stopping services on this HA Server... Initializing database cluster... [ [ [ [ [ OK OK OK OK OK ] ] ] ] ]
HA Setup Wizard will now apply all HA Cluster settings and enable
the HA Service. After HA Service is enabled, current CLI session
may be interrupted due to a change in network configuration.
You can re-login to this HA Cluster using HA Cluster IP
[192.168.8.192].
If you are unable to log in using the HA Cluster IP Address, then try
using
Network Interface IP Address of the Active HA Server [192.168.8.191].
....................
Enabling HA Service on other HA Server... [ OK ]
Enabling HA Service on this HA Server... [ OK ]
HA Service Enabled successfully.
This is the end of the HA Setup Wizard.
You can now login using HA Cluster IP Address [192.168.8.192].
[config]$
Scenario 2: Migrating from a Standalone RF Manager to HA

This is a typical scenario where one RF Manager is already operational in Standalone mode, and you want to use RF Manager in HA by adding another RF Manager to form an HA Cluster. The RF Manager that was already operational is designated as the Active RF Manager and the other RF Manager to be added into the HA Cluster is the Standby RF Manager.
10-13
1. Obtain a new license key file that is generated using the serial numbers of both these RF Managers. If you are not sure about this, visit www.procurve.com/contact-support before configuring HA. 2. Hewlett-Packard Development Company strongly recommends that you backup the database on the existing Standalone RF Manager using the command db backup on the RF Manager Config Shell. This database backup can be used to restore the RF Manager to a known working state if it enters an unrecognized state due to errors in HA setup. 3. Make sure that the software version and build number on both the RF Managers is same. To check this, use the Config Shell command get version on both the RF Managers. If the build numbers do not match, upgrade the RF Manager with the lower build number to the higher build number. 4. From HA Configuration Table on page 10-5, for both RF Managers, enter the HA Cluster IP Address = Current Network Interface IP Address of the Active Server. By doing so, all the Sensors which were configured to connect to the Active RF Manager continue to connect to the HA Cluster. 5. Obtain a separate IP Address to be used as the Network Interface IP Address 1 for the Active RF Manager and fill it in the Server 1 Information column of the HA Configuration Table on page 10-5. 6. From the HA Configuration Table, fill up the Active RF Manager remaining data in the column Server 1 Information and the Standby Server data in the column Server 2 Information. 7. On the Active RF Manager, go to Administration > Global Policies > System Settings > License. See License on page 9-48 to activate the license key file obtained in Step 1 above.
Note
You can not proceed with the HA Setup Wizard until a license key file generated using the serial numbers of both these RF Managers is installed on the Active RF Manager. 8. Install and configure the Standby RF Manager. 9. On the Config Shell of the Standby RF Manager, during the Server Initialization and Setup Wizard procedure, in Step 2 - Change Network Settings, use the parameter values from the following table.
10-14


Value to be used from the RF Manager 2 (Standby) Information column of HA Configuration Table
10. At this point, both the RF Managers are configured for Network Settings. Now you need to setup the HA Cluster of these two RF Managers. 11. On the Config Shell of the Active RF Manager, execute the command set ha. Set HA Status to ON. This will launch the HA Setup Wizard. 12. In Step [2 of 5]Set up Failover Configuration of HA Cluster of the HA Setup Wizard, configure this RF Manager as Active. For other steps, use values for parameters noted in HA Configuration Table on page 10-5. 13. After successful completion of the above step, the HA Cluster is setup and can be accessed using the HA Cluster IP Address. 14. To verify that HA Cluster is setup successfully, see Verifying if the HA Cluster is in Normal State on page 10-8.
Scenario 3: Disabling HA
1. Log in to the RF Manager Config Shell using the Cluster IP Address. 2. In the RF Manager Config Shell, execute the command set ha. Set HA Status to OFF
and follow the instructions displayed.
3. During this procedure, the Cluster IP Address is automatically assigned to the New Network Interface IP Address for this HA RF Manager. Due to this, all external entities, for example, Sensors, Console, etc. can continue to use their existing configuration to connect to the RF Manager.
[config]$set ha
Enables or disables High Availability (HA) service.
For detailed help on HA configuration, use 'get ha help'.
HA Status [ON]: off
Set: HA Status = [OFF]
Set HA Status to OFF? (y/[n]): y
You have chosen to set HA status to OFF.
This will disable HA Service and cause the HA Servers to become
decoupled from the HA Cluster.
The Standby HA Server will no longer take over from the Active HA
Server.
10-15
Set HA Status to OFF? (y/[n]): y

After you decouple the HA Servers, they can be accessed separately
on the network.
You must specify the new settings to access HA Servers after they are
New Network Interface IP Address for this HA Server [192.168.8.192]:
Set: New Network Interface IP Address for this HA Server =
[192.168.8.192]
New Network Interface for other HA Server [192.168.8.190]:
Set: New Network Interface for other HA Server = [192.168.8.190]
Confirm configuration? ([y]/n):
After HA Service is disabled, the two HA Servers will be
They can be accessed as separate Servers using the following settings:
This HA Server: [192.168.8.192]
Other HA Server: [192.168.8.190]
Press Enter to continue to disable HA Service and decouple HA Servers:
The new network settings specified above for the Servers should be
used to access those Servers.
If you are using SSH over the network to access the Server config shell,
you may lose connectivity to this Server now because you may have
changed
the IP address of the Server during HA decoupling.
Please wait for 5 minutes and then log in again using the
new IP address of the Server.
Disabling HA Service may take up to 5 minutes. Please wait...
HA Service disabled successfully.
This Server is now operating in 'Standalone' mode.
[config]$
4. After successful completion of this step, both the RF Managers are put in Standalone
mode.
5. After HA is disabled, the Cluster IP Address is used as the Network Interface IP Address of the Active RF Manager. Hence, the Active RF Manager earlier Network Interface IP Address is not used anymore. 6. After 5 minutes, log into both the RF Managers using their new Network IP Address.
Execute the command get status to verify that the RF Manager Mode is Standalone
and the services are ON.
[config]$ get status

Displays status of server processes.
Server Mode: [Standalone]
Server Status: [ON]
Database Server Status: [ON]
Web Server Status: [ON]
SSH Status: [ON]
10-16
Scenario 4: Replacing a Server from an HA Cluster

1. HP ProCurve strongly recommends that you backup the database on the Active RF Manager using the command db backup on the RF Manager Config Shell. This database backup can be used to restore the Active RF Manager to a known working state if the RF Manager enters an unrecognized state due to errors in HA setup. 2. In HA Configuration Table on page 10-5, fill up all the information of the RF Manager
being replaced in the Server 2 Information (Standby RF Manager) column. This
information should be used to configure the new replacement RF Manager.
3. In HA Configuration Table on page 10-5, fill up all the information of the other RF
Manager in the Server 1 Information column.
4. Shutdown the RF Manager to be replaced. (See Shutting Down on page 2-1.) The other RF Manager will take over as the Active RF Manager if the damaged RF Manager was initially operating as Active. Remove the powered down RF Manager. Now you have an HA Cluster with only one RF Manager, which is the Active RF Manager. 5. The RF Manager currently in the HA Cluster is the Active RF Manager because it has the latest configuration and operational data and it is responding to the Cluster IP Address. Therefore, the other replacement RF Manager must be the Standby RF Manager. 6. Obtain a new license key file that is generated using the serial numbers of the Active RF Manager and the new replacement RF Manager. If you are not sure about this, visit www.procurve.com/contact-support before configuring HA. 7. On the Active RF Manager, go to Administration > Global Policies > System Settings > License. See License on page 9-48 to activate the license key file obtained above. 8. Disable HA. See Scenario 3: Disabling HA on page 10-15. This will bring the Active RF Manager in Standalone mode. 9. Install and configure the Standby RF Manager. 10. During the Server Initialization and Setup Wizard procedure, in Step 2 Change Network Settings, use the parameter values from the following table.

Value to be used from the Server 2 (Standby) Information column of HA Configuration Table
11. Securely connect a crossover Ethernet cable between the HA interfaces of these RF Managers.
10-17
12. At this point, both the RF Managers are configured for Network Settings. Now you need to setup the HA Cluster using these two RF Managers. 13. On the Config Shell of the Active RF Manager, execute the command set ha. Set HA Status to ON. This will launch the HA Setup Wizard. 14. In Step [2 of 5]Set up Failover Configuration of HA Cluster of the HA Setup Wizard, configure this RF Manager as Active. For other steps, use values for parameters noted in HA Configuration Table on page 10-5. 15. After successful completion of the above step, the HA Cluster is setup and can be accessed using the HA Cluster IP Address. 16. To verify that the HA Cluster is setup successfully, see Verifying if the HA Cluster is in Normal State on page 10-8.
Scenario 5: Reconfiguring RF Managers in an HA Cluster

Follow the instructions in this section if you want to modify any of the following settings on the Active or the Standby RF Manager in an operational HA Cluster. a. HA Cluster IP Address b. Network Interface IP Address c. Network Interface Subnet Mask d. Network Interface Gateway IP Address e. HA Interface IP Address f. HA Interface Subnet Mask. Ifyouwanttomodifyanyoftheabovesettings,youneedtofirstdisableHA,changethe requiredsettingsandthenenableHAagain. 1. HP ProCurve strongly recommends that on the RF Manager configured as Active RF
Manager, you backup the database using the command db backup on the RF Manager
Config Shell. This database backup can be used to restore the Active RF Manager to a
known working state if the RF Manager enters an unrecognized state after
reconfiguration.
2. Fill up all the required data for the Active RF Manager in the Server 1 Information
column of HA Configuration Table on page 10-5.
3. Fill up all the required data for the Standby RF Manager in the Server 2 Information
column ofHA Configuration Table on page 10-5.
4. For parameters to be modified, fill up new values in HA Configuration Table on
page 10-5.
5. Disable both the RF Managers from the HA cluster as explained in Scenario 3: Disabling HA.
10-18
6. Now you need to setup the HA Cluster of these two RF Managers using the new values
filled in HA Configuration Table on page 10-5.
7. On the Config Shell of the Active RF Manager, execute the command set ha. In the HA Setup Wizard, set HA Status to ON. 8. In Step [2 of 5]Set up Failover Configuration of HA Cluster of the HA Setup Wizard, configure this RF Manager as Active. 9. After successful completion of the above step, the HA Cluster is setup and can be
accessed using the HA Cluster IP Address.
10. To verify that HA Cluster is setup successfully, see Verifying if the HA Cluster is in Normal State on page 10-8.
Scenario 6: Upgrading an HA Cluster

1. If you want to upgrade RF Managers in an HA with version 5.2 or earlier to version 5.9 (for example, RF Manager upgrade from version 5.1 to version 5.9), see HA Configuration for the existing RF Manager version. 2. To upgrade HA RF Managers from version 5.5 to a newer version, follow the steps in this section. 3. Starting with version 5.5, RF Manager supports single step upgrade of both the RF
Managers in the HA Cluster. Unlike earlier versions, to upgrade RF Managers in the HA
Cluster; now you do not need to disable HA, upgrade both the RF Managers separately
and then enable HA again.
4. Before upgrading the HA Cluster, HP ProCurve strongly recommends that you backup the database on the Active RF Manager. Access the Active RF Manager Config Shell using the HA Cluster IP Address. Execute the command db backup on the RF Manager Config Shell. This database backup can be used to restore the Active RF Manager to a known working state if the RF Manager enters an unrecognized state due to errors in HA setup. 5. Before proceeding with the RF Manager upgrade, ensure that the HA interfaces of both the RF Managers are securely connected using a crossover Ethernet cable. 6. Access the RF Manager Console (ensure that you use the HA Cluster IP Address) with
Superuser credentials.
7. Verify that the HA Cluster is in normal state. See Verifying if the HA Cluster is in
Normal State on page 10-8. You cannot proceed with RF Manager upgrade if the HA
Cluster is not in the normal state.
8. If the HA Cluster status is normal, you can proceed to upgrade the HA Cluster. Go to
Administration > Global Policies > System Settings > Upgrade. See Upgrade on
page 9-52 to upgrade both the RF Managers in the HA Cluster.
9. The Standby RF Manager is upgraded first. If this upgrade succeeds, then the Active RF Manager is upgraded. After successful upgrade of both the RF Managers in the HA Cluster, they will be rebooted. After reboot, the HA Cluster comes up in normal state providing HA of the services.
10-19
High Availability High Availability Events
Note
If upgrade of the Standby RF Manager fails for some reason, it is dropped from the HA Cluster and put in Standalone mode. In this case, the Active RF Manager is not upgraded to the new version. At this point, the Active RF Manager is the only RF Manager in the HA Cluster. After successful upgrade of the Standby RF Manager, if upgrade of the Active RF Manager fails, then the Active RF Manager is dropped from the HA Cluster and put in Standalone mode. The Standby RF Manager, which was successfully upgraded to the new version, is rebooted so that it takes over as the Active RF Manager. At this point, the HA Cluster contains only one RF Manager.
High Availability Events

The following events pertain to HA configuration.
HA RF Manager Switch
This event is generated when the Standby RF Manager takes over the operation from the Active RF Manager. After this switching, the roles of the Active and the Standby RF Managers are swapped.
HA Link Down
This event is generated when the HA Interface link between the Active RF Manager and the Standby RF Manager goes down. Follow the recommended actions below to identify the cause of the event and reestablish the connection: On the Config shell of the Active RF Manager, execute the command get ha. The value of the HA Status parameter indicates the Synchronization and Connectivity state.
[config]$ get ha
Displays High Availability (HA) Cluster configuration and service
status.
Configuration of HA Cluster:
---------------------------...
HA Cluster Status: [Up]
...
If HA Cluster Status is Up and Data Synchronization State is Complete, temporary disconnection of the HA Interface link may have caused this event and you do not need to take action.
10-20
High Availability Scenarios After Take Over and Reconnection

If HA Cluster Status is Other Server Not Reachable, it indicates a possible failure of the HA Interface link. Investigate why the HA Interface link between the Active and Standby RF Manager has gone down. Securely restore the HA Interface link. After the HA Interface link is restored, HA Cluster Status will change to Up state.
Note
For HA of the product, it is required that the Active and Standby RF Managers are connected to each other for synchronization. Unless both the RF Managers are ON and connected to each other, HA feature will not work.
HA Link Up
This event is generated when the communication between the Active RF Manager and the Standby RF Manager is established over the HA Interface link. This event if generated only when the HA Interface link comes up from the link down state.
Scenarios After Take Over and Reconnection

Split Brain Scenario
Split Brain scenario occurs when both the RF Managers in the HA Cluster are not able to communicate with each other on the Network Interface and HA Interface. In this scenario, the Standby RF Manager assumes that the Active RF Manager is dead, and becomes Active. Thus, both the RF Managers operate in Active mode. This scenario can occur if Network Interface and HA Interface links of any RF Manager are disconnected. RF Manager can automatically detect this Split Brain situation. When both interface links (Network Interface and HA Interface) are restored, then only one RF Manager is made Active. The other acts as the Standby RF Manager.
10-21
High Availability Scenarios After Take Over and Reconnection
10-22
Appendix A: RF Manager Legacy Systems
A
RF Manager Legacy Systems
Introduction
This section describes the procedure for upgrading legacy systems to RF Manager 5.9. It is important that you read this document before proceeding. Legacy systems include:

RF Manager 100 IDS/IPS system (J9397A) RF Manager 50 IDS/IPS system (J9398A)
Note
If you have RF Manager or Sensors prior to version 5.0, do not proceed with the upgrade yourself. Visit www.procurve.com/contact-support for details.
Pre-requisites
You must be familiar with the following before you read this document.

High Availability (HA) Configuration for RF Manager. Network Detector Configuration for RF Manager.
Upgrading pre 5.0 System

Visit www.procurve.com/contact-support for details.
Upgrading 5.0, 5.2, or 5.5 System

The following are the high level steps needed to upgrade RF Manager: 1. Log into the RF Manager Config shell, execute the upgrade command, and follow the onscreen instruction to upgrade the RF Manager. 2. To upgrade the Sensors, use the sensor management tool to upgrade software.
RF Manager Legacy Systems Download the Upgrade Package
Download the Upgrade Package

Go to Administration > Global Policies > System Settings > Upgrade and follow the onscreen prompts.
Figure 1 Upgrade
Prerequisites
1. Sun Java Runtime Environment (JRE) version 1.6 or above must be installed on the computer from where you access the Console. 2. Popup blockers on the computer from which the Console is accessed must allow popup windows from the Server. 3. If there is a firewall between the computer from which the Console is accessed and the Server, TCP port 8080 of the Server must be accessible from that computer. 4. Only users with the Superuser role can initiate Server upgrade using this method.
Tip
To upgrade the Server to a higher version, ensure that you access the Console using a computer whose IP address is not behind Network Address Translation (NAT). If you access the Console, using a NATed IP, upgrade will continue in the background but you cannot view the upgrade progress messages. See Upgrade on page 9-52.
A-2
RF Manager Legacy Systems High Availability Cluster Upgrade
High Availability Cluster Upgrade

The following steps will guide you through the upgrade of HA RF Managers from RF Manager version 5.0, 5.2 or 5.5 to version 5.9. 1. On the Standby RF Manager Config Shell:

Execute set ha connect command. Set HA connect status to OFF; follow instructions in the command.
2. On the Active RF Manager Config Shell:

Execute set ha connect command. Set HA connect status to OFF; follow instructions in the command.
Note
Both RF Managers should then reboot. 3. On the Standby RF Manager Config Shell:
Execute set ha command. Set HA mode to OFF; follow instructions in the command.
4. On the Active RF Manager Config Shell:
Execute set ha command. Set HA mode to OFF; follow instructions in the command.
Note
Both the RF Managers should then disable HA and reboot. Both the RF Managers are now in Standalone mode. 5. Upgrade both the RF Managers independently using the RF Manager CLI. 6. Follow instructions in Configuring High Availability in RF Manager on page 10-3 to set the two RF Managers in the HA mode.
Prepare for Upgrade

Note
If you have RF Manager or Sensors of version earlier than 5.0, do not proceed with the upgrade yourself. Visit www.procurve.com/contact-support for details. OR If you are trying to upgrade an HA configuration, do not use the below process. See High Availability on page 10-1. If you are not sure, visit www.procurve.com/contact-support for details. Perform the following steps to upgrade the RF Manager: 1. Log into the RF Manager Config Shell via SSH. Run the db backup command to back up the database.
A-3
RF Manager Legacy Systems Upgrade the RF Manager using Console
2. Log into the Console as an Administrator. Uncheck the Activation Flags to turn off event generation and intrusion prevention.
Figure 2 Disable Activation Flags
Upgrade the RF Manager using Console

To upgrade the existing version of RF Manager to RF Manager 5.9 through the Console, see Upgrade on page 9-52. To verify that the RF Manager upgrade has completed successfully, check the RF Manager version using the command get version on the RF Manager Config Shell as shown below. You should ensure that the RF Manager version is the latest.
Figure 3 get version command showing Version and Build information of the RF Manager
This completes the RF Manager upgrade.
A-4
RF Manager Legacy Systems Upgrade Sensors
Upgrade Sensors
MSM335 and MSM325 Sensors are upgraded by loading appropriate software image through the management tool.

In Controlled Mode, upgrade is done through the controller management tool. In Autonomous Mode, load the latest Firmware for upgrade through the sensor
management tool.
MSM415 (802.11n) Sensors are upgraded from Devices > Sensors screen from the RF Manager Console. 1. Log into the Console as a Superuser. 2. Go to the Devices > Sensors screen. 3. Select any geographical location (from the location tree in the left panel). 4. Sort the rows by the left icon column. This will group all Sensors requiring upgrade
together.
5. To begin, select only one orange-colored Sensor. To upgrade, right click the Sensor and choose Upgrade.
Figure 4 RF Manager Console showing Sensors that need Upgrade
6. The Confirm Upgrade/Repair of Sensor(s) to Build X dialog opens, click Yes to upgrade.
A-5
RF Manager Legacy Systems Upgrade Sensors
Figure 5 Confirm Upgrade/Repair Sensor dialog
Upgrade in progress status for the Sensors is shown on the Console by a blue row as shown below.
Figure 6 RF Manager Console showing Sensors Upgrade in Progress
7. Wait for about 20 minutes. Then refresh the Devices > Sensors screen.
Note
Do not perform any other activities on the Console or Config Shell during upgrade. Do not shut down the RF Manager while the upgrade is in progress. This may cause the Sensors to go into an inconsistent state. If the upgrade succeeds (that is, chosen Sensor(s) turn(s) green). a. Upgrade the rest of the Sensors in the location (a maximum of five at a time). This can take 20 to 30 minutes. b. If all the Sensors in a location are upgraded successfully, proceed to the next location. Repeat Step 3 to Step 6. 8. If any upgrade fails (Sensor turns red or remains orange) at a location:
A-6
RF Manager Legacy Systems Finish Upgrade
a. Report immediately to HP ProCurve before proceeding to upgrade other Sensors at the same or another location. b. HP ProCurve technical support will investigate the problem and advise you on further upgrades.
Note
Sensors with version older than 5.9 will continue to work with RF Manager 5.9. However, some new functionalities of the RF Manager 5.9 release will not be supported.
Figure 7 RF Manager Console showing Sensors with the Upgraded Version
Finish Upgrade
Note
Upgrading to RF Manager from version 5.2 and earlier to version 5.9 leads to significant enhancements in the device policy management. This may cause some devices to be classified incorrectly. Hence it is highly recommended to manually examine your Console and verify WLAN setup, policies, and classification of devices before turning intrusion prevention flag to ON. See Authorized WLAN Setup on page 9-75. When RF Manager is upgraded to a new version successfully, you should re-enable the Activation Flags. To do this, check Activate Event Generation for location Locations and Activate Intrusion Prevention for location Locations checkboxes in the respective screens Administration > Local tab > Location Properties > Event Activation and Administration > Local tab > Location Properties > Intrusion Prevention Activation. This will restore RF Manager to its normal operation.
A-7
RF Manager Legacy Systems Finish Upgrade
Figure 8 Event Activation
Figure 9 Intrusion Prevention Activation
A-8
RF Manager Legacy Systems Legacy RF Manager Quickstart
Legacy RF Manager Quickstart

This Quickstart applies to the following RF Manager systems:

RF Manager 100 IDS/IPS system(J9397A) RF Manager 50 IDS/IPS system (J9398A).
After following the directions in this Quickstart, see the rest of this manual. If you are using the RF Manager with access points in autonomous mode, see the MSM 3xx / 4xx Access Points Management and Configuration Guide. If you are using the RF Manager with access points in controlled mode, see the MSM7xx Controllers Management and Configuration Guide. All are available at www.hp.com/go/procurve/manuals.
Hardware overview
Package contents
RF Manager Controller with software and license for 50 or 100 sensors, License forms, sliding rail kit for rack mounting, three power cables (one each for North America, Europe, and the UK), RJ45-to-DB9 adapter for console port. RF Manager ships fully assembled and ready to operate.
Ethernet ports
RF Manager has two auto-sensing 10/100/1000 Ethernet ports, each with status LEDs on the left and right port edges.
Console port
The RF Manager provides a DB-9 (female) Console (serial) port connector. To connect to a computer, use a standard (straight through) serial cable (male to female).
Reset button
Press and quickly release the button to restart the RF Manager.
A-9
Status LEDs
Status LEDs are located on both the front and back of the RF Manager.
LED
State
Off Flashing
Description
The RF Manager has no power. The RF Manager is starting up. If the power LED continues to flash after several minutes, it indicates that the firmware failed to load. Reset or power cycle the RF Manager. If this condition persists, contact technical support. The RF Manager is fully operational. No Ethernet link. Transmit/receive activity. Solid: Ethernet link but no transmit/receive activity. Link speed 10 Mbps Link speed 100 Mbps Link speed 1000 Mbps (gigabit)
Power (front)
On Off Port LEDs (back) (right edge of port) Flashing On Off Port LEDs (back) (left edge of port) On (green) On (orange)
Mounting tips
The RF Manager can be mounted in any 19-inch rack using the provided mounting brackets. You may wish to mount the RF Manager only after performing all procedures in this section.
Initial configuration
Initial configuration of the RF Manager is accomplished using the RF Manager Config Shell. There are two ways to connect to the RF Manager Config Shell: Ethernet connection or serial connection. This procedure explains how to use an Ethernet connection.
Note
Do not power on hardware until directed.
A. Configure your computer

1. Connect the Ethernet port on your computer to the Ethernet port 1 on the RF Manager. 2. Configure your computer to use a static IP address of 192.168.1.1. For example, in Windows XP, use Control Panel > Network Connections > Local Area Connection > Properties > Internet Protocol (TCP/IP) > Properties.
A-10
B. Start the RF Manager

Connect the power cable to the RF Manager. It starts up as soon as you connect the power cable to a wall outlet. It is fully operational as soon as the power LED remains solid.
C. Connect to the RF Manager

1. Start your SSH client software and establish a connection with the RF Manager at the IP address 192.168.1.246. 2. When prompted to log in, specify config for both username and password. 3. The Initialization and Setup Wizard automatically starts.
D. Complete the Initialization and Setup Wizard

The wizard walks you through the following operations. For detailed instructions on each step see the RF Manager Installation and Getting Started Guide. 1. Changing the shell password: For security reasons change the shell password from its default setting. 2. Changing network settings: Define network settings for port 1 according to the
requirements of the network to which the RF Manager will be connected.
Network settings IP address: Specify the IP address to assign to the RF Manager port 1. This address must be compatible with the network segment to which the RF Manager will be connected.

Subnet Mask: Specify the subnet mask compatible with the specified IP address. Gateway IP Address: Specify the address of the gateway that the RF Manager will use on the network. Primary/Secondary/Tertiary DNS Address: Specify the addresses of the DNS server that the RF Manager will use on the network. DNS Suffix: Specify the name of the domain where DNS requests are resolved. This suffix is appended to all DNS requests.
3. After this step, the new IP settings are applied. You then need to connect RF Manager to your network and start an SSH session and finish going through the setup wizard. 4. Setting time zone, date, and time: Synchronization and certificate problems can
occur if RF Manager time is not accurate.
5. Setting the Server ID: The server ID uniquely identifies each RF Manager on a network. An HP ProCurve access point (AP) such as the MSM325 or MSM335 (both with Sensors) and the MSM415 Sensor can use the server ID to connect with a specific RF Manager. 6. Reboot: When the wizard is done, you will be prompted to confirm your configuration settings and reboot. The new settings only take effect after the RF Manager is rebooted.
A-11
E. Connect to the network

You are now ready to connect the RF Manager to your network. Use a standard Ethernet cable to connect port 1 on the RF Manager to your network.
F. Add a DNS entry

If the AP sensors are configured to use a hostname to connect to the RF Manager, configure the network DNS server to associate the hostname with the IP address you assigned to the RF Manager.
G. Install the MAP sensors

1. Follow the instructions provided in the MSM325 or MSM335 Quickstart to install and configure the APs for operation. For the MSM415, follow the instructions in the HP ProCurve RF Manager and Sensors Installation and Configuration Guide. 2. Connect each AP or Sensor to the network segments (subnets) that need to be protected.
H. Check that the RF Manager recognizes the sensors

1. Open the RF Manager Config Shell on the RF Manager using an SSH client software. 2. At the [config]$ prompt, type the command get sensor list and press Enter. 3. A list of all installed sensors is displayed. For example:
[config]$ get sensor list
Displays list of connected Sensors.
MAC Address | IP Address | Status | Mode | Version
------------------------------------------------------------------------00:03:52:01:5E:AC| 192.168.30.72 | Connected | Sensor | 4.2.18 00:03:52:01:57:E4| 192.168.130.110| Connected| Sensor | 4.2.18 00:03:52:03:89:64| 192.168.1.10 | Connected | Sensor | 4.2.18 (3 rows) [config]$
If a sensor fails to appear in the list, recheck its configuration. RF Manager is now ready for configuration and operation. Configuration and operation of the RF Manager occurs via a web-based interface called the RF Manager Console. For complete instructions on using the Console refer to the rest of this guide.
Initial configuration of the Integrated Sensor

For information on configuring the MSM415 Sensor, see the HP ProCurve RF Manager and Sensors Installation and Configuration Guide. The MSM325 and MSM335 APs can function as an RF sensor on up to two of its radios in conjunction with RF Manager. Use the following steps to enable and configure these sensors.
A. Start the AP management tool

For an autonomous AP, start the AP management tool as described in the AP Quickstart.
A-12

For a controlled AP, start the management tool on the associated MSM7xx service controller as described in the appropriate MSM7xx Quickstart.
B. Configure the sensor to connect to an RF Manager

1. Open the Sensor configuration page.

For an autonomous AP, select Security > Sensor. For a controlled AP in the MSM7xx management tool, in the Network Tree select Service Controller > Controlled APs > Default Group, and then select the name of the AP. By default, this will be the AP serial number.
Note
If the AP has a red flag next to it in the Network Tree and a license violation message, it means that there is no sensor license installed. 2. In the right pane select Configuration > Sensor. Clear the Inherited checkbox.
3. Under Connect to RF Manager Server using, do one of the following:

Select Server ID and then enter the ID number of the RF Manager with which to connect. Enter 0 to specify that the MAP search for the first available RF Manager. Support for multicast traffic must be enabled on all routers and switches between the MAP and the RF Manager. Select IP address and hostname to connect to a specific RF Manager, then enter the IP address of the RF Manager or its hostname. If you enter a hostname, ensure that the AP is able to resolve the hostname through DNS. An entry must be created on the network DNS server that points to the IP address of the RF Manager.
4. Select Save. 5. On the Radios page, set the Operating mode of at least one radio to Sensor, and select Save.
C. Connect to the network

Connect the AP to a network that provides access to an RF Manager.

The AP must be able to reach the RF Manager through a network connected to port 1. You should be able to ping the RF Manager IP address from the AP.
A-13

If there are any firewalls between the AP and the RF Manager, TCP and UDP ports 3851 must be open in both directions.
The sensor is now operational and should be detected by the RF Manager.
A-14
Appendix B: SNMP Interface
SNMP Interface
The system sends traps to an SNMP management station when a Sensor generates an event. You can view a trap sent from the system using SNMP manager software such as HP Open View or MG Soft MIB (Management Information Base) browser. The SNMP manager software allows you to view a detailed description of the trap and thereby the functioning of your wireless network. Perform the following steps from the SNMP management station to receive traps from the system and to dig deeper into the Sensors. 1. Configure the system to specify the IP address, community string, and the SNMP version of the SNMP management station. This can be done from Administration > Local tab > ESM Integration > SNMP screen of the Console. 2. Compile the MIB file and enable the SNMP management station to receive traps. The system currently generates traps for all the events. The format of the trap is: RF Manager Event. The display format of the trap on the SNMP managed Console is as shown in the following table.
Table 1SNMP Trap Format
Date Time
10:11:04/14.21
Source
192.168.1.246
Trap Description
Security Event: De-authentication broadcast attack detected on Authorized AP Security Event: Unauthorized Client has associated with a threat-posing AP Monitoring Event: New Sensor has connected to Server Monitoring Event: Server has started successfully on appliance
Date/Time: Specifies the date and time the trap is generated. Source: Specifies the DNS name/IP Address of the Server sending the trap. Trap Description: Gives a brief description of the trap.
The Internet Assigned Numbers Authority (IANA) assigned Private Enterprise Number is 8744.
SNMP Interface
B-2
Appendix C: Glossary
C
Glossary
Acronyms:
Abbreviation Description
AP DNS DoS ESM IEEE LAN LDAP LWAPP MAC MIB NAV NOC OPSEC RF SMTP SNMP SSID SSL UDP VPN WEP WLAN WLSE Access Point Domain Name System (or Service or Server) Denial of Service Enterprise Security Management Institute of Electrical and Electronics Engineers Local Area Network Light-Weight Directory Access Protocol Light-Weight Access Point Protocol Media Access Control Management Information Base Network Allocation Vector Network Operations Center Operations Security Radio Frequency Simple Mail Transfer Protocol Simple Network Management Protocol Service Set Identifier Secure Socket Layer User Datagram Protocol Virtual Private Network Wired Equivalent Privacy Wireless Local Area Network Wireless LAN Solution Engine
Glossary Terms
Terms
Term
.SPM file 802.11 Access Point
Description
Planner File, a proprietary file format that holds information about RF signal values, placement of devices, and device settings An IEEE wireless LAN specification for over-the-air interface between a wireless Client and a base station or between two wireless Clients Access Point also referred to, as an AP is a station* that provides distribution services. It is the hub used by wireless Clients for communicating with each other and connecting to the WLAN * A station is the component that connects to the wireless medium A network formed by peer-to-peer connections between wireless Clients. It is difficult to enforce tight security policy controls on ad hoc connections. Therefore, ad hoc connections create a security vulnerability An Authorized Client is one that has successfully connected to an Authorized AP at least once. Once identified as Authorized, a Client remains Authorized until it is deleted by the administrator and is re-classified as Unauthorized A feature provided by the system that automatically tags devices and events based on the Sensors that see the event and the location of the devices that participate in the event This section of the Dashboard screen displays a list of all the APs automatically and manually categorized Classification Policy allows you to define AP and Client classification policies to control automatic movement of APs and Clients to the appropriate folders A laptop, a handheld device, or any other system that uses the wireless medium (802.11 standard) for communication Community string is a key used to authenticate a message sent by the SNMP agent to the SNMP manager Domain Name Service, an Internet service that translates domain names into IP addresses Denial of Service, an attack that degrades the performance of an official WLAN An AP with two radios to support Clients on multiple bands A unique name by which a computer is identified on the network An AP for which the system cannot determine whether it is plugged into your wired network. This AP should be inspected and manually moved to one of the AP folders The Intrusion Prevention Policy allows the system proactively block an AP or a Client to automatically protect the network against various wireless security threats
Ad hoc Network
Authorized Client
Auto Location Tagging Categorized Devices APs Classification Policy Client Community String DNS DoS Dual Radio AP Hostname Indeterminate AP Intrusion Prevention (Quarantine) Policy
C-2
Glossary Terms
Term
IP Address Location Tracking MAC Address
Description
Internet Protocol Address, a 32-bit numeric identifier for a computer or a device on the network A distinguishing feature of the system that allows you to automatically locate a device placed on a floor map Media Access Control Address, a unique 6-byte (48 bit) address burnt into the network adapter by the manufacturer and is often transparent to a user; a networked device has a MAC address corresponding to each network interface An attacker AP masquerades the Authorized AP by advertising the same MAC address and other features set as the authorized/other AP in its Beacon/Probe Response frames. The system generates an alert on detection of AP MAC spoofing An AP in the Authorized list, that is plugged into your wired network but does not conform to the Network Policy settings (SSID, Vendor, Encryption, and Protocol) for its network segment A device that can co-exist on a Trunking switch; the ND can detect as many LAN segments as you configure on the switch An expansion board or a card that is inserted into a computer so that the computer can be connected to a network Network status specifies if the network is locked or unlocked. Once a protected network segment is locked, all new APs connected to it are pre-classified as Rogue and have to be approved manually. If a protected network segment is unlocked, any new APs connected to this network will be automatically classified based on the Security, Protocol, SSID, and Vendor Settings A new AP plugged into your wired network and conforming to the Network Policy settings (SSID, Vendor, Encryption, and Protocol) for its network segment; this AP must be inspected before manually moving it to the Authorized AP folder A new AP not plugged into your wired network. This is an AP usually belonging to a neighbor. It does not pose a threat to your wired network
MAC Spoofed AP
Mis-configured AP
Network Detector Network Interface Card Network Status
Potentially Authorized AP Potentially External AP
Potentially Rogue AP A new AP plugged into your wired network but not conforming to the Network Policy settings (SSID, Vendor, Encryption, and Protocol) for its network segment. This AP is never authorized and can be automatically moved to the Rogue AP folder based on the Classification Policy Security Settings SMTP An IEEE 802.11 defined MAClevel privacy mechanism that protects the contents of data frames from eavesdropping using encryption Simple Mail Transfer Protocol, A protocol for sending e-mail messages between Servers. Most e-mail systems that send mail over the Internet use SMTP to send messages from one Server to another Simple Network Management Protocol, a set of protocols for managing complex networks
SNMP
C-3
Glossary Icons
Term
Software AP SSID Unauthorized Client Uncategorized Devices APs VPN
Description
Software implementation of AP functionalities that permits a WLAN enabled device to act as an AP A unique token identifying an 802.11 WLAN; all wireless devices on a WLAN must employ the same SSID to communicate with each other A Client that is not authorized; an Unauthorized Client has never connected successfully to an Authorized AP This section of the Dashboard screen displays a list of all the newly discovered APs Virtual Private Network, a network constructed using public wires to connect nodes. For example, there are a number of systems that enable you to create networks using the Internet as the medium for transporting data; these systems use encryption and other security mechanisms to ensure that only authorized users can access the network and that the data cannot be intercepted Wired Equivalent Privacy, an IEEE 802.11 defined MAClevel privacy mechanism that protects the contents of data frames from eavesdropping using encryption Wireless Local Area Network that uses high frequency radio waves, rather than wires to communicate between nodes Wireless LAN Solution Engine, a centralized, systems-level application for managing and controlling an entire Cisco WLAN infrastructure
WEP WLAN WLSE
Icons
This section provides a quick reference to the various icons used in the system.
Navigation Bar Icons

Icon Name: Description
Dashboard: The tab with this icon signifies the Dashboard screen that displays a consolidated view of the WLAN environment. Events: The tab with this icon signifies the Events screen that displays various event categories in the network. Devices: The tab with this icon signifies the Devices screen that provides information on the wireless devices in the network. Locations: The tab with this icon signifies the Locations screen that displays live RF maps of the network.
C-4
Glossary Icons
Icon
Name: Description
Reports: The tab with this icon signifies the Reports screen that allows you to generate various reports. Administration: The tab with this icon signifies the Administration screen that allows you to perform various administrative activities. Troubleshooting In Progress: This blinking icon indicates that troubleshooting is in progress on an AP, Client, or Sensor. Refresh: The button with this icon refreshes the current screen. Help: The button with this icon displays the Help file. Legends: The button with this icon displays the list of icons used and their description. About RF Manager: The button with this icon displays the version and patent number and license information of the system. Logout: The button with this icon allows you to logout from the Console.
General Icons

Error!: This icon indicates an application level event that needs immediate remedial action. Information: This icon indicates an informational level event that does not need immediate action. Warning: This icon indicates an application level event that needs attention. Confirmation: This icon indicates an application level event that needs immediate user input.
Dashboard Tab Icons

Event Generation turned ON: The button with this icon shows that events are generated for the selected location. You can click this button to go to the Administration screen to turn OFF Event Generation. Event Generation turned OFF: The button with this icon shows that events are not generated for selected location. You can click this button to go to the Administration screen to turn ON Event Generation.
C-5
Glossary Icons
Icon
Name: Description
Intrusion Prevention turned ON: The button with this icon shows that intrusion prevention is activated for the selected location. You can click this button to go to the Administration screen to turn OFF Intrusion Prevention. Intrusion Prevention turned OFF: The button with this icon shows that intrusion prevention is deactivated for the selected location. You can click this button to go to the Administration screen to turn ON Intrusion Prevention. Secure: This icon shows that the network is secure as the events that cause the network to be vulnerable have not been detected or have been acknowledged. Vulnerable: This icon shows that the network is vulnerable as the events that cause the network to be vulnerable have been detected or not all of them have been acknowledged. Edit Policy: The button with this icon enables you to edit policies. More Information: The button with this icon enables you to view more information in a graphicstext format on a particular section. Bar Chart: This button with this icon enables you to view a bar graph of event data. Pie Chart: This button with this icon enables you to view a pie graph of event data. Filter: The button with this icon on the Dashboard-Charts screen allows you to select an item from a drop-down combo box.
Events Tab Icons

Printable view: The button with this icon enables you to view printable reports on the Events and Devices screens. Security Event: This icon indicates an event that indicates impending or actual breach of network security and must be addressed immediately. Monitoring Event: This icon indicates an informative event that need not be addressed immediately. High: This icon indicates an event with high severity. Medium: This icon indicates an event with medium severity. Low: This icon indicates an event with low severity. New: This icon indicates an event that is neither read nor acknowledged. Read: This icon indicates that the event has been read.
C-6
Glossary Icons
Icon
Name: Description
Acknowledged: This icon indicates that the event has been read and acknowledged. Calendar Control: The button with this icon allows you to select the date and the time when generating events or reports for a particular duration. Active: This icon indicates a live event in which the triggers that raised the event are operational or continue to exist; this event has a valid start time stamp. Active and Updated: This icon indicates a live event that has been updated, that is, some activity has occurred since the event was last read. Past: This icon indicates an expired event in which the triggers that raised the event are not operational or have ceased to exist; this event has a valid start and stop time stamp. Secure: This icon indicates an event that does not contribute to the vulnerability status of the system. Vulnerable: This icon indicates an event that contributes to the vulnerability status of the system.
Devices Tab Icons

Rogue AP-Active: This icon shows that a Rogue AP is active and visible to Sensor(s). Rogue AP-Inactive: This icon shows that a Rogue AP that was earlier visible to Sensor(s) is inactive. Mis-configured AP-Active: This icon shows that a Mis-configured AP is active and visible to Sensor(s). Mis-configured AP-Inactive: This icon shows that a Mis-configured AP that was earlier visible to Sensor(s) is inactive. Authorized AP-Active: This icon shows that an Authorized AP is active and visible to Sensor(s). Authorized AP-Inactive: This icon shows that an Authorized AP that was earlier visible to Sensor(s) is inactive. External AP-Active: This icon shows that an External AP is active and visible to Sensor(s). External AP-Inactive: This icon shows that an External AP that was earlier visible to Sensor(s) is inactive. Indeterminate AP-Active: This icon shows that an Indeterminate AP is active and visible to Sensor(s). Indeterminate AP-Inactive: This icon shows that an Indeterminate AP that was earlier visible to Sensor(s) is inactive. Merged AP-Active: This icon indicates a merged AP is active and visible to Sensor(s).
C-7
Glossary Icons
Icon
Name: Description
Merged AP-Inactive: This icon shows that a merged AP that was earlier visible to Sensor(s) is inactive. Not plugged into your wired network: This icon shows that an AP is not connected to your wired network. Plugged into your wired network: This icon shows that an AP is connected to your wired network. Not sure if it is plugged into your wired network: This icon shows that an AP may be connected to your wired network. Not in Quarantine: This icon shows that the AP/Client is not in quarantine. Quarantine Pending: This icon shows that the AP/Client needs to be quarantined, but quarantine is pending. Quarantined: This icon shows that the AP/Client has been quarantined. It can also show that the AP is in port blocking. Banned List: This icon shows that the AP/Client has been added to the Banned List. Troubleshooting: This icon shows that troubleshooting is in progress on a device. Troubleshooting + Banned List: This icon indicates that the device is busy in troubleshooting and is in Banned List. Event Level Mode: This icon indicates that a troubleshooting session in event level mode is in progress. Packet Level Mode: This icon indicates that a troubleshooting session in packet level mode is in progress. Authorized Client-Active: This icon shows that an Authorized Client is active and visible to Sensor(s). Authorized Client-Inactive: This icon shows that an Authorized Client that was earlier visible to Sensor(s) is inactive. Unauthorized Client-Active: This icon shows that an Unauthorized Client is active and visible to Sensor(s). Unauthorized Client-Inactive: This icon shows that an Unauthorized Client that was earlier visible to Sensor(s) is inactive. Uncategorized Client-Active: This icon shows that an Uncategorized Client is active and visible to Sensor(s). Uncategorized Client-Inactive: This icon shows that an Uncategorized Client that was earlier visible to Sensor(s) is inactive. Client in Ad hoc Mode-Active: This icon shows that a Client in ad hoc mode is active and visible to Sensor(s). Client in Ad hoc Mode-Inactive: This icon shows that a Client that was earlier in ad hoc mode and visible to Sensor(s) is inactive.
C-8
Glossary Icons
Icon
Name: Description
Sensor-Active: This icon shows that the Sensor is connected to the Server and is actively monitoring the network. This Sensor has the latest software version and does not need to be upgraded. Sensor-Inactive: This icon shows that the Sensor is not connected to the Server and is currently not monitoring the network. This Sensor has the latest software version and does not need to be upgraded. Sensor Repair In Progress: This icon shows that Sensor Repair is in progress. Sensor Upgrade In Progress: This icon shows that Sensor Upgrade is in progress. Sensor Upgrade Required: This icon shows that the Sensor needs to be upgraded to a new version. Sensor Upgrade Pending: This icon shows that the Sensor needs to be upgraded to a new version and that the upgrade is pending. Sensor Upgrade Failed: This icon shows that the Sensor upgrade to a new version has failed. Sensor Repair Required: This icon shows that the Sensor needs to be repaired as the Sensor binaries are not updated. Sensor Repair Pending: This icon shows that the Sensor needs to be repaired as the Sensor binaries are not updated and that the repair is pending. Sensor Repair Failed: This icon shows that the Sensor repair to a new binary version has failed. Sensor Indeterminate: This icon shows that the Sensor is in an indeterminate or irrecoverable state. Sensor Version Mismatch: This icon shows that the Sensor software version is higher than that of the Server. Network Detector-Active: This icon shows that the ND is connected to the Server and is currently contributing into wired detection of APs. Network Detector-Inactive: This icon shows that the ND is not connected to the Server and is currently not contributing into wired detection of APs. Sensor Network Detector Combo-Active: This icon shows that the SNDC is connected to the Server and is currently contributing into wired and wireless detection of APs. Sensor Network Detector Combo-Inactive: This icon shows that the SNDC is not connected to the Server and is currently not contributing into wired and wireless detection of APs. Reset Graphs: The button with this icon on the Device Details screen allows you to delete the accumulated data for a device and start gathering data afresh. RSSI: This icon indicates the signal strength observed by the AP or Client.
C-9
Glossary Icons
Locations Tab Icons

Add Location: The button with this icon allows you to create a new location folder or node. Import Location: The button with this icon allows you to import a file in .SPM format for a specific location from a specified path. Delete: The button with this icon allows you to delete an AP, Client, Event, Location Node, or a Location Folder. Attach Image on floor: The button with this icon allows you to attach an image to a floor map. Detach Image from floor: The button with this icon allows you to detach an image from a floor map. Save: The button with this icon allows you to save the changes made to the current Locations screen. Best Fit: The button with this icon allows you to fit the layout image to the window/page. Zoom Out: The button with this icon allows you to zoom out of a layout image. Zoom In: The button with this icon allows you to zoom into a layout image for an enlarged view Unknown: This icon signifies the default location folder of the root location. When the system detects a new untagged device, the device is tagged to the Unknown location folder. Move: This icon in the context-sensitive menu on the Locations screen indicates that you can move a location folder or node to another location in the Location tree. Rename: The button with this icon allows you to revert to a blank canvas. Reset Canvas: The button with this icon allows you to revert to a blank canvas.
Reports Tab Icons

My Reports: This icon indicates a report that only a single user, the one who created the report, can view it. Shared Reports Custom Reports: This icon indicates a Shared report that all users can view. Shared Reports Pre-defined Reports: This icon indicates reports that are pre-defined and can be viewed by all users.
C-10
Glossary Icons
Administration Tab Icons

Global Policies: The button with this icon indicates policies that are applicable to all the locations defined in the system. Local Policies: The button with this icon indicates policies that are specific to a particular location defined in the system. Custom Defined Policy: This icon signifies a policy group whose policies are custom defined. Inherited Policy: This icon signifies a policy group whose policies are inherited. Expand All: The button with this icon enables you to expand all the nodes, there allowing you to view all the nodes in the Administration tree. Collapse All: The button with this icon enables you to collapse all the nodes, there preventing you to view all the nodes in the Administration tree. Local User: This icon indicates a system user. LDAP User: This icon indicates an LDAP user. Server Error or Integration Failure: This icon shows that an error has occurred in the Server or ESM/ WLAN Integrations. Server or Integration Running: This icon shows that the Server or ESM/WLAN Integration is functioning normally. Server or Integration Stopped: This icon shows that the Server or ESM/WLAN Integration has stopped functioning.
C-11
Glossary Icons
C-12
ProCurve 5400zl Switches

Installation and Getting Startd Guide
Technology for better business outcomes To learn more, visit www.hp.com/go/procurve/

Copyright 2009 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP will not be liable for technical or editorial errors or omissions contained herein.
September 2009 Manual Part Number 5900-0285

RF Manager MCG Sep09 5900 0285

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

RF Manager MCG Sep09 5900 0285

Uploaded by

Copyright:

Available Formats

Management and Configuration Guide for HP ProCurve RF Manager and Sensors

ProCurve 5400zl Switches ProCurve RF Manager and Sensors

HP ProCurve RF Manager and Sensors

Management and Configuration Guide

Copyright and Disclaimer Notices

Hewlett-Packard Company 8000 Foothills Boulevard Roseville, California 95747-5552 www.procurve.com

Getting started ..............................................................................................................1-9

2 Additional Configuration Shutting Down ..............................................................................................................2-1

3 Navigation Bar and Global Functions A Quick Tour of the Console.......................................................................................3-1

4 Dashboard Tab Introduction: Panel Displaying WLAN Snapshot .....................................................4-1

Clients .............................................................................................................. 4-8

5 Events Tab Events: Panel Displaying Alerts .................................................................................5-1

6 Locations Locations: Panel for Creating Locations ...................................................................6-1

7 Devices Tab Devices: Panel Displaying WLAN Devices ................................................................7-1

Searching within a Device List ...................................................................................7-8

8 Reports Reports: Panel for Generating Reports .....................................................................8-1

Working with Sections of a Report ..........................................................................8-11

9 Administration Administration: Panel for Configuring Policies........................................................9-1

10 High Availability Understanding High Availability...............................................................................10-1

A RF Manager Legacy Systems Introduction ................................................................................................................. A-1

C Glossary Acronyms: .................................................................................................................... C-1

About This Guide

HP ProCurve Networking Product Naming

Introduction About This Guide

HP ProCurve Networking name

Introduction About This Guide

Example directions in this guide

What to do in the user interface

Warnings and Cautions

Identifies a hazard that can cause physical injury or death.

Commands and Program Listings

Introduction Introducing RF Manager

New in This Release

Draft 2.0 11n Capability

Introduction New in This Release

Devices in Ad hoc mode

Hotspot SSID List

Live Event Architecture

Introduction New in This Release

Offline Sensor Operation (Also Known as Standalone Sensor Operation)

New Assessment and Compliance reports

Airspace Risk Assessment Wireless Vulnerability Assessment

Reports Enhancements and Archival

802.11w (Cisco Management Frame Protection) Capability

220 Channel Scanning

Introduction New in This Release

Support for Multiple Email Addresses

New Event for AP RSSI Drop

Progress Bar on Device List and RF View

Support for new Cisco AP in WLC integration

Introduction Safety information

Professional Installation Required

HP ProCurve Networking support

Introduction Getting started

Before contacting support

Collect this information

Introduction Online documentation

Chapter 2: Additional Configuration

Shutdown Using the Keypad and LCD

Additional Configuration Sensor Information

Shutdown Using the CLI

Additional Configuration Zero Configuration of Sensors