HP RF Manager 6.0

HP ProCurve RF Manager and Sensors Management and Configuration Guide
ProCurve 5400zl Switches HP ProCurve RF Manager and Sensors

Installation and Getting Started Guide Management and Configuration Guide
HP ProCurve RF Manager and Sensors
Management and Configuration Guide
Copyright and Disclaimer Notices
Copyright 2010 Hewlett-Packard Development Company, L. P. The information contained herein is subject to change without notice.
Disclaimer
HEWLETT-PACKARD COMPANY MAKES NO WARRANTY OF ANY KIND WITH REGARD TO THIS MATERIAL, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. Hewlett-Packard shall not be liable for errors contained herein or for incidental or consequential damages in connection with the furnishing, performance, or use of this material. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein. Hewlett-Packard assumes no responsibility for the use or reliability of its software on equipment that is not furnished by Hewlett-Packard.
This guide contains proprietary information, which is protected by copyright. No part of this guide may be photocopied, reproduced, or translated into another language without the prior written consent of Hewlett-Packard.
Publication Number
5998-0896 August 2010
Applicable Products
RF Manager IDS/IPS Controller MSM415 Sensor MSM325 Access Point with Sensor MSM320 Access Point with Sensor License MSM335 Access Point with Sensor J9521A J9522A US J9369A/B WW J9373A/B US J9360A/B WW J9364A/B US J9356A/B WW J9357A/B
Warranty
See the Customer Support/Warranty information included with the product. A copy of the specific warranty terms applicable to your Hewlett-Packard products and replacement parts can be obtained from your HP Sales and Service Office or authorized dealer.
HP 3Com AirProtect Sensor SS-300-AT 3CRWX-SS-300-AT JF811A HP 3Com AirProtect Sensor 5750 3CRWX5750GS JE487A
Trademark Credits
Windows NT, Windows, and MS Windows are US registered trademarks of Microsoft Corporation.
Hewlett-Packard Company 8000 Foothills Boulevard Roseville, California 95747 www.hp.com/networking
Table of Contents
Table of Contents
CHAPTER 1 1.1 1.2 1.3 1.4 1.5 1.6 GETTING STARTED.................................................................................................................................. 1
BEFORE YOU BEGIN ...................................................................................................................................................... 1 PRODUCTS COVERED ..................................................................................................................................................... 1 OVERVIEW AND ORGANIZATION.................................................................................................................................. 1 LICENSE BASED FEATURES ............................................................................................................................................ 2 HOW TO GET MORE INFORMATION ............................................................................................................................... 2 CONTACT INFORMATION .............................................................................................................................................. 2 ADDITIONAL CONFIGURATION ........................................................................................................ 3
CHAPTER 2
2.1 SHUTTING DOWN ......................................................................................................................................................... 3 2.1.1 Shutdown Using the Keypad and LCD.................................................................................................................. 3 2.1.2 Shutdown Using the CLI ....................................................................................................................................... 3 2.2 SENSOR CONFIGURATION ............................................................................................................................................. 4 2.2.1 Zero Configuration of Sensors ............................................................................................................................... 4 2.2.2 Sensor Modes of Operation .................................................................................................................................... 4 2.3 GUIDELINES FOR USING ND AND SNDC ..................................................................................................................... 5 2.4 GUIDELINES FOR CONFIGURING AND INSTALLING ND AND SNDC .......................................................................... 7 2.5 VLAN STATES ............................................................................................................................................................. 12 2.6 USEFUL TIPS ................................................................................................................................................................ 12 CHAPTER 3 NAVIGATION BAR AND GLOBAL FUNCTIONS ........................................................................... 13
3.1 A QUICK TOUR OF THE CONSOLE............................................................................................................................... 13 3.2 NAVIGATION BAR ....................................................................................................................................................... 13 3.3 GLOBAL FUNCTIONS ................................................................................................................................................... 13 3.3.1 General ................................................................................................................................................................. 13 3.3.2 Trees...................................................................................................................................................................... 14 3.3.3 Dialogs ................................................................................................................................................................. 14 3.3.4 Messages .............................................................................................................................................................. 14 CHAPTER 4 DASHBOARD TAB .................................................................................................................................. 15
4.1 INTRODUCTION: PANEL DISPLAYING WLAN SNAPSHOT ......................................................................................... 15 4.2 DASHBOARD SCREEN: ACCESSIBILITY AND LAYOUT ................................................................................................. 15 4.2.1 Dashboard: Location Tree ..................................................................................................................................... 15 4.2.2 Security Dashboard: Sections............................................................................................................................... 16 4.2.3 Performance Dashboard: Sections ........................................................................................................................ 25 4.2.4 Dashboard Tab User Saved Settings ................................................................................................................. 30 CHAPTER 5 EVENTS TAB ............................................................................................................................................. 31
5.1 EVENTS: PANEL DISPLAYING ALERTS ......................................................................................................................... 31 5.1.1 Pagination of Events ............................................................................................................................................ 31 5.2 EVENTS SCREEN: ACCESSIBILITY AND LAYOUT .......................................................................................................... 32 5.2.1 Events: Location Tree ........................................................................................................................................... 32 5.2.2 Event Categories, Event Lists, and Table Summary ............................................................................................ 33 5.3 VIEWING EVENTS LISTS .............................................................................................................................................. 33 5.4 SORTING EVENTS ........................................................................................................................................................ 34
iii HP ProCurve RF Manager and Sensors Management and Configuration Guide
Table of Contents
5.5 FILTERING EVENTS ...................................................................................................................................................... 35 5.6 WORKING WITH EVENTS ............................................................................................................................................ 37 5.6.1 Events Context-Sensitive Menu .......................................................................................................................... 37 5.6.2 Event Details Dialog ............................................................................................................................................ 38 5.7 ACKNOWLEDGING AN EVENT .................................................................................................................................... 39 5.8 DELETING AN EVENT .................................................................................................................................................. 40 5.9 UNDELETING AN EVENT ............................................................................................................................................. 40 5.10 TOGGLING AN EVENTS CONTRIBUTION TO NETWORK VULNERABILITY .............................................................. 40 5.11 VIEWING DETAILED INFORMATION FOR AN EVENT ............................................................................................... 40 5.12 TRACKING THE LOCATION OF AN EVENT ............................................................................................................... 41 5.13 VIEWING PROPERTIES OF DEVICES ASSOCIATED WITH AN EVENT ......................................................................... 42 5.14 EVENTS TAB: USER SAVED SETTINGS ...................................................................................................................... 43 CHAPTER 6 DEVICES TAB ........................................................................................................................................... 44
6.1 DEVICES: PANEL DISPLAYING WLAN DEVICES ........................................................................................................ 44 6.2 DEVICES SCREEN: ACCESSIBILITY AND LAYOUT......................................................................................................... 44 6.2.1 Devices: Location Tree .......................................................................................................................................... 44 6.2.2 Device Categories, Device Lists, and Table Summary ......................................................................................... 44 6.3 VIEWING APS/CLIENTS LIST....................................................................................................................................... 45 6.4 VIEWING SENSORS LIST .............................................................................................................................................. 48 6.5 SORTING A DEVICE LIST .............................................................................................................................................. 48 6.6 SEARCHING WITHIN A DEVICE LIST............................................................................................................................ 49 6.7 LOCATION TAGGING OF A DEVICE OR LOCATION TAG ASSIGNMENT ....................................................................... 50 6.7.1 Automatic Location Tagging (Auto Location Tagging) ....................................................................................... 51 6.7.2 Manual Location Tagging .................................................................................................................................... 51 6.8 WORKING WITH DEVICES ........................................................................................................................................... 51 6.8.1 AP Context-Sensitive Menu ................................................................................................................................ 51 6.8.2 AP Details Dialog ................................................................................................................................................ 53 6.8.3 Client Context-Sensitive Menu ........................................................................................................................... 63 6.8.4 Client Details Dialog ........................................................................................................................................... 64 6.8.5 Sensor Context-Sensitive Menu........................................................................................................................... 72 6.8.6 Sensor Details Dialog........................................................................................................................................... 74 6.9 LOCATING AN AP/CLIENT PLACED ON THE FLOOR MAP .......................................................................................... 82 6.10 REMOVING A DEVICE FROM QUARANTINE............................................................................................................. 84 6.11 MOVING AN AP/CLIENT TO A DIFFERENT FOLDER ................................................................................................ 84 6.12 MERGING APS ......................................................................................................................................................... 85 6.13 SPLITTING APS ........................................................................................................................................................ 85 6.14 DEVICES TAB USER SAVED SETTINGS ................................................................................................................... 85 CHAPTER 7 LOCATIONS TAB ..................................................................................................................................... 87
7.1 LOCATIONS: PANEL FOR CREATING LOCATIONS ........................................................................................................ 87 7.2 LOCATIONS SCREEN: ACCESSIBILITY AND LAYOUT.................................................................................................... 87 7.3 WORKING WITH LOCATION FOLDERS AND LOCATION NODES ................................................................................. 88 7.3.1 Adding a New Location........................................................................................................................................ 88 7.3.2 Moving a Location ............................................................................................................................................... 89 7.3.3 Renaming a Location............................................................................................................................................ 90 7.3.4 Deleting a Location .............................................................................................................................................. 91 7.4 WORKING WITH IMAGES............................................................................................................................................. 92 7.4.1 Attaching an Image .............................................................................................................................................. 92
iv HP ProCurve RF Manager and Sensors Management and Configuration Guide
Table of Contents
7.4.2 Zooming In/Zooming Out, Opacity Control, Resolution of an Image ................................................................ 92 7.4.3 Placing Locations on a Location Folder with an Attached Image ........................................................................ 93 7.4.4 Detaching an Image ............................................................................................................................................. 94 7.4.5 Importing a Planner file into a Location Node ..................................................................................................... 95 7.5 CREATING YOUR LAYOUT ........................................................................................................................................... 95 7.5.1 Placing APs and Sensors on the Floor map and Viewing Details ........................................................................ 95 7.5.2 Setting Coordinates and Deleting Devices from a Floor map .............................................................................. 97 7.5.3 Resetting your Canvas ......................................................................................................................................... 97 7.5.4 Editing Floor Properties ....................................................................................................................................... 97 7.6 PRINTABLE VIEW ......................................................................................................................................................... 98 7.7 VIEWING RF COVERAGE MAPS .................................................................................................................................. 99 7.7.1 AP Coverage View ................................................................................................................................................ 99 7.7.2 AP Channel View ............................................................................................................................................... 100 7.7.3 AP Link Speed View ........................................................................................................................................... 101 7.7.4 Sensor Coverage View ........................................................................................................................................ 101 7.8 CALIBRATING RF VIEWS ........................................................................................................................................... 102 CHAPTER 8 REPORTS TAB ......................................................................................................................................... 104
8.1 REPORTS: PANEL FOR GENERATING REPORTS .......................................................................................................... 104 8.2 REPORTS SCREEN: ACCESSIBILITY AND LAYOUT ...................................................................................................... 104 8.2.1 Location Tree ...................................................................................................................................................... 104 8.2.2 Report Panel ....................................................................................................................................................... 104 8.3 MANAGING REPORTS ............................................................................................................................................... 106 8.3.1 Adding a Report ................................................................................................................................................. 106 8.3.2 Editing a Report ................................................................................................................................................. 109 8.3.3 Deleting a Report ............................................................................................................................................... 110 8.3.4 Moving a Report ................................................................................................................................................ 110 8.4 WORKING WITH SECTIONS OF A REPORT ................................................................................................................. 110 8.4.1 Adding a Section to a Report ............................................................................................................................. 111 8.4.2 Editing a Section of a Report.............................................................................................................................. 112 8.4.3 Deleting a Section of a Report ............................................................................................................................ 112 8.5 SCHEDULING A REPORT ............................................................................................................................................ 112 8.5.1 Setting a Report Schedule .................................................................................................................................. 112 8.5.2 Editing a Report Schedule .................................................................................................................................. 115 8.5.3 Canceling a Report Schedule .............................................................................................................................. 115 8.6 GENERATING A REPORT INSTANTLY ......................................................................................................................... 115 8.7 SAMPLE REPORT GENERATION ................................................................................................................................. 117 8.7.1 Creating a Report ............................................................................................................................................... 118 8.7.2 Adding a Section ................................................................................................................................................ 118 8.7.3 Specifying a Section Query ................................................................................................................................ 118 8.7.4 Saving the Section .............................................................................................................................................. 118 8.7.5 Generating the Report ........................................................................................................................................ 118 CHAPTER 9 FORENSICS TAB .................................................................................................................................... 121
9.1 FORENSICS: PANEL FOR THREAT FORENSICS ............................................................................................................ 121 9.2 FORENSICS SCREEN: ACCESSIBILITY AND LAYOUT ................................................................................................... 121 9.2.1 Forensics: Location Tree ..................................................................................................................................... 121 9.2.2 Forensics: Time Filter, Threat List, and Pie charts ............................................................................................. 121 9.3 VIEWING THREATS LIST ............................................................................................................................................ 122
v HP ProCurve RF Manager and Sensors Management and Configuration Guide
Table of Contents
9.4 AP BASED THREATS .................................................................................................................................................. 124 9.4.1 AP Based Threat Association Tab ................................................................................................................... 125 9.4.2 AP Based Threat Prevention Tab .................................................................................................................... 126 9.4.3 AP Based Threat Admin Tab ........................................................................................................................... 128 9.4.4 AP Based Threat DoS...................................................................................................................................... 129 9.5 CLIENT BASED THREATS ........................................................................................................................................... 132 9.5.1 Client Based Threat Association Tab ............................................................................................................... 133 9.5.2 Client Based Threat Prevention Tab ................................................................................................................ 134 9.5.3 Client Based Threat Admin Tab ...................................................................................................................... 135 9.5.4 Client Based Threat Ad hoc ............................................................................................................................. 136 9.6 FORENSICS TAB USER SAVED SETTINGS ................................................................................................................. 139 CHAPTER 10 ADMINISTRATION TAB ..................................................................................................................... 140
10.1 ADMINISTRATION: PANEL FOR CONFIGURING POLICIES...................................................................................... 140 10.2 ADMINISTRATION SCREEN: ACCESSIBILITY AND LAYOUT .................................................................................... 140 10.2.1 Global Policies ................................................................................................................................................ 141 10.2.2 Local Policies .................................................................................................................................................. 141 10.2.3 Location Based Policy (LBP) .......................................................................................................................... 147 10.2.4 Location Tree View and Location Based Administration Rights (LBAR) ....................................................... 147 10.2.5 Location Move ................................................................................................................................................ 147 10.2.6 Exporting System Configuration ................................................................................................................... 148 10.3 GLOBAL POLICIES .................................................................................................................................................. 150 10.3.1 Event Settings ................................................................................................................................................ 150 10.3.2 Device Settings ............................................................................................................................................... 154 10.3.3 User Management .......................................................................................................................................... 162 10.3.4 Location Settings ............................................................................................................................................ 171 10.3.5 System Settings .............................................................................................................................................. 176 10.3.6 WLAN Integration ......................................................................................................................................... 191 10.3.7 ESM Integration ............................................................................................................................................. 193 10.4 LOCAL POLICIES .................................................................................................................................................... 200 10.4.1 Wireless Policies ............................................................................................................................................. 200 10.4.2 Operating Policies .......................................................................................................................................... 206 10.4.3 Event Settings ................................................................................................................................................ 210 10.4.4 Sensor Configuration...................................................................................................................................... 214 10.4.5 Location Properties ......................................................................................................................................... 220 APPENDIX A. SNMP INTERFACE ............................................................................................................................... 223 APPENDIX B. UPGRADING ......................................................................................................................................... 224 PRE-REQUISITES ................................................................................................................................................................... 224 UPGRADING PRE 5.5 SYSTEM ............................................................................................................................................... 224 UPGRADING 5.5 OR LATER SYSTEM ..................................................................................................................................... 224 Verifying the software version .......................................................................................................................................... 224 UPGRADE SENSORS USING CONSOLE .................................................................................................................................. 224 UPGRADING THE NETWORK DETECTOR FOR THE MSM415 .............................................................................................. 227 APPENDIX C. CONFIG SHELL COMMANDS .......................................................................................................... 228 SERVER CONFIG SHELL COMMANDS ................................................................................................................................... 228 SENSOR CONFIG SHELL COMMANDS .................................................................................................................................. 231
vi HP ProCurve RF Manager and Sensors Management and Configuration Guide
Table of Contents
APPENDIX D. GLOSSARY OF TERMS AND ICONS .............................................................................................. 232 ACRONYMS .......................................................................................................................................................................... 232 GLOSSARY OF TERMS ........................................................................................................................................................... 232 GLOSSARY OF ICONS ............................................................................................................................................................ 235 Navigation Bar Icons ........................................................................................................................................................ 235 General Icons .................................................................................................................................................................... 236 Dashboard Icons ............................................................................................................................................................... 236 Events Icons ..................................................................................................................................................................... 237 Devices Icons .................................................................................................................................................................... 238 Locations Icons ................................................................................................................................................................. 241 Reports Icons .................................................................................................................................................................... 242 Administration Icons........................................................................................................................................................ 242 Sensor Icons ...................................................................................................................................................................... 243 APPENDIX E. RF MANAGER LCD DISPLAY............................................................................................................ 244
vii HP ProCurve RF Manager and Sensors Management and Configuration Guide
Getting Started
Chapter 1
1.1
Getting Started
Before You Begin
Thank you for purchasing HP ProCurve RF Manager (referred to as system hereafter in this document) from HewlettPackard Development Company, L.P. The system assists you to effectively monitor, troubleshoot, administer, and protect your wireless network. This manual assumes that you have already familiarized yourself with the RF Manager and Sensors Installation and Getting Started Guide.
1.2

Products covered
802.11n MSM415 RF Security Sensor (J9522A) 802.11a/b/g MSM325 Access Point with Sensor (US J9369A/B, WW J9373A/B) and 802.11a/b/g MSM320 Access Point with Sensor License (US J9360A/B, WW J9364A/B and J9384A) 802.11a/b/g MSM335 Access Point with Sensor (US J9356A/B, WW J9357A/B) HP 3Com AirProtect Wireless Intrusion Prevention System IEEE 802.11a/b/g/n Sensor SS-300-AT HP 3Com AirProtect Sensor 5750.
RF Manager consists of the RF Manager IDS/IPS Controller (J9521A), typically called RF Manager or Server in this document, and these RF Security Sensors:
To download HP 3Com sensor documentation, go to www.hp.com/networking/support, and from the Support drop-down list select 3Com. Then select Product Documentation and search for the documentation for your 3Com sensor. For 3Com AirProtect Wireless Intrusion Prevention System IEEE 802.11a/b/g/n Sensor SS-300-AT, in Product Number or Name Search enter Sensor SS-300-AT, and look for document SS-300-AT Configuration for 3COM AirProtect Enterprise. For 3Com AirProtect Sensor 5750, in Product Number or Name Search enter Sensor 5750, and look for document 3Com AirProtect Enterprise Installation Guide.
1.3
Overview and Organization
This manual gives an overview of the User Interface (referred to as Console hereafter in this document) and helps you familiarize yourself with the operation. This guide contains the following chapters. Additional Configuration: Provides information on shutting down the system, sensor modes of operation, and configuring Network Detector. Navigation Bar and Global Functions: Provides an overview of the various tabs and buttons on the Console. Dashboard Tab: Provides wireless vulnerability assessment at-a-glance and displays key findings about your wireless deployments security. Events Tab: Lists various events generated by the system for your deployment. Devices Tab: Provides information on wireless devices such as Access Points (APs), Clients, Sensors, Network Detectors (NDs), and Sensor and ND combinations (SNDCs) visible to the system. Locations Tab: Enables you to organize your office locations into a hierarchical tree and displays live RF maps for each location. Reports Tab: Enables you to view predefined reports and create customized reports. Forensic Tab: Enables you to drill down into the details about detected threats for further analysis of the causes and actions taken. Administration Tab: Enables you to view and set various policies for your deployment.
1 HP ProCurve RF Manager and Sensors Management and Configuration Guide
Getting Started
1.4
License Based Features
Note: The Forensics and Performance Monitoring features and their tabs are only available if the HP RF Manager Adv Wireless IPS License (J9644A) (WIPS) is installed.
1.5 1.6
How to get more information Contact Information
To receive important news on product updates, visit our website at www.hp.com/networking.
Hewlett-Packard Company, L.P. 8000 Foothills Boulevard Roseville, California 95747 For technical support, visit www.hp.com/networking/support.
Additional configuration
Chapter 2 Additional configuration

2.1 Shutting Down
Caution: Always use either the keypad and LCD display, located on the front of the RF Manager, or the Command Line Interface (CLI) to shut down RF Manager. This is particularly important during initial bootup. Do not shut down RF Manager by disconnecting its power.
2.1.1
Shutdown Using the Keypad and LCD
See also Appendix D. RF Manager LCD Display On the keypad located on the front of RF Manager, press the check key to display the menu on the LCD. 1. Use the up and down arrow keys to navigate to the Reboot/Shutdown menu. 2. Press the check key to select Reboot/Shutdown, and follow the LCD prompts to perform the shutdown, confirming the shutdown.
2.1.2
1. Open an SSH session with RF Manager using its assigned IP address as shown in the figure below.
Shutdown Using the CLI
2. 3.
Log in with your Username and Password. The default Username and Password is config. Once you are logged in, enter shutdown at the command prompt and press Enter and confirm the operation. RF Manager shuts down.
2.2
Sensor Configuration
Sensors can be configured in one of the following three modes: Sensor Only (SO) Mode: This is the default mode. In this mode Sensor monitors wireless interface and wired interface Network Detector (ND) Mode: In this mode the Sensor monitors multiple VLANs on Ethernet interface only. The wireless interface is not monitored in this mode. Sensor/ND Combo (SNDC) Mode: In this mode the Sensor monitors wireless interface and limited number of VLANs on Ethernet interface. The ND and SNDC modes must be configured explicitly. Important: To prevent abuse and intrusion by unauthorized personnel, it is extremely important to install the Sensor such that it is difficult to unplug the device from the network or from the power outlet.
2.2.1
Zero Configuration of Sensors
The zero configuration is applicable if the following conditions are satisfied: The Sensor is in SO mode. A DNS entry wifi-security-server is set up on all DNS Servers. This entry should point to the IP address of the RF Manager server. By default the Sensor looks for the Server DNS entry wifi-security-server. Sensor is placed on a subnet that is DHCP enabled. Important: If a Sensor is placed on a network segment that is separated from the Server by a firewall, you must first open port 3851 for User Datagram Protocol (UDP) and Transport Control Protocol (TCP) bidirectional traffic on that firewall. This port is used for communication Between sensor and RF Manager Server. If multiple Sensors are set up to connect to multiple Servers, zero configuration is not possible. In which case manual configuration of Sensors is needed. Refer to Manually Configuring the Sensor in the RF Manager and Sensors Installation and Getting Started Guide for details. The steps to install the Sensor with no configuration (zero configuration) are as follows. Mount the Sensor Power up the Sensor Connect the Sensor to the network. For more information, see the RF Manager and Sensors Installation and Getting Started Guide.
2.2.2
1.
Sensor Modes of Operation
The Sensors can operate in three modes. Sensor Only Mode (Sensor)This is the default mode. In this mode, the Sensor should be connected into an access port on a switch. It then monitors a single VLAN that is configured on that access port. The wireless interface of the Sensor is enabled.
2.
Network Detector Mode (ND)This mode needs to be explicitly configured. In this mode, the ND should be connected into a trunk port (802.1Q capable) on a switch. It then monitors multiple VLANs that are configured on that trunk port and are chosen by the user using the ND CLI. The wireless interface of the ND is disabled. The MSM-415 Sensor in ND mode can detect and monitor up to 100 VLANs as shown in the following images.
3.
Sensor/ND Combo Mode (SNDC)This mode needs to be explicitly configured. In this mode, the Sensor should be connected into a trunk port (802.1Q capable) on a switch. It then monitors multiple VLANs that are configured on that trunk port and are chosen by the user using the ND CLI. The wireless interface of the Sensor is enabled. The MSM-415 Sensor in SNDC mode can monitor up to 16 VLANs as shown in the following images.
Mode SO (Sensor Only) Default
Description Default mode
Monitored interfaces Wireless. Yes Wired Only the (untagged) VLAN that is configured on the Ethernet port. Yes (up to 100)
ND mode
This mode needs to be explicitly configured. the ND should be connected into a trunk port (802.1Q capable) on a switch This mode needs to be explicitly configured. In this mode, the Sensor should be connected into a trunk port (802.1Q capable) on a switch.
No
SNDC Mode
Yes
Yes (up to 16)
2.3
For good wireless security cover, following is required: Good air coverage (radio coverage) Good network coverage (coverage of enterprise subnets/VLANs) Guideline 1 Determine the Sensor count and placement using air coverage criterionYou can achieve good air coverage by using appropriate number of Sensors that are strategically placed on the enterprise premises. You can use HP ProCurve RF Planner or Planning Service to suggest the right placement of Sensors for your floor plan.
Guidelines for using ND and SNDC
Guideline 2 Attempt to cover as many VLANs as possible with the Sensors on the wired sideEach Sensor is connected into an access port that is conveniently located near it. This Sensor then monitors on its wired side the VLAN configured on this access port, in addition to monitoring wireless signals within its radio coverage area. Guideline 3 Use a ND to cover the remaining VLANs on the wired sideIn large enterprise networks, the total number of VLANs can be more than the number of VLANs that can be covered using the Sensors as mentioned in Guideline 2 above. This can be attributed to two factors: first, the total number of VLANs being more than the total number of Sensors required for adequate air coverage and/or second, lack of an access port of a particular VLAN conveniently located near the Sensor. The latter usually results in multiple Sensors being connected into the same VLAN (which is allowed). Thus, the remaining VLANs, the VLANs that are not covered (i.e., monitored on the wired side) by any of the Sensors can then be monitored using a ND. One MSM-415 monitors a maximum of 100 VLANs. Guideline 4 Use SNDC in remote sitesRemote sites are generally small. Hence, a single Sensor is sufficient to provide good air coverage. Additionally, the total number of VLANs at remote sites is usually small (less than 5). It is thus judicious to deploy a SNDC at remote sites as one MSM-415 can monitor wireless signals and monitor up to 16 VLANs on the wired side. The following figures show Air cover using Sensors and network cover using Sensors and NDs.
2.4
Guidelines for Configuring and Installing ND and SNDC
Note: This section describes the configuration and installation of ND in detail. Similar steps also apply to SNDC. Step 1: Configure the Sensor MSM-415) in ND mode a. b. c. d. e. f. g. Power MSM-415 using an 802.3af Class 0 Power Over Ethernet of Nominal input voltage 48V DC. Connect a Serial (straight through DB9 console) cable to the Serial port (RJ 45) on the Sensor. Make the following serial port settings: 115200 bps, 8 data bits, None parity, 1 stop bit using a serial application such as HyperTerminal, SecureCRT, TeraTerm, minicom, etc. Allow the Sensor to boot. Enter the username config and the password config, at the login prompt. Type the command set mode to change the mode to ND (The default mode is Sensor). Press <Enter> at subsequent prompts until the device actually goes for a reboot and you get the login prompt.
The device needs to reboot for the new setting to take effect.
Note: You are prompted for IP configurations before reboot. Enter the IP configuration settings on the CLI prompt. However, note that the IP routing table cannot be changed after you change the mode. Any changes to the IP routing table must be done before you change the mode to ND/SNDC. Changes in the IP settings during the mode change (i.e. when the mode is changed from Sensor to ND/SNDC) are applied to the untagged VLAN.
h.
Type the command get mode to ensure that the mode has correctly changed to ND before proceeding to next step.
Step 2: Deployment Provide the RF Manager Server (Server) IP/Hostname to the ND a. b. c. Type the command set server discovery. Choose option 2 (which is the default option) and press <Enter>. Enter the IP/Hostname of the Server on the next line and press <Enter>.
Onsite deployment of Sensor in ND mode Note: In the Onsite deployment, either Primary or Secondary Server IP/Hostname should be specified with the Servers address. Step 3: Configure VLANs Type the command set vlan config to configure all the VLANs. Choose option 1 to configure VLANs for DHCP and option 2 to configure VLANs with static IP address. Sensor will restart / reboot after the VLAN configuration.
Step 4: Configure/Change the Communication VLAN Note: By default untagged VLAN is the Communication VLAN. Perform this step only if you want to change the Communication VLAN to a tagged VLAN. Before configuring the Communication VLAN of ND, ensure that there exists a route to the Server VLAN from the Communication VLAN of ND. SSH works only for the IP address of the Communication VLAN, hence note down the IP address of the Communication VLAN to access the ND. a. b. Type the command set vlan config. Choose option 3 from the menu that appears.
c. d. e.
Enter the Communication VLAN ID. Enter y to confirm the new ID of the Communication VLAN. Select option 5 to exit. The ND reboots.
Step 5: Create a trunk port on the switch for the ND Create a trunk port on the switch keeping in mind the following points: Configure only those VLANs that you want the ND to monitor on this trunk port. ND will monitor only those VLANs that are configured. A VLAN must be configured on the trunk port such that a route exists from the VLAN to the Server VLAN. This VLAN can be tagged or untagged. This VLAN is referred to as Communication VLAN of ND. To configure/change Communication VLAN, refer to Step 4 above. Step 6: Connect the ND into the trunk port Wait till the ND connects to the Server. Once connected, the first two LEDs (PWR and Link) glow stable green. Hereafter you can actually login into the ND using SSH, username config, password config. Step 7: Get VLAN status Type the command get vlan config and look at the status of the VLANs. If any of the VLANs show Inactive status, type get vlan status to get the details. Note: VLAN will be reported as Inactive if there is no activity seen by ND and/or IP settings have not been obtained for that VLAN. A VLAN will be monitored only if it is active and no other Sensor or ND is monitoring that VLAN. Step 8: Use the command get vlan id to get the list of VLANs seen by ND.
Step 9: Deletion of VLAN To delete a VLAN, type the command set vlan config and choose option 4 from the menu that appears. Now enter the list of VLANs that are presently configured, but need not be monitored.
Step 10: Ensure that all the VLANs are properly displayed in the RF Manager Server Console (Console) a. Go to the DevicesSensors tab and locate the entry for the ND. in the device icon column. You can also locate the entry for The ND entry has a superscript N and is indicated by your ND by matching the Ethernet MAC address displayed on the physical device with the MAC address displayed in the Console. b. c. Right click the ND entry, choose Properties and name the ND uniquely in the Console. Right click the ND entry and choose DetailsVisible VLANs. You should see all the VLANs that you wanted ND to monitor, along with their correct IP Addresses, Net Mask, and Status as Monitored.
2.5
VLAN States
The status of the VLAN configured by the user can be seen using the command get vlan status. The status of the VLAN can be any of the following: Inactive and Unmonitored: In this state a VLAN is configured by the user and is not detected. All the VLANs configured by the user will be in this state, when the ND starts. Active and Unmonitored: In this state a VLAN is configured by the user and is detected, but not yet monitored. Active and Monitored: In this state a VLAN is configured by the user and is monitored by the ND. Note: The command get vlan status displays the status of the VLAN at that given instance. This status changes randomly and ND will automatically switch in monitoring the VLANs. Various messages, their VLAN states, and descriptions of these states are described in the table below:
Message Activity seen, but DHCP request failed Activity not seen and DHCP request failed IP address configured, but no activity seen Activity seen, but not locally monitored VLAN State Description There is activity on the VLAN, but the IP address cannot be obtained through DHCP. This can happen when the VLAN is configured for DHCP. There is no activity seen on the VLAN and the IP address could not be obtained through DHCP. This can happen when the VLAN is configured for DHCP. There is no activity seen on the VLAN and the VLAN is configured for static IP settings. This happens when the ND is not monitoring the VLAN as any other Sensor/ND/SNDC is monitoring the same VLAN.
Inactive and Unmonitored
Active and Unmonitored
2.6
1. 2. 3.
Useful Tips
The Communication VLAN of ND is used for communication with the Server. The untagged VLAN is also called native VLAN in some switches. Do not configure a tagged VLAN on the NDs trunk port, when the same VLAN is monitored by another Sensor, ND, or SNDC. The exception to this guideline is an untagged VLAN on the trunk port, where it is often required for an untagged VLAN to be overlapping across different trunk ports. Do not use Ctrl+C while configuring the VLANs using the command set vlan config.
4.
Navigation Bar and Global Functions
Chapter 3
3.1 3.2
A Quick Tour of the Console Navigation Bar
The Console consists of the following top-level tabs and additional buttons. This section explains how to use the Console navigation bar and global functions.
The Console navigation bar includes the following tabs: Dashboard, Events, Devices, Locations, Reports, Forensics, and Administration.
Figure 1.
Navigation Bar
The following table describes the items in the navigation bar.

Table 1 Items in the Navigation Bar Item No. 1 2 3 4 5 6 7 8 9 10 11 12 13 14 Item Dashboard Events Devices Locations Reports Forensics* Administration Troubleshooting in Progress Current Date and Time Refresh Help Legends About HP ProCurve RF Manager Log Off Description Provides a summary view of the WLAN environment Lists various Events in the deployed WLAN environment Provides information on the wireless devices visible to the system Enables you to organize the network into a list of locations and displays live RF maps for each location node Enables you to generate various reports based on 802.11 data Enables you to drill down into the details about detected threats for further analysis of the causes and actions taken Enables you to perform various administrative activities When displayed, alerts you that a troubleshooting session is in progress Shows the current date and time in the format: Month Date, Hour: Minute AM/PM (Time Zone) Refreshes all the panels globally Shows the Help file for the system Describes the icons used in the system Shows product version, license information, details of the patents, and provides access to the license agreement Logs out the current user and opens the Login screen
*Note: The Forensics and Performance Monitoring features and their tabs are only available if the HP RF Manager Adv Wireless IPS License (J9644A) (WIPS) is installed.
3.3
3.3.1
Global Functions
General
The Console contains several common functions that apply to the Dashboard, Events, Devices, Locations, Reports, Forensics, and Administration tabs. The following functions apply to all screens in the system. On any screen, you can perform the following: Resize panes horizontally. Scroll only if there is data that overflows the screen.
Edit some user-defined fields. Press the <Tab> or <Enter> key to save changes in dialogs.
3.3.2
Trees
The following functions apply to all trees in the system. In any tree, you can perform the following: Click to expand the sub nodes. Click to collapse the sub nodes. Double-click the node text to either expand or collapse sub nodes.
3.3.3
Dialogs
The following functions apply to all dialogs in the system. Depending on options available in a particular dialog, you can: Click <OK> to save all the changes and close the dialog. Click <Cancel> to discard the changes and close the dialog. Click <Apply> to save all changes and keep the dialog open. Click <Delete> to remove a selected item. Click <Close> to close the dialog. Click <Restore Defaults> to reset to factory defaults. Click < > to view more information. Some screens have more than one such icon. Click each of these icons in the relevant sections to view information depicted graphically.
3.3.4
Messages
The following functions apply to all message boxes in the system. The system divides messages into the following classes: 1 Confirmation: Signals an application level event that needs immediate user input. 2 Error: Signals an application level event that needs immediate remedial action. 3 Warning: Signals an application level event that needs attention. 4 Information: Signals an informational level event that may not need immediate action. button to close the message. For all informational messages, click the For all messages that require a Yes or No, you can: Click <OK> for Yes. Click <Cancel> for No.
Dashboard Tab
Chapter 4
4.1
Dashboard Tab
The Dashboard screen enables you to view a snapshot of your WLAN security status and performance. The Security snapshot is provided in terms of overall security status, security events and charts, quarantine activity status and category-wise device summary. The Performance snapshot presents a summary of performance events based on severity, performance event charts, and latest trends in factors contributing to performance issues.
Introduction: Panel Displaying WLAN Snapshot
4.2
Dashboard Screen: Accessibility and Layout
The Dashboard appears by default when you log into the system. You can return to the Dashboard from other screens by clicking the Dashboard tab. The Dashboard screen includes two panes: On the left, the Location tree On the right, Selected Location shows the path for the location selected in the Location tree. Events On/Off and Prevention On/Off indicate whether Event Generation and Intrusion Prevention have been turned ON or OFF at a selected location. Clicking Events On/Off opens the AdministrationLocalLocation PropertiesEvent Activation screen. Clicking Prevention On/Off opens the AdministrationLocalLocation PropertiesIntrusion Prevention Activation screen. Security and Performance Dashboards depict a macro view and statistical information of your WLAN security and performance respectively.
Figure 2.
Security Dashboard
4.2.1
Dashboard: Location Tree
The Location tree shows the complete list of locations created for your WLAN in the system. The vulnerability status icon before each location name shows the vulnerabilty status of that location. To view the Dashboard for a particular location,
Dashboard Tab
select the appropriate node in the Location tree.
4.2.2
Security Dashboard: Sections
Security Dashboard screen appears by default when you log into the system. Alternatively, click the Security tab on the Dashboard screen to view the Security Dashboard. The Security Dashboard consists of the following Information Widgets. Security Scorecard New Events Security Event Charts Quarantine Sensors APs Clients
4.2.2.1
The Security Scorecard shows the overall security status of the WLAN at the selected location.
Security Dashboard Security Scorecard
Figure 3.
Security Dashboard Security Scorecard Section
Your WLAN can be in either of the following states: Secure: The selected location is treated as Secure if No security events are raised at that location and its child locations, or The Vulnerability checkbox has the following purpose (see Event Settings, Configuration). If the checkbox is checked, the event type in question will contribute to the security vulnerability check. To remove a particular instance of an event from the scorecard, the administrator can click <Remove from Scorecard> and uncheck the Participate from Vulnerability checkbox. Note that only that instance of the event will stop contributing to the scorecard. All other event instances of the said event type will continue to contribute to the vulnerability status. Vulnerable: The selected location is treated as vulnerable if any events, which contribute to vulnerability status, are raised. You can customize the list of events that cause the network to be vulnerable by changing the types of events that contribute to that status. Read/Unread/Acknowledge status of the events do not contribute to the Vulnerability status. 4.2.2.1.1 Configuring Security Scorecard View To specify the types of events that are considered when determining the Security Scorecard status at a particular location, select a location in the Location tree and then click the icon to open AdministrationLocalLocal PoliciesEvent SettingsConfiguration screen with Security tab selected. Refer to the Event Settings, Configuration section in the Administration tab for more details. Check/Uncheck the Vulnerability field of the Security Event Types that you want to be considered/not considered for computation of the vulnerability status of a location.
4.2.2.1.2
Network Status: Tell Me More
To view more information about the actual events that contributed to the Vulnerable or Secure status of a particular location, select a location in the Location tree and then click <Tell Me More> in the Security Scorecard. Based on the security status of the location, a dialog describing the reason for the security status appears as shown below. Secure Location Dialog appears when a location is Secure, whereas Vulnerable Location Dialog appears when the security state is Vulnerable.
Dashboard Tab
Figure 4.
Secure Location Dialog
Figure 5.
Vulnerable Location Dialog
If the location is vulnerable, the Vulnerable Location Dialog shows the actual events that occurred in your network which contributed to the Vulnerable status of the location. It is possible that you have taken action on the devices after an event displayed in this list occurred, to address the security vulnerability. In that case, you can select such an event from the Vulnerable Location dialog and click <Remove from Scorecard> to remove it from the consideration for vulnerability status. The system shows the Remove from Scoreboard dialog which allows you take the removal action and add a comment to mark that action before removing it from set of events that contributed to vulnerability.
Dashboard Tab
Figure 6.
Remove from Scoreboard Dialog
Uncheck the Participate in Vulnerability Assessment checkbox and enter the text to acknowledge the event, so that the system does not consider this event occurrence in the future while computing the Vulnerable status.
4.2.2.2
New Events section lists the ten recent Security events in descending order of start time of the event. This list includes instantaneous as well as live/expired security events. The events are listed based on the Severity Level selected: High, Medium, Low, or All.
Security Dashboard New Events
Figure 7.
Security Dashboard New Events Section
You can select an event row from this list and double-click to see the event details screen. Refer to the Viewing Events Lists section in the Events tab for more details. Select an event row and right-click to open a context sensitive menu of actions that can be taken on that event. Refer to the Events Context-Sensitive Menu section in the Events tab for more details. 4.2.2.2.1
Configuring New Events View
icon in the New Events section takes you to AdministrationLocalLocal PoliciesEvent Clicking the SettingsConfiguration screen with Security tab selected. This allows you to change the settings of Event types to control which type security events are displayed at the current location. If you want to change an event configuration at some other location, then select that location in the Location tree and then click the icon.
4.2.2.3
Security Dashboard Event Charts
The system shows two Event Charts on the Security Dashboard. The event drop-down list allows you to focus on security events (by location or category), or on APs/Wi-Fi Clients having security events. The time period drop-down list allows you to focus on the last 48 hours or a choice of interval within the last 24 hours. The availability of two charts on the Security Dashboard improves your ability to efficiently notice and handle security issues, if any.
Dashboard Tab
The details of the charts displayed based on the drop-down list are as follows: The drop-down list of events or devices to show on the chart contains the following: By Location: Displays a bar chart with a count of Security events for the selected location and its immediate child locations (The selected location is marked with * in the legend of the chart). In order to jump to the security events at one of these locations, click on the bar for that location. You will be taken to the EventsSecurityAll screen for that location and that location will be selected in the location tree panel as well. By Category: Displays a bar chart with a count of Security events for each security event category at the current location. In order to jump to the security events of a specific category, click on the bar for that category. You will be taken to the EventsSecuritySelected category screen. Top 5 APs by Events: Displays a bar chart for the top 5 APs based on the number of Security events. On clicking any bar, the AP Details dialog for the corresponding AP device opens with the Events tab selected. This allows you to view all the events related to that AP and take appropriate actions. Top 5 Clients by Events: Displays a bar chart for the top 5 Clients based on the number of Security events. On clicking any bar, the Client Details dialog for the corresponding Client device opens with the Events tab selected. This allows you to view all the events related to that Client device and take appropriate actions. The drop-down list for time period allows you to control the chart display based on security events that occurred in the chosen period. The time period choices available are: Last 4 Hours, Last 12 Hours, Last 24 Hours, or Last 48 Hours.
Figure 8.
Security Dashboard Event Charts
4.2.2.3.1
Configuring Security Dashboard Event Charts View
Clicking the icon in the Event Charts section takes you to AdministrationLocalLocal PoliciesEvent SettingsConfiguration screen with the Security tab selected. This allows you to change the settings of Event types to control which type security events are displayed at the current location. If you want to change event configuration at some other location, then select that location in the Location tree and then click the icon.
4.2.2.4
Security Dashboard Quarantine
Based on the Intrusion Prevention Policy, the system can proactively block an AP or a Client and automatically protect the network against various wireless security threats. The Quarantine section of the Security Dashboard provides a summary of quarantine activities being carried out by the system. The Quarantine section shows a count of APs and Clients that are being blocked, (that is, Quarantined), as well as a count of APs and Clients that are identified to be quarantined, but the Quarantine action has not yet started ( that is, Quarantine Pending).
Dashboard Tab
Figure 9.
Security Dashboard Quarantine Section Table View
4.2.2.4.1
Viewing Quarantined Devices Table View
To view a list of APs and Clients with status Quarantine Active or Quarantine Pending, click the following hyperlinked text in the Quarantine section: AP Quarantine Active AP Quarantine Pending Client Quarantine Active Client Quarantine Pending
Figure 10.
List of Quarantined APs and Clients
4.2.2.4.2
Viewing Quarantined Devices Pie Chart View

icon.
To view a list of APs and Clients with status Quarantined or Quarantine Pending in pie chart form, click the
Dashboard Tab
Figure 11.
Security Dashboard Quarantine Section Pie Chart View
Select Active, Pending, or both the checkboxes to control the pie chart contents. Click the area in the pie chart or on the names that are hyperlinked (appearing in the legends below the pie chart) to see all the quarantine sessions.
4.2.2.4.3
Configuring Intrusion Prevention Policy
Clicking on the in the Quarantine section of Security Dashboard opens the AdministrationLocalOperating PoliciesIntrusion Prevention screen. This allows you to edit the Intrusion Prevention Policy and the Intrusion Prevention Level for the selected location. If you want to change this policy for a different location, you can select that location in the Location tree and then click the icon. Refer to the Intrusion Prevention section in the Administration tab for more details.
4.2.2.5
Security Dashboard Sensors
The Sensors section displays a count of Active and Inactive Sensors, Network Detectors (ND), and Sensor/Network Detector combo (SNDC) information. Counts for the 802.11n devices and 802.11a/b/g devices are shown separately for convenience.
Figure 12.
Security Dashboard Sensors Section Table View
4.2.2.5.1
Viewing Sensors Table View
To view the details of the Sensor/ND/SNDC devices, click the following hyperlinked text in the Sensors section: Sensor(n) Sensor(abg) ND(n) ND(abg) SNDC(n) SNDC(abg)
4.2.2.5.2
Viewing Sensors Pie Chart View

icon.
To view the Sensors information in pie chart form, click the
Dashboard Tab
Figure 13.
Security Dashboard Sensors Section Pie Chart View
Select Active, Inactive, or both the checkboxes to view the active/inactive Sensors. Clicking on any area in the pie chart takes you to the DevicesSensors screen.
4.2.2.5.3
Editing Sensor Configuration
To acccess Sensor Configuration editing functionality from the Dashboard, click the icon to open the AdministrationLocalLocal PoliciesSensor Configuration screen at the selected location. To edit the Sensor Configuration for another location, select that location in the Location tree and then click the Configuration section in the Administration tab for more details. icon. Refer to the Sensor
4.2.2.6
Security Dashboard APs
The APs section enables you to view lists of all the Active and Inactive APs that belong to a certain category (Authorized, Misconfigured, Rogue, External). APs that do not belong to any category based on their wired status and AP classification policy are treated as Uncategorized.
Figure 14.
Security Dashboard APs Section Table View
Entries are color coded according to their classification: Authorized is denoted by green Mis-configured is denoted by orange Rogue is denoted by red External is denoted by blue Uncategorized is denoted by white
4.2.2.6.1
Viewing APs Table View
To view the AP information, click the following hyperlinked text in the APs section: Authorized: Click on Authorized, the DevicesAPsCategorizedAuthorized screen opens. Mis-configured: Click on Mis-configured, the DevicesAPsCategorizedAuthorized screen opens. Rogue: Click on Rogue, the DevicesAPsCategorizedRogue screen opens. External: Click on External, the DevicesAPsCategorizedExternal screen opens. Uncategorized: Click on Uncategorized, the DevicesAPsUncategorized screen opens.
4.2.2.6.2
Viewing APs Pie Chart View
To view the APs information in pie chart form, click the
icon.
22
Dashboard Tab
Figure 15.
Security Dashboard APs Section Pie Chart View
Select Active, Inactive, or both the checkboxes to view the active/inactive APs. Click the area in the pie chart; the DevicesAPsSelected category screen opens.
4.2.2.6.3
Editing AP Auto-classification Policy
To edit the AP Auto-classification policy at selected location, click the icon to open the AdministrationLocalLocal PoliciesOperating PoliciesAP Auto-classification screen. To edit the AP classification policy at another location, select that location in the Location tree and then click the tab for more details. icon. Refer to the AP Auto-classification section in the Administration
4.2.2.7
Security Dashboard Clients
The Clients section enables you to view lists of all the Active and Inactive Clients that belong to a certain category (Authorized, Unauthorized).Clients that do not belong to any category based on their association status and Client classification policy settings are classified as Uncategorized. The Clients section of Security Dashboard also shows you the Ad hoc networks seen in your environment.
Figure 16.
Security Dashboard Clients Section Table View
Entries are color coded according to the specified classification policies: Authorized is denoted by green Unauthorized is denoted by red Uncategorized is denoted by white The Ad hoc Networks sub-section in the Clients section displays all peer-to-peer wireless, that is, ad hoc connections between wireless devices in the network.
Figure 17. 23
Clients Ad hoc Networks Section
Dashboard Tab
4.2.2.7.1
Viewing Clients Table View
To view the Client information, click the following hyperlinked text in the Clients section: Authorized: Click on Authorized, the DevicesClientsCategorizedAuthorized screen opens. Unauthorized: Click on Unauthorized, the DevicesClientsCategorizedUnauthorized screen opens. Uncategorized: Click on Uncategorized, the DevicesClientsUncategorized screen opens. New Clients that do not belong to any category based on their association status and Client classification policy settings appear under Clients as Uncategorized Clients. The system cannot determine whether these Clients are authorized or unauthorized. You should manually inspect and move these Clients to the appropriate Client folder. BSSIDs: Click on BSSIDs, list of ad hoc networks and the details of the devices in these ad hoc networks screen appears.
Figure 18.
List of Ad hoc Connections
4.2.2.7.2
Viewing Clients Pie Chart View

icon.
To view the Clients information in pie chart form, click the
Figure 19.
Security Dashboard Clients Section Pie Chart View
Select Active, Inactive, or both the checkboxes to view the active/inactive Clients. Click the area in the pie chart; the
Dashboard Tab
DevicesClientsSelected category screen opens.
4.2.2.7.3
Editing Client Auto-classification Policy
To edit the Client Auto-classification policy at selected location, click the icon to open the AdministrationLocalLocal PoliciesOperating PoliciesClient Auto-classification screen. To edit the Client classification policy at another location, select that location in the Location tree and then click the Administration tab for more details. icon. Refer to the Client Auto-classification section in the
4.2.3
Performance Dashboard: Sections
Note: The Forensics and Performance Monitoring features and their tabs are only available if the HP RF Manager Adv Wireless IPS License (J9644A) (WIPS) is installed. The Performance Dashboard screen appears by clicking the Performance tab on the Dashboard screen.
Figure 20.
Performance Dashboard
The Performance Dashboard screen consists of the following Information Widgets: Performance Summary New Events Performance Event Charts Trends Analysis
4.2.3.1
Performance Dashboard Performance Summary
The Performance Summary displays the overall performance information of the Wi-Fi environment at selected location. This summary is presented as a pie chart of performance related events based on the Severity of these events. While keeping the mouse on an area of the pie chart shows you the number of events of the corresponding category, Clicking anywhere in the pie chart takes you to the EventsPerformance tab screen showing further details of events at the selected location.
Dashboard Tab
Figure 21.
Performance Dashboard Performance Summary Section
4.2.3.1.1
Configuring Performance Dashboard Performance Summary View
The events considered for showing the pie chart in Performance Summary are those which are selected for Display in the Event Settings at the selected location. In order to change the Event Settings at the selected location, click the icon. This will open the Performance tab of the AdministrationLocalLocal PoliciesEvent SettingsConfiguration screen at the selected location where you can directly modify the Display settings of the performance events. Refer to the Event Settings, Configuration section in the Administration tab for more details.
4.2.3.2
Performance Dashboard New Events
The New Events section lists the ten recent Performance events in descending order of the start time of the event. This list includes instantaneous as well as live/expired performance events. The events are listed based on the Severity Level selected: High, Medium, Low, or All..
Figure 22.
Performance Dashboard New Events Section
You can select an event row from this list and double-click to see the event details screen. Refer to the Viewing Events Lists section in the Events tab for more details. Select an event row and right-click to open a context sensitive menu of actions that can be taken on that event. Refer to the Events Context-Sensitive Menu section in the Events tab for more details.
4.2.3.2.1
Configuring Performance Dashboard New Events View
Select a location in the Location tree and then click the icon to open AdministrationLocalLocal PoliciesEvent SettingsConfiguration screen with Performance tab selected.
4.2.3.3
Performance Dashboard Event Charts
The system shows two Event Charts on the Performance Dashboard. The event drop-down list allows you to focus on events (by location or category), or on APs or Wi-Fi Clients experiencing performance issues. The time period drop-down list allows you to focus on the last 48 hours or a choice of interval in the last 24 hours. The availability of two charts on the Performance Dashboard improves your ability to efficiently notice and handle performance issues, if any. The details of the charts displayed based on the drop-down list are as follows: The drop-down list of events or devices to show on the chart contains the following: By Location: Displays a bar chart for a count of performance events for the selected location and its immediate child locations (The selected location is marked with * in the legend of the chart). In order to jump to the performance events at one of these locations, click on the bar for that location. You will be taken to the EventsPerformanceAll screen for that location and that location will be selected in the location tree panel as well.
Dashboard Tab
By Category: Displays a bar chart for a count of performance events at the selected location based on their category. In order to jump to the performance events of a specific category, click on the bar for that category. You will be taken to the EventsPerformanceSelected category screen. Top 5 APs by Events: Displays bar graph for the top 5 APs based on the number of Performance events involving these APs. On clicking one of the bars, the AP Details dialog for the corresponding AP device opens with Events tab selected. This allows you to view all the events related to that AP and take appropriate actions. Top 5 Clients by Events: Displays bar graph for the top 5 Clients based on the number of Performance events involving these Clients. On clicking one of the bars, the Client Details dialog for the corresponding Client device opens with Events tab selected. This allows you to view all the events related to that Client device and take appropriate actions. The drop-down list for time period allows you to control the chart display based on performance events that occurred in the chosen period. The time period choices available are: Last 4 Hours, Last 12 Hours, Last 24 Hours, or Last 48 Hours.
Figure 23.
Performance Dashboard Event Charts
4.2.3.3.1
Configuring Performance Dashboard Event Charts View
Select a location in the Location tree and then click the icon to open AdministrationLocalLocal PoliciesEvent SettingsConfiguration screen with Performance tab selected.
Dashboard Tab
4.2.3.4
Performance Dashboard Trends
Trends section of the Performance Dashboard displays line charts based on the category of performance events at the selected location for a chosen period of time. The choices of time period for the chart display are: Last 4 hours, Last 12 hours, Last 24 hours, or Last 48 hours. These choices are available in the form of a drop-down list as shown in the figure below.
Figure 24.
Performance Dashboard Trends Section
Note: Live events could be counted in multiple time slots that overlap with the event time, whereas Instantaneous events are counted only in the time slot in which they occurred.
4.2.3.4.1
Configuring Performance Dashboard Trends View
To specify the types of performance events that should be shown in the Trends at the selected location, click the icon in the Trends section. This opens the Select Category dialog shown below. Select the categories to be displayed by clicking the checkbox next to it in the Select Category dialog and click <OK>.
Figure 25.
Trends Select Category
4.2.3.5
Performance Dashboard Analysis
Top and bottom wireless activity analysis at the selected location is shown here for APs, Clients, and Sensors. Sensor records various performance parameters in the wireless network and sends performance records to Server periodically for aggregation/correlation. These recorded performance parameters are rendered as Performance Monitoring Graphs in the Device Details. The top/bottom analysis is provided based on the performance monitoring graphs described above. The rank of a device for any performance parameter is computed based on average value of that parameter over the selected time interval.
Dashboard Tab
Figure 26.
Performance Dashboard Analysis Section Table View
To view the Analysis information in form of a bar chart, click the
icon.
Figure 27.
Performance Dashboard Analysis Section Bar Graph view
Performance parameters are computed based on detections by a channel-rotating Sensor during the time it samples a particular channel. Such sampled data is typically well representative of parameters which are averages (for example, average data rate), ratios (for example, utilization) or slow varying (for example, associated Clients, active APs, active Clients). For parameters which are absolute values (for example, traffic), the sampled data typically underestimates the actual value. Time interval of periodic data collection/sampling is 15 minutes. Details of various parameters in the Analysis section are provided below.
Table 2 Device Type and dropdown available on the Analysis Section Device Type Dropdown Available Top/Bottom 5 by Associated Clients Top/Bottom 5 by Data Rate APs Top/Bottom 5 by Average Traffic Top/Bottom 5 by Utilization Top/Bottom 5 by Data Rate Clients Top/Bottom 5 by Traffic Table columns Name, MAC Address, SSID, Associations Name, MAC Address, SSID, Data Rate Name, MAC Address, SSID, Traffic Name, MAC Address, SSID, Utilization Name, Data Rate Name, Traffic Description Refer to Fields in the AP Performance Tab section for details For details Click on the AP Names appearing in the Name column in the Table View or click the Bar Graph in the Bar Graph View, the AP Details screen opens with Performance tab selected
Refer to Fields in the Client Performance Tab section for details
Click on the Client Names appearing in the Name column in the Table View or click the Bar Graph in the Bar Graph View, the Clients Details screen opens with Performance tab selected
Dashboard Tab Device Type Dropdown Available Top/Bottom 5 by Active APs Sensor s Top/Bottom 5 by Active Clients Table columns Name, Channel Number, Bandwidth, APs Name, Channel Number, Bandwidth, Clients Name, Channel Number, dBm Description Refer to Fields in the Sensor Performance Tab section for details For details Click on the Sensor Names appearing in the Name column in the Table View or click the Bar Graph in the Bar Graph View, the Sensor Details screen opens with Performance tab selected
Top/Bottom 5 by Interference
4.2.4
Dashboard Tab User Saved Settings
The following User choices made during browsing of Dashboard Tab are saved by the system: All the options that the user can select, that is, Table/Pie chart, Time Filters, drop-down list, radio buttons, checkboxes for all widgets displayed on Performance and Security Dashboard These settings are saved on log out as well as movement to other tabs on the Console.
Events Tab
Chapter 5
5.1
Events Tab
The Events screen provides information about events generated by the system. The system classifies events into the following types: Security, System, and Performance. On this screen, you can view, filter, locate, acknowledge, mark as read or unread, and toggle the state of the events participation in vulnerability computation. The option of Event-Pagination is also present.
Events: Panel Displaying Alerts
5.1.1
Pagination of Events
You can control the display of events on this screen by choosing to display all the events or display them one page at a time. The Events screen has a toolbar as shown in the figure below, to configure the Pagination.
Figure 28.
Toolbar for Configuring the Pagination of Events
Click the Click the
icon, to go to the First Page of the Events screen from any Page. icon, to go to the Previous Page from a Page in the Events screen.
icon signifies the Page number of the Events List. You can manually put in a number to visit that page in the The Events List. Click the icon, to go to the Next Page from a Page in the Events screen. Click the Click the icon, to go to the Last Page of the Events screen from any Page. icon, to disable the Paging option. A Confirmation screen appears.
Figure 29.
Confirm turning off Pagination
Click <Yes> to turn off the Pagination of Events. Click the icon, to Configure Page size of Events as shown in the figure. The Event Page Size value selected is the number of Events that will be displayed on every page in the Events screen. (Minimum: 25; Maximum: 100, Default: 25 Events per Page) The default value is the value set by the user in the Admin tab; if needed the user can change this value (see Events Page Size).
Figure 30.
Configure Events Page Size Screen
The Events Page Size can be configured either by the above option or from the Events Page Size option in the Events Settings in the Administration tab. If the Page number is manually changed through the option in the Events tab, the settings in the
Events Tab
Administration tab automatically changes and vice versa. If the Events Page Size is configured from Event Settings, then it is User Defined. If the Events Page Size is configured from Administration tab, then it is System Default. Also Events Page Size is saved as per user configuration. Note: The Event Pagination feature will appear whenever the Events screen displays (for example, Tell me more from Dashboard, Events Tab, Events tab in Device Details, and so on.)
Note: The Event Page Size Configuration option in the Administration tab and the icon under the Devices tab is only visible to a user (any) who has rights on the root location. The Graphs on the Events screen are based on all the events that have taken place and not on number of events displayed per page.
5.2
To open the Events screen, on the navigation bar, select the Events tab
Events Screen: Accessibility and Layout
Figure 31.
Events Screen
The Events screen includes two panes: On the left, the Location tree On the right, the event tabs: All, Security, System, and Performance, event list for the selected category of events, and event charts in the Table Summary
5.2.1
Events: Location Tree
The Location tree shows the complete list of locations created for your WLAN in the system. The Events shown on the right are for the currently selected location. To view a list of events for any other location, select that location in the Location tree, and select an event type in the right pane. A list of events of the selcted category, that have occurred at the selected location (and its child locations), appear in the list of events in the right pane.
Events Tab
5.2.2
Event Categories, Event Lists, and Table Summary
This pane shows: Path of the selected location List of events that have occurred at that location You can view the events at the selected location (and its child locations) based on their category. Tabs are provided for each category: All: Shows all events Security: Shows events that indicate security vulnerability or breach in your network System: Shows events that indicate system health Performance: Shows events that indicate wireless network performance problems You can view the following information for all the events on the bar charts under Table Summary. Event Severity: High, Medium, or Low. The event rows are highlighted in red, orange, or yellow color based on the severity level being High, Medium, or Low respectively. Event Status: New, Read, or Acknowledged Activity Status: Live, Instantaneous, or Expired
5.3
Viewing Events Lists
You must view events in order to take corrective actions. Use the following steps to view an event list: 1 In the Location tree, select a location. 2 In the right pane, select a tab All, Security, System, or Performance. Event list with following columns displays:
Figure 32.
Events Tab Column Header
ID: Specifies the unique identification number of the event. Severity Icon: Specifies the severity of an event as High denoted by icon, Medium denoted by icon, or Low denoted by icon respectively. Read Status Icon: Specifies if an event is new (that is, unread), read, or acknowledged, or a combination of these options. Activity Status Icon: Specifies if an event is live (in progress), is active and an activity has occurred since it was last read, or past (already occurred). The system follows a Live Event Architecture (LEA) where live or instantaneous events are used to classify events based on the duration of their occurrence as follows: o icon. A live event indicates that the Live: Have a valid start time stamp and are denoted by the triggers that raised the event are operational or continue to exist. On expiration, a valid stop time stamp is assigned to it. One or more conditions can trigger the start and stop of a live event. For example, consider the event Rogue AP is Live. This event will have a start and stop time and therefore it is easy to figure out that the Rogue AP is still operating. A live event designated by the icon indicates an event that has been updated, that is, some activity has occurred after the event has been read. Expired: Live events are marked as Expired once the triggers that caused the events are no longer operational. For example, once a Rogue AP has been located and removed by the administrator and is no longer in operation, the event related to the Rogue AP is marked as Expired. Expired events are marked with the icon. Instantaneous: Instantaneous events are the events triggered based on a trigger that does not have continuity. These events are raised each time the trigger is detected by the system. These events are icon. For example, Change in the SSID of an Authorized AP or Beacon with a indicated by the large Contention Free Period (CFP) duration detected. All offline events (events synchronized from a Sensor that has reconnected after operating in the Offline mode) are also treated as instantaneous events.
Events Tab
Contribution to Vulnerability: Indicates if that event occurrence is considered for determining the networks vulnerability icon denotes that the event does not contribute to vulnerability status and is secure. status on the Security Dashboard. The icon denotes that the event contributes to vulnerability status and is vulnerable. The Type Icon: Indicates the type of the event Security, System, or Performance. This column is visible only if you select the tab All in step 2. Location: Shows the probable location of the devices participating in the event when the event occurred. Event Details: Gives a short description of the event. Category: Specifies the events sub-category within a selected event type. This column is visible only if you select the tab All in step 2. Date: Shows the date and time when the event occurred. Configure Display Columns: Clicking on the Column Visibility icon opens a window showing the columns available for display and their current selection and display order. You can check/uncheck the checkbox next to the column name to select/deselect it from Event display. You can change the display order of a column by selecting the column name and moving it up/down with Up/Down buttons. Save the display settings by clicking <Save> button.
Figure 33.
Events Tab - Display Columns Screen
5.4
Sorting Events
The system enables you to sort events by columns, which helps you arrange information according to your requirements. Use the following steps to sort events: 1 In the Location tree, select a location. 2 Select an event type tab, for example, Security. 3 Optionally, to drill down further, select an event category tab, for example, Rogue AP. 4 To sort a column, click the column header, for example, Date. Note: When you sort the list for the first time, the system sorts it in the ascending order. Click a column header again to re-sort in descending order.
Events Tab
Figure 34.
Sorted Events List
5.5
1
To focus your attention to a subset of events based on a filtering criteria (such as events in a particular time period, or of particular category, and so on) system provides you with the capability to filter events. Use the following steps to filter events: On the Events screen, click the icon to open the Filter Events dialog.
Filtering Events
Events Tab
Figure 35.
Filtering Events
6 7 8
In the Time Filter dialog, do one of the following: Under Events in select the following Events in last 5 Minutes, Events in last 1 Hour, Events in last 1 Day, or Customize to choose a From and To Date as described below. Default: All Events. Select Customize under the drop-down menu in Events in and then choose either of the following: icon to specify a start date and time and then click <OK>. Under To Date, click the Under From Date, click the icon to specify an end date and time and then click <OK>. Under Activity Status, select one or more of the following checkboxes: All Instantaneous Live Expired Under Event Status, select one or more of the following checkboxes: All Read Unread Acknowledged Under Severity Status, select one or more of the following checkboxes: All Low Medium High Select the checkbox, Event ID, to enter event IDs manually for searching data related to it. Select the checkbox, Text Filter, to enter search text to select events containing the text in event details. Select the checkbox, Causes Vulnerability?, to select those Events which have been selected to contribute to Vulnerability.
Events Tab
Select the checkbox, Show deleted events, to view deleted events. Event text appears as strikethrough when you select this checkbox. 10 To save and apply the event filtering criteria, click <OK>. When the filter is applied, it is denoted by Filter On on the Console, if no filter is applied it is denoted by Filter Off on the Console.
5.6
Working with Events
Events occur when Sensors detect any unexpected change in the WLAN. The system classifies events into the following categories: Security events (for example, Rogue APs and Denial of Service (DoS) attacks) System events (for example, Sensor connection/disconnection, Server status, or Troubleshooting) Performance events( for example Bandwidth, Configuration, Coverage, or Interference)
5.6.1
Events Context-Sensitive Menu
Context-sensitive menus for Events enable you to: View event details Locate an event Acknowledge an event Forensics Change the location of an event Delete or undelete an event Mark an event as Unread Read Toggle Vulnerability
5.6.1.1
Method for Opening Events Context-Sensitive Menu
To open the Events context-sensitive menu, click the Events tab and then right-click an event row to open the context-sensitive menu.
Figure 36.
Events Context-Sensitive Menu
Events Tab
5.6.1.2
Items in the Events Context-Sensitive Menu
The Events context-sensitive menu includes the following items. Details: Opens the Events Details dialog explained in the Event Details Dialog section. This option is unavailable if you select multiple events. Locate: Opens the Locate Event dialog explained in the Tracking the Location of an Event section, and enables you to track the location of an event by tracking the location of devices involved in that event. Acknowledge: Enables you to add comments to an event. These comments serve as a record of actions taken / to be taken in response to an event. Forensics: Opens the Forensics Details dialog explained in the Viewing Threats List section. This menu option is available for Security events (such as Rogue AP, Mis-configured AP, Honeypot AP, DoS, Banned AP, Unauthorized Association, Misassociation, Bridging Client, Banned Client, and Ad hoc Networks). Change Location: Opens the Location Tag dialog that enables you to: o View the complete list of locations. o Change the location of the selected event. Delete: Enables you to delete an event. HP ProCurve recommends that you delete an event only after you have taken the recommended action for that event. Undelete: Available only if one or more events are deleted and you have checked Show deleted events checkbox discussed in the Filtering Events, this option enables you to un-delete event(s). Mark as Unread: Available only if an event is read; this option enables you to mark an event as a new event. Mark as Read: Enables you to mark a new event as read. Toggle Vulnerability: Enables you select/deselect a checkbox to specify whether this specific event instance should be considered / not considered for computing the vulnerability status of the network.
5.6.2
To open the Events Details dialog, on the Events screen, double-click an event row.
Event Details Dialog
Events Tab Figure 37. Events Details Dialog
The Events Details dialog gives information about the selected event, which helps you determine the appropriate response. The various fields and buttons in this dialog are: Short Description: Provides a brief description of the event. This is presented as bold text at the top of the dialog. Event Detailed Description: Gives a detailed description of the event. Location: Displays the name of the location where the event occurred. Severity: Displays the severity level of the event. Start-Time: Shows the date and time when the event started. End-Time: Shows the date and time (only for expired events) when the event ended. Is Vulnerable: Indicates if the event contributes to the vulnerability status of the network. Under Sub Events column, you can view a list of activities or sub-events associated with the event. The sub events display historic data that varies over time. For example, consider a past event Rogue AP is Active; this event contains an APs classification (category) as time varying data. To capture this change in classification, the event will have sub-events such as: o Event started o Classification of AP changed to Rogue o AP has become inactive o Event expired Under Updated Date/Time column, you can view the date and time of generation of the sub-event. Participating Devices: Displays the following information for each device involved in the sub-event: o Icon o Name o MAC address o Current Location Button (to see the current location of the device involved in the sub-event) o Event Time Location Button (to see the location of the device at the time of occurrence of the sub-event) Under Recommended Action tab, the system displays the recommended action that you can take in response to the event. Under Acknowledgement Trail tab: Add Comments: Enables you to type acknowledgement notes for the event and acknowledge the event. Acknowledgement Notes Trail: Provides a history of acknowledgement notes. Click <Delete> to delete the event after confirmation.
5.7
Acknowledging an Event
Acknowledge an event so that you can refer to these notes in future. Use the following steps to acknowledge an event: 1 On the Events screen, right-click an event row. 2 From the resulting menu, select Acknowledge.
Figure 38.
Event Acknowledgement Dialog
3 4
39
In the Enter Comment dialog, under Enter Comment, enter informative text. To save the text click <OK>.
Events Tab
Note: An administrator can read, select, and add comments (acknowledgment notes) for multiple events.
5.8
Deleting an Event
When you delete an event manually, the system does not remove it from the system but only marks it as deleted. A deleted event does not contribute to the vulnerability status for a location. Deleted events are also visible in a report. Permanent deletion of events from the database happens only automatically based on the configured auto-deletion policy for events (see Auto Deletion). Use the following steps to delete an event: 1 On the Events screen, right-click an event row. 2 From the resulting menu, select Delete. 3 In the Confirm dialog, click <Yes> to delete the event. If you have selected the Show deleted events checkbox on the Filter Events dialog, the text for this deleted event row appears as strikethrough. Recommended: HP ProCurve recommends that you delete an event only after you view it and have taken the necessary action.
5.9
Undeleting an Event
Use the following steps to undelete an event: 1 On the Events screen, right-click an event row that is deleted. The text for this deleted event row appears as strikethrough. 2 From the resulting menu, select Undelete.
5.10 Toggling an Events Contribution to Network Vulnerability

As part of system configuration you would have identified certain event types as contributing to vulnerability by checking the Vulnerable flag in the event configuration. For details refer to Event Settings, Configuration section in Admin tab. Whenever events of these types occur, they contribute to the vulnerable status of the network. After taking action on these event occurrences, you can change the vulnerability status of such event occurrences from the Event Screen. Use the following steps to toggle the vulnerability of an event: 1 On the Events screen, right-click an event row. 2 From the resulting menu, select Toggle Vulnerability.
Figure 39.
Toggling Event Vulnerability
3 4 5
In the Enter Comment, select/deselect the checkbox Participate in Vulnerability Assessment. In the space provided below the checkbox, enter informative text describing the reason for changing. To save the changes, click <OK>.
5.11 Viewing Detailed Information for an Event
You can view more information about an event to understand its cause and effect. Use the following steps to view additional information for an event: 1 On the Events screen, double-click an event row.
Events Tab
On the Event Details dialog that appears, click the appears.
icon. A dialog that shows more information for that event type
Figure 40.
Viewing Additional Information about an Event
5.12 Tracking the Location of an Event

You can track the location of an event by tracking the location of each participating AP, Client, or attacker device. Use the following steps to track the location of an event: 1 On the Events screen, right-click an event row and then from the resulting menu, select Locate. This opens the Event Details dialog as shown below:
Figure 41.
Tracking the Location of an Event
Events Tab
2 On the Event Details dialog, perform the following: Under Sub Events, select a sub-event Under Participating Devices, select a device participating in the selected sub-event Click <Current Location> to view the current location of the device. The Device Details dialog opens with Locate tab selected providing the details of the location (see Devices Tab). Click <Event Time Location> to view the location of the device at the time of occurrence of the sub-event as shown in the figure.
Figure 42.
Event Time Location dialog
5.13 Viewing Properties of Devices associated with an Event

To view/edit the properties of an AP, Client, or Sensor associated with an event use the following steps to access the corresponding device menu: 1 On the Events screen, double-click an event row. 2 On the Event Details dialog, under Participating Devices, right-click a device row and select Details from the resulting menu. The right-click options are same as that of Device Details dialog. For more details refer to the Devices Tab section.
Events Tab
Figure 43.
Viewing Device Properties from Events Details Dialog
5.14 Events Tab: User Saved Settings

The following User choices made during browsing of Events Tab are saved by the system. Display Columns and their order Events Filter Page Size These settings are saved on log out as well as movement to other tabs on the Console.
Devices Tab
Chapter 6
6.1
Devices Tab
The Devices screen provides information about APs, Clients, and Sensors visible to the system. On this screen, you can view/edit their details, sort the display based on their properties, carry out a variety of operations, like changing their location, changing their classification, initiating quarantine activities, and troubleshooting an AP/Client/Sensor.
Devices: Panel Displaying WLAN Devices
6.2
To open the Devices screen, on the navigation bar, select the Devices tab
Devices Screen: Accessibility and Layout
Figure 44.
Devices Screen
The Devices screen includes two panes: On the left, the Location tree On the right, device category tabs, device lists, and table summary
6.2.1
Devices: Location Tree
The Location tree shows the complete list of locations for your WLAN in the system. The devices at the selected location are shown in the pane on right. You can choose a Device type (APs, Clients, or Sensors) and category within the device type tab to see a list of devices of chosen category.
6.2.2
Device Categories, Device Lists, and Table Summary
The right pane of the Devices screen shows a list of devices tagged to the selected location. Tabbed views enable you to view device lists for Uncategorized and Categorized APs and Clients, as well as a list of all the Sensors. The Table Summary displays information about APs, Clients, and Sensors in the network.
Devices Tab APs Chart Name Potential Classification Uncategorized APs Yes Categorized APs Display Information Potentially Authorized Potentially Rogue Potentially External Indeterminate Authorized Category Yes Mis-configured Rogue External Networked Yes Yes Non-Networked Indeterminate Active Inactive a b only b/g a/b/g Other 802.11i Wi-Fi Protected Access (WPA) Security Settings Yes Yes Wired Equivalent Privacy (WEP) Open Multi Unknown
Network Connectivity Active Status 802.11 Protocol (with or without 802.11n capability)
Yes
Yes
Note: The system labels APs that are imported and whose protocol information is not available as Other.
Clients Chart Name Active Status Category Quarantine Status Yes Sensors Chart Name Display Information Sensor(n) Sensor(abg) Sensor Type ND(n) ND(abg) SNDC(n) SNDC(abg) Active Status Active Inactive Uncategorized Clients Yes Categorized Clients Yes Yes Display Information Active Inactive Authorized Unauthorized Quarantined Not Quarantined
6.3
Viewing APs/Clients List
Use the following steps to open a APs/Clients list: 1 In the Location tree, select a location.
Devices Tab
On the right, a list of APs/Clients tagged to that location appears; select either the APs or Clients tab. On the header, next to the Search icon, select the Include Inactive APs/Clients check box to view the inactive APs/Clients in the list. 4 Select either the Uncategorized or Categorized tab under APs or Clients to organize devices. For Categorized APs, select one of these tabs: All, Authorized, Rogue, or External. For Categorized Clients, select one of these tabs: All, Authorized, or Unauthorized.
2 3
Figure 45.
Categorized Clients List
The Devices screen shows the following information about APs or Clients. Device Type and Status Icon: Identifies the type of AP Rogue, External, Authorized, Indeterminate, Dual Radio or the type of Client Authorized or Unauthorized. Additionally, this icon specifies the status of APs/Clients as Active/Inactive. Networked Status Icon: Identifies if the AP is connected to the wired network. This column is not present for clients. Quarantine Status Icon: Identifies the quarantine status of the AP or Client Quarantined, Quarantine Pending, or Not in Quarantine. Quarantining an AP or Client utilizes the Sensors computation resources. If no Sensor is currently available to quarantine the AP or Client, this icon shows Quarantine Pending. RSSI: Displays the observed RSSI (Received Signal Strength Indicator) value for the AP or Client. Banned Device /Troubleshooting Status Icon: Identifies if the AP or Client is in the Banned AP List or Banned Client List as well as whether troubleshooting is in progress on the specified AP or Client, or both. Name: Specifies the user-defined name for the AP or Client. MAC Address: Specifies the unique 48-bit IEEE format address of the AP or Client assigned to the network adapter by the manufacturer. Security: Shows the security settings for the AP or Client such as Open, WEP, WPA, 802.11i, or Unknown. SSID: For an AP, it specifies the operating SSID, which is the unique identity that prospective Clients use to recognize the network. When several WLANs operate in the same space, SSID helps Clients in deciding which one to join. However, SSID alone does not provide any meaningful security. For a Client, it specifies the operating SSID of the AP with which the Client is associated. Channel: Specifies the channel number on which the AP or Client operates. The channel is shown as Dual for an AP or Client that operates on both 802.11a and 802.11b/g simultaneously.
Devices Tab
Protocol: For an AP, it specifies the 802.11 protocol used 802.11a, 802.11b only, 802.11b/g, or 802.11a/b/g, with or without 802.11n capability. For a Client, it specifies the 802.11 protocol (with or without 802.11 n capability) used by the AP with which the Client is associated. Vendor: Specifies the name of the AP or Client manufacturer. The vendor name is inferred from the first three bytes of the MAC address. Network: Shows the Network Tag of the network to which the AP is connected. This value is blank if the AP is not connected to a network. Location: Gives the user-defined location name of the AP or Client. Up/Down Since: Specifies the date and time since the AP or Client is in an up or down state. # Associated Clients: Specifies the number of Clients associated to the AP. Associated AP: Specifies the name of the AP with which a Client is associated. This is the AP through which the Client communicates with other Clients and other networked devices. Cell ID: Specifies an ID for Clients in ad hoc mode. The Cell ID is common for all the Clients that form a single ad hoc connection. Configure Display Columns: Clicking on the Column Visibility icon opens a window showing the columns available for display and their current selection and display order. You can check/uncheck the checkbox next to the column name to select/deselect it from Device display. You can change the display order of a column by selecting the column name and moving it up or down with the Up/Down buttons. Save the display settings by clicking the <Save> button.
Figure 46.
Devices Tab Display Columns Screen
Note: The columns Network Status Icon, Security, Channel, Network, and Associated Clients appear only in the APs list. Associated AP and Cell ID appear only in the Clients list.
Devices Tab
6.4
Viewing Sensors List
Use the following steps to open a Sensors list. 1 In the Location tree, select a location. 2 On the right, a list of devices tagged to that location appears; select the Sensors tab.
Figure 47.
Sensors List
The Devices screen shows the following information about Sensors: Device Type and Status Icon: Identifies the type of Sensor Sensor, ND, or SNDC and its status Active, Inactive, Upgrade Required, or Upgrade in Progress. Troubleshooting Status Icon: Identifies if troubleshooting is in progress on the specified Sensor. Name: Specifies the user-defined name for the Sensor. MAC Address: Specifies the unique 48-bit IEEE format address of the Sensor assigned to the network adapter by the manufacturer. IP Address: Specifies the IP Address of the Sensor. Capability: Specifies if the Sensor has 802.11n capability. Model: Specifies the model number of the Sensor. Location: Gives the user-defined location name of the Sensor. Template: Specifies the Configuration template assigned to the Sensor. Build: Specifies the build number of the software running on the Sensor. Up/Down Since: Specifies the date and time since the Sensor is up/down. # Monitored VLANs: Specifies the number of VLANs monitored by the ND/SNDC.
6.5
Sorting a Device List
The system enables you to sort a device list so that you can arrange information according to your requirements. Use the following steps to sort a device list: 1 Open a device list as explained in the Viewing APs/Clients List section. 2 Click a column header to sort the list.
Devices Tab
Figure 48.
Sorted Device List
The system enables you to search multiple text entries and icons to locate the target text within large amount of data. The search is not case sensitive. Use the following steps to search multiple items in a device list: 1 On the Devices screen, click the icon on the top right to open a Search dialog.
6.6
Searching within a Device List
Figure 49.
Searching within a Device List
2 In the Search dialog, under Search In, select the required column from the drop-down list. 3 Under Search For, you can do the following: Select multiple text entries or icons under Available and then click to move the chosen item(s) under Selected.
Devices Tab
Figure 50.
Specifying Available Search Values
Click <Custom> to open the Add To Search List dialog where you can specify a user-defined search value, and then click <OK>. You can add multiple user-defined values to search several items at a time.
Figure 51.
Specifying User-Defined Search Values
To affect and save the search, click <Search>. To begin a new search and clear the existing search text click <Clear Search>.
Note: If you enter text in Search For, you can use ^ before the text or $ after the text to specify special search semantics. Use ^ before the text to indicate that the text being searched for should be at the beginning. Use $ after the text to indicate that the text being searched for should be at the end. 5 To affect the search, click <Search>.
6.7
Location Tagging of a Device or Location Tag Assignment
Device location tagging refers to the process by which a device obtains the label of a location. Tagging is of two types: Automatic and Manual.
Devices Tab
6.7.1
Automatic Location Tagging (Auto Location Tagging)
The system automatically assigns a location to a device depending on the Automatic Location Tagging policy selected and the signal strength of the Sensors reporting the device (see Auto Location Tagging). Automatic Location Tagging of a device depends on the location of the Sensors which are able to see the device. If all the Sensors reporting a device are tagged to the Unknown location, the device is also tagged to the Unknown location.
6.7.2
Manual Location Tagging
You can change the location tag of a device manually in one of the following ways: On the Devices screen, right-click the device row and select Change Location. On the Locations screen, place the Authorized AP on the floor map. On the AdministrationGlobal tabDevice SettingsImport Devices screen, specify the location to which the device must be tagged. If an AP or Client is manually tagged, the system never attempts to auto-tag it again. To re-enable auto-tagging for that device, you must delete the device and let the system re-discover it.
6.8
This section shows how to access various context-sensitive menus and dialogs associated with the devices in your network.
Working with Devices
6.8.1
AP Context-Sensitive Menu
APs are wireless devices to which wireless Clients (laptops, PDAs, and so on) connect and communicate with other devices on the Local Area Network (LAN). The context-sensitive menu for APs enables you to: View an APs Details Events involving the AP Performance Charts Edit an APs details Locate an AP Block Wired Port of an AP DoS Prevention of an AP Quarantine an AP Enable/disable Auto-quarantine on an AP Troubleshoot an AP Mark an AP as Known Delete an AP Change an APs Location Category Move an AP to the following folder Authorized Rogue External
6.8.1.1
Method for Opening AP Context-Sensitive Menu
To open an AP context-sensitive menu, click the Devices tab and then right-click an AP row to open the context-sensitive menu.
Devices Tab
Figure 52.
AP Context-Sensitive Menu on Devices Screen
6.8.1.2
Items in the AP Context-Sensitive Menu
The AP context-sensitive menus include the following items. Details: Opens the Properties tab of the AP Device dialog, which allows you to: View/Edit the APs name View/Edit APs classification View/Edit APs Device Tag Assign a user-defined location tag so that you can easily locate the AP; the location of a manually tagged AP is shown with an asterisk (*) under the Location column Enables you to view Primary details of the AP Devices seeing the AP Recently Associated Clients Performance: Opens the Performance tab of the AP Device dialog, which allows you to view performance graphs for the AP. Events: Opens the Events tab of the AP Device dialog, which allows you to view events associated with the AP, so that you can take the necessary actions. Locate: Opens the Locate tab of the AP Device dialog, which allows you view the AP Location (see Fields in the AP Locate Tab) Move to Quarantine: Enables you to block any wireless communication to the AP, that is, quarantine the AP. If a Sensor is available, the system automatically selects a defending Sensor for an Authorized AP. The Quarantine status of the AP then appears as Quarantined. If a Sensor is not currently available, the Quarantine status of the AP appears as Quarantine Pending. As soon as a Sensor is available, it starts defending the AP. The AP may appear as Quarantine Pending if it is not currently an active threat (the AP is inactive). The system keeps quarantining the AP until you manually remove it from quarantine. Remove from Quarantine: Available only if the AP is manually Quarantined, this option enables you to stop quarantine on the AP, thereby enabling wireless communication.
Devices Tab
Start DoS Prevention: Available only if the system has determined an AP to be under a DoS attack and DoS countermeasures have not already been started. This option enables you to start DoS countermeasure on a selected AP. Stop DoS Prevention: Available only if DoS Prevention is initiated on the AP, this option enables you to manually terminate DoS countermeasure on a selected AP. Enable Auto-quarantine: Enabled by default, this option ensures that the system automatically quarantines an AP, thereby honoring the specified Intrusion Prevention policy. Disable Auto-quarantine: This option ensures that the system does not automatically quarantine an AP (regardless of the policies). Add to Banned List: Enables you to add the selected AP to the Banned List to prevent the AP from engaging in wireless communication. Remove from Banned List: Available only if the AP is already in the Banned List, this option enables you to remove the selected AP from the Banned List. Start Troubleshooting: Opens the Troubleshoot tab of the AP Device dialog, which allows you to start a troubleshooting session in either Packet Level Mode or Event Level Mode. Click <Start Troubleshooting> to start troubleshooting. Stop Troubleshooting: Available only if a troubleshooting session is in progress, this option enables manual termination of the session. Split: Enables you to split the merged APs. Mark as Known: Enables you to mark an External AP as Known External AP. When an AP is marked as Known External AP, the row color changes to dark blue. Mark as Unknown: Enables you to mark a Known External AP as Unknown External AP. An Unknown External APs row color is light blue. Delete: Enables you to delete a selected AP. Change Location: Opens the Location Tag dialog that enables you to: View the complete list of locations Change the location of the selected AP (see Manual Location Tagging) Move to: Enables you to categorize the AP in your network by moving it to the Authorized, Rogue, or External folder.
Note: The menu items Block Wired Port, Mark Port as Unblocked, and Move to Quarantine appear only in the AP contextsensitive menu on the Devices screen and not in the AP context-sensitive menu on the Quarantined Devices dialog. All other items are available on both the menus.
6.8.2
AP Details Dialog
You can open the AP Details dialog in the following manner: On the Devices screen, right-click an AP row and select the Details menu item. The AP Details dialog has the following tabs: Properties, Events, Performance, Troubleshoot, and Locate. By default, the Properties tab is displayed and treated as the current tab.
Devices Tab
Figure 53.
AP Properties Tab
6.8.2.1
Fields in the AP Properties Tab
The AP Properties tab enables you to view and edit the properties of an AP. MAC/Protocol: Select the MAC/Protocol from the drop-down list to display the relevant information of the AP. MAC/Protocol field appears only for merged APs. Note: MAC/Protocol field also appears in the Performance tab for the merged APs. AP Name: Click and specify the name used to identify the AP in the AP Name dialog. Click <Save>. The new AP name automatically displays in the Device Name field in the header of the AP Details dialog.
Figure 54.
AP Name Dialog
Classification: Specifies the classification of the APAuthorized, Rogue, External, or Indeterminate. This automatically displays in the Classification field in the header of the AP Details dialog. Click to open the AP Classification dialog. Here, you can change the AP classification to Authorized, Rogue, or External. Click <OK> to move the AP to the selected folder.
Devices Tab
Figure 55.
AP Classification Dialog
Device Tag: Click to specify text that provides additional information about the AP in the Device Tag dialog; for example, Hawaii Conference Room, Bldg 15 Cubicle G2, or Executive Area. Click <Save> to save the device tag.
Figure 56.
AP Device Tag Dialog
MAC Address: Specifies the unique 48-bit address of the AP/ 802.11 PHY modes used by the AP. Location: Enables you to view the name of the APs location and the complete list of locations. This automatically displays in the Location field in the header of the AP Details dialog. to open the Location Tag dialog. Here, you can view the complete list of locations and choose a location for Click the AP. To view the list of locations, you must first set up your list of locations on the Locations screen as explained in the section (see Working with Location Folders and Location Nodes).
Figure 57.
AP Location Tag Dialog
Placed on Floormap?: Indicates if the AP is placed on the floor map. Currently Active?: Indicates if the AP is currently active. Up/Down Since: Specifies the time since the AP is up/down. Network: Shows additional information about the IP Address and subnet that identifies the network on which the AP is located.
Devices Tab
IP Address: Click to open the IP Address dialog. Specify the IP address for an Authorized or Indeterminate AP. This field is disabled for Rogue and External APs.
Figure 58.
AP IP Address Dialog
Basic Link Rates (Mbps): Displays a comma- separated list of link rates supported by the AP. Vendor: Specifies the name of the AP manufacturer, which is inferred from the first three bytes of the MAC address. SSID: Specifies the unique identity that prospective Clients use to recognize the network. Protocol: An 802.11 device could implement and use protocols a, b/g or a/b/g. The protocol decides the PHY layer properties and capabilities of the device. Channel: Specifies the channel number on which the AP operates. Security: Shows the security settings for the AP. If this option is enabled, the AP enforces WEP encryption on the wireless link. Authentication: Specifies the procedure used by APs to verify the identity of a Client. Pairwise Encryption: Specifies the encryption used for unicast communication between the AP and a Client. Group Encryption: Specifies the encryption used for broadcast or multicast communication from the AP. Cisco MFP (802.11w) AP capability: Indicates if the AP implements pre-802.11w standard from Cisco to mitigate against the DoS attacks against AP. Turbo Capability: Indicates if an AP can transmit wireless signals at 108 Mbps. Super AG Capability: This field indicates that the AP supports Super AG capability. This capability provides speed and throughput of more than double of standard wireless LAN (802.11) technologies. 802.11n Capability: This indicates 802.11n capability of the AP. The field provides information about whether the AP is compliant with early or standard implementations of the 802.11n standard.
Note: You will see Turbo Capability, Super AG Capability and Pre-11n Capability only if the selected AP has these capabilities. Publicly Secure Packet Forwarding: Specifies if the AP relays packets among wireless Clients, that is, specifies if Publicly Secure Packet Forwarding (PSPF) is disabled on the Client. Inter-Client Communication Last Detected: For WEP enabled APs, specifies the date and time when communication between two wireless Clients was last seen.
Note: For Authorized but Mis-configured APs, any properties that violate the specified Authorized SSID template for that location are shown in red. Read the tool tip on the Console for more information. Quarantine Status: Click to open the Quarantine Confirmation dialog and to quarantine the selected AP if a Sensor is available. If a Sensor is not available, the Quarantine Status of the AP is Quarantine Pending. Click <Yes> to quarantine the AP. This automatically displays in the Quarantine Status field in the header of the AP Details dialog. Note: If the selected AP is currently quarantined, a Remove from Quarantine button appears in the AP Properties dialog. Click <Remove from Quarantine> to view an Information message and to enable wireless communication to the AP.
Devices Tab
Figure 59.
AP Quarantine Confirmation Dialog
Note: The system quarantines only those interfaces that are mis-configured (non-policy compliant). The system allows policy compliant interfaces to operate unhindered. Defending Sensor: If an AP is quarantined, it specifies the name of the Sensor that is actively preventing the AP from engaging in wireless communication. Beacon Interval (ms): Specifies in milliseconds the time interval between successive beacons of the AP. First Detected At: Specifies the date and time when the AP was first detected by the system. 802.11n Properties: Appears when the AP is 802.11n capable. Channel Width: Specifies whether an AP is operating on 20 MHz or 40 MHz channel width. 802.11n allows for the use of standard channel width of 20 MHz or double channel width of 40 MHz. 40 MHz channel width is achieved by using two adjacent channels to send data simultaneously. Channel Offset: For AP operating on 40 MHz channel width, channel offset specifies whether the adjacent channel used in 40 MHz operation is above or below the primary channel. This field can have following values: Above 40 MHz: AP is currently operating on 40 MHz and adjacent channel lies above the primary channel. Below 40 MHz: AP is currently operating on 40 MHz and adjacent channel lies below the primary channel. 802.11n Data Rate: Specifies the highest 11n rate of the AP with which it communicates with the Client. Short G1 for 20 MHz: Indicates if the AP is capable of using short guard interval for 20 MHz. Short G1 for 40 MHz: Indicates if the AP is capable of using short guard interval for 40 MHz. MCS Support: Specifies the various Modulation and Coding Schemes (MCS) supported for 802.11n. The 802.11n standard defines a total of 77 MCS. Each MCS is a combination of a certain modulation (for example, BPSK, QPSK, 64-QAM), coding rate (for example, 1/2, 3/4), guard interval (800 or 400 ns), and number of spatial streams. Support for MCS 0-15 is mandatory for 802.11n APs and support for MCS 0-7 is mandatory for 802.11n Clients. Greenfield Mode: Indicates if the AP is capable of working in the Greenfield mode. Greenfield mode is an optional high-throughput mode in the 802.11n standard, which is not backward compatible with legacy (802.11a/b/g) protocols and is expected to provide maximum performance benefits of 802.11n. Beam forming Capability: Indicates if the AP is capable of Beamforming. Beamforming is an RF transmission method that helps in focusing the radiated RF energy directly at a receiving Client. This improves signal reception at the Client and consequently the throughput. To add the selected AP to the Banned List, click To refresh the AP Details screen, manually click interval. . . . The system does not auto-refresh after a pre-defined
To delete data for the selected AP and re-initialize data gathering, click
6.8.2.1.1
Devices Seeing AP Section
Under Device Seeing AP, you can view a list of devices (which could be either APs or Sensors) that can see the selected AP. The details of these devices such as Device Active/Inactive icon, Name and RSSI of the AP seen by that device are displayed in the rows. To view details of a specific Device seeing the current AP, click Name, and a new AP Details or Sensor Details dialog appears.
6.8.2.1.2
Recently Associated Clients Section
Under Recently Associated Clients, you can view a list of Clients that are recently associated to the selected AP. The criteria for Recent Association is either 12 hours or 100 thousand Clients (this is the total number of associations in the system and not
Devices Tab
per device). Client details such as Client Active/Inactive icon, Client Name, and Last Detected At (which shows the date and time or Present, Present when the association is currently active.) are displayed in the rows. To view details of a specific Client, click Client Name; the Client Details screen opens.
6.8.2.2
Fields in the AP Events Tab
To open the AP Events tab, on the Devices screen right-click an AP row and select the Events menu item.
Figure 60.
AP Events Tab
The AP Events tab enables you to view the events where the AP is participating device. For the columns in the Events details screen, refer to the Events Tab chapter for more details. Check the Click to select or deselect all Events checkbox to select all the Events displayed on that page. Click <Delete> to delete the selected events. Click <Acknowledge> to add comments for the selected events.
6.8.2.3
Fields in the AP Performance Tab
To open the AP Performance tab, on the Devices screen right-click an AP row and select the Performance menu item
Devices Tab
Figure 61.
AP Performance Tab
Note: In the Performance tab, data is only available for Authorized devices. The AP Performance tab enables you to view the data related to performance of an AP in chart form. Select the MAC/Protocol of the AP from the MAC/Protocol drop-down list. This field appears only for merged APs. Line Charts are shown on the Performance Tab. Choose one of the Chart types available from the Select Chart drop-down list: Associated Clients: Sensor samples the number of associations with the AP at the end of each time interval. Average Data Rate: Sensor keeps track of transmission rates of data frames in the APs BSS and reports weighted average transmission rate over each time interval. Traffic: Sensor reports data traffic sent and received by the AP over each time interval. The channel-rotating Sensor spends only a fraction of total time on any given channel; therefore this parameter typically underestimates the actual traffic by a factor equal to the total number of channels scanned by the Sensor radio. For example, if a b/g radio on the Sensor scans 11 channels in all, the measured traffic could be about 1/11th of the actual traffic if the traffic is continuous. Similarly, if a radio on the Sensor scans 30 channels in all, the measured traffic could be about 1/30th of the actual traffic. However, if the traffic comes in bursts, straightforward scaling as above cannot be applied. Utilization: Sensor keeps track of cumulative time occupancy of frames in the APs BSS and reports the cumulative time occupancy as a percentage of total scan time on the channel in each time interval. Click to view enlarged Chart on the left hand side. Click to view enlarged Chart on the right hand side.
6.8.2.4
Fields in the AP Troubleshoot Tab
The system provides Knowledgebased Troubleshooting (KBT) which enables you to precisely identify the cause of common problems in your wireless network. KBT uses a knowledge base of wireless problem symptoms and their root causes. The knowledge base is derived from extensive experimentation with WLANs. You can initiate knowledge-based troubleshooting in one of the following modes: Packet Level Mode: Enables you to remotely capture all packets seen by a selected Sensor that is in the vicinity of a device. Selection of the Sensor can be manual or automatic.
Devices Tab
Event Level Mode: Triggers the generation of detailed monitoring events for a device in the Troubleshooting event subcategory. To open the AP Troubleshoot tab, on the Devices screen right-click an AP row and select the Start Troubleshooting menu item.
Figure 62.
Packet Level Troubleshooting for an AP
Select the Troubleshooting Mode and set the corresponding Timeout interval. If you select Packet Level Troubleshooting, ensure that the Sensor used for troubleshooting is reachable from the computer used to launch the Console.
Note: A troubleshooting session automatically times out or terminates after the Timeout irrespective of the activity. You can manually stop troubleshooting from the device context-sensitive menu by selecting Stop Troubleshooting or from the Troubleshooting tab by clicking <Stop Troubleshooting>. 2 Under Sensor Selection, select the Sensor to use for troubleshooting. Sensor Status appears as Normal Operation, Busy in Quarantine, or Busy in Troubleshooting. Within each category, Sensors are sorted based on availability and signal strength.
Note: Do not select a Sensor that is Busy in Quarantine or Busy in Troubleshooting. If you select a Sensor that is Busy in Quarantine, the troubleshooting operation fails. 3 Under Protocol and Channel Selection: The Protocol and Channel on which the AP is operating automatically selects by default. For Merged APs, the Protocol and Channel of the Primary AP automatically selects by default. The user can also select the 802.11n protocol, the corresponding channel(s) and width on which the chosen Sensor should initiate troubleshooting.
Note: A Configuration template is assigned to each Sensor. The Channels list contains only those channels enabled for scanning in that Configuration template. If no channel in a Protocol is enabled, then the Protocol option is disabled. Thus, the Channels list and the status of the Protocol checkboxes change with the Sensor selected.
Devices Tab
4 5
Under Packet Selection, choose to view all the packets visible to the selected Sensor or only the packets from the selected device visible to the Sensor. Click <Start Troubleshooting> to begin the session. If the Sensor is assigned a Configuration template, where no channels are selected for scanning, an error message displays.
Figure 63.
Packet Level Troubleshooting Confirm Dialog
If you click <Yes>, and the application is correctly installed, RF Manager launches the application and the packet capture session begins immediately. Alternatively, if you do not have Wireshark installed, an Error dialog appears.
Figure 64.
System unable to Launch Wireshark Dialog
On the Error dialog, there are three possibilities: You can download and install Wireshark and optionally install WinPcap. Wireshark requires a compatible version of WinPcap. If the installed version and expected version mismatch, you need to install the suggested and expected version of WinPcap.
Devices Tab
If the system does not find Wireshark installed at the default location, C:\Program Files\Wireshark, Wireshark will not launch automatically. To launch Wireshark manually, click<Browse> to specify the appropriate location and click <OK>. To launch Wireshark manually from the command prompt, you need to copy and paste the link to set up a direct connection with the Sensor and view live packets.
6.8.2.4.1

Points to note during Troubleshooting
When a troubleshooting session is in progress, a blinking icon appears on the navigation bar. Once the packet capture based troubleshooting session begins from the Console and the packet capture tool is either interrupted or terminated (gracefully or abruptly), you have to first stop the ongoing troubleshooting session from the Console either manually (if it is still going on) or ensure that the session has indeed ended before you can start another packet capture session. You must then restart the fresh troubleshooting session from the Console. If a troubleshooting session is in progress with a chosen tool (Wireshark or user specified tool), another capture from the command prompt, using user specified capture parameters (viz. rpcap://sensor-ip/iface ) will not succeed from the same or another computer.
6.8.2.5
Fields in the AP Locate Tab
To open the AP Locate, on the Devices screen, right-click an AP row and select the Locate menu item. The Floor Map View of an AP displays the location of the Locating Device, which is the Sensor or Controller monitoring the AP.
Figure 65.
AP Locate Tab Floor Map view
The AP Locate tab enables you to view the following details of an AP. Monitoring Device Filter: Click the Monitoring Device Filter icon and apply the appropriate filters Image Opacity: Displays the percentage opacity of the image Location Name: Displays the name of the selected location Total Area: Displays the total area of the selected location Device Location Region: Displays the total area (blue shaded region) shown for the estimated location and it decreases as the selected location probability criteria increases
Devices Tab
Location Probability: Location Probability defines a lower bound on probability of finding the device in the blue shaded region Click <Thermometer View> to view the distance from the Locating Device in feet/meter from the Sensor(s)/Controller to which the AP is visible. Refer to Locating an AP/Client placed on the Floor Map for details.
6.8.3
Client Context-Sensitive Menu
A Client is a laptop, a handheld device, or any other system that uses the 802.11 wireless medium for communication. The context-sensitive menu for Clients enables you to: View a Clients Details Associated events Performance Charts Edit a Clients details Locate a Client Quarantine a Client Enable/disable Auto-quarantine on a Client Troubleshoot a Client Delete a Client Change a Clients Location Category Move the Client to following folder Authorized Rogue External
6.8.3.1
Method for Opening Client Context-Sensitive Menu
To open a Client context-sensitive menu, click the Devices tab and then right-click a Client row to open the context-sensitive menu.
Figure 66. 63
Client Context-Sensitive Menu on Devices Screen
Devices Tab
6.8.3.2
Items in the Client Context-Sensitive Menu
The Client context-sensitive menus include the following items. Details: Opens the Properties tab of the Client Device dialog, which allows you to: View/Edit the Clients name View/Edit Clients classification Assign a user-defined location tag so that you can easily locate the Client; the location of a manually tagged Client is shown with an asterisk (*) under the Location column Enables you to view Primary details of the Client Devices seeing Clients Recently Associated APs/Ad hoc Networks Recently Probed SSIDs Performance: Opens the Performance tab of the Client Device dialog, which allows you to view performance graphs for the Client. Events: Opens the Events tab of the Client Device dialog, which allows you to view events associated with the Client, so that you can take the necessary actions. Locate: Opens the Locate tab of the Client Device dialog, which allows you view the Client Location (see Fields in the AP Locate Tab). Move to Quarantine: Enables you to block any wireless communication to the Client, that is, quarantine the Client. If a Sensor is available, the system automatically selects a defending Sensor for an Authorized Client. The Quarantine status of the Client is then Quarantined. If a Sensor is not currently available, the Quarantine status of the Client is Quarantine Pending. As soon as a Sensor is available, it starts defending the Client. The Client may appear as Quarantine Pending if it is not currently an active threat (the Client is inactive). The system keeps quarantining the Client until you manually remove it from quarantine. Remove from Quarantine: Available only if the Client is manually Quarantined; this option enables you to stop quarantine on the Client, thereby enabling wireless communication. Enable Auto-quarantine: Enabled by default, this option ensures that the system automatically quarantines a Client, thereby honoring the specified Intrusion Prevention policy. Disable Auto-quarantine: This option ensures that the system does not automatically quarantine a Client (regardless of the policies). Reset RF Fingerprint: Resets the data transmitted by the Client. Add to Banned List: Enables you to add the selected Client to the Banned List to prevent the Client from engaging in wireless communication. Remove from Banned List: Available only if the Client is already in the Banned List, this option enables you to remove the selected Client from the Banned List. Start Troubleshooting: Opens the Troubleshoot tab of the Client Device dialog, which allows you to start a troubleshooting session in either Packet Level Mode or Event Level Mode. Click <Start Troubleshooting> to start troubleshooting. Stop Troubleshooting: Available only if a troubleshooting session is in progress, this option enables you to manually terminate the session. Delete: Enables you to delete a selected Client. Change Location: Opens the Location Tag dialog that enables you to: View the complete list of locations Change the location of the selected Client (see Manual Location Tagging) Move to: Enables you to categorize a Client in your network by moving it to the Authorized or Unauthorized folder. If you move a Client manually, the system never re-classifies that Client automatically based on the Client classification policy. To enable automatic re-classification, you must delete that Client and let the system rediscover it.
6.8.4
Client Details Dialog
You can open the Client Details dialog in the following manner:
Devices Tab
On the Devices screen, right-click a Client row and select the Details menu item. The Client Details dialog has the following tabs: Properties, Events, Performance, Troubleshoot, and Locate. By default, the Properties tab displays and is treated as the current tab.
Figure 67.
Client Properties Tab
6.8.4.1
Fields in the Client Properties Tab
The Client Properties tab enables you to view and edit the properties of a Client. Under Client Properties, you can modify the following: Client Name: Click and specify the name used to identify the Client in the Client Name dialog. Click <Save>. The new Client name automatically displays in the Device Name field in the header of Client Details dialog.
Figure 68.
Client Name Dialog
Classification: Specifies the classification of the Client Authorized or Unauthorized. Click to open the Client Classification dialog. Here, you can change the Client classification to Authorized or Unauthorized. Click <OK> to move the Client to the selected folder. The changed client classification automatically displays in the Classification field in the header of Client Details dialog.
Devices Tab
Figure 69.
Client Classification Dialog
Device Tag: Click
to open the Device Tag dialog. Specify text that provides additional information about the Client.
Figure 70.
Client Device Tag Dialog
MAC Address: Specifies the unique 48-bit IEEE format address of the Client assigned to the network adapter by the manufacturer. Location: Enables you to view the name of the Clients usual location. Click to open the Location Tag dialog. Here, you can view the complete list of locations and choose a location for the Client. To view the list of locations, you must first set up your list of locations on the Locations screen as explained in the section, Working with Location Folders and Location Nodes. The changed location automatically displays in the Location field in the header of Client Details dialog.
Figure 71.
Client Location Dialog
Placed on Floormap?: Indicates if the Client is placed on the floor map. Currently Active?: Indicates if the Client is currently active. Up/Down Since: Specifies the time since the Client is up/down. Mode of Operation: Specifies whether the Client is connected to an AP (Infrastructure mode) or to a peer-topeer network (Ad hoc mode). Ad hoc Cell ID: Specifies the unique ID of the ad hoc network connection of which the selected Client is a member. IP Address: Specifies the IP address for an Authorized or Indeterminate Client.
Devices Tab
Vendor: Specifies the name of the Client manufacturer. The vendor name is inferred from the first three bytes of the MAC address. Protocol: 802.11 protocol in which the Client is operating currently Channel: Specifies the channel number on which the Client operates. Security: Shows the security settings for the Client that is Open, WEP, WPA, and so on. to quarantine the selected Client if a Sensor is Quarantine Status: Specifies whether the Client is quarantined. Click available. If a Sensor is not available, the Quarantine Status of the Client is Quarantine Pending. The changed quarantine status is automatically displayed in the Quarantine Status field in the header of Client Details dialog. Note: If the Client is quarantined a <Remove from Quarantine> button appears in the Client Properties tab. Click <Remove from Quarantine> to view an Information message and to enable wireless communication to the Client. Defending Sensor: If a Client is quarantined, it specifies the name of the Sensor that is actively preventing the Client from engaging in wireless communication. Network: Shows additional information about the IP Address and subnet that identifies the network on which the Client is located. First Detected At: Specifies the date and time when the Client was first detected by the system. . This is available only for unauthorized Clients. .
To add the selected Client to the Banned List, click
To delete data for the selected Client and re-initialize data gathering, click
To refresh the Client Details screen, manually click
. The system does not auto refresh Client Details dialog.
6.8.4.1.1
Devices Seeing Client Section
Under Device Seeing Client, you can view a list of devices (which could be either Clients or Sensors) that can see the selected Client. The details of these devices such as Device Active/Inactive icon, Name and RSSI of the Client seen by that device are displayed in the rows. To view details of a specific Device seeing the current Client, click Name, and a new Client Details or Sensor Details dialog appears.
6.8.4.1.2
Recently Associated APs/Ad hoc Networks Section
Under Recently Associated APs/Ad hoc Networks, you can view a list of APs/Ad hoc networks to which the Client was associated to. APs/Ad hoc Network details such as AP/Ad hoc Network Active/Inactive icon, AP Name/Ad hoc ID, SSID, Last Detected At (which shows the date and time or Present, Present when the association is currently active.) are displayed in the rows. The criteria for Recent Association is either 12 hours or 100 thousand APs/Ad hoc Networks (this is the total number of associations in the system and not per device). To view details of a specific AP/Ad hoc Network or the AP, click AP Name/Ad hoc ID, and the AP Details screen/Ad hoc Networks screen opens. The following table lists the Recently Associated APs/Ad hoc Networks rows, their conditions, and color code.
Table 3 Mode, Condition, and Color code of Recently Associated APs/Ad hoc Networks Mode Infrastructure Condition AP is Authorized Non Guest and Client Authorized AP is External and Client is Unauthorized AP is Authorized Guest and Client is Unauthorized/Uncategorized AP is Deleted or Client is Deleted AP is Uncategorized and Client is Unauthorized/Uncategorized AP is External and Client is Uncategorized AP is Mis-configured AP is Banned or Client is Banned Ad hoc Client is Unauthorized/Uncategorized Client is Banned Color GREEN BLUE BLUE WHITE WHITE WHITE RED RED BLUE RED
Note: Default row color is RED for both Infrastructure and Ad hoc mode.
Devices Tab
6.8.4.1.3
Recently Probed SSIDs
Under Recently Probed SSIDs, you can view a list of SSIDs which the Client has probed. Probed SSID details are presented in rows containing the columns: SSID column which shows the SSID and Detail column which provides additional details about the SSID in terms of being in the Vulnerable/HotSpot SSID list or not. If SSID is present in HOTSPOT or Vulnerable list of SSIDs then it is marked in Red, otherwise it is marked in white.
6.8.4.2
Fields in the Client Events Tab
To open the Client Events tab; on the Devices screen right-click a Client row and select the Events menu item
Figure 72.
Client Events Tab
The Client Events tab enables you to view the events details of a Client. For the columns in the Events details screen, refer to the Events Tab chapter for more details. Check the Click to select or deselect all Events checkbox to select all the Events displayed on that page. Click <Delete> to delete the selected events. Click <Acknowledge> to add comments for the selected events.
6.8.4.3
Fields in the Client Performance Tab
To open the Client Performance tab; on the Devices screen right-click a Client row and select the Performance menu item.
Devices Tab
Figure 73.
Client Performance Tab
The Client Performance tab enables you to view the data related to Client performance in chart form. Line Charts are shown on the Performance Tab. Choose one of the Chart types available from the Select Chart drop-down list: Average Data Rate: Sensor keeps track of transmission rates of data frames in Clients associations (across multiple associations, if that is the case) and reports a weighted average transmission rate over each time interval. Traffic: Sensor reports data traffic sent and received by the Client (across multiple associations, if that is the case) over each time interval. The channel-rotating Sensor spends only a percentage of total time on any given channel; therefore this parameter typically underestimates the actual traffic by a factor equal to the total number of channels scanned by the Sensor radio. For example, if b/g radio on the Sensor scans 11 channels in all, the measured traffic will be about 1/11th of the actual traffic if the traffic is continuous. Similarly, if a radio on the Sensor scans 30 channels in all, the measured traffic will be about 1/30th of the actual traffic. However, if the traffic comes in bursts, straightforward scaling as above cannot be applied. Click to view enlarged Chart on the left hand side. Click to view enlarged Chart on the right hand side.
6.8.4.4
Fields in the Client Troubleshoot Tab
To open the Client Troubleshoot tab; on the Devices screen right-click a Client row and select the Start Troubleshooting menu item.
Devices Tab
Figure 74.
Packet Level Troubleshooting for an Client
Note: A troubleshooting session automatically times out or terminates after the Timeout irrespective of the activity. You can manually stop troubleshooting from the device context-sensitive menu by selecting Stop Troubleshooting or from the Troubleshooting tab by clicking <Stop Troubleshooting>. 2 Under Sensor Selection, select the Sensor to use for troubleshooting. Sensor Status appears as Normal Operation, Busy in Quarantine, or Busy in Troubleshooting. Within each category, Sensors are sorted based on availability and signal strength.
Note: Do not select a Sensor that is Busy in Quarantine or Busy in Troubleshooting. If you select a Sensor that is Busy in Quarantine, the troubleshooting operation fails. 3 Under Protocol and Channel Selection: If the Client is associated to an AP, by default the Client troubleshoots on the Protocol (802.11an or 802.11b/gn) and Channel of the AP on which the Client is associated. If the Client is not associated to any AP, then by default both the protocols 802.11an and 802.11b/gn are selected and Rotate on all channels is selected. The user can also select the 802.11n protocol, the corresponding channel(s) and width on which the chosen Sensor should initiate troubleshooting.
Note: A Configuration template is assigned to each Sensor. The Channels list contains only those channels enabled for scanning in that Configuration template. If no channel in a Protocol is enabled, then the Protocol option is disabled. Thus, the Channels list and the status of the Protocol checkboxes change with the Sensor selected. 4 5 Under Packet Selection, choose to view all the packets visible to the selected Sensor or only the packets from the selected device visible to the Sensor. Click <Start Troubleshooting> to begin the session. If the Sensor is assigned a Configuration template, where no channels are selected for scanning, an error message displays.
Devices Tab
Figure 75.
Figure 76.
On the Error dialog, there are three possibilities: You can download and install Wireshark and optionally install WinPcap. Wireshark requires a compatible version of WinPcap. If the installed version and expected version mismatch, you need to install the suggested and expected version of WinPcap. If the system does not find Wireshark installed at the default location, C:\Program Files\Wireshark, Wireshark is not launched automatically. To launch Wireshark manually, click<Browse> to specify the appropriate location and click <OK>. To launch Wireshark manually from the command prompt, you need to copy and paste the link to set up a direct connection with the Sensor and view live packets.
Devices Tab
6.8.4.5
Fields in the Client Locate Tab
To open the Client Locate tab, on the Devices screen, right-click a Client row and select the Locate menu item. The Floor Map View of a Client displays the location of the Locating Device which shows the probable location of the Client on the floor map, if the Sensor monitoring the Client is on the floor map.
Figure 77.
Client Locate Tab Floormap view
The Client Locate tab enables you to view the following details of a Client. Monitoring Device Filter Image Opacity Location Name: Total Area: Device Location Region: Location Probability Click <Thermometer View> to view the distance from Locating Device in feet/meter from the Sensor(s) to which the Client is visible. Refer to Locating an AP/Client placed on the Floor Map_Troubleshooting_a_Device for details.
6.8.5
Sensor Context-Sensitive Menu
Sensors proactively scan the network and generate events. Sensors communicate event information to the system. Sensors monitor various channels in which the 802.11 devices operate. The context-sensitive menu for Sensors enables you to: View a Sensors Details Associated events Performance Charts Edit a Sensors properties Troubleshoot a Sensor Reboot a Sensor Delete a Sensor Change a Sensor
Devices Tab
6.8.5.1
Method for Opening Sensor Menu
Template Location Upgrade/Repair a Sensor
To open a Sensor context-sensitive menu, click the Devices tab and then right-click a Sensor row to open the context-sensitive menu.
Figure 78.
Sensor Context-Sensitive Menu
6.8.5.2
Items in the Sensor Context-Sensitive Menu
The Sensor context-sensitive menu includes the following items. Details: Opens the Properties tab of the Sensor Device dialog, which allows you to: View/Edit the Sensors name Change the Configuration Template assigned to the Sensor Assign a user-defined location tag so that you can easily locate the Sensor; the location of a manually tagged Sensor is shown with an asterisk (*) under the Location column Enables you to view Primary details of the Sensor Visible Clients Visible APs Visible VLANs Performance: Opens the Performance tab of the Sensor Device dialog, which allows you to view performance graphs for the Sensor. Events: Opens the Events tab of the Sensor Device dialog, which allows you to view events associated with the Sensor, so that you can take whatever actions are necessary. Reboot: Enables you to restart the Sensor. Delete: Enables you to delete a selected Sensor; you are prompted to confirm this action. Start Troubleshooting: Opens the Troubleshoot tab of the Sensor Device dialog, which allows you to start a troubleshooting session in Packet Level Mode.
Devices Tab
Stop Troubleshooting: Available only if a troubleshooting session is in progress, this option enables you to manually terminate the session. Change Sensor Template: Opens the Select Sensor Template dialog. Refer to the section Sensor Configuration for more details. The Select Sensor Template dialog enables you to: View the list of configured Sensor templates Change the Sensor template of the selected Sensor(s) Change Location: Opens the Location Tag dialog that enables you to: View a complete list of locations Change the location of the selected Sensor (see Manual Location Tagging) Upgrade/Repair: Opens the Confirm Upgrade/Repair of Sensor(s) to Build X dialog that enables you to upgrade the Sensor version or repair a Sensor. Cancel Upgrade/Repair: Enables you to cancel the repair/upgrade process for a Sensor in Upgrade/Repair Pending state.
6.8.6
Sensor Details Dialog
You can open the Sensor Details dialog in the following manner: On the Devices screen, right-click a Sensor row and then select the Details menu item. The Sensor Details dialog has the following tabs: Properties, Events, Performance, and Troubleshoot. By default, the Properties tab is shown and treated as current tab.
Figure 79.
Sensor Properties Tab
6.8.6.1
Fields in the Sensor Properties Tab
The Sensor Properties tab enables you to view/edit the properties of a Sensor and consists of the following. and specify the name used to identify the Sensor in the Sensor Name dialog. Click <Save>. The new Sensor Name: Click Sensor name automatically displays in the Device Name field in the header of the Sensor Details dialog.
Devices Tab
Figure 80.
Sensor Name Dialog
MAC Address: Specifies the unique 48-bit IEEE format address of the Sensor assigned to the network adapter by the manufacturer. Device Tag: Click to specify text that provides additional information about the Sensor in the Device Tag dialog. Click <Save> to save the device tag.
Figure 81.
Sensor Device Tag Dialog
Country of Operation: Specifies the country in which the Sensor operates. Sensor Model: Specifies the model number of the Sensor. Sensor IP Address: Specifies the Sensors IP address, that is, the IP Layer or Layer 3 address. Click the hyperlink to open the SSH Access to Sensor dialog. This dialog displays the IP Address and Login Name of the Sensor you can log in to. You can access the Sensor using an SSH Client, which you can download from the Internet. The Sensor IP address also displays in the IP Address field in the header of the Sensor Details dialog on all tabs. Note: Multiple Sensor IP Addresses are displayed if IPv6 is enabled on the Server CLI.
Figure 82.
SSH Access to Sensor Dialog
On connecting to the Sensor using the IP Address and Login Name, the SSH Secure Shell window appears. This is the Sensor Config shell.
Devices Tab
Figure 83.
Sensor Config Shell
Configuration Template: Shows the current configuration template assigned to the Sensor. Refer to the Sensor Configuration section for more details. In order to change the Sensor Configuration Template, Click to open the Select Sensor Template dialog. Select the appropriate Sensor template and click <OK> to assign that Sensor template to the Sensor.
Figure 84.
Select Sensor Template Dialog
Location: Shows you the name of the Sensors location. The Sensor Location name always displays in the Location field in the header of the Sensor Properties Tab dialog. to open the Location Tag dialog. Here, you can view the complete list of locations and choose a location for Click the Sensor. To view the list of locations, you must first set up your list of locations on the Locations screen as explained in the section, Working with Location Folders and Location Nodes.
Figure 85.
Sensor Location Tag Dialog 76 HP ProCurve RF Manager and Sensors Management and Configuration Guide
Devices Tab
You cannot change the location of a Sensor placed on a floor map. If you attempt to do so, an error message appears. A Sensor placed on a floor map is automatically assigned the location tag of that location. To change the location tag, you must first delete the Sensor from the floor map. Placed on Floormap?: Indicates if the Sensor is placed on the floor map. Currently Active?: Indicates if the Sensor is currently active. Up/Down Since: Indicates the time since the Sensor is up/down. Channels Scanned (a): Specifies the 802.11a channels on which the Sensor is configured to scan. Channels Defended (a): Specifies the 802.11a channels on which the Sensor is configured to defend. Channels Scanned (b/g): Specifies the 802.11 b/g channels on which the Sensor is configured to scan. Channels Defended (b/g): Specifies the 802.1b/g channels on which the Sensor is configured to defend. Channels Scanned (Turbo a): For turbo APs, specifies the 802.11a channels on which the Sensor is configured to scan. Channels Scanned (Turbo b/g): For Turbo APs, specifies the 802.11 b/g channels on which the Sensor is configured to scan. Busy in Quarantine? Indicates if the Sensor is currently busy quarantining a device. The quarantine status is always displayed in the Quarantine Status field in the header of the Sensor Details dialog for every tab. Sensor Software Build: Shows you the build number of software loaded in the Sensor. First Detected At: Specifies the date and time when the system first detected the Sensor. Busy in Troubleshooting?: Indicates whether the Sensor is currently busy capturing packets for troubleshooting. To delete data for the selected Sensor and re-initialize data gathering, click . . The system does not auto refresh after a pre-defined interval.
To refresh the Sensor Details screen manually click
6.8.6.1.1
Visible Clients Section
Under the Visible Clients Section, you can view a list of Clients that the selected Sensor can see. Client details such as Name and RSSI received by the Sensor are displayed in the rows. To view details of a specific Client, click Name; the Client Details screen opens.
6.8.6.1.2
Visible APs Section
Under the Visible APs Section, you can view a list of APs that the selected Sensor can see. AP details such as Name and RSSI received by the Sensor are displayed in the rows. To view details of a specific AP, click Name; the AP Details screen opens.
6.8.6.1.3
Visible VLANs Section
Under the Visible VLANs Section, you can view a list of VLANs that the selected Sensor can see. VLAN details such as VLAN ID, IP Address, Net Mask, and Status are displayed in the rows. The VLAN over which the Sensor is communicating with the Server is marked with an asterix(*).
6.8.6.2
Fields in the Sensor Events Tab
To open the Sensor Events tab; on the Devices screen right-click a Sensor row and select the Events menu item
Devices Tab
Figure 86.
Sensor Events Tab
The Sensor Events tab enables you to view the event details involving the selected Sensor. For the columns in the Events details screen, refer to the Events Tab chapter for more details. Check the Click to select or deselect all Events checkbox to select all the Events displayed on that page. Click <Delete> to delete the selected events. Click <Acknowledge> to add comments for the selected events.
6.8.6.3
To open the Sensor Performance tab; on the Devices screen right-click a Sensor row and select the Performance menu item
Fields in the Sensor Performance Tab
Devices Tab
Figure 87.
Sensor Performance Tab
The Sensor Performance tab enables you to view the data related to performance of a Sensor in chart form. Line Charts are shown on the Performance Tab. Choose one of the Chart types available from the Select Chart drop-down list: Active APs: Sensor samples the number of active APs on each channel at the end of each time interval. Active Clients: Sensor samples the number of associated Clients on each channel at the end of each time interval. Interference: Sensor reports average interference on each channel over each time interval. A button, such as next to the chart type selection, shows you the current channel and channel width used in the chart display. Clicking on allows you to select a new channel and width. Specify the Channel Number and Width from the respective drop-downs in the Sensor Performance Tab Select Channel dialog. Note: Width is enabled only for 11n Sensors.
Figure 88.
Sensor Performance Tab Select Channel
Click
to view enlarged Chart on the left hand side. Click
to view enlarged Chart on the right hand side
6.8.6.4
Fields in the Sensor Troubleshoot Tab
To open the Sensor Troubleshoot tab;, on the Devices screen right-click a Sensor row and select the Start Troubleshooting menu item.
Devices Tab
Figure 89.
Sensor Troubleshoot tab
Note: A troubleshooting session automatically times out or terminates after the Timeout irrespective of the activity. You can manually stop troubleshooting from the device context-sensitive menu by selecting Stop Troubleshooting or from the Troubleshooting tab by clicking <Stop Troubleshooting>. 2 Under Protocol and Channel Selection, by default both 802.11an and 802.11b/gn protocol are selected and Rotate on all channels is selected. The user can also select the 802.11n protocol, the corresponding channel(s) and width on which the chosen Sensor should initiate troubleshooting.
Note: A Configuration template is assigned to each Sensor. The Channels list contains only those channels enabled for scanning in that Configuration template. If no channel in a Protocol is enabled, then Troubleshooting in that protocol is not possible. Thus, the Channels list and the status of the Protocol checkboxes change with the Sensor selected. 3 Click <Start Troubleshooting> to begin the session. If the Sensor is assigned a Configuration template, where no channels are selected for scanning, an error message displays.
Devices Tab
Figure 90.
Figure 91.
On the Error dialog, there are three possibilities: You can download and install Wireshark and optionally install WinPcap. Wireshark requires a compatible version of WinPcap. If the installed version and expected version mismatch, you need to install the suggested and expected version of WinPcap. If the system does not find Wireshark installed at the default location, C:\Program Files\Wireshark, Wireshark is not launched automatically. To launch Wireshark manually, click<Browse> to specify the appropriate location and click <OK>. To launch Wireshark manually from the command prompt, you need to copy and paste the link to set up a direct connection with the Sensor and view live packets.
Devices Tab
6.9
Locating an AP/Client placed on the Floor Map
The system enables you to find the distance of a device from various Sensors to which it is visible and determine the possibility that the tracked device is present at a certain location on the floor map. Location tracking in a dynamic wireless environment works on probabilities. Use the following steps to locate a device: 1 Open an AP/Client list using the steps explained in the Viewing APs/Clients List section. 2 Right-click an AP/Client row. 3 From the context-sensitive menu, select Locate. A Tracking Location progress bar followed by a Locate tab appears. The Locate tab displays the distance in feet and meter of the selected device from the locating device, which appears in the Thermometer View. Alternatively, if the device for which you are searching is not visible to any Sensor, a message appears.
Figure 92.
AP Locate Tab Thermometer View
Distance from Locating Device displays the approximate distance of the device (AP/Client) being located from the Locating Device which does RSSI measurement. RSSI measurement can be taken by the Sensor or the AP, if RSSI integration is enabled with the AP. 4 Click <Floor Map View> to view the current location of the AP/Client on the Floor Map.
Devices Tab
Figure 93.
AP Locate Tab Floor Map View
Note: The Floor Map View appears only if you have placed Authorized APs and Sensors on the Floor Map. The Floor Map View dialog: Displays color shaded regions around Sensors and APs with colors indicating the probability of the location of the device. Displays Location Probability slider, which shows the color coding from low to high probability. Based on the slider position, the system color codes only those locations on the map where the probability of locating the device is higher than the value set in this slider bar. You can move the Location Probability slider to High to select regions where the probability of locating the device is higher. Note: If you move the slider to Low, you see locations with both low and high probabilities. The number and placement of Sensors helps determine the accuracy of location tracking. Increasing the number of Sensors enhances the location tracking accuracy. 5 Click the icon to open the Monitoring Device Filter dialog. In this dialog, you can specify which APs/Sensors at the current location or other locations are used to locate the current device location on the floor map. You can specify the following: To use APs and/or Sensors from the current floor only, select Use signal data from devices at this location only. This option computes the best possible position for the selected device on the current floor. To use APs and/or Sensors from the other floors also, select Use signal data from devices at other locations also. This option computes the best possible position for the selected device using monitoring devices from other floors too. This may result in the selected device being tracked on some other floor. You can also specify whether the location tracking should use data from Sensors only, APs only, or both.
Devices Tab
Figure 94.
Monitoring Device Filter Dialog
6.10 Removing a Device from Quarantine

The system enables you to remove a device from quarantine so that wireless communication can start on that device. You can remove a device from quarantine in several ways. 1 If the device is automatically quarantined, you can do one of the following: Right-click the device row and select Disable Auto-quarantine Change the Intrusion Prevention policy that quarantines the device Deselect the checkbox Activate Intrusion Prevention for location <selected location> on the AdministrationLocal tabLocation PropertiesIntrusion Prevention Activation screen Change the classification of a device manually. For example, manually move an AP from the Rogue folder to the External folder by right-clicking the Rogue AP row and selecting Move to and then External. The External AP will move out of quarantine. Change the security settings on the SSID template so that the AP no longer violates the specified security settings. For example, consider an AP that has become misconfigured by virtue of following the Security Settings, for example WEP at location Floor 1. This AP violates the Security Settings, for example WPA in its SSID template. You can now edit the SSID template in such a way that it matches the configuration of the existing Misconfigured AP. This Misconfigured AP will now become become policy compliant and thus Authorized. As a result, this AP will move out of quarantine. Delete the AP and let the system re-discover it. For example, consider an AP that has become a Rogue by virtue of following the Security Settings, for example WEP at location Floor 1. This AP violates the Security Settings, for example WPA in its SSID template. You can now edit the SSID template in such a way that the Rogue AP now becomes policy compliant. As the system does not automatically remove Rogue APs out of quarantine, delete this Rogue AP. The system will re-discover this AP. The AP may appear in some other device folder and may be moved out of quarantine. If the device is manually quarantined, right-click the device row and select Remove from Quarantine.
6.11 Moving an AP/Client to a Different Folder

The system enables you to re-classify a device, that is, move a device to a different folder based on fresh information. You cannot however move Categorized APs/Clients to the Uncategorized folder. Use the following steps to move a device to a specific folder: 1 Open an AP/Client list using the steps explained in the Viewing APs/Clients List section. 2 Right-click an AP/Client row. 3 From the resulting context sensitive menu, select Move to. 4 Select the category to which you want to move the AP/Client. Note: If you move an AP placed on a floor map, an Error dialog appears.
Devices Tab
6.12 Merging APs

Many modern APs have multiple network interfaces and SSIDs on a single device to support 802.11a and 802.11b/g simultaneously. Each interface has a different MAC address, which causes the system to identify them as different APs. The system displays such APs in separate rows on the Console. This may lead to confusion. Merge can be of two types: Automatic: The system performs automatic merge of certain APs based on their MAC addresses or other available information. Manual: The system allows you to manually merge APs based on their IP addresses or if the system does not automatically merge them based on the available information. On selecting two or more AP rows under the Authorized tab, the AP context-sensitive menu shows the Merge option. Merge allows you to do the following: Merge two or more MAC addresses (network interfaces) of one or more APs into a single AP. Select a primary AP to complete the merge operation.
AP Context-Sensitive Menu for Multiple AP Selection A merged AP has the following characteristics: Inherits common properties such as location, AP name, and IP address from the primary AP icon on the Console Identified by the Can merge with more APs Can be separated into its individual interfaces using the Split option Use the following steps to merge APs into a single AP: 1 Open an Authorized AP list using the steps explained in the Viewing APs/Clients List section. 2 Select the APs that you want to merge and right-click one of the selected AP rows. 3 From the resulting context-sensitive menu, select Merge. A Merge APs dialog appears.
Figure 95.
Merging an AP Dialog
4 5
Select the Primary AP. Click <OK> to merge the selected APs.
6.13 Splitting APs

You need to split APs if they were merged incorrectly either manually or automatically based on the information available with the system. Use the following steps to split merged APs into individual APs: 1 Open an Authorized AP list using the steps explained in the Viewing APs/Clients List section. 2 Select the merged APs that you want to split and right-click the corresponding AP row. 3 From the resulting context-sensitive menu, select Split. A Confirm dialog appears. 4 Click <Yes> to split the selected APs.
6.14 Devices Tab User Saved Settings

Devices Tab
The following User choices made during browsing of Devices Tab are saved by the system: Search within a Device List. A unique search result is saved for APs, Clients, and Sensors. Display Columns Column Width and Column order These settings are saved on log out as well as movement to other tabs on the Console.
Locations Tab
Chapter 7
7.1
Locations Tab
The Locations screen enables you to organize your network into a list of locations and view live 802.11 RF coverage maps for each location node. On the Locations tab, you can add, delete, and move a location folder or node, import a floor map on a location node, attach or detach an image from a location, place available locations on an attached image, and place devices on the floor map. You can also view live RF maps.
Locations: Panel for Creating Locations
7.2
You can open the Locations screen by selecting the Locations tab on the navigation bar.
Locations Screen: Accessibility and Layout
Figure 96.
Locations Screen
The Locations screen includes two panes: On the left, the Locations tree and a list of available locations and devices. On the right, the image attached to the selected location, locations placed on a location folder and devices placed on a location node. The following table lists the names and description of each component.
Locations Tab Table 4 Name and description of components on the Locations screen Sr. No. 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 Name Available Devices Available APs Available Sensors Search Sort Location Details Ruler Resolution Image Opacity Attach Image on floor Detach Image from floor Save Best Fit Zoom Out Choose/Enter Value to Zoom In/Zoom Out Zoom In Refresh Printable View Done Filter Views Enables you to View APs and Sensors available for that node. View a list of Authorized APs not tagged or placed on any location node. View a list of available Sensors not tagged or placed on any location node. Look for a device or location in the table. Sort devices or locations in ascending/descending order. View the list of locations of a specific location node. View the dimensions of the floor map: in feet. Change the resolution to Low, Medium, or High. Control the Opacity of the image: Decrease the value to better comprehend RF coverage or increase the value to pinpoint exact device information on the floor map. Attach an image of a floor map to a location node. Detach an attached image. Save the properties of a location node. Fit the layout image to the window/page. This is the default mode in which the layout image appears on the right pane. Zoom out of a layout image. Enter or choose a value from the drop-down combo box, to view the layout image in terms of an exact zoom percentage. (Minimum: 1%; Maximum: 1000%) Zoom into a layout image for an enlarged view. Refreshes the Locations screen. Saves the printable view of the Location as jpg, png, or HTML format. Indicates whether the RF View computation on a location is completed. Changes RF Views based on the protocol or particular radio selected. Displays the Detection and Prevention range of a Sensor on the selected location.
7.3
A list of locations comprises location folders and location nodes. Location folders represent organizational components such as buildings, cities, or countries. Root Location: This is the root location. The factory default name for this location is Locations. You can rename this location. However, you cannot delete or move this location. Unknown: This is the default location folder of the root location. You cannot create, delete, rename, move, or add a location to the Unknown folder. When the system detects a new untagged Sensor, it tags this Sensor to the Unknown location folder. In other words, when the location tag of a location-aware entity is not known or cannot be determined, it is tagged to the Unknown folder. By default, the Unknown folder inherits all the policies except the Operating Policies from the root location. You can customize these policies (see Local Policies). Location nodes represent component details such as a floor in a building. For example, Hawaii Conference Room, Bldg 15Cubicle G2, or Executive Area.
Working with Location Folders and Location Nodes
7.3.1
Adding a New Location
Use the following steps to add a location: 1 In the Location tree, select the location under which you wish to add a new location. 2 Right-click and from the resulting context-sensitive menu, select Add New Location.
Locations Tab
Figure 97.
Adding a New Location
Figure 98.
Specifying Location Properties
3 4
In the Add New Location dialog, select the type of location, that is, Location Folder or Location Node. Enter a name for the new location and optionally enter the following details. Select Image File: Click <Browse> to navigate to the path of the image that you wish to attach to the location folder or node. You can attach the image later as explained in the Attaching an Image section. Unit: Specify the unit of measurement (feet or meters) for the location node. Length: Specify the length of the location node. Width: Specify the width of the location node. Select SPM: Click <Browse> to navigate to the path of the .SPM file that you wish to import from Planner into the new location node.
Note: Unit, Length, Width, and Select SPM options are available only for a location node. They are grayed out for a location folder. 5 Click <Save> to create a new location.
7.3.2
Moving a Location
The system enables you to move a location to a different location folder. Use the following steps to move a location to a specific folder: 1 In the Location tree, select the location that you wish to move. 2 Right-click and from the resulting context-sensitive menu, select Move.
Locations Tab
Figure 99.
Moving a Location
Figure 100. Selecting a Destination Location
In the Location Move dialog, select the destination location folder to which you want to move the selected location. Refer to the section Location Move for more details.
Note: You cannot move the Unknown location or any location into this location. 4 Click <OK> to move the location.
7.3.3
Renaming a Location
Use the following steps to rename a location. 1 In the Location tree, select the location that you wish to rename. 2 Right-click and from the resulting context-sensitive menu, select Rename.
Locations Tab
Figure 101. Renaming a Location
Figure 102. Specifying a New Name for a Location
3 4
In the Rename Location dialog, enter the new name for the location. Click <OK> to rename the location.
Note: You cannot rename the location folder Unknown.
7.3.4
Deleting a Location
When you delete a location folder, the system deletes all subfolders and location nodes below that folder. If there are any devices tagged to the location being deleted, these devices would either be auto tagged (according to the tagging logic) or they will be tagged to the Unknown location folder. Use the following steps to remove a location folder and/or a location node. Note: You cannot delete the Root Location and Unknown location folders. 1 2 In the Location tree, select the location that you wish to delete. Right-click and from the resulting context-sensitive menu, select Delete.
Figure 103. Deleting a location
Locations Tab
Click <Yes> in the Confirm dialog to remove the selected location.
7.4
7.4.1
Working with Images

Attaching an Image
This section shows you how to add an image to a location, delete an image from the location, and import a Planner file into a location node. It also shows you how to use the zoom feature while viewing a layout image. Use the following steps to attach an image: 1 In the Location tree, select the location to which you wish to attach an image. 2 Do one of the following: Right-click and from the resulting context-sensitive menu, select Attach Image. Click the Attach Image on floor icon ( ) in the right corner.
Figure 104. Attaching an Image to a Location
Figure 105. Specifying a Path to attach an Image
On the Select image file to attach to attach to this location dialog, browse to the appropriate image and then click <Open>.
7.4.2
Zooming In/Zooming Out, Opacity Control, Resolution of an Image
Considerable screen area is required to display a large sized layout (for example, 3000 x 2000 sq. ft.) defined or imported in the system. The zooming in/zooming out feature makes it easier to comprehend the RF coverage and device placement information. It also avoids excessive scrolling.
Locations Tab
Use the following steps to zoom in/zoom out of an image and control its opacity. 1 In the Location tree, select the location node that has a .SPM file imported or attached image and devices placed on it. 2 Do one of the following for zooming out or zooming in: 3 4 Select a zoom percentage (%) from the drop-down list and then click the Zoom out icon
.
or Zoom in icon or
Enter a zoom % between 1% to 1000% in the editable drop-down box and then click the Zoom out icon
Zoom in icon . To change the opacity of the image, select an Image Opacity value. Decrease this value to better comprehend RF coverage or increase this value to pinpoint exact device placement information. Select an appropriate Resolution for rendering of the heat maps. A lower resolution would mean much faster rendering although with a higher pixelization effect (coarser look). High resolution would mean much slower rendering due to the large number of pixel cells for which values need to be calculated.
Note: The system proportionately resizes the RF layout display area depending on the zoom % specified by the user. Additionally, attached image, if any, and scale markings change accordingly. The system also readjusts scrollbars to keep the displayed objects center point invariant.
7.4.3
Placing Locations on a Location Folder with an Attached Image
The system enables you to place locations on a location folder that has an attached image. This helps you identify the physical position of each of the locations. The locations placed on the attached image are indicated by colored circles. A green circle indicates that the location is Secure, while a red circle indicates that the location is Vulnerable. Use the following steps to place locations on the attached image and view their details: 1 In the Location tree, select a location folder. 2 Under Available Locations, drag and drop the required locations on the attached image. 3 To view details about the location hold the mouse cursor over the colored circle. 4 To go to a particular location placed on the image, do one of the following: Click the colored circle representing the location. Point to the colored circle representing the location, then right-click and select Jump to this location. Note: You can traverse to a particular location node by following step 4 until you reach the destination location node.
Locations Tab
Figure 106.
Placing Locations on a Location Folder with an Attached Image and Viewing Details
7.4.4
Detaching an Image
Use the following steps to detach an image: 1 In the Location tree, select the location from which you wish to detach an image. 2 Do one of the following: Right-click and from the resulting context-sensitive menu, select Detach Image. Click the Detach Image from floor icon ( ) in the right corner.
Figure 107. Detaching an Image from a Location
Click <Yes> in the Confirm dialog to remove the selected image.

Locations Tab
Note: On detaching an image, all the placed locations go back to the Available Locations list.
7.4.5
Importing a Planner file into a Location Node
The system enables you to specify a layout for each location node using a blank canvas, a layout image, or a .SPM file exported from Planner. Use the following steps to import a Planner file: 1 In the Location tree, select the location node into which you wish to import the .SPM file and then right-click. 2 From the resulting context-sensitive menu, select Import Location.
Figure 108. Importing a Location
In the Select HP ProCurve RF Planner (.spm) File dialog, browse to the appropriate Planner exported .SPM file and then click <Open>.
7.5
7.5.1
Creating your Layout

Placing APs and Sensors on the Floor map and Viewing Details
This section shows you how to place devices on your floor map, view details of the layout, reset your canvas, and edit floor properties. The system enables you to place APs and Sensors on the floor map to view live RF coverage maps for a location node and perform on-floor location tracking of visible 802.11 devices. Use the following steps to place APs and Sensors on the floor map and view their details: 1 In the Location tree, select a location node. 2 Under Available Devices, select either the APs or the Sensors tab, then drag and drop the APs or Sensors on your floor map. As soon as you drag and drop the APs or Sensors on your floor map, the RF views of the APs or Sensors are displayed. 3 To view details about the AP or Sensor hold the mouse cursor over the appropriate device. 4 Double-clicking the AP or Sensor displays the AP or Sensor Details screen in the Devices tab.
Locations Tab
Figure 109.
Placing APs and Sensors on the Floor map and Viewing Details
Right-click the AP or Sensor; the following menu items appear. Delete: Deletes the device Set Coordinates: Select Set Coordinates to move the device to the specified coordinates. Enter the X and Y Coordinate in the Set Coordinates dialog.
Figure 110.
Set Coordinates
Change RF Property: Select RF Property to change the RF properties of the device. In AP RF Properties dialog, select the Interface name from the Interface drop-down list. Enter Transmit Power (mW) and Transmission Calibration Factor (dB). Click <Apply> and then <OK>.
Locations Tab
Figure 111.
AP RF Properties dialog
In the Sensor RF Properties dialog select the Interface name from the Interface drop-down list. Enter Reception Calibration Factor (dB). Click <Apply> and then <OK>.
Figure 112.
Sensor RF Properties dialog
7.5.2
Setting Coordinates and Deleting Devices from a Floor map
The system enables you to set the coordinates of APs and Sensors placed on the floor map for precise positioning. You can delete APs and Sensors from your floor map so that the deleted devices can be placed again on the floor map. Such devices become available under Available Devices. Use the following steps to set the coordinates of a device or delete a device. 6 Right-click an AP/Sensor placed on the floor map. Do one of the following from the resulting menu: Select Set Coordinates to open a dialog where you can specify the X and Y coordinates of the selected device. To set the coordinates, click <OK>. Select Delete to remove the AP/Sensor from the floor map.
7.5.3
Resetting your Canvas
The system enables you to reset a canvas to revert to a blank canvas. This option removes all folders and location information from a location folder. It removes all device and location information, including the background image and/or any imported Planner file from a location node. All placed devices go back to the Available Devices list. The system retains the original size and the location name in the sub-list of locations. Use the following steps to reset a canvas: 1 In the Location tree, select the location at which you wish to reset the canvas and then right-click. 2 From the resulting context-sensitive menu, select Reset Canvas. 3 Click <Yes> on the Confirm dialog to reset the canvas.
7.5.4
Editing Floor Properties
The system enables you to edit the properties of an existing floor map to change its name and dimensions. Use the following steps to edit the floor properties: 1 In the Location tree, select the location node whose properties you wish to edit and then right-click. 2 From the resulting context-sensitive menu, select Edit Properties. 3 On the Location Node Properties dialog, edit the required properties.
Locations Tab
Figure 113. Editing the Properties of a Location Node
To change the properties, click <Save>.
Note: If you resize a location node to a smaller dimension, the objects placed on the floor map are drawn beyond the floor boundaries. The system removes all the devices that fall outside the resized area. The system scales the attached image according to the new size. The size of the objects placed on the floor map however, remains unaltered.
7.6
Printable View
The RF views for the floormap can be saved as printable view in jpg, png, and HTML formats.
Figure 114.
Locations Tab Printable View Icon
Note: The Printable View icon is available on the Location nodes and not in the Location folders. Click the Printable View icon and save the printable view as jpg, png, or HTML as shown in the figure.
Locations Tab
Figure 115.
Saving the Printable view of the RF views
To view a live RF coverage map for a location node, Authorized APs and Sensors must be placed on the floor map. Use the following steps to view live RF coverage maps: 1 Place devices on the floor map using the steps given in the Placing APs and Sensors on the Floor map and Viewing Details section. 2 Select one of the following views.
7.7
Viewing RF Coverage Maps
7.7.1
AP Coverage View
The AP Coverage View enables you to view an 802.11 RF coverage map based on the dBm at each point on the layout. This information is useful to find out available signal strength at each point. The color-coding scheme used enhances the readability of the map.
Locations Tab
Figure 116.
AP Coverage View
7.7.2
AP Channel View
The AP Channel View enables you to view all the 802.11 channels available for connection at each point on the floor. It helps in preventing potential channel interference scenarios.
Figure 117.
AP Channel View
Locations Tab
7.7.3
AP Link Speed View
The AP Link Speed View enables you to view the maximum downlink rate with which a Client at a particular point can connect to an AP on the floor.
Figure 118.
AP Link Speed View
7.7.4
Sensor Coverage View
The Sensor Coverage View enables you to view the detection and prevention zones of visibility for selected Sensors.
Locations Tab Figure 119. Sensor Coverage View
Detection Range is the area over which Sensors can reliably detect wireless activity of devices operating at a power level greater than the value set in the Transmit Power slider. The Intrusion Detection Display Threshold determines the threshold for this range. Prevention Range is the area over which Sensors can prevent unauthorized wireless activity. The Intrusion Prevention Display Threshold determines the threshold for this range. Both detection and prevention ranges are affected by various parameters under AdministrationGlobalLocation SettingsRF Propagation. The reliability of the prevention also depends on the Intrusion Prevention Level chosen under AdministrationLocalOperating PoliciesIntrusion Prevention Intrusion Prevention Level.
7.8
Calibrating RF Views
Calibration helps in tuning RF parameters used by the system to compare the AP and Sensor predictions to actual observations. The system has a robust calibration technique that also allows manual intervention in case of discrepancy. Use the following steps to calibrate RF views: 1 Generate the RF Coverage map using the steps explained in the Viewing RF Coverage Maps section and then clicking <Calibration>. 2 To improve predictions, fine-tune the Min. Signal Decay Constant and the Max. Signal Decay Constant. Note: Min. Signal Decay Constant specifies the amount of signal loss that is acceptable for regions close to the transmitter (Sensor). Max. Signal Decay Constant specifies the amount of signal loss that is acceptable for regions away from the transmitter. Signal loss is directly proportional to the signal decay constants. 3 Change the values of the Signal Decay Slope (Beta) and the Signal Decay Inflection (Alpha). The system uses these parameters when computing the RF and defines the region around the transmitter that is unobstructed.
Note: When you change the Min. Signal Decay Constant, Max. Signal Decay Constant, Signal Decay Slope (Beta), and Signal Decay Inflection (Alpha) the RF view and location tracking for unobstructed regions is affected. In the obstructed regions, only Location Tracking is affected, RF view is not affected. 4 Click <Update Graph> to view your selection against the predicted values.
Important: The Predicted value curve should overlap the Observed value curve as much as possible. 5 6 Click <Calibrate> to complete calibration if you have adjusted the parameters manually such that the two curves are parallel (but not coinciding). Click <Apply> to commit your changes.
Locations Tab
Figure 120. RF Calibration Dialog
Reports Tab
Chapter 8
8.1
Reports Tab
The Reports screen enables you to generate predefined and customized reports. The system uses a query-based mechanism to generate various reports. The system provides predefined compliance reports: Health Insurance Portability and Accountability Act (HIPAA), Sarbanes-Oxley (SOX), Gramm-Leach-Bliley (GLBA), Payment Card Industry (PCI) Standard, and so on. Additionally, information about devices and events is also available in the form of ready made reports.
Reports: Panel for Generating Reports
8.2
You can open the Reports screen by selecting the Reports tab on the navigation bar.
Reports Screen: Accessibility and Layout
Figure 121.
Report Definitions Screen: Shared Reports Tab
The Reports screen includes two panes. On the left, the Location tree On the right, the report panel
8.2.1
Location Tree
The Location tree shows the complete list of locations created for your WLAN in the system. Users who do not have permission on the root location cannot select the root location (see Location Tree View and Location Based Administration Rights (LBAR)). You can select other locations for which you need to generate the report.
8.2.2
Report Panel
On the top of the Reports screen, Selected Location gives the path of the selected location. The Reports screen includes two tabs: Report Definitions: This tab consists of two sub-tabs: Shared Reports: Contains reports that all the users can view and schedule. These include Compliance Reports, Incident Reports, Device Inventory Reports, Performance Reports, and Custom Reports My Reports: Contains reports available only to those users who have generated them.
Reports Tab
Figure 122.
Report Definitions Screen: My Reports Tab
Archived Reports: This tab allows you to view saved or archived reports generated on the Server. These reports are useful for trend analysis. An archived report is visible to a user if the user generated the report. A superuser can see all archived reports. On the two tabs Shared Reports and My Reports are two tables described in the following sections.
8.2.2.1
List of Reports
The List of Reports table displays reports available for all the locations. This table consists of the following columns: Report Name: Displays the name of each report Report Description: Displays a brief description of each report Report Delivery Schedule: Displays the delivery schedule of each report for the selected location. The schedule is only visible to the user who created it. In the List of Reports table, you can perform the following operations under Shared ReportsCustom Reports tab or My Reports: Add, edit, delete, and move a report to a different tab Add, edit, and cancel a report schedule Under Shared Reports Compliance Reports, Incident Reports, Device Inventory Reports, and Performance Reports tabs, you can only view a report and add a report delivery schedule.
8.2.2.2
List of Sections
The List of Sections table displays sections created for a selected report. This table consists of the following columns: Section Name: Displays the name of the section contained in the selected report Section Description: Displays a brief description of each section Section Query Type: Indicates whether the section query is a Device, or Event query Note: Throughout the user interface, events can have one of the three states (Live, Instantaneous, or Expired); however, while defining Reports Instantaneous and Live events are grouped into a single status (Past). In the List of Sections table, you can perform the following operations under Shared ReportsCustom Reports tab or My Reports: Add, edit, and delete a section of a report
Organize the sections in the report using
and
Reports Tab
Generate a report, save a report with the same, or different name Under Shared Reports Compliance Reports, Incident Reports, Device Inventory Reports, and Performance Reports tabs, you can only view a section of a report, generate a report, and save a report with a different name. The saved report is available under Shared Reports Custom Reports tab. On the Archived Reports tab, the following information is available:
Figure 123.
Archived Reports Tab
User Name: Displays the name of the user who generated the report. Location: Displays the name of the location at which the report is generated. If the Location tree is updated after a report is generated, this field is not updated. Report Name: Displays the name of the report that appears at the time of report generation. Updating the report name does not update the name here. Format: Specifies the format of the report; that is HTML, XML, or PDF. Generation Date: Indicates the time of report generation. Size (KB): Displays the report size. This parameter is useful when deleting reports.
8.3
8.3.1
Managing Reports
Adding a Report
This section shows how to add a report, edit a report, delete, and move a report. You can perform these operations either under the My Reports tab or the Shared ReportsCustom Reports tab. The system enables you to define customized reports so that you can view precise details that you require. Use the following steps to add a report: 1 Select the tab My Reports.
Reports Tab
Under List of Reports, click <Add Report>.
Figure 124. Report Details Screen showing Report Header Tab
3 On the Report Details dialog, under Report Name, enter a unique, user-friendly name for the report. 4 Under Report Description, enter brief note to help identify the report. 5 Click Use default look and feel, to retain the default text, title, and colors for the reports. 6 Alternatively, click Customize look and feel, to customize the appearance of the report. 7 Select the Report Header tab. Under Report Header, specify the following parameters to be customized in the generated report: o Left Aligned Header Text: Specify the text that should appear in the header on the left side. o Right Aligned Header Text: Specify the text that should appear in the header on the right side. o Click <Pick> and select the Text Color and Background colors for the Report Header. Under Report Title, specify the following parameters to be customized in the generated report: Title Text: Specify a title that appears below the header on the left side. The Report Description follows this title. Click <Pick> and select the Text Color and Background colors for the Report Title. Select the checkbox, Display Report Generation Information to view the following information below the Report Title o Duration for which the report is generated o Location for which the report is generated o User who generated the report o Date and time when the report is generated Select the checkbox, Display Report Description Text to view a detailed description of the report. 8 Select the Report Summary tab.
Reports Tab
Figure 125. Report Details Screen showing Report Summary Tab
De-select the checkbox, Display Report Summary if you do not wish to view the Report Summary in a tabular form. Alternatively, select the checkbox, Display Report Summary to customize parameters in the Report Summary table in the generated report. o Specify the Report Summary Text that should appear as the Report Summary table heading. o Click <Pick> and select the Text Color and Separator colors for the Report Summary table heading. Under Summary Table, select the checkbox, Include Section with zero results to view sections in which the result count is zero. Under Summary Table Header, click <Pick>, select the Text Color, and Background colors for the Report Summary table row header. Under Summary Table Column Header Definition, select the checkbox, Display Report Summary Table to customize the following column names in the Report Summary table in the generated report. o Section Name o Section Description o Query Type o Result Count o Jump to Under Summary Charts, select an option button to view the charts in the desired format. 9 Select the Report Sections tab.
Reports Tab
Figure 126. Report Details Screen showing Report Sections Tab
Under Section Title, specify the following parameters to be customized in the generated report: o Section Name Title: Specify the text that should appear as a common heading for all the Section Names. o Click <Pick> and select the Text Color and Separator colors for the Section Name Title. Under Section Header, specify the following parameters to be customized in the generated report: o Click <Pick>, select the Text Color, and Background colors for the table row headers in the Section Summary and Section Results sections. o Select Display Section Description text to view a brief description for each section of the report. o Select Display Section Query to view all the constraints specified in the database query for that section. o Select Display Section Summary to view a graphical and tabular at-a-glance view of the results of the section. o Select Display Section Results to view all the entries in the database that satisfy the constraints specified by the section query. o Select Display details of Section Results to view additional details for each entry in the Section Results table. 10 To add the report to the List of Reports, click <Save>. The new report appears under the List of Reports table.
8.3.2
Editing a Report
The system enables you to edit user-defined reports. You cannot edit pre-defined reports. HP ProCurve recommends that you do not edit a shared report scheduled by multiple users for delivery. Instead, save the report under a different name and then modify that report. Use the following steps to edit a selected report: 1 From the List of Reports table select the report that you want to edit. 2 Click <Edit Report>. 3 On the Report Details dialog, change the Report Name, Report Description, default look and feel, or customize the look and feel.
Reports Tab
Figure 127. Editing a Report
To save the changes, click <Save>.
8.3.3
Deleting a Report
The system enables you to delete a user-defined report. You cannot delete pre-defined reports or a shared report scheduled by other users. Use the following steps to delete a report: 1 From the List of Reports table, select the report that you want to delete. 2 Click <Delete Report>. 3 Click <Yes> on the Confirm dialog to delete the report.
8.3.4
Moving a Report
The system enables you to move a report from Shared ReportsCustom Reports to My Reports and vice versa. Use the following steps to move a report: 1 From the List of Reports table, select the report that you want to move. 2 Click <Move Report>. 3 Click <Yes> on the Confirm dialog to move the report. You cannot move: A report from Shared ReportsCustom Reports to My Reports if more than one user share or schedule it for delivery at that location A report from My Reports to Shared ReportsCustom Reports if a user schedules it for delivery at that location Reports provided under Shared Reports Compliance Reports, Incident Reports, Device Inventory Reports, and Performance Reports to My Reports
8.4
Working with Sections of a Report
This section shows you how to add a section to a report, edit a section of a report, and delete a section of a report.
Reports Tab
8.4.1
Adding a Section to a Report
A report consists of one or more sections. Each section is a query to the database. The system then searches its database for those records that satisfy the conditions that you impose. You cannot however add sections to predefined reports. Use the following steps to add a section to a report: 1 From the List of Reports table, select the report to which you need to add a section. 2 Click <Add Section to Report>.
Figure 128. Adding a Section to a Report
3 4 5 6 7
8 9
On the Add Section to Report dialog, enter a Section Name and a Section Description for the newly added section. Select the checkbox Display this section to view this section in the generated report. Under Section Query Type, select Device or Event as the query type. Select any combination of the AP, Client, and Sensor checkboxes to include these device types in the results. Describe the Section Query construction logic by selecting the following: A column from Select Column A condition from Select Condition An object for the query, which you can select or enter Optionally, select one or more Boolean connectors (OR or AND) to join two or more queries. Click <Delete> to delete a query. Under Select Columns to be displayed in Section Results, do the following: Click <Add> to view a list of attributes and select an attribute. Select the checkbox Display to view the selected attribute in the generated report. Under Summary, you can choose to do the following: o Select the type of chart from the drop-down list to view a graph for the selected attribute. o Select the checkbox Table to view a tabulated count for the selected attribute.
Reports Tab
Note: Pie charts are not visible in an HTML report. You can view pie charts only in a PDF report. Select an attribute and click <Delete> to delete that attribute. Select an attribute and click <Up> or <Down> to organize the attributes that appear as columns in the Section Results table of the generated report. To save the section to an existing report, click <Save Section to Report>. To save the section with a new name, click <Save to Report as New Section>.
10
8.4.2
Editing a Section of a Report
The system enables you to edit a reports section information, query, or attributes to display in the generated report. HP ProCurve recommends that you do not edit a shared report scheduled by multiple users for delivery. Use the following steps to edit a section of a report: 1 From the List of Sections table, select the section that you want to edit. 2 Click <Edit Section>. 3 On the Edit Section in Report dialog, make changes to the required field(s). 4 To save the changes in an existing section, click <Save Section to Report>. To save the edited section with a new name, click <Save to Report as New Section>.
8.4.3
Deleting a Section of a Report
The system enables you to delete a section from a report if you no longer need the query defined in that section. Note: Be careful when deleting a section of a report. The system cancels any existing delivery schedules for the selected report in the selected location. Further, if you delete the last section of a report, scheduling and report generation functions are disabled. Use the following steps to delete a section from a report: 1 From the List of Sections table, select the section that you want to delete. 2 Click <Delete Section>. 3 Click <OK> on the Confirm dialog to delete the section.
8.5
Scheduling a Report
The system enables you to schedule email delivery of a report. You can select one time delivery or recurring delivery. Important: Scheduled reports are emailed at incorrect times if incorrect time zone settings are configured in the Server Initialization and Configuration Wizard from the Server Config shell so choose the time zone carefully.
8.5.1
Setting a Report Schedule
Use the following steps to schedule email delivery of a report: 1 From the List of Reports table, select the report that you want to schedule. 2 Click <Add Schedule>. The Generation and Delivery Options for Selected Location dialog appears.
Reports Tab
Figure 129.
Scheduling a Report for One Time Generation
From the Format drop-down list, select the output type for the report, that is, HTML, XML, or PDF.
Note: The system does not support PDF report generation on older versions of IE (versions lower than 7.0). 4 Select either One Time Generation or Recurring Generation. To schedule a report for One Time Generation, perform the following: to specify the date and the time on which to generate the report. Under Schedule Report, click the calendar icon Under Report Time Period, customize the duration for which the report should be generated by doing either of the following: o Select Last and then the number of hours, days, or months before the report delivery time. o Select Customize and then the exact date and time in From Date and To Date fields.
Reports Tab
Figure 130.
Scheduling a Report for Recurring Generation
To schedule a report for Recurring Generation, perform the following: Under Schedule Report, from the Generate Report Every drop-down list select the number of hours, days, or months over which to deliver the report. o Click the calendar icon next to Start Date to select the start date and time for the report. o Click the calendar icon next to End Date to select the end date and time for the report. The End Date must be greater than the Start Date. The system automatically selects the End Date and Time from the Start Date. o Under Report Time Period, customize the duration for which the report should be generated by selecting Last and then the number of hours, days, or months before the report delivery time. Under Delivery Options, perform the following: Select Archive Report and then choose the following: o Never Delete to retain the report forever o Delete after n days to delete the report after the specified number of days Select Email Report to email a copy of the report to the selected user(s). Select Zip before email to compress the report before emailing it. Click <Add Recipients> to open Report Delivery dialog. Here, you can do the following: Select one or more email addresses under System Users and then click to move the chosen email address(s) to Recipients. The system delivers scheduled reports to the users under Recipients. Click <Add> to open Additional Email Addresses dialog where you can specify a custom email address for a non-system user who will receive a scheduled report. In this dialog, you can add multiple email addresses one at a time.
Reports Tab
Figure 131. Specifying Additional Email Addresses for Report Delivery
7 8 9
Click <OK> to close the Additional Email Addresses dialog. Click <OK> to close the Report Delivery dialog. To schedule the report, click <Save>.
8.5.2
Editing a Report Schedule
The system enables you to edit a report schedule in response to your requirements. Use the following steps to edit a report schedule: 1 From the List of Reports table, select the report whose schedule you want to edit. 2 Click <Edit Schedule>. 3 On the Generation and Delivery Options for Selected Location dialog, make the necessary changes using the steps given in the Setting a Report Schedule section. 4 To save the changes, click <Save>.
8.5.3
Canceling a Report Schedule
The system enables you to cancel a report schedule based on your requirements. Use the following steps to cancel a schedule: 1 From the List of Reports table, select the report whose schedule you want to cancel. 2 Click <Cancel Schedule>. 3 Click <Yes> on the Confirm dialog to cancel the schedule.
8.6
Generating a Report Instantly
The system enables you to generate a report instantly to display detailed information about your WLAN for a selected period. Use the following steps to generate a report: 1 From the List of Reports table, select a report that has at least one section. 2 Click <Generate>.
Reports Tab
Figure 132. Generating a Report
3 On the Generate Report dialog, select the Report Time Period by doing one of the following: Select the number of days or hours from the drop-down list over which to collect data. Use the calendar icons to the right of the From and To fields to select the start time and end time for which to collect the data. 4 Select the Format in which to generate the report, that is, HTML, XML, or PDF. 5 Under Report Archival, select Archive Report and then select one of the following: Never Delete to retain the archived report in the database forever Delete after n days to delete the archived report after the selected number of days 6 Click <OK> to generate the report. 7 An HTML or PDF report opens in another browser window.
Figure 133. Report in HTML Format
Reports Tab
Figure 134. Report in PDF Format
Alternatively, to save a report in XML format, in the Save dialog, specify the path where you want to save the report.
Figure 135. Report in XML Format
8.7
Sample Report Generation
The example given in this section walks you through the process of creating a new report and shows you how to add a new section consisting of several database queries to the report. These are the steps involved in generating a report: Creating a report Adding a section Specifying a section query Selecting columns Saving the section Generating the report These steps are illustrated with an example of a report that lists of all the Rogue APs in the WLAN that:
Reports Tab
Operate only on the 802.11 b protocol Use either Channel 6 or Channel 11 for wireless communication
8.7.1
1 2 3 4 5 6 7 8
Creating a Report
Select the tab My Reports. Add a new report to the List of Reports table by clicking <Add Report>. On the Report Details dialog, enter a Report Name for the new report (for example, Rogue AP Associations), a Report Description to identify the report, and optionally customize the look and feel of the report. Click <Save>. The new report appears under the List of Report table.
8.7.2
Adding a Section
Select the newly added report. Click <Add Section to Report>. On the Add Section to Report dialog, enter a Section Name and a brief Section Description. Select the checkbox Display this section to view this new section in the generated report.
8.7.3
Specifying a Section Query
9 Under Section Query Type, select Device Query. 10 Under Select Device Type to include in Results, select the AP checkbox. By default, the system selects this checkbox. 11 Under Section Query, from left to right, select the following: Violates Security Policy? is equal to Yes; the Boolean connector AND joins the first query to the second Active Status is equal to Inactive; the Boolean connector AND joins the second query to the third Channel is equal to 6; the Boolean connector OR joins the third query to the fourth Channel is equal to 11 Note: The following steps explain a suggested method of implementing this query. You can implement the same query by changing the order of the queries. Under Select Columns to be displayed in Section Results, do the following Click <Add> to view a list of attributes. Select the following attributes one at a time and click <OK>. MAC Address SSID Network Status Protocol Channel Device Folder Ensure that you select the following under Select Columns to be displayed in Section Results.
Attribute MAC Address SSID Network Status Protocol Channel Device Folder Display Selected Selected Selected Selected Selected Selected Summary Chart Pie Bar Pie Bar Bar Table Selected Selected Selected Selected Selected
12
8.7.4
13
Saving the Section
To save this section to the report (Rogue AP Associations), click <Save Section to Report>. The new section appears under the List of Sections table.
8.7.5
Generating the Report
14 Select the newly created report (Rogue AP Associations). 15 Click <Generate>. The Generate Report dialog appears. 16 Under Report Time Period, select 7 days.
Reports Tab
Under Format, select PDF. Under Report Archival, select Archive Report and then select Delete after 360 days to retain the archived report for 360 days. 19 Click <OK>. The PDF report opens in a different browser window.
17 18
Figure 136. Report in PDF format for Rogue AP Associations
20
To view the Section Summary and Section Results of a section, click the corresponding link(s) in the Jump to column in the Report Summary table.
Reports Tab
Figure 137. Report for Rogue AP Associations showing Section Summary
Figure 138. Report for Rogue AP Associations showing Section Results 120 HP ProCurve RF Manager and Sensors Management and Configuration Guide
Forensics Tab
Chapter 9
Forensics Tab
Note: The Forensics and Performance Monitoring features and their tabs are only available if the HP RF Manager Adv Wireless IPS License (J9644A) (WIPS) is installed.
9.1
The Forensics screen enables you to drill down into forensic data about wireless threats detected in the network. The system captures important details about the detected threats and presents them in a human-readable format. You can review details such as device identities and configurations, connection records, device locations, system responses, and administrator actions about the detected wireless threats using this tab.
Forensics: Panel for Threat Forensics
9.2
You can open the Forensics screen by selecting the Forensics tab on the navigation bar.
Forensics Screen: Accessibility and Layout
Figure 139.
Forensics Screen
The Forensics screen includes two panes. On the left, the Location tree On the right, the Forensics tab: Time Filter, Threats List, and Pie Charts showing the AP and Client-Related Instances in graphical form.
9.2.1
Forensics: Location Tree
The Location tree shows the complete list of locations created for your WLAN in the system. To view a list of wireless threats, select a location in the Location tree, and a list of threats appears for the selected location and its child locations.
9.2.2
Forensics: Time Filter, Threat List, and Pie charts
This pane shows: Path of the selected location List of threats that have occurred at that location
Forensics Tab
Graphical representation of AP and Client threats as a pie chart You can view the threats based on the Time Filter, do one of the following: Select Time Period and select Last 4 Hours, Last 12 Hours, Last 24 Hours, or Last 48 Hours from the drop-down list. Select From; click the icon to specify a start date and time. Under To, click the icon to specify an end date and time and then click <Apply>. Threat list is organized such that it is easy to determine whether it is AP based threat or Client based threat, based on the primary device involved in the threat. AP Based Threats: These are threats wherein the main participating/effected device is an AP. AP based threats are subcategorized as follows: Rogue AP Mis-configured AP Honeypot AP Banned AP DoS Client Based: These are threats wherein main participating/effected device is a Client. Client based threats are sub-categorized as follows: Unauthorized Association Mis-association Bridging Client Banned Client Ad hoc Networks You can also view the summary information about threats in the form of pie charts under the AP related instances and Client related instances.
9.3
Forensics analysis of threats involves systematic drill down into the threat details. Viewing the threat list is the first of those actions. Use the following steps to view threat list: 1 In the Location tree, select a location. 2 In the right pane, the threat list displays. The threat list has the following columns:
Viewing Threats List
Forensics Tab Figure 140. Threats List
Primary Device: Specifies the category of the threat (AP or Client) based on the primary device involved/effected by the threat Threat: Specifies the actual name of the threat type (such as Rogue AP, Honeypot AP, Ad hoc Networks , and so on) Instances: Specifies the number of threats of the respective type in the given time frame Devices: Specifies the number of unique Primary Devices which were involved in this threat type Details: When you click Details, the Forensics Details dialog opens. This helps you drill down into the details of that threat type.
Figure 141.
Forensics Details Dialog
The various fields and buttons in the Forensics Details dialog are: Short Description: Provides a brief description of the selected AP/Client threat. This displays as bold text at the top of the dialog. All Devices Filter: Displays unique list of all the Primary Devices which were involved in the threat in the time frame selected in the Time Filter in the Threats List screen. Click the All Devices Filter icon, the Device Filter dialog opens. Select the appropriate Device/All Devices in the Search. Click <OK>.
Forensics Tab
Figure 142.
Device Filter dialog
Event Details: Specifies the event details. Right-click option of Events is also available. Refer to Viewing Events Lists section in the Events tab for details. Event Start Time: Displays the event start time. Event End Time: Displays the event end time. If the event is live, the Event End Time is Ongoing. Refer to AP Based Threats section or Client Based Threats section for more details about Association, Prevention, and Admin tabs depending on the threat type.
9.4
The AP Based Threats Details dialog gives information about the AP based threat, which helps you determine the actions taken after the threat was detected. To open the AP Based Threat Details dialog: On the Forensics screen, select an AP Threat row and click Details. The AP Based Threat Details dialog has the following tabs: Association, Prevention, and Admin. By default the Association tab appears.
AP Based Threats
Forensics Tab
Figure 143.
AP Based Threat Details dialog
9.4.1
AP Based Threat Association Tab
Association Tab shows the number of connection attempts that were made to the AP selected for the duration of the selected Event. The fields in Association Tab are as follows: AP: In case of AP based threats, AP is the Primary Device. Click AP, the AP Details dialog opens. Client: Client is the device, which is associated to the Primary Device. Click Client, the Client Details dialog opens. Association Start Time: Specifies the start time when the Primary Device associates with the device. Association End Time: Specifies the end time when the Primary Device ends association with the device. Locate: Click Locate, the Location dialog opens. Select the AP/Client participating in the event from Locate Device drop down list. Select Start Time of Association and End Time of Association from the At drop down list. Click <Locate> the location of the selected device at the selected time displays in the Thermometer View. Click <Floor Map View> to view the location of the selected device at the selected time in the Floor Map View.
Forensics Tab
Figure 144.
Location dialog
Note: The first row in the AP based threat displays the Event Time, while rest of the rows displays the Start/End Time of Association. This is valid for all AP based threats, except DoS.
9.4.2
AP Based Threat Prevention Tab
Prevention Tab shows the details of the Quarantine status of the association in the Association tab.
Forensics Tab
Figure 145.
AP Based Threat Details Prevention Tab
The fields in Prevention Tab are as follows: AP Client Association Start Time Association End Time Quarantine: Specifies the action taken on both the devices in the association. Even if one device is quarantined, the association is Quarantined, otherwise it is Not Quarantined. Click Quarantined, the Quarantine Details dialog opens.
Figure 146.
Quarantine Details dialog
Forensics Tab
Click Not Quarantined, the Not Quarantined Reason dialog opens.
Figure 147.
Not Quarantined Reason
9.4.3
AP Based Threat Admin Tab
Admin Tab shows all the administrator actions taken on the AP between the Event Start Time and Event End Time.
Forensics Tab
Figure 148.
AP Based Threat Details Admin Tab
The fields in Admin Tab are as follows: User: Specifies the name of the user who took action on the threat Action: Specifies the action taken by the user for the AP based threat such as AP added to quarantine, AP name changed Time: Specifies the time when the user action was taken Note: All the above tabs Association, Prevention, and Admin shows the information based on the Device and Event selected in the Viewing Threats List dialog.
Note: AP Based Threat Rogue AP, Mis-configured AP, and Honeypot AP have the same fields for the tabs Association, Prevention, and Admin. However AP Based Threat DoS has some different fields as discussed in the section below.
9.4.4
AP Based Threat DoS
DoS is classified into two categories: Unicast: In Unicast only one Client connected to the AP is effected in the DoS attack Broadcast: In Broadcast all the Clients connected to the AP are effected in the DoS attack To open the AP DoS Threat Details dialog: On the Forensics screen, select the AP DoS threat row and click Details. The AP DoS Threat Details dialog opens.
Forensics Tab
Figure 149.
AP DoS Threat Details dialog
The fields in Association Tab are as follows: AP Client: In case of Unicast, a single Client name appears, click the Client name, the Client Details screen opens. In case of Broadcast, All Clients displays in the Client name. Association Start Time Association End Time Locate Click Locate, the Location dialog opens. In case of Unicast, select the AP/Client/DoS Attacker participating in the event from Locate Device drop down list. In case of Broadcast, select the AP/DoS Attacker participating in the event from Locate Device drop down list. Select Start Time of Association and End Time of Association from the At drop down list. Click <Locate>, the location of the selected device at the selected time displays.
9.4.4.1
AP DoS Threat Association tab
9.4.4.2
AP DoS Threat Prevention tab
Click on Prevention Tab in the AP DoS Threat Details dialog.
Forensics Tab
Figure 150.
AP DoS Threat Details Prevention tab
The fields in Prevention tab are as follows: AP Client: In case of Unicast, a single Client name appears, click the Client name, the Client Details screen opens. In case of Broadcast, All Clients displays in the Client name. Association Start Time Association End Time Quarantine: Specifies the action taken during the association, whether the device was Salvaged/Not Salvaged. Salvage unblocks the affected communication of the Authorized AP. Click Salvaged; the Quarantine Details dialog opens. Click Not Salvaged, the Not Quarantined Reason dialog opens
9.4.4.3
AP DoS Threat Admin Tab
Click on Admin Tab in the AP DoS Threat Details dialog.
Forensics Tab
Figure 151.
AP DoS Threat Details Admin tab
The fields in Admin tab are as follows: User Action Time
9.5
The Client Based Threats Details dialog gives information about the Client based threat, which helps you determine the actions taken after the threat was detected. To open the Client Based Threat Details dialog: On the Forensics screen, select a Client Threat row and click Details. The Client Based Threat Details dialog has the following tabs: Association, Prevention, and Admin. By default the Association tab appears.
Client Based Threats
Forensics Tab
Figure 152.
Client Based Threat Details dialog
9.5.1
Client Based Threat Association Tab
Association Tab shows the number of connection attempts that were made to the Client selected for the duration of the selected Event. The fields in Association Tab are as follows: Client: In case of Client based threats, Client is the Primary Device. Click Client, the Client Details dialog opens. AP: AP is the device that is associated to the Primary Device. Click AP, the AP Details dialog opens. Association Start Time: Specifies the start time when the Client associates with the AP. Association End Time: Specifies the end time when the Client ends association with the AP. Locate: Click Locate, the Location dialog opens. Select the AP/Client participating in the event from Locate Device drop down list. Select Start Time of Association and End Time of Association from the At drop down list. Click <Locate> the location of the selected device at the selected time displays in the Thermometer View. Click <Floor Map View> to view the location of the selected device at the selected time in the Floor Map View.
Forensics Tab
Figure 153.
Location dialog
Note: The first row in the Client based threat displays the Event Time, while the rest of the rows display the Start/End Times of Association. This is valid for all Client based threats, except Ad hoc.
9.5.2
Client Based Threat Prevention Tab
Prevention Tab shows the details of the Quarantine status of the association in the Association tab.
Forensics Tab
Figure 154.
Client Based Threat Details Prevention Tab
The fields in Prevention Tab are as follows: Client AP Association Start Time Association End Time Quarantine: Specifies the action taken on both the devices in the association. Even if one device is quarantined, the association is Quarantined, otherwise it is Not Quarantined. Click Quarantined, the Quarantine Details dialog opens. Click Not Quarantined, the Not Quarantined Reason dialog opens.
9.5.3
Client Based Threat Admin Tab
Admin Tab shows all the administrator actions taken on the Client during the Event Start Time and Event End Time.
Forensics Tab
Figure 155.
Client Based Threat Details Admin Tab
The fields in Admin Tab are as follows: User: Specifies the name of the user who took action on the threat Action: Specifies the action taken by the user for the Client based threat, such as Client added to quarantine, Client name changed Time: Specifies the time when the user action was taken Note: Client Based Threat Mis-association, Unauthorized Association, Bridging Client, and Banned Client have the same fields for the tabs Association, Prevention, and Admin. However Client Based Threat Ad hoc has some different fields as discussed in the section below.
9.5.4
Client Based Threat Ad hoc
Client Ad hoc Threat displays only the Clients participating in the Ad hoc connection. To open the Client Ad hoc Threat Details dialog: On the Forensics screen, select the Client Ad hoc threat row and click Details. The Client Ad hoc Threat Details dialog opens.
Forensics Tab
Figure 156.
Client Ad hoc Threat Details dialog
Note: The Client Ad hoc Threat Details dialog does not have All Device Filter icon
9.5.4.1
Client Ad hoc Threat Association tab
The fields in Association Tab are as follows: Client Association Start Time Association End Time Locate: Click Locate, the Location dialog opens. In this case, only the Client name appears in the Locate Device drop down list. Select Start Time of Ad hoc Connection and End Time of Ad hoc Connection from the At drop down list. Click <Locate>, the location of the selected device at the selected time displays.
9.5.4.2
Client Ad hoc Threat Prevention tab
Click on Prevention Tab in the Client Ad hoc Threat Details dialog.
Forensics Tab
Figure 157.
Client Ad hoc Threat Details Prevention tab
The fields in Prevention tab are as follows: Client Association Start Time Association End Time Quarantine: Specifies quarantine action taken on the devices during the Ad hoc connection. Click Quarantined, the Quarantine Details dialog opens. Click Not Quarantined, the Not Quarantined Reason dialog opens.
9.5.4.3
Client Ad hoc Threat Admin Tab
Click on Admin Tab in the Client Ad hoc Threat Details dialog.
Forensics Tab
Figure 158.
Client Ad hoc Threat Details Admin tab
The fields in Admin tab are as follows: User Action: Displays all the actions taken on all the Clients participating in the Ad hoc connection Time
9.6
Forensics Tab User Saved Settings
The following User choices made during browsing of Forensics Tab are saved by the system. Time Filter These settings are saved on log out as well as movement to other tabs on the Console.
Administration Tab
Chapter 10
Administration Tab
10.1 Administration: Panel for Configuring Policies
The system is highly customizable and can be configured to suit the needs of your enterprise. The Administration screen allows you to perform various administrative activities such as event, device, and user management, configure the system and location settings, and enable integration with third party applications.
The Administration screen includes two panes: On the left, Policy Groups categorized into Global Policies and Local Policies; Global policies are grouped under the Global tab while Local policies are grouped under the Local tab. On the right, the details of the selected policy node
10.2 Administration Screen: Accessibility and Layout
Figure 159.
Administration ScreenGlobal Tab
Administration Tab
Figure 160.
Administration ScreenLocal Tab
10.2.1 Global Policies

Global Policies are those that are applicable to the entire system. Only users with Superuser rights or an administrator with rights to the root location can modify these policies.
10.2.2 Local Policies

Local Policies are those that you can customize for a particular location. When you create a new location, by default, all the policies for this new location are always the same as its parent location. In other words, this newly created location inherits policies from its parent. You can change these inherited policies. Specifically, a user with administrative rights can configure these policies for a location. Recommended: Do not use distinct policies for two locations that represent geographically close-by areas. This is because if two locations are very close, it is possible that Sensors from both these locations see a device, thereby affecting the accuracy of location tagging for the device (see Location Tagging of a Device or Location Tag Assignment).
10.2.2.1
Policy and Policy Groups
The system groups policies in Local Policies with related functionality into groups called Policy Groups. Examples of policy groups and policies within them are as shown below. Example 1 Operating Policies (Policy Group) AP Auto-classification(Policy1) Client Auto-classification (Policy 2) Intrusion Prevention (Policy 3) Example 2 Event Settings (Policy Group) Configuration (Policy 1) Email Notification (Policy 2)
Administration Tab
10.2.2.2
Customizing v/s Inheriting Policies
By default, a location inherits policies from its parent location. You can break the inheritance and customize the policies at a location. You can customize or inherit policies only at the policy group level. Customize or inherit of individual policies is not allowed at the individual policy level within the policy group. By customizing or inheriting a policy in a policy group, the policy group gets customized or inherited.
Figure 161.
Policy Inheritance v/s Customization
10.2.2.2.1
Customizing Policies
Use the following steps to customize policies in a policy group for a location that inherits policies from its parent: 1 Select the Local tab. 2 Select a location in the Location tree for which you want to customize the policies. 3 Select a policy group from the Administration tree. 4 Right-click either the selected location or the selected policy group; a context sensitive menu appears. Click Customize Policy Group <Policy Group Name>.
Administration Tab
Figure 162. Customizing a Policy Group
5 6
Alternatively, click on the right side of the policy group pane. Alternatively click the hyperlink Customize in the sentence Click Customize to re-define this policy at this location. on the individual policy page. By customizing the individual policy, the entire policy group is customized.
You can now custom define the individual policies within the policy node.
10.2.2.2.2
Inheriting Policies: (Re)establishing Inheritance
Use the following steps to inherit policies in a policy group for a location which has customized policies: 1 Select the Local tab. 2 Select a location in the Location tree for which you want to inherit policies from its parent. 3 Select a policy group from the Administration tree. 4 Right-click either the selected location or the selected policy group; a context sensitive menu appears. Click Inherit Policy Group <Policy Group Name>.
Administration Tab
Figure 163.
Inhering Policies for a Policy Group
5 6
Alternatively, click on the right side of the policy group pane. Alternatively click the hyperlink Inherit in the sentence Click Inherit to inherit this policy from its parent location. on the individual policy page. By inheriting the individual policy, the entire policy group is inherited from its parent location.
This re-establishes the inheritance link for the selected policy group. The policy group loses any existing customization for the selected location and starts using the parent policies instead. Once policies are inherited, action items like checkboxes, buttons, and so on are de-activated in the policy pane. You will see the policies in a Read-only mode.
10.2.2.3
Template Based Policies
In the system, some policies are made up of one or more templates. In a large setup with several locations, the administrator would like to create templates on a single location and reuse these templates, if other locations in the sub-tree need to have similar templates to define their policies.
10.2.2.3.1
Applying a Template
A user can create templates at locations to which access has been granted. You can then select one or more such templates to be applied at a particular location. Thus, when you apply one or more templates to a location, you define the policy for that location.
10.2.2.3.2
Template Availability at Sub-locations
When you create a new template at a location, it is available for viewing and applying to all the locations in its sub-tree. Templates can only be modified and deleted at the location at which they are created.
10.2.2.4
Copying and Pasting of Local Policies
In a large setup with several locations, the administrator would like to custom define policies for just one location. If other locations need to have policies similar to the ones already defined, you can Copy the policies from the first location and Paste them to the other locations. Copy allows you to copy one or all policy groups customized for a particular location to another location. If all the policy
Administration Tab
groups for a location are inherited from its parent, you cannot copy policies from that location. Paste allows you to paste the policies to a policy group on any location. By pasting a policy group on a location inheriting that policy group, the inheritance is broken.
10.2.2.5
Copying and Pasting all Local Policies
Use the following steps to copy and paste all Local policies: 1 Right-click a location from the Location tree which you choose to copy (source location). 2 From the resultant context-sensitive menu, select Copy Local Policies for <Location Name>. 3 Select All Local Policy Groups or Policy Group-<Policy Group Name>. The Policy Group-<Policy Group Name> option is available only if a policy group node is selected in the Administration tree.
Figure 164. Copying all Local Policies
4 5
Right-click a location to which you want to paste the copied policies. From the resultant context-sensitive menu, select Paste All Policies from <Location Name> or Paste <Policy Group Name> from <Location Name>. The Paste All Policies from <Location Name> displays if all the policies were copied during the copy operation. The Paste <Policy Group Name> from <Location Name> option displays if only a policy group is copied during the copy operation.
Administration Tab
Figure 165. Pasting all Local Policies
10.2.2.6
Copying and Pasting a Local Policy Group
Use the following steps to copy and paste a Local policy group: 1 Right-click a location from the Location tree. 2 Right-click a policy group from the Administration tree which you choose to copy. 3 From the resultant context-sensitive menu, select Copy Policy Group-<Policy Group Name>.
Administration Tab
Figure 166. Copying a Local Policy Group
4 5
Right-click a location to which you want to paste the copied policies. From the resultant context-sensitive menu, select Paste <Policy Group> from <Location Name>.
Note: The copy operation is not allowed if no local policy group is custom defined or customized on that location.
10.2.3 Location Based Policy (LBP)
You can modify policies under the Local tab to suit different locations. As a result, different locations can have different policies.You can customize, inherit, or copy-paste polices from one location to another (see Local Policies). This feature is suitable for deployments that are spread over large geographical areas and where different policies are required in different areas.
10.2.4 Location Tree View and Location Based Administration Rights (LBAR)
In a large deployment spanning across multiple locations, users can be created to manage separate locations without allowing them access to other locations. The LBAR feature provides this type of location based management. You can create users who have access to limited locations in the Location tree. This limits the users ability to perform location operations and policy configurations only to a list of locations where access is granted. The access to the locations for a particular user is added from AdministrationGlobal PoliciesUser ManagementUsers screen.
10.2.5 Location Move

The system enables you to change the position of a location in the Location tree. When you move a location, the inherited policies will be inherited from the new parent location and customized policies will be carried over and remain customized.
10.2.5.1
Behavior of Template Based Policies during Location Move
During the location move, for template based policies, (for example, Authorized WLAN Setup andSensor Configuration), copies of applied/default templates are created at the destination location, if these templates are not available in any of the ancestor locations in the location hierarchy (see Wireless Policies and Sensor Configuration). If a template already exists at the destination location, that template is not copied to the new location.
Administration Tab
10.2.6 Exporting System Configuration

The Export Configuration feature enables the superuser and the administrator to export all policy related information in a single click and gather the same information from a single file, rather than having to go through the policies for all locations. This exported information can later be used for auditing purposes.
10.2.6.1
Exporting Global and Local Policies
Use the following steps to export the system configuration at the root location: 1 Click the Global or Local tab. 2 In the Global tab, right-click Global Policies or in the Local tab, select the root location and right-click Local Policies.
Figure 167. Exporting System Configuration of the Root Location
3 4 5 6
Select Export Configuration. Click <Yes> on the Export Configuration dialog to export the configuration parameters. Select the location where you want to save the exported XML file. Click <Save>.
10.2.6.2
Exporting Local Policies for a Selected Location
Use the following steps to export the system configuration for a selected location: 1 Click the Local tab. 2 Select the location whose configuration you want to export and right-click.
Administration Tab
Figure 168. Exporting System Configuration of a Selected Location
3 4 5 6
Select Export Configuration. Click <Yes> on the Export Configuration dialog to export the configuration parameters. Select the location where you want to save the exported XML file. Click <Save>.
10.2.6.2.1
Structure of the Exported XML File
The XML file hierarchy reflects the Policy Groups hierarchy on the Administration screen. It includes policies and report scheduling information for a location and similar information for its child nodes. The XML file shows all the detailed configurations of the selected location. However, if this location has any sub-location folders, then the XML file shows only those policies that have been customized. Policies that are inherited from the parent location are shown as being inherited in the XML file. The detailed configurations for such locations can be viewed by traversing the list of locations in the upward direction.
Administration Tab
Figure 169.
Viewing an Exported XML File for a Selected Location
10.3 Global Policies
Click the Global tab in the Administration screen to view the policies groups under this tab. Note: In the Administration tree, items marked with an asterisk contain advanced settings. You should modify these settings only if you fully understand the parameters included on these screens. Otherwise, HP ProCurve recommends that you retain the defaults.
10.3.1 Event Settings

Select the Event Settings screen to configure the following event settings in the system.
10.3.1.1
Vulnerable SSIDs
APs have well known default SSIDs and many users may not change these SSIDs when deploying the APs. Therefore it is highly likely that APs using default SSIDs are present in the enterprise neighborhood. If an enterprise Client probes for a default SSID, it is at risk of connecting to the neighborhood AP without the user necessarily knowing about it. Also if an enterprise AP uses a default SSID, such an AP may attract undesirable Clients to connect to it. If you consider an SSID to be vulnerable to hackers, you can open the Vulnerable SSIDs screen and enter the SSID under SSID (ASCII character string). Click <Add> and then <Apply> to place the SSID in your database. If an AP with a vulnerable SSID is detected, the system generates an event. Note: Commonly known SSIDs are listed by default. To enter a blank SSID: no string, click <Add> without entering any text. The list shows the SSID as NULL. Remove SSIDs from this list by selecting the SSIDs and clicking <Delete>. To remove the SSIDs from the database, click <Apply>.
Administration Tab
Figure 170.
Vulnerable SSIDs
10.3.1.2
Regeneration
Some events are generated repeatedly when the cause persists; for example, Denial of Service (DoS) (Security) and traffic events (Monitoring). The Regeneration screen enables you to specify how often an event is repeated if the cause persists under the Event Regeneration Interval. (Minimum: 1 hour; Maximum: 168 hours; Default: 24 hours)
Administration Tab
Figure 171.
Event Regeneration Interval
10.3.1.3
Hotspot SSIDs
It is highly likely that hotspot APs are present in the enterprise neighborhood. If enterprise Client probes for well known hotspot SSID, it is at risk of connecting to the hotspot AP without the user necessarily knowing about it. Also if enterprise AP uses hotspot SSID on it, such an AP may attract undesirable Clients to connect to it. If you consider an SSID to be vulnerable to hackers, you can open the Hotspot SSIDs screen and enter the SSID under SSID (ASCII character string). Click <Add> and then <Apply> to place the SSID in your database. If an AP with a vulnerable SSID is detected, the system generates an event. Note: The system lists commonly known SSIDs by default. To enter a blank SSID: that is, with no string, click <Add> without entering any text. The list shows the SSID as NULL.
Administration Tab
Figure 172.
Hotspot SSIDs
Remove SSIDs from this list by selecting the SSIDs and clicking <Delete>. To remove the SSIDs from the database, click <Apply>.
10.3.1.4
Events Page Size
Events Page Size screen allows the user to configure the Page size of an Events screen and all the related screens which has a mention of Events. Page Size refers to the number of Events that has to be reported per page in the screen as shown in the figure. The System Level Default is set by the Administrator. The Events Page Size configured here is the restore default of the Pagination of Events Page Size (see Pagination of Events in Events Tab).
Administration Tab
Figure 173.
Events Page Size
10.3.2 Device Settings

Select the Device Settings screen to configure the following device settings in the system.
10.3.2.1
Import Devices
Importing an Authorized AP List and an Authorized or Unauthorized Clients List is an efficient alternative to manual movement of these devices into the Authorized/Unauthorized bins. After successfully importing these lists, the system automatically classifies the APs and Clients in the respective lists as Authorized/Unauthorized.
Administration Tab
Figure 174.
Import Devices
You can move Authorized APs to the Authorized folder using one of the following methods: Move an AP to the Authorized folder using right click and Move option Import the Authorized AP list Synchronize with an AP Management Server Note: Once you move an AP to the Authorized folder, the system never automatically removes it from the Authorized folder, even if it later detects that the AP is unwired from the enterprise network. Under Import AP List, click <Import Authorized AP List> to open Import Authorized AP List dialog.
Administration Tab
Figure 175.
Import Authorized AP List
In the Import Authorized AP List dialog: Under Tag Devices, select one of the following: Auto Tag Devices: To automatically tag the AP to the corresponding location. Manually Tag Devices to:: Click <Change> to manually tag the AP to the desired location. Under Enter AP details To add an APs details, type the APs MAC address, IP Address, and Name and click <Add to List>>>>. To add an APs details from a file, click <Browse>. On the Select Authorized AP_Device_List_File dialog, select the .txt file from the desired location and click <Open>. Then click <Add to List>>>>. Under Authorized AP Import List To delete an APs details, select the corresponding row and click <Delete>. To import Authorized APs from the Authorized AP Import List, click <OK>. Note: When you import APs from a list, policy settings in the Setup Wizard do not affect these APs. In the Import Devices dialog, under Import Client List, click <Import Authorized Client List> to open Import Authorized Client List dialog and/or click <Import Unauthorized Client List> to open Import Unauthorized Client List dialog. In the Import Authorized/Unauthorized Client List dialog: Under Tag Devices, select one of the following: Auto Tag Devices: To automatically tag the AP to the corresponding location. Manually Tag Devices to:: Click <Change> to manually tag the AP to the desired location. Under Enter Client details To add a Clients details, type the Clients MAC Address, IP Address, and Name and click <Add to List>>>>. To add a Clients details from a file, click <Browse>. On the Select Authorized/Unauthorized Client_Device_List_File dialog, select the .txt file from the desired location and click <Open>. Then click <Add to List>>>>. Under Authorized/Unauthorized Client Import List To delete a Clients details, select the corresponding row and click <Delete>. To import Authorized/Unauthorized Clients from the Authorized/Unauthorized Client Import List, click <OK>. Note: When you import Clients from a list, policy settings in the Setup Wizard do not affect these Clients.
Administration Tab
In the Import Devices dialog, under Import Sensor List, click <Import Sensor List> to open the Import Sensor List dialog: In the Import Sensor List dialog: Under Tag Devices, select one of the following: Auto Tag Devices: To automatically tag the Sensor to the corresponding location. Manually Tag Devices to:: Click <Change> to manually tag the Sensor to the desired location. Under Enter Sensor details To add a Sensors details, type the Sensors MAC address and Name and click <Add to List>>>>. To add a Sensors details from a file, click <Browse>. On the Select Sensor_Device_List_File dialog, select the .txt file from the desired location and click <Open>. Then click <Add to List>>>>. Under Authorized Sensor Import List To delete a Sensors details, select the corresponding row and click <Delete>. To import Sensors from the Sensor Import List, click <OK>. Note: When you import Sensors from a list, you can delete these Sensors only from the Devices screen.
10.3.2.2
Thresholds
Threshold settings determine the status of devices in terms of up-down association and connectivity. The Thresholds screen enables you to set parameters for APs, Clients, and Sensors.
Figure 176.
Device Thresholds
Device Threshold Parameters contains the following settings: AP Timeout Activity Timeout: If the system senses no activity of the AP for the period specified here, it declares the AP inactive. (Minimum: 60 seconds; Maximum: 600 seconds; Default: 300 seconds) Client Timeouts Activity Timeout: If the system senses no activity from a Client for the period specified here, it declares the Client inactive. (Minimum: 120 seconds; Maximum: 1200 seconds; Default: 600 seconds)
Administration Tab
Association Timeout: If the system sees no communication between an associated AP and Client pair for the period specified here, it declares the association as timed out. (Minimum: 120 seconds; Maximum: 1200 seconds; Default: 600) Sensor Parameters Maximum Number of Sensors Allowed: Maximum number of Sensors allowed to connect to the system at a given time. (Maximum value is governed by the license applied and is a Read-Only field.) Sensor Timeout: The Sensor sends keep alive information to the Server at a regular time interval specified here, to tell the Server that it is alive. If the system does not receive this keep-alive information for a time span specified here, it declares the Sensor inactive. Note: Sensor timeout is not user configurable. It has fixed value of 600 seconds. It displays for information purpose only. RF Signal Computation Constants Moving Average Constant: A constant used to find the weighted average of signal strength as seen by a Sensor for a transmitter. Higher value gives more weight to more recently seen signal strength values. (Minimum: 0; Maximum: 1; Default: 0.05) Sensor observes signal strengths as RSSI reported by the driver. The system converts this information to dBm values for further use. The conversion formula for this is different for 2.4 GHz and 5 GHz frequency spectrum. The formula is dBm = RSSI + dBm Conversion Constant. RSSI <-> dBm Conversion Constant for 802.11a: This value used for 5 GHz band is set to -98. RSSI <-> dBm Conversion Constant for 802.11b/g: This value used for 2.4 GHz band is set to -90. Sensor Server Communication Frequency of Device Updates: The system is informed immediately when device attributes change or when a device is first detected. If no such changes take place, the system should still be informed about the device updates. Here you can set that time after which the system is notified of the updates. (Minimum: 1 day; Maximum: 365 days; Default: 36 days) Frequency of Signal Strength Updates: The system should be periodically informed about the signal strength updates. Here you can set that time after which the system is notified. (Minimum: 1 minute; Maximum: 5 minutes; Default: 2 minutes) Records Constants (per Sensor): A Sensor maintains records for APs, Clients, and associations. The constants below define the maximum number of APs, Clients, and associations for which to maintain records with the Sensor(s). Maximum Number of AP records to keep: Specifies the maximum number of APs for which to maintain records with the Sensor(s). (Minimum: 100; Maximum: 500; Default: 128) Maximum Number of Client records to keep: Specifies the maximum number of Clients for which to maintain records are with the Sensor(s). (Minimum: 100; Maximum: 500; Default: 256) Maximum Number of Association records to keep: Specifies the maximum number of associations for which to maintain records with the Sensor(s). (Minimum: 100; Maximum: 500; Default: 128)
10.3.2.3
Discovery
Sensors and NDs inject discovery (ARP) broadcast packets in bursts on the network at regular intervals. These packets detect the presence of wireless devices connected to the network. If there are multiple Sensors and NDs on a subnet, only one injects discovery packets on the subnet.
Administration Tab
Figure 177.
Device Discovery
The following options are available: Number of packets in a discovery burst: Specifies the number of packets that the system sends in each discovery burst. (Minimum: 10; Maximum: 1000; Default: 300) Time interval for packets in a discovery burst: Specifies the time interval between two consecutive packets sent in a discovery burst. (Minimum: 10 milliseconds; Maximum: 110 milliseconds; Default: 50 milliseconds) Time to wait between two discovery bursts: Specifies the time interval between two consecutive discovery bursts. This time also determines the time taken to detect rogue devices connected to your network. More the time to wait between two discovery bursts means more time is required to detect the connectivity of the wireless devices. (Minimum: 3 seconds; Maximum: 1200 seconds; Default: 75 seconds)
10.3.2.4
MAC Spoofing
In MAC spoofing, an unauthorized AP fakes as an Authorized AP by advertising the same identity information: that is, MAC address.
Administration Tab
Figure 178.
MAC Spoofing
The MAC Spoofing screen enables you to specify the following options: MAC Spoofing Tolerance: The system detects MAC Spoofing if the Authorized AP starts at least half a second before the AP that is spoofing it. You can change this time gap called MAC Spoofing Tolerance to fine-tune detection of MAC Spoofing APs. (Minimum: 600 seconds; Maximum: 36000 seconds; Default: 3600 seconds) MAC Spoofing Session Interval: Specifies the timeout period for MAC Spoofing. If the system does not observe MAC Spoofing activity for this period, any current distributed MAC spoof session terminates. (Minimum: 5 minutes; Maximum: 15 minutes; Default: 5 minutes) Note: The system may quarantine an Authorized AP if an attacker AP placed close to the Authorized AP spoofs its MAC address and is operating in a nearby or same channel.
10.3.2.5
Banned AP List
The Banned AP List enables you to import a list of banned APs to the database. You define the wireless MAC addresses of APs that are blacklisted in your organization. If APs with these MAC addresses become visible, the system generates an alert.
Administration Tab
Figure 179.
Banned AP List
In the Banned AP List under Enter AP MAC addresses, enter the MAC address of a prohibited AP and click <Add to List>>>>. The MAC address is added to the Banned AP List. You can also Use Ctrl + V to paste a list Add the MAC addresses from a file by clicking <Browse> and then selecting the file Note: Separate MAC addresses by a comma, space, tab, semicolon, or new line.
10.3.2.6
Banned Client List
The Banned Client List enables you to import a list of banned Clients to the database. You define the wireless MAC addresses of Clients that are blacklisted in your organization. For example, such MAC addresses could belong to laptops of employees who are no longer with the organization. If Clients with these MAC addresses become visible, the system generates an alert.
Administration Tab
Figure 180.
Banned Client List
In the Banned Client List under Enter Client MAC addresses, enter the MAC address of a prohibited Client and click <Add to List>>>>. The MAC address is added to the Banned Client List. You can also Use Ctrl + V to paste a list Add the MAC addresses from a file by clicking <Browse> and then selecting the file Note: Separate MAC addresses by a comma, space, tab, semicolon, or new line.
10.3.3 User Management

Select the User Management screen to set various user settings. For example, you can manage users and set the password and account locking policies.
10.3.3.1
Users
The Users screen enables you to add, edit, and delete user accounts.
Administration Tab
Figure 181.
Manage Users
10.3.3.1.1
Adding a User
Click <Add> to open the Add User Details dialog.
Figure 182.
Adding User Details: User Properties Tab
Under Add User Details, you can create user accounts to be authenticated either locally or via Light Weight Directory Access Protocol (LDAP).
Administration Tab
For an LDAP User, the superuser must specify the following fields: o Login ID o User Role o List of allowed locations the user can access o Session Timeout (Session Never Expires or Session Timeout) o Language preference o Time Zone Other fields are not required for LDAP authentication. For a Local User, the superuser must specify the following fields: o Login ID: Login ID of the user o User Role: Enables you to specify the type of user. The following table shows the user roles and their respective rights.
Table 5 User Roles and User Rights User Rights Add, delete, modify, and manage users Modify all screens on the Administration tab (excluding User Management screens) Modify and delete events Add, delete, and modify devices (APs and Clients) Add, delete, and modify locations Calibrate location tracking Add, delete, and modify scheduled reports Move devices in and out of quarantine Troubleshoot devices View all product screens (excluding User Management screens) User Roles Superuser Y Administrator N Operator N Viewer N
Y Y Y Y Y Y Y Y Y
Y Y Y Y Y Y Y Y Y
N Y Y Y Y Y Y Y Y
N N N N N N N N Y
The administrator, operator, and viewer users also need access to locations to perform location specific operations. You can select one of the following four roles. o Superuser o Administrator o Operator o Viewer o First Name: First name of the user o Last Name: Last name of the user o Locations: Displays the list of locations to which the user has access rights. o Click <Change> to open the Assign Locations dialog. Here, you can view the complete list of locations and select the locations to which you have access rights. Allowing access to a particular location means allowing access to that location and all its sub-locations. Click <Ok> to assign the selected location(s) to the user. This option is available only if you have an LBAR license.
Administration Tab
Figure 183.
Assigning Locations to a User
Under User Properties tab, specify the following: Password: Password used for login Confirm Password: Password confirmation Email Address: Email address of the user. You must specify an email address for password recovery, scheduled reports, and event notification. Session Timeout: Enables you to specify the time after which the user is logged out automatically if the system does not detect any activity o Session Never Expires: Select this checkbox if you do not want the session to expire o Session Timeout: Enables you to specify the number of minutes after which the system automatically logs out the currently logged in user when there is no activity on the Console for the Session Timeout period (Minimum: 10 minutes; Maximum: 120 minutes) Language preference: Select English or Multilingual support from the drop-down list Time Zone: Select the appropriate time zone for the user Under Password Settings tab, specify the following:
Figure 184.
Adding User Details: Password Settings Tab
Password never expires: If selected, the password does not expire over time. If this option is selected, the fields, Password Expiry Duration, Password Expiry Warning, and Expiry Date are disabled Password Expiry Details: If selected, specify the following parameters:
Administration Tab
Password Expiry Duration: Enables you to specify the duration for which the specified password is valid. If the Password Expiry Duration is less than 15 days, the system raises a Password Expiry Warning message every time the user logs into the Console. (Minimum: 1 day; Maximum: 365 days) o Expiry Date: Shows the password expiry date and time o Password Expiry Warning: Enables you to specify the number of days before the password expiry date that a password expiry warning should appear. The warning appears every day until you change the password. Once you change the password, the system updates the Expiry Date depending on the value specified in the Password Expiry Duration field. (Minimum: 1 day; Maximum: 60 days) Click <Add> to add the details for a new local user. o
10.3.3.1.2
Editing a User
To edit the details of an existing user, double-click a row or select a row and click <Edit> to open the Edit User Details dialog.
Figure 185.
Editing User Details
The Edit User Details dialog is similar to the Add User Details dialog. Additionally, in this dialog, if the Change Password checkbox is selected, you can change the password. Under Lock User Account, the superuser can do the following for other user roles. Enable a user account that has been disabled due to failed login attempts Enable/disable a user account permanently Click <Save> to save all the changes. Note: A dark highlight for an entry in the user list indicates that the user account is disabled or locked permanently.
10.3.3.1.3 10.3.3.2
Deleting a User LDAP
Select a row and click <Delete> to discard the details of an existing user. The system can use an LDAP Server for user authentication. The LDAP Configuration screen enables you to set the LDAP Authentication Details.
Administration Tab
Figure 186.
LDAP Configuration
If you select Enable LDAP, the system authenticates user login using an LDAP compliant directory. Default Privileges for LDAP Users: This section specifies the default role and the default locations assigned when new LDAP users log in. Once a user is registered in the system, administrators having rights to the root location can change the individual users role and allowed locations using the Edit User dialog. LDAP integration is used only for user authentication. The roles and the assigned locations must be defined within the system. Each time a user is authenticated using LDAP, the users name and email address are synchronized with the LDAP Server. If you delete a user from the directory serviced by the LDAP Server, the system continues to send emails to this user until the corresponding user is manually deleted from the Server. User Role: Enables you to specify the default role for new LDAP users. You can select one of the following four options. The default user role is Viewer. Superuser Administrator Operator Viewer Locations: Displays the list of locations to which a new LDAP user has access rights Click <Change> to open the Assign Locations dialog. Here, you can view the complete list of locations and select the locations to which the LDAP user can have access rights. Click <Ok> to assign the selected location(s) to the user. Connection Details LDAP Server IP Address/Hostname: Specifies the name or the IP address/Hostname of the LDAP Server. (Default: localhost) Port: Specifies the port number of the LDAP Server. (Default: 389) LDAP Configuration Details: Specifies the identifiers required to authenticate users using the LDAP compliant directory.
Administration Tab
Base Distinguished Name: Specifies the base distinguished name of the directory to which you want to connect, for example, o=democorp, c=au.
Note: Distinguished Name is a unique identifier of an entry in the Directory Information Tree (DIT). The name is the concatenation of Relative Distinguished Names (RDNs) from the top of the DIT down to the entry in question. User ID Attribute: Specifies the user ID attributes string that the system uses to identify the user, as defined in your LDAP schema. (Default: cn) Authentication Mechanism: Specifies a read-only field with the default authentication mechanism. (Default: NO-SSL) Filter String: Specifies certain attributes: existing or new: that you can use for different users, based on which the Server filters the users, for example, (IsUser=A). This feature can help restrict the use of the system to a certain set of users.
LDAP Authentication Details: Specify user credentials required to search the LDAP compliant directory. This is required only in case the directory does not allow anonymous search. Select Authentication Required to search LDAP? if the LDAP Server requires administrator login to search the LDAP compliant directory. Specify the Admin User DN and Password to log in. If you select Append Base DN, the Base Distinguished Name specified in LDAP Configuration Details is appended to the Admin User DN. Test Settings: Enables you to test whether the specified settings are correct. To verify the settings, enter the User Name and Password for a specific user and click <Test>.
Note: <Test> is not available unless you change the settings. <Apply> is unavailable until you use <Test>. By default, LDAP users log into the Server with Superuser rights. However, an LDAP user cannot add or edit users. The list of users on the User Management screen for LDAP users shows other LDAP users and does not include users logged in via application authentication.
10.3.3.3
Password Policy
The Password Policy determines the minimum requirements for system passwords. This policy applies to all User Roles: Superuser, Administrator, Operator, and Viewer. If you change this policy, older passwords are not affected. Only passwords created after a policy change are subject to the new policy.
Administration Tab
Figure 187.
Password Policy
Under Password Policy, you can specify the following: Minimum number of characters: Enables you to specify the minimum number of characters to be used for constructing passwords. (Minimum: 4; Maximum: 15; Default: 6 Numeric Characters required?: Enables you to enforce the use of numeric characters for constructing passwords. (Default: No) Special Characters required?: Enables you to enforce the use of special characters for constructing passwords. (Default: No)
10.3.3.4
Account Locking
Account Locking allows the superuser to specify the account locking policy for the selected user type Superuser, Administrator, Operator, or Viewer. Account locking protects the system from spurious logins through dictionary attacks.
Administration Tab
Figure 188.
Account Locking
Under Account Locking, you can select the User Type and then specify the following: Allowed Number of Login Failures: Enables the superuser to define the rate of login failure attempts above which the system is locked. (Minimum: 3 times in 5 minutes; Maximum: 10 times in 30 minutes; Default: 3 times in 10 minutes) Lockout Time: Enables the superuser to define the amount of time for which the selected user type is prevented from accessing the system. (Minimum: 5 minutes; Maximum: 30 minutes; Default: 15 minutes)
10.3.3.5
User Preferences
The User Preferences screen enables a user to change the login password and other preferences setup for oneself.
Administration Tab
Figure 189.
User Preferences
Under Password Details, you can specify the following: Email Address Old Password New Password Confirm Password Under User Preferences, you can change your Session Timeout interval, Language Preference, or Time Zone. To save to the new password and user preferences, click <Apply>.
10.3.4 Location Settings

Select the Location Settings screen to set the following location settings in the system.
10.3.4.1
Auto Location Tagging
A location tag that is attached to a device or an event helps identify the location of that event or device. The system has an Auto Location Tagging feature, which refers to the capability of the system to automatically tag the devices and events to the locations where they have been detected. The Auto Location Tagging screen enables you to configure the settings for automatic tagging of devices discovered by the system and events generated by the system.
Administration Tab
Figure 190.
Auto Location Tagging
Auto Location Tagging Configuration contains the following options: Devices: Based on the initial location of the device, the APs and Clients are auto-tagged immediately upon discovery. You can select how the system should compute the initial location tag of the APs or Clients. The system never auto-tags an AP or Client, if it is tagged manually. To re-enable auto location-tagging for a device, you must delete the device and let the system re-discover it. You must manually tag Sensors. You can do one of the following: o Choose the location tag of the Sensor that sees the highest RSSI value for that device o Choose the location tag of the selected number of Sensors that see the highest RSSI values for that device. (Minimum: 2; Maximum: 10; Default: 2) You can also discard the Sensors that see a lower RSSI after comparing the value with a Sensor that reports a higher RSSI. (Minimum: 20 dB; Maximum: 40 dB; Default: 30 dB) Events: The system tags events based on the location of the devices that participate in the events. The system initially identifies a primary device AP, Client, or Sensor for each event. The system automatically tags the location of events based on the tag for the primary device associated with the event. Note: The system never retags an event. You can tag the location of an event manually on the Events screen by right-clicking the event and from the resulting menu by selecting Change Location.
10.3.4.2
Location Tracking
The location of a particular device can be tracked using the location tracking feature. The system needs at least three Sensors to perform location tracking. The Location Tracking screen enables you to define the parameters that control location tracking.
Administration Tab
Figure 191.
Location Tracking
Default Location Tracking Parameters contains the following options: Location Tracking Technique: Select the technique used for location tracking. The technique available is Generalized Likelihood. Maximum number of Sensors to use for Location Tracking: Select the maximum number of Sensors used for location tracking. Sensors track down the location of a device and the system uses Sensors that see the maximum values. A higher value is likely to give better results. (Minimum: 3; Maximum: 10; Default: 4) Default Transmit Power of AP (mW): Location tracking needs as input the transmit power of the AP being located. When transmit power is unknown, the default value set here is used. (Minimum: 1 mW/0 dBm; Maximum: 100 mW/20 dBm; Default: 30 mW/15 dBm) Default Transmit Power of Client (mW): Location tracking needs as input the transmit power of the Client being located. When transmit power is unknown, the default value set here is used. (Minimum: 1 mW/0 dBm; Maximum: 100 mW/20 dBm; Default: 10 mW/ dBm)
10.3.4.3
Live RF Views
The Live RF Views screen enables you to define the parameters that are used in live RF views. These parameters are specific to each environment. Tuning the parameters enables you to see more accurate views.
Administration Tab
Figure 192.
Live RF Views
Default Live RF Views Parameters contains the following options: Intrusion Detection and Prevention Regions: Specify the dBm values for which the system shows the intrusion detection and prevention regions in the Sensor coverage views. o Intrusion Detection Display Threshold (dBm): Detection Range is the area over which Sensors can reliably detect wireless activity. Intrusion Detection Display Threshold determines the threshold for this range. (Default: -85 dBm) o Intrusion Prevention Display Threshold (dBm): Prevention Range is the area over which Sensors can prevent unauthorized wireless activity. Intrusion Prevention Display Threshold determines the threshold for this range. (Default: -75 dBm) Both the Detection and Prevention ranges are affected by parameters in the RF Propagation section. Note: The reliability of the prevention also depends on the Intrusion Prevention Level selected on AdministrationLocal tabOperating PoliciesIntrusion PreventionIntrusion Prevention Level tab.
10.3.4.4
RF Propagation
The RF Propagation screen enables you to define default AP, Client, and Sensor antenna gain values.
Administration Tab
Figure 193.
RF Propagation
Default RF Propagation Settings contains the following options: Default Antenna Gain Values: Specify the default Sensor, AP, and Client antenna gain values. Antenna gain is a characteristic of an antenna used for transmitting or receiving signal, defined as gain in power when signal is received (or transmitted) using the antenna. o Sensor Antenna Gain (dB): Specifies the gain of antenna attached to the Sensor. (Default: 2.3 dB) o AP Antenna Gain (dB): Specifies the gain of antenna attached to the AP. (Default: 2.3 dB) o Client Antenna Gain (dB): Specifies the gain of antenna attached to the Client. (Default: 0 dBm) Note: If better antennas are used, you should increase the gain. Transmitter Losses: Select the transmitter signal loss value suited to your environment. o If your environment has metal or concrete walls, select a higher signal value o If your environment has large spaces where the signal can propagate without much obstruction, select a lower signal loss value When a device transmits, some loss in power occurs due to antenna connectors, electromagnetic, and environmental factors. This loss might be different in different frequency bands. You can also specify the approximate loss in each band. Loss at Source for 802.11a Transmitter (dB): (Default: 10 dB) Loss at Source for 802.11b/g Transmitter (dB): (Default: 10 dB) Signal Decay Values: Signal propagation depends heavily on environment. The obstacles present in environment might impede signal propagation, limiting its range. It is very difficult to accurately model signal propagation in all kinds of environment, but by fine-tuning the following four constants, you can more or less characterize your environment for signal propagation. Note: The system uses the first set of parameters when the Planner file is imported; the second set for blank, gif, or jpeg files. Minimum and Maximum Signal Decay Constants specify the range for the decay exponent, that is, the exponent at which signal decays with distance. Signal Decay Slope (Beta) and Signal Decay Inflection (Alpha) control how the decay exponent changes from its minimum value to maximum value.
Administration Tab
For Nodes with imported HP ProCurve RF Planner: Minimum Signal Decay Constant: (Default: 2.0 dBm) Maximum Signal Decay Constant: (Default: 2.0 dBm) Signal Decay Slope (Beta): (Default: 0.08 dBm) Signal Decay Inflection (Alpha): (Default: -4 dBm) For Nodes with GIF, JPEG or Blank layout: Minimum Signal Decay Constant: (Default: 2.0 dBm) Maximum Signal Decay Constant: (Default: 2.5 dBm) Signal Decay Slope (Beta): (Default: 0.08 dBm) Signal Decay Inflection (Alpha): (Default: -4 dBm) Note: Planner models most significant objects; therefore Maximum Signal Decay Constant should be close to 2.0.
10.3.5 System Settings

Select the System Settings screen to set the following system settings in the system.
10.3.5.1
Encoding
Select the language encoding (language setting) to be used to correctly display page encoded language text from the drop down list on the Encoding screen. Default is UTF-8. Parameters like SSID, when configured on the AP using page encoding (either non-english native window or using a language pack) will appear garbled when the page encoding does not match the encoding selected here. Note: For the language encoding to be effective, it is mandatory to select Multilingual in the Language Preference field in Administration TabGlobalGlobal PoliciesUser ManagementUser Preferences screen along with selection of language encoding from the drop-down list on the Encoding screen.
Figure 194.
Encoding
10.3.5.2
Reports
Administration Tab
The system can display a rich set of reports. The Reports screen enables you to modify the appearance and text in the generated reports. Refer to the section Adding a Report for more details.
Figure 195.
Reports Configuration
10.3.5.3
Auto Deletion
The system is designed to store information about devices seen, and older events, over a period of time. The rate of growth of this information is dependent on the volatility of the wireless environment at the deployed location. This information also becomes obsolete after a certain time. It is necessary to delete this information periodically. Based on the event related configuration done by you, the system also raises and stores a number of events. If the configuration is such that there are significant number of events generated and stored, the stored event data size grows significantly faster. This event data also requires regular cleanup. Auto Deletion allows you to specify values of various auto deletion parameters to control the frequency of deletion of information. The system generates an event for tracking the action of auto deletion. This event gives information only about device deletion. There is no event separately generated that indicates event deletion. Event deletion is also referred to as Event Purging.
Administration Tab
Figure 196.
Auto Deletion
The Auto Deletion Parameters window contains the following options: Access Point Deletion Parameters: Select the checkboxes to choose the category of APs that you would like the system to delete automatically. Specify the number of days of inactivity after which the AP records are automatically deleted. (Minimum: 1 day; Maximum: 30 days) o Uncategorized o Rogue o External Note: Authorized APs are not auto deleted from the system. If you want to delete inactive authorized Access Points, you have to delete them manually. Client Deletion Parameters: Select the checkboxes to choose the category of wireless Client devices that you would like the system to automatically delete. Specify the number of days of inactivity after which the wireless Client records are deleted automatically. (Minimum: 1 day; Maximum: 30 day) o Uncategorized o Authorized o Unauthorized Events Deletion Parameters: Specify the maximum number of events that would be retained on the Server. o Maximum Security Events (Minimum: 20000; Maximum: 80000; Default: 50000) o Maximum Performance Events (Minimum: 5000; Maximum: 40000; Default: 10000) o Maximum System Events (Minimum: 500; Maximum: 2000; Default: 1000) Note: Events in excess of these are deleted from the Server even if the time period for retention mentioned below has not expired. Specify how long events should be retained in the database. Maximum days for which to retain Events (Minimum: 1 day; Maximum: 365 days; Default: 30 days) Note: Events older than the period specified will be deleted from the database even if the number of events are smaller than the numbers mentioned above.
Administration Tab
10.3.5.3.1
Auto Deletion Action
You can track auto deletion of inactive APs, Clients, and events, by monitoring the special event generated by the system. The system generates an event containing the summary of the actions performed during the Auto Deletion operation, if and only if any physical deletion of information actually took place.
10.3.5.4
Vendors
The Vendors screen enables you to view a list of vendors with their MAC prefixes. The 3-byte MAC prefix typically identifies the vendor for any given 802.11 device.
Figure 197.
Vendors
To add a new pair of vendor name and MAC prefix, click <Add>. The Add Vendor dialog opens. Specify the Vendor Name and the MAC Prefix and click <Add>.
Figure 198.
Add Vendor Dialog
To delete any pair from the existing list, select the relevant row and click <Delete>.
10.3.5.5
SMTP
The SMTP screen enables you to set Simple Mail Transfer Protocol (SMTP) Server settings to send emails when events occur. You must have administrator privileges to set these values.
Administration Tab
Figure 199.
SMTP
Note: If you want the system to notify you by an events email, you need to specify SMTP Server details. The system does not email events by default. If you do not want to receive email for the events, select <Restore Defaults> and <Apply>. SMTP Configuration contains the following options: SMTP Server IP Address/Hostname: Specifies the IP Address or the Hostname of the SMTP Server used by the system for sending email alerts. (Default: 127.0.0.1:25) The following are the authentication protocols for SMTP Server: PLAIN (For sendmail 8.10 and above) LOGIN (For sendmail 8.10 and above) NTLM (Windows proprietary authentication method) o Port: Specifies the Port number of the SMTP Server used by the system for sending email alerts. o Email Address in From field: Specifies the source address from which email alerts are sent. o Authentication Required: If enabled, specifies whether the SMTP Server requires authentication. o Username: Specifies the user name for SMTP Server authentication. o Password: Specifies the password for SMTP Server authentication. To send a test e-mail, click <Test SMTP Settings>. The settings used for this mail are those that you have specified.
10.3.5.6
License
You can upgrade your current version to enable or disable features by a new license key. The License Update screen enables you to change the license key. To update the license, click <Browse> and navigate to the location of the License Key File. To finish, click <Apply>.
Administration Tab
Figure 200.
License
Note: If you erroneously apply a non-LBP license to an LBP system, the policies set on the different locations remain unchanged. Classification, prevention, and other configuration parameters also continue to work as they did before applying the incorrect license. This retention ensures that you can recover the system by applying the correct LBP license.
Administration Tab
10.3.5.7
Server
The Server screen enables you to view Server information.
Figure 201.
Server Details
Server Details: This is a read-only section and displays the following information: o Server ID: Unique identifier for the Server appliance. If you have installed a single Server appliance, then retain the default Server ID, that is, 1. o Port: The User Datagram Protocol (UDP) port number used. o Max Sensors: Maximum number of Sensors that can connect to the Server. This is the maximum number of sensors allowed with your current license. The maximum allowed per appliance is 250 sensors. IPv6 status: Indicates if IPv6 is enabled on the Server. Server Status: Enables you to view the Current Status of the Server Running or Stopped. The administrator can Change Status, that is, start or stop the Server.
10.3.5.8
Manage Logs
RF Manager keeps log of system activities. Under Manage Logs, you can specify the number of days for which logs history be maintained, before deleting it automatically in the User Action Logs Deletion Threshold field. (Minimum: 7 days; Maximum: 365 days; Default: 30 days)
Administration Tab
Figure 202.
Manage Logs
10.3.5.9
View Logs
The system enables you to view log files that you have created for storing system activities. Under Time Filter, click the calendar icon to specify the Time Period From to To for which the user has to view the logs.
Administration Tab Figure 203. View Logs
Click <Download> to download the log file in Unicode for Excel (*.tsv) or CSV (Comma delimited) (*.csv) format. Recommendation: If the user wants to view the Log File only in Excel with multilingual characters in it, then the Log File should be downloaded as Unicode for Excel (*.tsv).
Figure 204.
Log File Example CSV format
Figure 205.
Log File Example Unicode for Excel format
The format of the Log File example is shown below: Date (UTC) Module Host Address Role Login Name Message where, Date (UTC): Specifies the date and the time of the log in UTC format Module: Specifies if the user action was taken from the Console (GUI), API, AP, or the Config Shell (CLI) Host Address: Specifies the Source IP Address/Client Name/API Client Identifier/Hostname Role: Specifies the role of the user Login Name: Specifies the login name of the user Message: For a user action from the Console (GUI), the IP address of the Client browser is prefixed to the message, for example, [192.168.2.45] user admin logged in to the system successfully, user config rebooted the Server, and so on
10.3.5.10 Upgrade
The system enables you to upgrade the existing version of the Server to a newer version, if available.
Administration Tab
Figure 206.
Upgrade
Prerequisites: 1 Sun Java Runtime Environment (JRE) version 1.6 or above must be installed on the computer from where you access the Console. 2 Popup blockers on the computer from which the Console is accessed must allow popup windows from the Server. 3 If there is a firewall between the computer from which the Console is accessed and the Server, TCP port 8080 of the Server must be accessible from that computer. 4 Users with the Superuser user role only can initiate Server upgrade using this method. Recommended: To upgrade the Server to a higher version, ensure that you access the Console using a computer whose IP address is not behind Network Address Translation (NAT). If you access the Console, using a NATed IP, upgrade will continue in the background but you cannot view the upgrade progress messages.
10.3.5.10.1 Steps for Server Upgrade

1 2 3 Click <Browse> to select the Upgrade Bundle. Click <Upgrade Now> to transfer the Upgrade Bundle to the Server. On the Confirm Upgrade dialog, click <Yes> to proceed with the upgrade.
Administration Tab
Figure 207. Confirm Upgrade Dialog
The Uploading Upgrade Bundle message with the progress bar appears.
Figure 208. Uploading Upgrade Bundle Progress Bar
5 6 7
You can cancel the upgrade by clicking <Cancel> anytime while the Upgrade Bundle upload is in progress. After the Server Upgrade Bundle upload is complete, the Server Upgrade starts automatically. Close the current browser window. A new window, Server Upgrade Progress, is launched which displays the status of the Server Upgrade process. Follow the instructions displayed on the Server Upgrade Progress window.
Administration Tab
Figure 209. Server Upgrade Progress Window
Note: You cannot abort or cancel the Server Upgrade process once the Server Upgrade Progress window is launched. Additionally, the Server Upgrade process continues even if the Server Upgrade Progress window is closed. 8 9 After the Server upgrade is successful, the Server reboots automatically. After you have read all instructions on the Server Upgrade Progress window, close all the Web browser windows including the Server Upgrade Progress window. 10 Wait for five minutes for the Server to reboot. After this, you can access the Server again.
10.3.5.11 HA Status
High Availability (HA) mode allows two Servers to be connected in a redundant configuration to form an HA cluster. One Server acts as the Active Server, while the other as a Standby Server. If the Active Server fails, the Standby Server takes over. This screen shows the status of the Servers in HA cluster.
Administration Tab
Figure 210.
HA Status
HA Status: This is a read-only section and displays the following information: HA Status: Displays the status of the HA Cluster. o Standalone: This state indicates that the Server is in Standalone mode. o Up: This state indicates that the HA Cluster is up and running. o Other Server Not Reachable: This state indicates that the Standby Server is not reachable over the HA interface link. Check whether the HA interfaces of both the Servers are securely connected using a crossover Ethernet cable. o Temporarily In Transition: This is an intermediate state. You need to wait for up to 30 minutes and then check the HA Status again. If this state persists contact Technical Support. o HA Setup In Progress: This state indicates that an HA setup is in progress using Config Shell or an earlier HA setup session was abnormally terminated. If you are sure HA setup is not in progress, reboot both the Servers. After reboot, both the Servers come up in the 'Standalone' mode. You need to wait for five minutes after the reboot and then login to these Servers. o Server Upgrade In Progress: This state indicates that Server Upgrade is in progress or an earlier Server Upgrade session was abnormally terminated. If you are sure Server Upgrade is not in progress, reboot the Server. After reboot, the Server will come up in the 'Standalone' mode. You need to wait for five minutes after the reboot and then login to the Server. o Database Operation In Progress: This state indicates that some database operation is in progress. If you are sure no database operation is in progress contact Technical Support. o Internal System Recovery In Progress: This state indicates that internal system recovery is in progress. If the same state persists for more than 30 minutes ensure that both the HA Servers are up and the HA interfaces of these Servers are securely connected using a crossover Ethernet cable. If the same state persists even after the above checks contact Technical Support. o Error: This state indicates an error in HA state. Contact Technical Support for assistance. Cluster IP Address: This IP address is used by the Console and Sensors to connect to the HA cluster. This is a virtual IP Address used by the HA cluster. This value must be the same on both the Servers. An erroneous value in these settings may result in inconsistency in the HA system. This may also make both the Servers inaccessible.
Administration Tab
Data Sync State: Displays the status of the initial data synchronization from the Active Server to the Standby Server after enabling HA service or after Server reboot. HA Link State: Indicates the status of the HA Interface Link between the two Servers Up, Down, or NA. Under Active Server, you can view the network configuration parameters of the Active Server: Network IP Address: This is the IP Address of the network interface of the Active Server. HA IP Address: This is the IP Address of the HA interface of the Active Server. Under Standby Server, you can view the network configuration parameters of the Standby Server: Network IP Address: This is the IP Address of the network interface of the Standby Server. HA IP Address: This is the IP Address of the HA interface of the Standby Server.
10.3.5.12 Login Message
The system enables you to configure a login message through the Login Message screen. Superuser of the system has the right to enter the login message that will be flashed in the Login screen.
Figure 211.
Login Message
Select the checkbox, View Login Message to view the login message on the Console. Console Login Message: Specifies the login message to display on the Console. The Login screen with the specified Console Login Message.
Administration Tab
Figure 212.
Login Screen with the Console Login Message
10.3.5.13 Wizards
The systems Setup Wizard systematically takes you through a recommended sequence of configuration screens that enable you to set up your system completely This wizard does not remember or apply any configuration changes. It is simply a tour guide. You must explicitly apply changes on the individual configuration screens for them to take effect. You can exit the wizard or skip a step at any time.
Figure 213.
Wizards
Administration Tab
Click <Start Setup Wizard> to open a Confirm message dialog that confirms your navigation through the wizard.
10.3.6 WLAN Integration

The WLAN Integration screen allows the system to be integrated with various WLAN Management tools.
10.3.6.1
HP MSM Controller
The HP MSM Controller manages a collection of thin APs. The HP MSM architecture consists of MSM Controllers and the APs that are managed by these controllers. Integration with HP MSM Controller allows the system to fetch information about Synchronized APs. Using this information the system automatically classifies these devices.
Figure 214.
HP MSM Controller Integration
Important: The system supports HP MSM Controller version 5.4.2 or higher. Integration Status: Enabling the MSM Controller integration allows the system to obtain data from the configured controllers. Enabling / Disabling individual controllers is also possible. Selecting Integration Enabled enables integration for all configured controllers. Current Status: Displays Running if Integration is enabled. Displays Stopped if controller integration is switched off. The Status field for each individual controller displays Error if o One of the configured and enabled MSM Controllers has a hostname which cannot be resolved o One of the configured and enabled MSM Controllers is not reachable o System Server is stopped o Internal error (Contact Technical Support) o Under Automatic Synchronization Settings, select the System synchronization interval. Synchronization Interval (Minutes): Specifies the interval after which the server synchronizes with the MSM Controller. (Minimum: 15 minutes; Maximum: 60 minutes; Default: 15 minutes)
Administration Tab
Client Certificate Management: When the MSM Controller is configured to communicate with Client programs using Secure HTTP and Client Authentication, a Client Certificate is uploaded into the MSM Controllers Trusted CA Certificate Store. Click <Download> to download a pre-generated Client Certificate for RF Manager. Upload this Client Certificate into the MSM Controllers Trusted CA Certificate Store using its management tool. RF Manager is now setup and ready to communicate with the MSM Controller.
Figure 215.
Client Certificate Download Dialog
Click <Save> to download and save the Client Certificate to the appropriate directory. Note: To customize the Client Certificate refer to the CLI commands: get msmcontroller cert, get msmcontroller certreq, and set msmcontroller cert as described in Appendix B: Config Shell Commands.
10.3.6.1.1
Under MSM Controllers, click <Add> to configure an MSM Controller for integration.
Adding an HP MSM Controller
Administration Tab
Figure 216.
Add HP MSM Controller Dialog
HP MSM Controller contains the following fields: Controller Name or IP Address: Specifies the Controller Name or IP address of the HP MSM Controller with which the system communicates. Port Number: Specifies the port number of the HP MSM Controller from which data is imported. (Default: 448) Authentication: Secure Http (SSL/TLS): Select this option if the MSM Controller is configured to use HTTPS for authentication. In addition, if the MSM Controller is setup to use Client Authentication, ensure that the RF Managers Client Certificate is uploaded into the MSM Controllers Trusted CA Certificate Store. Http Authentication: If enabled, specifies whether the HP MSM Controller requires Http authentication o Username: Specifies the user name for HP MSM Controller authentication o Password: Specifies the password for HP MSM Controller authentication Click the <Add> button to save the details for a new HP MSM Controller.
10.3.6.1.2
Editing an HP MSM Controller
Double-click a row or click <Edit> to open an HP MSM Controller dialog similar to the one shown above, to update the HP MSM Controller details. Click <Save> to save all settings.
10.3.6.1.3
Deleting an HP MSM Controller
Select a row and click <Delete> to discard the details of an existing HP MSM Controller. You can delete multiple HP MSM Controller details using click-and-drag or using the <Shift> + <Down Arrow> keys and then clicking <Delete>.
10.3.6.1.4
Enabling an HP MSM Controller
Select a row and click <Enable> to enable the selected HP MSM Controller. You can enable multiple HP MSM Controller details using click-and-drag or using the <Shift> + <Down Arrow> keys and then clicking <Enable>.
10.3.6.1.5
Disabling an HP MSM Controller
Select a row and click <Disable> to disable the selected HP MSM Controller. You can disable multiple HP MSM Controller details using click-and-drag or using the <Shift> + <Down Arrow> keys and then clicking <Disable>. The ESM (Enterprise Security Management) Integration screen allows configuration of various ESM integrations that collect, analyze, and display events.
10.3.7 ESM Integration
10.3.7.1
ArcSight SEM Server
The system integrates with ArcSights Security Enterprise Management (SEM) infrastructure by sending events to the
Administration Tab
designated ArcSight Server. The ArcSight Server is configured to accept syslog messages having detailed event information in ArcSights Common Event Format (CEF). The system needs the IP Address or the hostname and the port on which the ArcSight Server receives events.
Figure 217.
ArcSight SEM Server
ArcSight Integration Status: If ArcSight integration is enabled, the system sends messages to the configured ArcSight Servers. Otherwise, ArcSight integration services are shut off. If you select ArcSight Integration Enabled, you can manage ArcSight Servers. The system enables ArcSight by default. Current Status: Displays the Current Status of the ArcSight Server: Running or Stopped. An Error status is shown in one of the following cases: o One of the configured and enabled ArcSight Servers has a hostname, which cannot be resolved o System Server is stopped o Internal error, in which case you need to contact Technical Support
10.3.7.1.1
Adding an ArcSight Server
Under ArcSight Servers, click <Add>to open to ArcSight Configuration dialog where you can add ArcSight Server details.
Figure 218.
ArcSight Configuration Dialog
Administration Tab
ArcSight Configuration dialog contains the following fields: ArcSight Server (IP Address/Hostname): Specifies the IP Address or the hostname of the destination ArcSight Server to which the CEF formatted messages are sent, if enabled. Note: Configured ArcSight Servers will use the DNS names and DNS suffixes configured by the user in the Server Initialization and Setup Wizard on the Config Shell. Port Number: Specifies the port number of the ArcSight Server to which the system should send CEF messages. Enabled?: If the checkbox is selected, the system sends CEF messages to the configured and enabled ArcSight Servers. There is no guarantee that the configured ArcSight Servers will receive those messages. (Default: Enabled) Click <Add> to add the details for a new ArcSight Server.
10.3.7.1.2
Editing an ArcSight Server
Double-click a row or click <Edit> to open ArcSight Configuration dialog similar to the one shown above. Click <Save> to save all settings.
10.3.7.1.3
Deleting an ArcSight Server
Select a row and click <Delete> to discard the details of an existing ArcSight Server. You can delete multiple ArcSight Server details using click-and-drag or using the <Shift> + <Down Arrow> keys and then clicking <Delete>. Note: Total gives the total number of ArcSight Servers configured to receive events from the system.
10.3.7.2
The SNMP screen enables the system to send events as SNMP traps to designated SNMP trap receivers. It also allows SNMP managers to query Server operating parameters using IF-MIB, MIB-II, and Host Resources MIB.
SNMP
Figure 219.
SNMP
SNMP Integration Status: If SNMP integration is enabled, the system sends SNMP traps to the configured SNMP Servers. Other systems can do an SNMP Get to this Server. Otherwise, SNMP integration services are shut off.
Administration Tab
If you select SNMP Integration Enabled, you can edit and manage SNMP Server details. The system enables SNMP by default. Current Status: Displays the Current Status of the SNMP Server: Running or Stopped. An Error status is shown in one of the following cases: o System Server is stopped o Internal error, in which case you need to contact Technical Support Under SNMP Settings, configure SNMP Gets or Traps. SNMP Gets Enabled: Allows SNMP managers to query Server-operating parameters enlisted in IF-MIB, MIB-II, and Host Resources MIB. You can block queries related to all of the above listed MIBs by de-selecting the checkbox. SNMP Traps Enabled: Allows SNMP traps to be sent to configured SNMP Servers. Additionally, select the SNMP versions to be enabled and configure the relevant settings. The SNMP agent residing on the Server uses the SNMP version parameters to deliver traps to the SNMP Trap receivers. SNMP v1, v2: If selected, traps are sent to all Trap receivers accepting traps using SNMP v1, v2 protocol. You can change the Community String for the SNMP agent. All SNMP v1, v2 Trap receivers configured, should use this community string to receive traps. (Default: public) SNMP v3: If selected, traps are sent to all Trap receivers accepting traps using SNMP v3 protocol. You can change the Username and Password for the SNMP agent. All SNMP v3 Trap receivers configured, should use these parameters to receive traps. The Engine ID field is un-editable. (Default Username: admin; Default Password: password) Under SNMP MIBs, you can choose to query by enabling or disabling the following SNMP MIBs individually. IF MIB Host Resources MIB RF Manager-MIB: If selected, the system enables the external SNMP Trap receivers to receive traps MIB-II: If selected, configure the System Contact, System Name, and System Location. (Default System Name: Wi-Fi Security Server) Note: IF MIB, Host Resources MIB, an MIB II are standard MIBs that you can download from the Internet. For RF Manager MIB, contact HP ProCurve Networking Technical Support.
10.3.7.2.1
Adding an SNMP Trap Destination Server
Under SNMP Trap Destination Servers, click <Add>to open SNMP Configuration dialog where you can add SNMP Server details.
Figure 220.
Add SNMP Configuration Dialog
Trap Destination Details contains the following fields: Destination Server (IP Address/Hostname): Specifies the IP address or the hostname of the SNMP Server to which events should be sent.
Administration Tab
Note: Configured SNMP Servers will use the DNS names and DNS suffixes configured by the user in the Server Initialization and Setup Wizard on the Config Shell. SNMP Protocol Version: Specifies the SNMP protocol version for the SNMP agent. (Default: SNMP v1, v2) Port Number: Specifies the port number on the receiving system to which the SNMP trap is sent. (Default: 162) Enabled?: Specifies if the SNMP Server is enabled to receive SNMP traps. (Default: Enabled)
Note: You must specify a different port number if another application uses the default port. Click <Add> to add the details for a new SNMP Server.
10.3.7.2.2
Editing an SNMP Trap Destination Server
Double-click a row or click <Edit> to open SNMP Configuration dialog similar to the one shown above to update the SNMP Server details. Click <Save> to save all settings.
10.3.7.2.3 10.3.7.3
Select a row and click <Delete> to discard the details of an existing SNMP Server.
Deleting an SNMP Trap Destination Server
Syslog
The Syslog screen allows the Server to send events to designated Syslog receivers.
Figure 221.
Syslog
Syslog Integration Status: If Syslog integration is enabled, the system sends messages to the configured Syslog Servers. Otherwise, Syslog integration services are shut off. If you select Syslog Integration Enabled, you can manage Syslog Servers. The system enables Syslog by default. Current Status: Displays the Current Status of the Syslog Server: Running or Stopped. An Error status is shown in one of the following cases: o One of the configured and enabled Syslog Servers has a hostname, which cannot be resolved o System Server is stopped o Internal error, in which case you need to contact Technical Support
Administration Tab
10.3.7.3.1
Adding a Syslog Server
Under Manage Syslog Severs, click <Add> to open Syslog Configuration dialog where you can add Syslog Server details.
Figure 222.
Syslog Configuration Dialog
Syslog Configuration contains the following fields: Syslog Server (IP Address/Hostname): Specifies the IP address or the hostname of the Syslog Server to which events should be sent. Note: Configured Syslog Servers will use the DNS names and DNS suffixes configured by the user in the Server Initialization and Setup Wizard on the Config Shell. Port Number: Specifies the port number of the Syslog Server to which the system sends events. (Default: 514) Message Format: Specifies the format in which the event is sent, which is Intrusion Detection Message Exchange Format (IDMEF) or Plain text. (Default: Plain text)
Note: If you upgrade a Server pre-6.0 to 6.0, all previously configured Syslog Servers would send events in Plain text Message Format by default. You can select the IDMEF format by editing the Syslog Server settings. Enabled?: Specifies if the events are to be sent to this Syslog Server. (Default: Enabled) Click <Add> to add the details for a new Syslog Server.
10.3.7.3.2
Editing a Syslog Server
Double-click a row or select a row and click <Edit> to open Syslog Configuration dialog similar to the one shown above. Click <Save> to save all settings.
10.3.7.3.3 10.3.7.4
Deleting a Syslog Server OPSEC
Select a row and click <Delete> to discard the details of an existing Syslog Server. Operations Security (OPSEC) is an analytic process used to deny an adversary information - generally unclassified concerning our intentions and capabilities by identifying, controlling, and protecting indicators associated with our planning processes or operations. OPSEC does not replace other security disciplines - it supplements them.
Administration Tab
Figure 223.
OPSEC
Integration with OPSEC enables the system to send events to the specified OPSEC Server. OPSEC Integration Status: If OPSEC integration is enabled, the system sends events to the configured OPSEC Servers. Otherwise, OPSEC integration services are shut off. If you select OPSEC Integration Enabled, you can configure OPSEC Server settings. The system disables OPSEC by default. Current Status: Displays the Current Status of the OPSEC Server: Running or Stopped. An Error status is shown in one of the following cases: o System Server is stopped o OPSEC configuration is either incomplete or incorrect or if the OPSEC Server is stopped o Internal error, in which case you need to contact Technical Support o Under OPSEC Server Settings specify the OPSEC Server details. Server Name: Specifies the name of the OPSEC Server Server IP: Specifies the IP Address of the OPSEC Server Authentication Port: Specifies the OPSEC Server authentication port used for communication with the system Specify the authentication type you can select one of the following types of authentication: o Clear o SSL o SSL OPSEC o SSL Clear o SSL Clear OPSEC o FWN o Auth OPSEC o SSL CA o SSL CA Comp o SSL CA RC4 o SSL CA RC4 Comp o Asymmetric SSL CA o Asymmetric SSL CA Comp
Administration Tab
o Asymmetric SSL CA RC4 o Asymmetric SSL CA RC4 Comp o SSLA Clear Under SIC Settings, you need to specify the following settings for the Simple Instructional Computer (SIC) for all the authentication types except Clear: o Server SIC Name: Specifies the Server name of the SIC o Client SIC Name: Specifies the Client name of the SIC Under CA Settings, if you have selected an authentication type that has a CA in it, select Create new digital certificate, then, you need to configure the following parameters for the Certifying Authority (CA). o IP/Hostname: Specifies the IP address or the hostname of the CA o Object Name: Specifies the object name of the CA o Password: Specifies the one time password needed to acquire the certificate Under Symmetric Key Based Settings, if you have selected an authentication type that does not have a CA in it, select Create New Secret Key, then, you need to create a new secret key.
10.4 Local Policies
Click the Local tab in the Administration screen to view the policies groups under this tab. The Local tab consists of two trees: Location tree on the top Administration tree at the bottom The entire local policies configuration is for the selected location in Location tree.
10.4.1 Wireless Policies

Select the Wireless Policies screen to specify the Authorized Wi-Fi policies for a particular location.
10.4.1.1
Authorized WLAN Setup
The system uses the details of the Authorized Wi-Fi setup at a particular location to detect the presence of Mis-configured or Rogue APs in your network. You can specify the details of authorized SSIDs and a list of networks to which Authorized APs can connect.
Administration Tab Figure 224. Authorized WLAN Setup
Select one of the following to characterize a particular location: This is a No Wi-Fi location: If no Authorized Wi-Fi APs are installed at this location. If you configure a location as a no Wi-Fi location, the Specify Authorized SSID section is grayed out. Wi-Fi is allowed at this location: To specify the details of the Authorized Wi-Fi APs in this location.
10.4.1.1.1
Specify Authorized SSIDs
Under this tab, specify the Authorized SSIDs at this location. For each SSID, you can specify the detailed configuration. This per SSID configuration is called an SSID template. Creating a Configuration Template for an Authorized 802.11 SSID Add Authorized SSIDs allows you to create an SSID template in one of the following ways: Add Visible SSID: To create an SSID template from a list of visible SSIDs. The visible SSID list is built using the data received from Sensors. Add Custom SSID: To create a template using a user-defined SSID. Click <Add SSID template> to create a new SSID template. The Template for an Authorized 802.11 SSID dialog appears where you can select multiple items in some fields.
Figure 225.
Creating a Configuration Template for an Authorized SSID
Create SSID Template allows you to specify the details for creating a new SSID as follows:
Administration Tab
Authorized SSID: Displays the name of the SSID that you have added earlier This is a Guest SSID: Select this option if this SSID is a Guest SSID used to provide Wi-Fi connectivity to visitors and guests. Though APs with Guest SSID are Authorized, they may be treated differently than APs that are used by employees for corporate access. Making an SSID as Guest allows you to specify additional classification and prevention policies related to Guest SSIDs. Refer to the sections Client Auto-Classification Intrusion Prevention Policy and for more details on classifying Guest SSIDs (see Operating Policies) o Template Name: Name of the SSID template o Apply this SSID template at current location: Select this option to apply this SSID template to the current location. The WLAN policy at a location consists of SSID templates applied at that location. If the template is not applied at this location, it will not be a part of the WLAN policy o Description: Write a short description to help identify the SSID template Network Protocol allows you to select the allowed 802.11 protocols for the SSID: o Any: Allow APs with any network protocol for this SSID o Select: Specify the 802.11 protocol on which the system allows the APs connected to the network to operate802.11a, 802.11b, and 802.11g Authentication Framework allows you to select the security framework for the SSID: o Any: Allow APs with any authentication framework to connect to the system o Select: Specify the authentication frameworkPSK and 802.1x (EAP). The authentication framework is only applicable if the template supports WPA/WPA2 and 802.11i privacy Encryption Protocols allows you to select the allowed encryption protocols for the SSID: o Any: Allow APs with any encryption protocol for this SSID o Select: Specify the encryption protocolsWEP40, WEP104, TKIP, and CCMP. TKIP and CCMP are available only if the template supports WPA/WPA2 and 802.11i privacy Security Settings allows you to select the security protocol(s) for the SSID: o Any: Allow APs with any security settings to connect o Select: Specify the privacy mechanismOpen, WEP, WPA, and 802.11i for the APs connected to the SSID Cisco MFP allows you to make classification decisions on Cisco Management Frame Protection(MFP) capability if 802.11i checkbox is selected under Security Settings: o Any: Policy does not check for MFP; both Cisco MFP enabled and disabled APs are classified as Authorized o Select: Policy checks for MFP Cisco MFP Enabled: Select to classify only Cisco MFP supporting APs as Authorized APs Cisco MFP Disabled: Select to classify non-Cisco MFP supporting APs as Authorized APs o o AP Capabilities allows you to select the additional capabilities that Authorized APs may have. If you select any of these advanced capabilities, the classification logic allows APs with and without these capabilities. Select one of the following: o Any: Allow APs with any special capability for this SSID o Select: Specify if the AP uses any Turbo/Super techniques used by Atheros to get higher throughputs Turbo, SuperAG, and 802.11n Authentication Types allows you to select the allowed authentication types that Clients can use. Authentication types do not determine the classification of APs, but are used to raise an event if a Client is authenticated via a non-allowed authentication type. The system raises this event only if the system sees authentication protocol handshake frames. o Any: Allow Clients with any authentication type for this SSID o Select: Specify the authentication types that Clients can use (only if 802.1x is selected)PEAP, EAP-TLS, LEAP, EAP-TTLS, EAP-FAST, and EAP-SIM Selection is allowed Allowed Networks allows you to select the networks where Authorized APs with this SSID are connected: o Any: Allow APs with this SSID to connect to any network o Select Networks: Specify the networks where Authorized APs with this SSID are connected. You can either choose from networks that are discovered automatically by the system or add new networks that are not yet discovered by the system Click <Select Networks> to open Allowed Networks for SSID dialog where you can move a network from Networks Monitored by the System to Allowed Networks for this SSID and add or delete networks. Under Allowed AP Vendors, select one of the following:
Administration Tab
o o
Any: Allow APs manufactured by any vendor to connect to the system Select Vendors: Select the manufacturer of the AP with the specified SSID. If an AP with the specified SSID is discovered at this location, the system declares it as a Rogue, unless one of the manufacturers listed manufactures it.
SSID Templates A policy is collection of SSID templates attached to that location. You can apply an SSID template from the parent or create it locally; if you wish to customize the WLAN policy for that location. Other templates may be available to be attached but are not part of the WLAN policy and will not be used for AP classification. The SSID Templates section lists the SSID templates that are available at a particular location. You must apply the templates from the available list to create the WLAN policy at that location. A new AP or an existing Authorized AP is compared against the applied SSID templates to determine if it is a Rogue or Mis-configured AP. The SSID templates created at other locations can be applied to a selected location but cannot be edited or deleted. The edit and delete operations are possible only at the location where the template is created. The table shows the following details: SSID: Name of the SSID Guest SSID?: Indicates if it is a Guest SSID Template Name: Name of the SSID template Apply Here?: Enables you to apply the SSID template to the selected location. New and existing Authorized APs are evaluated against all applied SSID templates to determine if they are Rogue or Mis-configured. : Click these icons to perform the following: Copy the selected SSID template to another location. Edit the SSID template. This option is enabled only at the location where the template was created. View the SSID template. Delete the template. This option is enabled only at the location where the template was created and only if the template is not applied at any other child locations of the location where it was created.
Determining Policy Compliance An AP is considered as being compliant to the Authorized WLAN Policy if: It is not connected to a No Wi-Fi network for its location Its SSID matches with one of the templates attached at that location Is connected to one of the networks specified in that template Conforms to the other settings in that template (except the Authentication Framework, as this setting is not a property of the AP itself but of the backend authentication system) Note: If the template specifies certain allowed AP capabilities (such as Turbo, 802.11n, and so on.), the AP may or may not have those capabilities. However, if a capability is not selected, the AP must not have that capability to be considered as compliant. With location-based policies, you can specify (or attach) different sets of SSID templates for different locations. However, you cannot attach more than one template with the same SSID at any one location.
Administration Tab
Figure 226.
Determining Policy Compliance
10.4.1.1.2
Select No Wi-Fi Networks
This section allows you to specify the list of networks at the selected location where no Wi-Fi APs are allowed to be connected. The No Wi-Fi Networks list at a location takes precedence over the list of networks in SSID templates applied at that location. In other words, if a network is included in a locations no Wi-Fi list and happens to be in the list of networks in one or more applied SSIDs at that location, the network will be still treated as a no Wi-Fi network.
Administration Tab
Figure 227.
No Wi-Fi Network
Networks Monitored by the System: Specifies the networks monitored by the system. No Wi-Fi Networks at this Location: Specifies the networks to which no Wi-Fi AP should be connected at the selected location. You can move a network from Networks Monitored by the System to No Wi-Fi Networks at this Location. Click <Add> to enter a new network address to add a No Wi-Fi network at the selected location.
10.4.1.1.3
RSSI based Classification
APs are further classified based on the RSSI value that the Sensors receive. If the signal strenth exceeds a maximmum threshold, the Sensor appropriately clssifies the AP. HP ProCurve higly recommends that you turn on network connectivity based classification as it is the most reliable mechanism to classify wireless devices when most of your network is monitored using Sensors and NDs. Under RSSI Threshold, select one or both (recommend) of the following checkboxes: Pre-classify APs with signal strength stronger than threshold as Rogue or Authorized APs to specify the threshold RSSI value based on which the system further classifies APs. Pre-classify APs connected to monitored subnet as Rogue or Authorized APs to classify APs based on their network connectivity.
Administration Tab
Figure 228.
RSSI based Classification
10.4.2 Operating Policies

Select the Operating Policies screen to set the operating policies in the system.
10.4.2.1
AP Auto-Classification
The AP Auto-Classification policy function enables you to specify the AP classification policy for different AP categories.
Administration Tab
Figure 229.
AP Auto-Classification Policy
Under External APs, HP ProCurve recommends that you select Automatically move Potentially External APs in the Uncategorized list to the External Folder. The system automatically removes an AP from the External folder and moves it to an appropriate AP folder if it later detects that the AP is wired to the enterprise network. Under Rogue APs, HP ProCurve recommends that you select Automatically move Potentially External APs in the Uncategorized list to the Rogue Folder. Note: Once you move an AP to the Rogue folder, the system never automatically removes it from the Rogue folder, even if it later detects that the AP is unwired from the enterprise network or its security settings have changed.
10.4.2.2
Client Auto-Classification
The Client Classification policy determines how Clients are classified upon initial discovery and subsequent associations with APs.
Administration Tab
Figure 230.
Client Auto-Classification Policy
Under Initial Client Classification, specify if newly discovered Clients at a particular location, which are Uncategorized by default should be classified as Authorized or Unauthorized. Under Automatic Client Classification, select one or more options to enable the system automatically re-classify Uncategorized and Unauthorized Clients based on their associations with APs. You can categorize the following types of Clients. Clients connecting to Authorized APs o All Unauthorized Clients that connect to an Authorized AP are re-classified as Authorized o All Uncategorized Clients that connect to an Authorized AP are classified as Authorized You can select the following Exceptions o Do not re-classify a Client connecting to a Guest AP as Authorized o Do not re-classify a Client connecting to a Mis-configured AP as Authorized o Do not re-classify a Client as Authorized if its wireless data packets are not detected on the wired network Clients connecting to External or Rogue APs o All Uncategorized Clients that connect to an External AP are classified as Unauthorized o All Uncategorized Clients that connect to a Rogue AP are classified as Unauthorized o All Uncategorized Clients that connect to a Potentially External AP are classified as Unauthorized o All Uncategorized Clients that connect to a Potentially Rogue AP are classified as Unauthorized
10.4.2.3 Intrusion Prevention 10.4.2.3.1 Intrusion Prevention Policy
The Intrusion Prevention policy determines the wireless threats against which the system protects the network automatically. The system automatically moves such threat-posing APs and Clients to quarantine. The system can protect against multiple threats simultaneously based on the selected Intrusion Prevention level. If the Server quarantines an AP or Client based on the Intrusion Prevention policy, the Disable Auto-quarantine option ensures that the system will not automatically quarantine this AP or Client (regardless of the specified Intrusion Prevention policies).
Administration Tab
Figure 231.
Intrusion Prevention Policy
You can enable intrusion prevention against the following threats: Rogue APs: APs connected to your network but not authorized by the administrator; an attacker can gain access to your network through the Rogue APs. You can also automatically quarantine Uncategorized Indeterminate and Banned APs connected to the network. Mis-configured APs: APs authorized by the administrator but do not conform to the security policy; an attacker can gain access to your network through misconfigured APs. This could happen if the APs are reset, tampered with, or if there is a change in the security policy. Client Mis-association: Authorized Clients that connect to Rogue or External (neighboring) APs; corporate data on the Authorized Client is under threat due to such connections. HP ProCurve recommends that you provide automatic intrusion prevention against Authorized Clients that connect to External APs. Unauthorized Associations: Unauthorized and Banned Clients that connect to Authorized APs; an attacker can gain access to your network through Authorized APs if the security mechanisms are weak. Unauthorized or Uncategorized Client connections to an Authorized AP using a Guest SSID are not treated as unauthorized associations. Ad hoc Connections: Peer-to-peer connections between Clients; corporate data on the Authorized Client is under threat if it is involved in an ad hoc connection. MAC Spoofing: An AP that spoofs the wireless MAC address of an Authorized AP; an attacker can launch an attack through a MAC spoofing AP. Honeypot/Evil Twin APs: Neighboring APs that have the same SSID as an Authorized AP; Authorized Clients can connect to Honeypot/Evil Twin APs. Corporate data on these Authorized Clients is under threat due to such connections. Denial of Service (DoS) Attacks: DoS attacks degrade the performance of an official WLAN. WEPGuard TM: Active WEP cracking tools allow attackers to crack the WEP key and gain access to confidential data in a matter of minutes or even seconds. Compromised WEP keys are used to gain entry into the authorized WLAN by spoofing the MAC address of an inactive Authorized Client. Client Bridging/ICS: A Client with packet forwarding enabled between wired and wireless interfaces. An authorized Client bridging and unauthorized/uncategorized bridging Client connected to enterprise subnet is a serious security threat.
10.4.2.3.2
Intrusion Prevention Level
The system can prevent any unwanted communication in your 802.11 network. It provides you various levels of prevention209 HP ProCurve RF Manager and Sensors Management and Configuration Guide
Administration Tab
blocking mechanisms of varying effectiveness. Intrusion Prevention Level enables you to specify a trade-off between the desired level of prevention and the desired number of multiple simultaneous preventions across radio channels. The greater the number of channels across which simultaneous prevention is desired, the lesser is the effectiveness of prevention in inhibiting unwanted communication. Scanning for new devices continues regardless of the chosen prevention level.
Figure 232.
Intrusion Prevention Level
You can select the following prevention levels: Block: A single Sensor can block unwanted communication on any one channel in the 802.11b/g band and any one channel in the 802.11a band. Disrupt: A single Sensor can disrupt unwanted communication on any two channels in the 802.11b/g band and any two channels in the 802.11a band. Interrupt: A single Sensor can interrupt unwanted communication on any three channels in the 802.11b/g band and any three channels in the 802.11a band. Degrade: A single Sensor can degrade the performance of unwanted communication on any four channels in 802.11b/g band and any four channels in the 802.11a band. Block is the most powerful prevention level, that is, it can severely block almost all popular Internet applications including ping, SSH, telnet, FTP, HTTP, and the like. However, at this level, a single Sensor can simultaneously prevent unwanted communication on only one channel in the 802.11b/g band and one channel in the 802.11a band. If you want the Sensor to prevent unwanted communication on multiple channels simultaneously in the 802.11 b/g and/or the 802.11a band, you must select other prevention levels. Note: Prevention Type determines the blocking strength to prevent communication from unwanted APs and Clients. The system can prevent multiple APs and Clients on each channel. Prevention Type is not applicable for Denial of Service (DoS) attacks or ad hoc networks. You must select a lower blocking level to prevent devices on more channels. Choosing a lower blocking level means that some packets from the blocked device may go through.
10.4.3 Event Settings

10.4.3.1 Configuration
Administration Tab
Event Configuration comprises of the following main tabs: Security System Performance
10.4.3.1.1
Security
Security enables you to view events that indicate security vulnerability or breach in your network. Security events are further divided into the following sub-categories: Rogue AP Mis-Configured AP Misbehaving Clients Prevention DOS Ad hoc Network Man-in-the-Middle MAC Spoofing Reconnaissance
10.4.3.1.2
System
System enables you to view events that indicate system health. System events are further divided into the following subcategories: Troubleshooting Sensor Server
10.4.3.1.3
Performance
Performance enables you to view events that indicate wireless network performance problems. Performance events are further divided into the following sub-categories: Bandwidth Configuration Coverage Interference Once you select an event type, and then a sub-category, a list of events under that sub-category appears.
Administration Tab
Figure 233.
Event Configuration
The events list displays the following columns: Activity Status Icon: Specifies the activity status of the event Live or Instantaneous. Display: Select the checkboxes that correspond to the types of events that you want to appear in the main Events screen. E-mail: Select the checkboxes that correspond to the types of events for which you want emails notifications sent to all users whose email addresses you have configured in the AdministrationEvent SettingsEmail Notification. Notify: Select the checkboxes that correspond to the types of events for which you want notifications sent to external agents such as SNMP, Syslog, ArcSight, and OPSEC. Vulnerability: Select checkboxes to indicate which types of events make the system Vulnerable. The Security Scorecard shows Vulnerable status if any events of the selected type occur. Severity: Select the severity of each event as High, Medium, or Low. This function helps you to organize events in the most useful way. Event: Provides a short description of each event. Click for Details: Click to view a detailed description of the corresponding event category. Advanced Settings: Click <Edit> to open the Event Advanced Settings dialog and change the configuration parameters of the corresponding event category. <Edit> is disabled when the event has no configuration parameters. Note: The parameters in the Event Advanced Settings dialog changes according to the settings for the selected event.
Administration Tab
Figure 234.
Event Advanced Settings
10.4.3.2
Email Notification
The Email Notification screen enables you to select the email addresses that should be notified when an event occurs at a particular location. You can select from the email addresses of system users or add a new email address.
Figure 235.
Email Notification
Click <Add>to open Custom Email Address for Notification dialog where you can add a new email address.
Administration Tab
Figure 236.
Custom Email Addresses for Notification Dialog
Click <OK> to add the new email address. Select an email address and click <Delete> to delete an existing email address. You can delete multiple email addresses using click-and-drag or using the <Shift> + <Down Arrow> keys and then clicking <Delete>.
10.4.4 Sensor Configuration

This screen enables you to define templates for Sensor configuration.
10.4.4.1
Manage Sensor Configuration Templates
This screen allows administrators to create different Sensor configuration templates. This allows the user to apply different settings to different Sensors by applying different templates. Each configuration template allows settings for operating region, channels to monitor, channels to defend, and offline Sensor operation. At any location, you can choose a template as a default template. This template will be applied to any new Sensor tagged to that location.
Figure 237.
Sensor Configuration
Note: Sensors prior to Version 5.2 do not support additional channels (802.11j & Turbo channels), and Offline Sensor Configuration features. If you apply templates containing these settings to older Sensors, older Sensors will ignore the additional settings. Click <Add New Sensor Template> to open the Sensor Configuration Template dialog.
Administration Tab
Figure 238.
Channel Settings Tab
Under Create Configuration Template, specify the following: Name: Unique name of the Sensor Configuration template (less than 40 characters) Description: Brief description of the Sensor Configuration template (less than 500 characters) Note: The system stores the default Sensor configuration in a predefined template System Template. You cannot delete the System Template nor edit its name; it is unique. When a Sensor is added or discovered, it is automatically assigned the configuration settings in this template. You are allowed to edit the configuration settings in the System Template to effect default configuration of your choice. Whenever you delete a user-defined Sensor configuration template, all the Sensors associated with that template are assigned the System Template. You can override the template applied to a Sensor manually from the Devices Sensors tab. If you modify the settings in a template, the new settings are applied to the Sensors to which this template is applied.
10.4.4.1.1
Channel Settings
Channel Settings displays the 802.11a/802.11b/g and Turbo channels on which scanning and defending is enabled/disabled. Sensors scan WLAN traffic on channels specified under Channels to Monitor and defend the network against various WLAN threats on channels specified under Channels to Defend. Under Channel Settings tab, specify the following: Select Operating Region: Specifies the region: country: of operation. Each region has its own laws governing the use of the unlicensed frequency spectrum for 802.11 communications and Turbo mode. The system automatically selects the channels allowed by the regulatory domain in selected region. (Default Operating Region: United States) Click the link Channel Frequency Table to view a list of channels, protocols, frequencies, and capabilities.
Administration Tab
Figure 239. Channel Frequency Table
Channels to Monitor: Specifies the 802.11a and b/g channels to be used by Sensors to monitor WLAN traffic. o Select the checkbox Select All Standard Channels to select a superset of all the channels. For 802.11a, the standard sets of channels are 184 216 and 34 - 165. By default, this checkbox is selected. o Select the checkbox Select All Allowed Channels to select all the allowed channels in the selected operating region. By default, this checkbox is selected. o Select the checkbox Additionally, select intermediate channels (works only with 802.11 a/b/g Sensor platforms) to select the channels between the allowed channels that are non-allowed in the selected operating region. Selecting the option helps the system detect devices operating on illegal channels. By default, this checkbox is deselected. Turbo Mode: Certain Atheros Chipset based devices use wider frequency bands on certain channels in 802.11 b/g and 802.11a band of channels. The system is capable of monitoring channels that support Turbo Mode of operation and detecting any unauthorized communication on these channels. You can select specific or all channels to monitor wireless activity on Turbo channels. There are ten Turbo channels in a-mode. These channels are 40, 42, 48, 50, 56, 58, 152, 153, 160, and 161. There is only one Turbo channel in b/g-mode i.e. 6. Channels to Defend: Specifies the channels to be used by Sensors to defend WLAN traffic to protect your network against various WLAN threats. Note: It is mandatory that channels selected for defending be selected for scanning. If a channel is selected for defending and is not already selected for scanning, the system automatically selects that channel for scanning as well. If you deselect a channel from Channels to Monitor, then this channel is also deselected from Channels to Defend section.
10.4.4.1.2
Offline Sensor Configuration
This feature provides some security coverage even when there is no connectivity between a Sensor and the Server. The Sensor provides some classification and prevention capabilities when it is disconnected from the Server. The Sensor also raises events, stores them, and pushes them back to the Server on reconnection.
Administration Tab
Figure 240.
Offline Sensor Configuration Tab
Enable offline Sensor mode: Select this checkbox to enable the offline Sensor mode. When the offline Sensor mode is enabled, the Sensor continues to detect and classify devices, raise event alerts, and prevent ongoing threats. (Default: Selected) Time to switch to offline mode after Sensor detects loss of connectivity: Specify the time after which, if the Sensor does not receive any communication from the Server and Enable offline Sensor mode is enabled, the Sensor switches to the offline mode. (Minimum: 5 minutes; Maximum: 60 minutes; Default: 15 minutes) Under Offline Sensor Parameters tab, you can view the following: o Number of APs to be stored: Number of APs that the Sensor will continue to detect in Offline mode (Default: 128) o Number of Clients to be stored: Number of Clients that the Sensor will continue to detect in Offline mode (Default: 256) o Number of events to be stored: Number of events that the Sensor will continue to raise in Offline mode (Default: 256) o Number of prevention records to be stored: Number of prevention records that the Sensor will continue to store in Offline mode to prevent ongoing threats (Default: 256)
Administration Tab
Figure 241.
Offline Sensor Configuration: Device Classification Policy Tab
Under Device Classification Policy tab specify the desired classification policies to move APs and Clients from the Uncategorized list to the Categorized list: Under AP Classification Policy, select one or more options to enable the system automatically move APs from the Uncategorized AP list to the Categorized AP list: o Move networked APs to the Rogue or Authorized AP folder in the Categorized AP List o Move non-networked APs to the External AP folder in the Categorized AP List Under Client Classification Policy, select one or more options to enable the system automatically classify Clients based on their associations with APs: o On association with an Authorized AP, classify an Uncategorized Client as Authorized o On association with a Rogue AP, classify an Uncategorized Client as Unauthorized o On association with an External AP, classify an Uncategorized Client as Unauthorized
Administration Tab
Figure 242.
Offline Sensor Configuration: Intrusion Prevention Policy Tab
Under Intrusion Prevention Policy tab enable intrusion prevention against the following threats: Rogue APs o APs categorized as Rogue o Uncategorized APs that are connected to the network Misconfigured APs o APs categorized as Authorized but using no security mechanism (Open) o APs categorized as Authorized but using weak security mechanism (WEP) Client Mis-associations o Authorized Client connections to APs categorized as External Unauthorized Associations o Unauthorized Client connections to APs categorized as Authorized Adhoc Connections o Authorized Clients participating in any ad hoc network Honeypot/Evil Twin APs o Authorized Client connection to Honeypot/Evil Twin APs Additionally, specify the intrusion prevention level that allows you to choose a trade-off between the desired level of prevention and the desired number of multiple simultaneous preventions across radio channels. You can choose either of the following prevention levels: Block Disrupt Interrupt Degrade Refer to the Operating Policies section, Intrusion Prevention Level for more details. Click <Save> to save all settings.
Administration Tab
Click the icon to edit an existing Sensor template. When an existing Sensor template is edited a Confirmation Save dialog appears indicating the modifications, by selecting the tabs that were modified. You are allowed to uncheck a tab if you wish to cancel those modifications. Click <OK> to save the changes for the selected tab. Note: Name and Description of the Sensor template are automatically saved. Click <Save As> to save the Sensor template with a different name without modifying the original template. Click <Restore Default> to revert to the System Template. The system enables you to select tabs to control the settings that will be restored to the default values. If you click <Restore Default> on the System Template, parameters under the selected tabs are restored to their factory default settings. A Confirmation Restore Default dialog appears with a list of tabs selected, for which default settings will be applied. Important: The system has the ability to scan and defend on 4.920-4.980 GHz and 5.470-5.725 GHz channels in US/Canada and IEEE 802.11j channels 4.920-4.980 GHz and 5.040-5.080GHz channels in Japan. Click the icon to view an existing Sensor template. Click the icon to delete an existing Sensor template.
10.4.5 Location Properties

This screen enables you to define high-level administrative settings for a selected location. You can edit the policies in the policy group Location Properties. You cannot inherit, customize, and copy and paste policies from Location Properties, as these policies are unique for each location.
10.4.5.1
Event Activation
HP ProCurve recommends that you select the checkbox Activate Event Generation for location <selected location> only after the deployment is stable and fully configured. If you are modifying a deployment, deselect the checkbox to avoid spurious activity during the transient phase.
Figure 243.
Event Activation
10.4.5.2
Intrusion Prevention Activation
HP ProCurve recommends that you select the checkbox Activate Intrusion Prevention for location <selected location> only
Administration Tab
after the deployment is stable and fully configured. If you are modifying a deployment, deselect the checkbox to avoid spurious activity during the transient phase. Authorized APs should be in the Authorized folder before activating intrusion prevention. Their network connectivity icon may show the status as Wired, Unwired, or Indeterminate. Note: If you deploy new Authorized APs later, you do not have to deactivate intrusion prevention. However, you need to ensure that the newly deployed APs are moved to the Authorized folder.
Figure 244.
Intrusion Prevention Activation
10.4.5.3
Device List Locking
You can lock the list of Authorized APs and Clients for a selected location by checking the two checkboxes Lock AP List for location <selected location> and Lock Client List for location <selected location>. If you lock a particular device list, no more devices of that type can be subsequently automatically Authorized for that location. As APs are not automatically moved to Authorized folder, locking the Authorized AP list means that no wired APs will be tagged as Potentially Authorized at this location; they will become Potentially Rogue and may be automatically moved to the Rogue folder based on the AP Auto-Classification policy. You should use this feature only after you have identified and categorized all authorized devices. Any new devices added after the list is locked has to be manually moved to the Authorized category.
Administration Tab
Figure 245.
Device List Locking
SNMP Interface
Appendix A.
SNMP Interface
The system sends traps to an SNMP management station when a Sensor generates an event. You can view a trap sent from the system using SNMP manager software such as HP Open View or MG Soft MIB (Management Information Base) browser. The SNMP manager software allows you to view a detailed description of the trap and thereby the functioning of your wireless network. Perform the following steps from the SNMP management station to receive traps from the system and to dig deeper into the Sensors. 1 2 Configure the system to specify the IP address, community string, and the SNMP version of the SNMP management station. This can be done from the AdministrationLocal tabESM IntegrationSNMP screen of the Console. Compile the MIB file and enable the SNMP management station to receive traps. The system currently generates traps for all the events. The format of the trap is: HP ProCurve RF Manager Event.
The Internet Assigned Numbers Authority (IANA) assigned Private Enterprise Number for AirTight Networks, Inc. is 16901. SNMP trap contains following variable bindings: 1 eventShortText is the short text identifying the type of an event. For example, Rogue AP active 2 deviceMAC*, deviceType* - Information of the device(s) participating in the corresponding HP ProCurve RF Manager event deviceMAC* object is the MAC address of participating device(s). For example, 00:11:95:1E:A7:56 deviceType* object is the type of participating device. For example, Access Point, Client, Sensor If a HP ProCurve RF Manager event contains more than three participating devices, then deviceType and deviceMAC of only first three devices is sent out in the HP ProCurve RF Manager Event notification. 3 eventID is the unique sequence number which identifies specific instance of an event. This sequence number is always auto-incremented by one for every newly event raised. 4 eventMajorType represents the top level category of an event. For example, security, system, performance 5 eventIntermediateType is the sub-category within eventMajorType 6 eventMinorType is the actual identifier of the event type 7 eventSeverityLevel is the configured Severity level of the HP ProCurve RF Manager event. For example, high, medium, and low.
Upgrading
Appendix B.
Upgrading
This appendix describes the procedure for upgrading to HP RF Manager (referred to as RF Manager hereafter) 6.0. It is important that you read this document before proceeding. Note: If you have a RF Manager Server or Sensors prior to version 5.0, do not proceed with the upgrade yourself. Visit www.hp.com/networking/support for details.
Pre-requisites
You must be familiar with the following documents before you read this document. HP ProCurve RF Manager High Availability Configuration 1. HP ProCurve RF Manager and Sensors Installation and Getting Started Guide.
Upgrading pre 5.5 System

Visit www.hp.com/networking/support for details.
Upgrading 5.5 or later System

Following are the high level steps needed to upgrade RF Manager: Console mode Step 1. Log into the Server Config shell, execute the upgrade command, and follow the on-screen instruction to upgrade the Server. Step 2. To upgrade the MSM325 and MSM335 Sensors, use the Controller Console and to upgrade the MSM415 sensor, use the RF manager web site to upgrade Firmware. For Sensor upgrade refer to Chapter 4 Upgrade Sensors using Console for more details. Web mode Step 1. Log into the server web site, go to Administration --> Global policies --> System Settings --> Upgrade. Step 2. Choose your file and click Upgrade Now. Step 3. To upgrade the MSM325 and MSM335 Sensors, use the Controller Console, and to upgrade the MSM415 Sensor, use the RF manager web site to upgrade Firmware. See Upgrade Sensors using Console
Verifying the software version

To verify that the Server upgrade has completed successfully, check the RF Manager Server version using the command get version on the Server Config Shell as shown in Figure 1 below. You should ensure that the Server version is the latest.
Figure 1
get version command showing Version, Build information and Operating System of the Server
This completes the Server upgrade.
Upgrade Sensors using Console

MSM325, MSM335 Sensors are upgraded from the management console by loading appropriate firmware: In Controlled Mode, upgrade is done through the Controller Console. In Autonomous Mode, load the latest Firmware for upgrade from the Sensor Console. MSM415 (802.11n) Sensors are upgraded from DevicesSensors screen from the RF Manager console. Step 1. Log into the RF Manager Console as a Superuser.
Upgrading
Step 2. Step 3. Step 4. Step 5.
Go to the DevicesSensors screen. Select any geographical location (from the location tree in the left panel). Sort the rows by the leftmost icon column. This will group all Sensors requiring upgrade together. To begin with, select only one Sensor in orange color at one of your geographical locations. To upgrade, right click the Sensor and choose Upgrade.
Figure 2
Server Console showing Sensors that need Upgrade
Step 6.
The Confirm Upgrade/Repair of Sensor(s) to Build X dialog opens; click <Yes> to upgrade.
Figure 3
Confirm Upgrade/Repair Sensor dialog
Upgrade in progress status for the Sensors is shown on the Console by a blue row as shown in Figure 4 below.
Upgrading
Figure 4
Server Console showing Sensors Upgrade in Progress
Step 7.
Wait for about 20 minutes. Then refresh the DevicesSensors screen.
Note: Do not perform any other activities on the Console or Config Shell during upgrade. Do not shut down the Server while the upgrade is in progress. This may cause the Sensors to go into an inconsistent state. Step 8. If the upgrade succeeds (that is, chosen Sensor(s) turn(s) green) a. b. Step 9. Upgrade the rest of the Sensors in the location (a maximum of five at a time). This can take 20 to 30 minutes. If all the Sensors in a location are upgraded successfully, proceed to the next location. Repeat Step 3 to Step 6.
If any upgrade fails (Sensor turns red or remains orange) at a location a. b. Report immediately to HP Support before proceeding to upgrade other Sensors at the same or another location. HP support will investigate the problem and advise you on further upgrades.
Note: Sensors with version older than 6.0 will continue to work with RF Manager 6.0 Server. However, some new functionalities of the RF Manager 6.0 release will not be supported.
Upgrading
Figure 5
Server Console showing Sensors with the Upgraded Version
Upgrade of the Network Detector from versions prior to 5.9 to 6.0 will retain the VLAN configuration of those VLANs which were explicitly configured to be monitored. If any of the VLANs were being monitored by default and were not explicitly configured, the configuration of those VLANs will be lost. Hence, the following procedure is recommended: 1. 2. 3. Before upgrade, type the command get vlan config to capture information about all VLANs being monitored. After the upgrade, type the command get vlan config and compare list of VLANs with those before upgrade. Configure any missing VLANs that need to be monitored.
Upgrading the Network Detector for the MSM415
RF Manager 5.5 onwards we support the use of a tagged VLAN as the Communication VLAN of ND. Upgrade from versions prior 5.9 to 6.0 will keep the Communication VLAN as untagged VLAN by default, but this can be changed to any monitored tagged VLAN using the command set vlan config.
Config Shell Commands
Appendix C.
Server Config Shell Commands

This describes the commands in the Server Config Shell used to reconfigure or maintain the Server after running the Server Configuration Wizard. Some commands display the status of the Server.
Database Commands Command db backup db clean db maintain db reset db restore Description Backs up the database to the Remote Server specified by you. db backup also backs up your configuration and the license file. Resource clean-up without disruption of services Resource clean-up after temporary shutting down of services Resets the database to factory defaults but maintains network settings Restores the database from a previous backup on a Remote Server
get Commands Command get allowed ip get cert get certreq get date get db backup info get debug get ha get ha help get interface get ipv6 network get ipv6 route get log config get log level gui get network Description Displays the list of IP addresses or subnets that are allowed to access this device Generates a self-signed certificate Generates a Certificate Signing Request (CSR) Displays the current time zone, date, and time on the Server Displays Weekly DB Backup information Creates a debug information tarball file; this file can be used for debugging purposes Displays High Availability (HA) Cluster configuration and service status Displays detailed High Availability (HA) setup help Displays the Network and HA Interface speed and mode Displays IPv6 networking information Displays IPv6 routing information Displays the configuration of the logger Displays the log levels of GUI modules Displays the Network Interface (eth0) configuration including the IP Address, Subnet mask, Gateway, DNS Address, and DNS Prefix
Config Shell Commands get opsec log get route get sensor list Displays the log messages generated by OPSEC API Displays the routing table Displays a list of Sensors and NDs Displays the complete Server configuration which includes the Server ID, Server Version, Server Build, MAC address of the Network and HA Interface, Server Mode, Server Time Zone, Date and Time Settings, WLSE Integration Settings, Settings of Network Interfaces, and Server Processes Runs a Server consistency check and display the results. If any fatal item fails, a failure result is recorded Displays the Server ID Displays the status of the SSH Server Displays the status of Server processes Displays settings that control how, when, where, and what support information is to be sent Displays the version and build information of all the Server components It generates a self signed certificate for HP Adapter It generates a Certificate Signing Request for HP Adapter Displays the log level of HP MSM Controller Integration module
get server config
get server check get serverid get ssh get status get support get version get msmcontroller cert get msmcontroller certreq get log level msmcontroller
Config Shell Commands set Commands Command set allowed ip set cert set date set dbserver set db backup info set erase set ha set interface set ipv6 network set ipv6 route set log config set log level gui set network set route set server set serverid set ssh set support set webserver set msmcontroller cert set log level msmcontroller Description Sets the list of IP addresses or subnets that are allowed to access this device Installs a signed SSL certificate issued for the request generated using 'get certreq' Sets the current time zone, date, and time information on the Server; the Server needs to be rebooted for the date/time information to take effect Starts/Stops the Database Server Sets Weekly DB Backup information Configures the backspace key Enables or disables High Availability (HA) service Sets the Network and HA Interface speed and mode IPv6 Configuration Sets IPv6 static routing configuration Sets the configuration of the logger Sets the log levels of GUI modules. Sets the Network Interface (eth0) configuration including the IP Address, Subnet mask, Gateway, DNS Address, and DNS Prefix Allows addition/deletion of routing table entries Starts/Stops the Application Server Sets the Server ID Starts/Stops the SSH access to the Server Sets up how, when, where, and what support information is to be sent Starts/Stops the Web Server It installs a signed SSL certificate for HP Adapter Sets the log level of HP MSM Controller Integration module
Sensor Config Shell Commands

get Commands Command get ap get interface get ip config get log get log config get mode get rf get serial num get server discovery get status get version get vlan config get vlan id get vlan status get model Description Displays all the currently visible APs Displays Network Interface speed and mode Displays the IP information Displays the log information as it is created Displays the configuration of the logger Displays the mode in which the Sensor is currently configured Displays if RF monitoring for a Sensor is ON or OFF Displays the Board Number Displays the Server discovery/setting information Displays the current running status of all the components Displays the version and build information of all the components Displays listing of VLANs which are configured for monitoring by ND or SNDC Displays listing of all VLANs which can be detected by ND or SNDC Displays status of VLANs which are configured for monitoring by ND or SNDC Displays the Sensor Model
set Commands Command set erase set ip config set server discovery Description Sets the erase character to ^H Runs through the current VLAN and IP config wizard Sets the Server discovery information Configures list of VLANs and their network settings, to be monitored by ND or SNDC Sets IPv6 network settings Sets the mode to Sensor, Sensor/ Network Detector Combo, Network Detector, or Sentry
set vlan config set ipv6 config set mode
Glossary of Terms and Icons
Appendix D.
Acronyms
Abbreviation AP DNS DoS ESM IEEE LAN LDAP LWAPP MAC MIB NAV NOC OPSEC RF SMTP SNMP SSID SSL UDP VPN WEP WLAN
This section provides a quick reference to wireless networking terms and acronyms used in the guide.
Description Access Point Domain Name System (or Service or Server) Denial of Service Enterprise Security Management Institute of Electrical and Electronics Engineers Local Area Network Light-Weight Directory Access Protocol Light-Weight Access Point Protocol Media Access Control Management Information Base Network Allocation Vector Network Operations Center Operations Security Radio Frequency Simple Mail Transfer Protocol Simple Network Management Protocol Service Set Identifier Secure Socket Layer User Datagram Protocol Virtual Private Network Wired Equivalent Privacy Wireless Local Area Network
Glossary of Terms
Term .SPM file 802.11
Description Planner File, a proprietary AirTight Networks file format that holds information about RF signal values, placement of devices, and device settings An IEEE wireless LAN specification for over-the-air interface between a wireless Client and a base station or between two wireless Clients Access Point also referred to, as an AP is a station* that provides distribution services. It is the hub used by wireless Clients for communicating with each other and connecting to the WLAN * A station is the component that connects to the wireless medium A network formed by peer-to-peer connections between wireless Clients. It is difficult to enforce tight security policy controls on ad hoc connections. Therefore, ad hoc connections create a security vulnerability
Access Point
Ad hoc Network
Glossary of Terms and Icons Term Authorized Client Description An Authorized Client is one that has successfully connected to an Authorized AP at least once. Once identified as Authorized, a Client remains Authorized until it is deleted by the administrator and is re-classified as Unauthorized A feature provided by the system that automatically tags devices and events based on the Sensors that see the event and the location of the devices that participate in the event This section of the Dashboard screen displays a list of all the APs automatically and manually categorized Classification Policy allows you to define AP and Client classification policies to control automatic movement of APs and Clients to the appropriate folders A laptop, a handheld device, or any other system that uses the wireless medium (802.11 standard) for communication Community string is a key used to authenticate a message sent by the SNMP agent to the SNMP manager Domain Name Service, an Internet service that translates domain names into IP addresses Denial of Service, an attack that degrades the performance of an official WLAN An AP with two radios to support Clients on multiple bands A unique name by which a computer is identified on the network An AP for which the system cannot determine whether it is plugged into your wired network. This AP should be inspected and manually moved to one of the AP folders The Intrusion Prevention Policy allows the system proactively block an AP or a Client to automatically protect the network against various wireless security threats Internet Protocol Address, a 32-bit numeric identifier for a computer or a device on the network A distinguishing feature of the system that allows you to automatically locate a device placed on a floor map Media Access Control Address, a unique 6-byte (48 bit) address assigned to the network adapter by the manufacturer and is often transparent to a user; a networked device has a MAC address corresponding to each network interface An attacker AP masquerades the Authorized AP by advertising the same MAC address and other features set as the authorized/other AP in its Beacon/Probe Response frames. The system generates an alert on detection of AP MAC spoofing
Auto Location Tagging Categorized Devices APs Classification Policy Client Community String DNS DoS Dual Radio AP Hostname Indeterminate AP Intrusion Prevention (Quarantine) Policy IP Address Location Tracking MAC Address
MAC Spoofed AP
Glossary of Terms and Icons Term Mis-configured AP Network Detector Network Interface Card Description An AP in the Authorized list, that is plugged into your wired network but does not conform to the Network Policy settings (SSID, Vendor, Encryption, and Protocol) for its network segment A device that can co-exist on a Trunking switch; the ND can detect as many LAN segments as you configure on the switch An expansion board or a card that is inserted into a computer so that the computer can be connected to a network Network status specifies if the network is locked or unlocked. Once a protected network segment is locked, all new APs connected to it are pre-classified as Rogue and have to be approved manually. If a protected network segment is unlocked, any new APs connected to this network will be automatically classified based on the Security, Protocol, SSID, and Vendor Settings A new AP plugged into your wired network and conforming to the Network Policy settings (SSID, Vendor, Encryption, and Protocol) for its network segment; this AP must be inspected before manually moving it to the Authorized AP folder A new AP not plugged into your wired network. This is an AP usually belonging to a neighbor. It does not pose a threat to your wired network A new AP plugged into your wired network but not conforming to the Network Policy settings (SSID, Vendor, Encryption, and Protocol) for its network segment. This AP is never authorized and can be automatically moved to the Rogue AP folder based on the Classification Policy An IEEE 802.11 defined MAClevel privacy mechanism that protects the contents of data frames from eavesdropping using encryption Simple Mail Transfer Protocol, A protocol for sending e-mail messages between Servers. Most e-mail systems that send mail over the Internet use SMTP to send messages from one Server to another Simple Network Management Protocol, a set of protocols for managing complex networks Software implementation of AP functionalities that permits a WLAN enabled device to act as an AP A unique token identifying an 802.11 WLAN; all wireless devices on a WLAN must employ the same SSID to communicate with each other A Client that is not authorized; an Unauthorized Client has never connected successfully to an Authorized AP This section of the Dashboard screen displays a list of all the newly discovered APs Virtual Private Network, a network constructed using public wires to connect nodes. For example, there are a number of systems that enable you to create networks using the Internet as the medium for transporting data; these systems use encryption and other security mechanisms to ensure that only authorized users can access the network and that the data cannot be intercepted Wired Equivalent Privacy, an IEEE 802.11 defined MAClevel privacy mechanism that protects the contents of data frames from eavesdropping using encryption Wireless Local Area Network that uses high frequency radio waves, rather than wires to communicate between nodes
Network Status
Potentially Authorized AP Potentially External AP
Potentially Rogue AP
Security Settings SMTP SNMP Software AP SSID Unauthorized Client Uncategorized Devices APs
VPN
WEP WLAN
Glossary of Icons
This section provides a quick reference to the various icons used in the system.
Navigation Bar Icons

Icon Name: Description Dashboard: The tab with this icon signifies the Dashboard screen that displays a consolidated view of the WLAN environment. Events: The tab with this icon signifies the Events screen that displays various event categories in the network. Devices: The tab with this icon signifies the Devices screen that provides information on the wireless devices in the network. Locations: The tab with this icon signifies the Locations screen that displays live RF maps of the network. Reports: The tab with this icon signifies the Reports screen that allows you to create, generate, schedule, and archive various reports. Forensics: The tab with this icon signifies the Forensics screen that displays details about the detected threats for further analysis of the causes and actions taken. Administration: The tab with this icon signifies the Administration screen that allows you to perform various administrative activities. Upgrade Required: This blinking icon indicates that the system needs to be upgraded to a newer version. Troubleshooting In Progress: This blinking icon indicates that troubleshooting is in progress on an AP, Client, or Sensor. Refresh: The button with this icon refreshes the current screen.
Help: The button with this icon displays the Product Help. Legends: The button with this icon displays the list of icons used on the product screens and their description. About HP ProCurve RF Manager: The button with this icon displays the version and patent number and license information of the system. Log Off: The button with this icon allows you to logout from the Console.
General Icons
Icon Name: Description
Error!: This icon indicates an application level event that needs immediate remedial action. Information: This icon indicates an informational level event that does not need immediate action. Warning: This icon indicates an application level event that needs attention.
Confirmation: This icon indicates an application level event that needs immediate user input.
Progress Bar: This icon indicates an operation is in progress/loading data.
Dashboard Icons
Icon Name: Description Secure Network: This icon shows that the network is secure as the events that cause the network to be vulnerable have not been detected or have been acknowledged. Vulnerable Network: This icon shows that the network is vulnerable as the events that cause the network to be vulnerable have been detected or not all of them have been acknowledged. Location Node Secure: This icon indicates that the location node is not all vulnerable and is totally secure. Location Node Vulnerable: This icon indicates that the location node is vulnerable. Location Folder Secure: This icon indicates that the location folder is not all vulnerable and is totally secure Location Folder Vulnerable: This icon indicates that the location folder is vulnerable.
Edit Policy: The button with this icon enables you to edit policies. More Information: The button with this icon enables you to view more information in a graphics text format on a particular section. Bar Chart: This button with this icon enables you to view a bar graph of data.
Pie Chart: This button with this icon enables you to view a pie graph of data.
Table View: This button with this icon enables you to view the table view of data. Filter: The button with this icon lets you filter the dataset/result to be displayed, based on a specific criteria.
Events Icons
Icon
Name: Description
Printable view: The button with this icon enables you to view printable reports of the data displayed on the Events and Devices screens. Security Event: This icon indicates an event that indicates impending or actual breach of network security and must be addressed immediately. System Event: This icon indicates an event that indicates system health.
Performance Event: This icon indicates an event that indicates wireless network performance problems. High: This icon indicates an event with high severity.
Medium: This icon indicates an event with medium severity.
Low: This icon indicates an event with low severity.
New: This icon indicates an event that is neither read nor acknowledged.
Read: This icon indicates that the event has been read.
Acknowledged: This icon indicates that the event has been read and acknowledged.
Calendar Control: The button with this icon allows you to select the date and the time.
Live: This icon indicates a live event in which the triggers that raised the event are operational or continue to exist; this event has a valid start time stamp. Live and Updated: This icon indicates a live event that was updated, that is, some activity has occurred since the event was last read. Instantaneous: This icon indicates an instantaneous event triggered based on a trigger that do not have continuity. Expired: This icon indicates an expired event in which the triggers that raised the event are not operational or have ceased to exist; this event has a valid start and stop time stamp. Secure: This icon indicates an event that does not contribute to the vulnerability status of the system. Vulnerable: This icon indicates an event that contributes to the vulnerability status of the system.
Devices Icons
Rogue AP-Active: This icon shows that a Rogue AP is active and visible to Sensor(s). Rogue AP-Inactive: This icon shows that a Rogue AP that was earlier visible to Sensor(s) is inactive. Mis-configured AP-Active: This icon shows that a Mis-configured AP is active and visible to Sensor(s). Mis-configured AP-Inactive: This icon shows that a Mis-configured AP that was earlier visible to Sensor(s) is inactive. Authorized AP-Active: This icon shows that an Authorized AP is active and visible to Sensor(s). Authorized AP-Inactive: This icon shows that an Authorized AP that was earlier visible to Sensor(s) is inactive. External AP-Active: This icon shows that an External AP is active and visible to Sensor(s). External AP-Inactive: This icon shows that an External AP that was earlier visible to Sensor(s) is inactive. Known External AP-Active: A Known External AP-Active is a recognizable external device. For example an AP belonging to the neighboring organization could be marked as a Known External AP. Known External AP-Inactive: A known external AP-Inactive is a recognizable external device. For example an AP belonging to the neighboring organization could be marked as a Known External AP. Indeterminate AP-Active: This icon shows that an Indeterminate AP is active and visible to Sensor(s). Indeterminate AP-Inactive: This icon shows that an Indeterminate AP that was earlier visible to Sensor(s) is inactive. Merged AP-Active: This icon indicates a merged AP is active and visible to Sensor(s). Merged AP-Inactive: This icon shows that a merged AP that was earlier visible to Sensor(s) is inactive. Misconfigured Merged AP-Active: This icon shows that at least one BSSID in an active merged AP is misconfigured Misconfigured Merged AP-Inactive: This icon shows that at least one BSSID in an inactive merged AP is misconfigured. Not plugged into your wired network: This icon shows that an AP is not connected to your wired network. Plugged into your wired network: This icon shows that an AP is connected to your wired network. Not sure if it is plugged into your wired network: This icon shows that an AP may be connected to your wired network.
Glossary of Terms and Icons Not in Quarantine: This icon shows that the AP/Client is not in quarantine. Quarantine Pending: This icon shows that the AP/Client needs to be quarantined, but quarantine is pending. Quarantined: This icon shows that the AP/Client has been quarantined. It can also show that the AP is in port blocking.
Quarantine Error: This icon shows that some error has occurred while quarantining a device.
DoS Quarantine: This icon shows that the quarantine against DoS attack on this device is in progress. DoS Quarantine Pending: This icon shows that the quarantine against DoS attack on this device is pending. Add to Banned List: This icon shows that the AP/Client has been added to the Banned List. Removed from Banned List: This icon shows that the AP/Client has been removed from the Banned List. Troubleshooting: This icon shows that troubleshooting is in progress on a device. Troubleshooting + Banned List: This icon indicates that the device is busy in troubleshooting and is in Banned List. Event Level Mode: This icon indicates that a troubleshooting session in event level mode is in progress. Packet Level Mode: This icon indicates that a troubleshooting session in packet level mode is in progress. Authorized Client-Active: This icon shows that an Authorized Client is active and visible to Sensor(s). Authorized Client-Inactive: This icon shows that an Authorized Client that was earlier visible to Sensor(s) is inactive. Unauthorized Client-Active: This icon shows that an Unauthorized Client is active and visible to Sensor(s). Unauthorized Client-Inactive: This icon shows that an Unauthorized Client that was earlier visible to Sensor(s) is inactive. Uncategorized Client-Active: This icon shows that an Uncategorized Client is active and visible to Sensor(s). Uncategorized Client-Inactive: This icon shows that an Uncategorized Client that was earlier visible to Sensor(s) is inactive. DoS Attacker: This icon shows the device from which the DoS attack is being launched. Client in Ad hoc Mode-Active: This icon shows that a Client in ad hoc mode is active and visible to Sensor(s).
Glossary of Terms and Icons Client in Ad hoc Mode-Inactive: This icon shows that a Client that was earlier in ad hoc mode and visible to Sensor(s) is inactive. Ad hoc Association: This icon shows that a Client is connected to another Client.
Infrastructure Association: This icon shows that a Client is connected to an AP. Sensor-Active: This icon shows that the Sensor is connected to the Server and is actively monitoring the network. This Sensor has the latest software version and does not need to be upgraded. Sensor-Inactive: This icon shows that the Sensor is not connected to the Server and is currently not monitoring the network. This Sensor has the latest software version and does not need to be upgraded. Sensor Repair In Progress: This icon shows that Sensor Repair is in progress.
Sensor Upgrade In Progress: This icon shows that Sensor Upgrade is in progress. Sensor Upgrade Required: This icon shows that the Sensor needs to be upgraded to a new version. Sensor Upgrade Pending: This icon shows that the Sensor needs to be upgraded to a new version and that the upgrade is pending. Sensor Upgrade Failed: This icon shows that the Sensor upgrade to a new version has failed. Sensor Repair Required: This icon shows that the Sensor needs to be repaired as the Sensor binaries are not updated. Sensor Repair Pending: This icon shows that the Sensor needs to be repaired as the Sensor binaries are not updated and that the repair is pending. Sensor Repair Failed: This icon shows that the Sensor repair to a new binary version has failed. Sensor Indeterminate: This icon shows that the Sensor is in an indeterminate or irrecoverable state. Sensor Version Mismatch: This icon shows that the Sensor software version is higher than that of the Server. Network Detector-Active: This icon shows that the ND is connected to the Server and is currently contributing into wired detection of APs. Network Detector-Inactive: This icon shows that the ND is not connected to the Server and is currently not contributing into wired detection of APs. Sensor Network Detector Combo-Active: This icon shows that the SNDC is connected to the Server and is currently contributing into wired and wireless detection of APs. Sensor Network Detector Combo-Inactive: This icon shows that the SNDC is not connected to the Server and is currently not contributing into wired and wireless detection of APs. RSSI: This icon shows signal strength observed by reporting device for AP or Client.
RSSI Level 0: This icon shows very low signal available.
Glossary of Terms and Icons RSSI Level 1: This icon shows low signal strength.
RSSI Level 2: This icon shows medium signal strength.
RSSI level 3: This icon shows strong signal strength
RSSI Level 4: This icon shows very strong signal strength. Display Columns: Most fields in the table can be selected for display or optionally hidden. This button allows selection and configuration of parameters to show and hide in the table.
Locations Icons
Icon Name: Description Add Location: The button with this icon allows you to create a new location folder or node. Edit Properties: The button with this icon allows you to edit the properties of the existing location folder or node. Import Location: The button with this icon allows you to import a file in .SPM format for a specific location from a specified path. Delete: The button with this icon allows you to delete selected item/entity. Attach Image on floor: The button with this icon allows you to attach an image to location folder or node. Detach Image: The button with this icon allows you to detach an image from location folder or node. Save: The button with this icon allows you to save the changes made to the current Locations screen. Best Fit: The button with this icon allows you to fit the layout image to the window/page.
Zoom Out: The button with this icon allows you to zoom out of a layout image.
Zoom In: The button with this icon allows you to zoom into a layout image for an enlarged view Unknown: This icon signifies the default location folder of the root location. When the system detects a new untagged device, the device is tagged to the Unknown location folder. Move: This icon in the context-sensitive menu on the Locations screen indicates that you can move a location folder or node to another location in the Location tree. Rename: The button with this icon allows you to rename the selected location node/folder.
Reset Canvas: The button with this icon allows you to revert to a blank canvas. Printable View: The button displays the currently active information of selected location information/RF view
Reports Icons
Icon Name: Description My Reports: This icon indicates a report that only a single user, the one who created the report, can view it. Shared Reports Custom Reports: This icon indicates a Shared report that all users can view. Shared Reports Pre-defined Reports: This icon indicates reports that are pre-defined and can be viewed by all users.
Administration Icons
Global Policies: The button with this icon indicates policies that are applicable to all the locations defined in the system. Local Policies: The button with this icon indicates policies that are specific to a particular location defined in the system.
Custom Defined Policy: This icon signifies a policy group whose policies are custom defined.
Inherited Policy: This icon signifies a policy group whose policies are inherited.
Expand All: The button with this icon enables you to expand all the nodes, there allowing you to view all the nodes in the Administration tree. Collapse All: The button with this icon enables you to collapse all the nodes, there preventing you to view all the nodes in the Administration tree.
Local User: This icon indicates a system user.
LDAP User: This icon indicates an LDAP user.
Server Error or Integration Failure: This icon shows that an error has occurred in the Server or ESM/WLAN Integrations. Server or Integration Running: This icon shows that the Server or ESM/WLAN Integration is functioning normally. Server or Integration Stopped: This icon shows that the Server or ESM/WLAN Integration has stopped functioning.
Sensor Icons
The following table shows the various Sensor icons on the Console.
Icon NameDescription
Sensor-ActiveThis icon shows that the Sensor is connected to the Server and is actively monitoring the network. This Sensor has the latest software version and does not need to be upgraded. Sensor-InactiveThis icon shows that the Sensor is not connected to the Server and is currently not monitoring the network. This Sensor has the latest software version and does not need to be upgraded.
Sensor Repair In ProgressThis icon shows that Sensor Repair is in progress.
Sensor Upgrade In ProgressThis icon shows that Sensor Upgrade is in progress.
Sensor Upgrade RequiredThis icon shows that the Sensor needs to be upgraded to a new version.
Sensor Upgrade PendingThis icon shows that the Sensor needs to be upgraded to a new version and that the upgrade is pending.
Sensor Upgrade FailedThis icon shows that the Sensor upgrade to a new version has failed.
Sensor Repair RequiredThis icon shows that the Sensor needs to be repaired, as the Sensor binaries are not updated.
Sensor Repair PendingThis icon shows that the Sensor needs to be repaired, as the Sensor binaries are not updated, and that the repair is pending.
Sensor Repair FailedThis icon shows that the Sensor repair to a binary version has failed.
Sensor IndeterminateThis icon shows that the Sensor is in an indeterminate or irrecoverable state.
Sensor Version MismatchThis icon shows that the Sensor software version is higher than that of the Server.
RF Manager LCD Display
Appendix E.
RF Manager LCD Display
Figure 1.
HP ProCurve LCD Display
The description of each panel is as follows: 1 Application name and its version 2 Menus available in RF Manager LCD display a) b) 3 4 5 6 7 RF Manager status option provides status of application The reboot/shutdown menu allows user to reboot or shutdown the appliance respectively
RF Manager in Standalone mode; application is running (Standalone non HA mode) RF Manager in Standalone mode; application is stopped (error or explicitly stopped by the user) RF Manager in HA mode. This appliance is Active/Primary Server of HA pair. Application is running. RF Manager in HA mode. This appliance is Active/Primary Server of HA pair. Application is stopped (error or explicitly stopped by user). RF Manager in HA mode. This appliance is Standby Server of HA pair. On Standby Server the application does not run.
ProCurve 5400zl Switches

Installation and Getting Startd Guide
Technology for better business outcomes To learn more, visit www.hp.com/networking

Copyright 2010 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP will not be liable for technical or editorial errors or omissions contained herein.
August 2010 Manual Part Number 5998-0896

HP RF Manager 6.0

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

HP RF Manager 6.0

Uploaded by

Copyright:

Available Formats

HP ProCurve RF Manager and Sensors Management and Configuration Guide

ProCurve 5400zl Switches HP ProCurve RF Manager and Sensors

HP ProCurve RF Manager and Sensors

Management and Configuration Guide

Copyright and Disclaimer Notices

Hewlett-Packard Company 8000 Foothills Boulevard Roseville, California 95747 www.hp.com/networking

vi HP ProCurve RF Manager and Sensors Management and Configuration Guide

vii HP ProCurve RF Manager and Sensors Management and Configuration Guide

Before You Begin

Overview and Organization

1 HP ProCurve RF Manager and Sensors Management and Configuration Guide

License Based Features

How to get more information Contact Information

To receive important news on product updates, visit our website at www.hp.com/networking.

2 HP ProCurve RF Manager and Sensors Management and Configuration Guide

Chapter 2 Additional configuration

Shutdown Using the Keypad and LCD

Shutdown Using the CLI

3 HP ProCurve RF Manager and Sensors Management and Configuration Guide

Zero Configuration of Sensors

Sensor Modes of Operation

4 HP ProCurve RF Manager and Sensors Management and Configuration Guide

Mode SO (Sensor Only) Default

Description Default mode

Yes (up to 16)

Guidelines for using ND and SNDC

5 HP ProCurve RF Manager and Sensors Management and Configuration Guide

6 HP ProCurve RF Manager and Sensors Management and Configuration Guide

Guidelines for Configuring and Installing ND and SNDC

7 HP ProCurve RF Manager and Sensors Management and Configuration Guide

8 HP ProCurve RF Manager and Sensors Management and Configuration Guide

9 HP ProCurve RF Manager and Sensors Management and Configuration Guide

10 HP ProCurve RF Manager and Sensors Management and Configuration Guide

11 HP ProCurve RF Manager and Sensors Management and Configuration Guide

Inactive and Unmonitored

Inactive and Unmonitored

Inactive and Unmonitored

Active and Unmonitored

12 HP ProCurve RF Manager and Sensors Management and Configuration Guide

Navigation Bar and Global Functions

Navigation Bar and Global Functions

A Quick Tour of the Console Navigation Bar

The following table describes the items in the navigation bar.

Navigation Bar and Global Functions

14 HP ProCurve RF Manager and Sensors Management and Configuration Guide

Introduction: Panel Displaying WLAN Snapshot

Dashboard Screen: Accessibility and Layout

Dashboard: Location Tree

select the appropriate node in the Location tree.

Security Dashboard: Sections

Security Dashboard Security Scorecard

Security Dashboard Security Scorecard Section

Network Status: Tell Me More

16 HP ProCurve RF Manager and Sensors Management and Configuration Guide

Secure Location Dialog

Vulnerable Location Dialog

17 HP ProCurve RF Manager and Sensors Management and Configuration Guide

Remove from Scoreboard Dialog

Security Dashboard New Events

Security Dashboard New Events Section

Configuring New Events View

Security Dashboard Event Charts

18 HP ProCurve RF Manager and Sensors Management and Configuration Guide