Filter
Top Products
Introduction
Because the 700wl Series system identifies clients by MAC address, it is simple to detect when a device
roams. A Linger Timeout determines the length of time a client has to complete a roam, that is to appear at
a new physical location after disappearing from the old physical location. The settings for timing out a
roaming client are part of the client’s assigned Access Policy; different clients can have different settings
and one client can have different settings depending on their location, time of day, and so on.
If the client completes the roam within the linger time, no reconnect or authentication is needed—the
client’s connection state is maintained intact. If the client fails to complete the roam before the linger
timer expires the 700wl Series system concludes the client has actually disconnected and logs the client
off.
Roaming support is discussed in more detail in VLANs and the 700wl Series System in Chapter 2, Using the
700wl Series System.
Network Address Translation
By default, an Access Controller provides Network Address Translation (NAT) services for clients that
request a DHCP IP address when they initiate a connection to the Access Controller. The 700wl Series
system implements NAT as a form of “overloading,” where a range of private IP addresses are mapped
to a single public IP address (the IP address of the Access Controller) by using TCP ports. When a client
sends a packet through the Access Controller, the Access Controller rewrites the IP address field and the
port number field to a value that is unique within the entire 700wl Series system and uses this unique
identifier for returned packets.
Although NAT is enabled by default in the 700wl Series system you can elect whether to use it or not
depending on your application. Following are some points in favor of using NAT within the 700wl Series
system:
• NAT makes roaming much more efficient. Because each NAT address is unique for the entire 700wl
Series system, the client’s connection state can be moved to the nearest Access Controller while
roaming, rather than requiring every connection to be tunneled back to the original Access Controller.
• NAT provides some amount of protection to a client since no device other than an Access Controller
can talk directly to the client. This provides rudimentary firewall protection.
• Allowing NAT can ensure that a client will be able to successfully communicate with the network—if
NAT is not allowed, and a client has an IP address that is not within the subnet used by the Access
Controller, return packets will not be able to reach the client. A client having an IP address not within
the Access Controller’s subnet can occur if the client uses a static IP address or receives an IP address
from an external DHCP server.
However, certain applications may require a host or server system to know the actual IP address of a
client. Some examples include multi-player games, file transfer in Instant Messenger applications, and
other peer-to-peer applications.
To allow flexibility, the 700wl Series system provides alternate addressing schemes:
• Use NAT only if the client’s IP address is on the wrong subnet, that is specifically not within the Access
Controller’s subnet. Otherwise, use the client’s real or static IP address.
• Always use the client’s real or static IP address and never use NAT, regardless of the subnet. This
setting is intended for access points, and should be used with caution.
There is one case where NAT will always be used—when PPTP/L2TP tunneling is used.
HP ProCurve Secure Access 700wl Series Management and Configuration Guide 1-5