Filter
Top Products
Configuring the Network
Access Control Server Configuration Advanced Options
The following settings appear on this page if you are configuring an Access Control Server or an
Integrated Access Manager. They do not appear if you are configuring an Access Controller.
DHCP Network for NAT Clients
Note: When you change this range, it also changes the default address (http://42.0.0.1) for the
Administrative Interface. The Administrative Interface URL will become the first address in the new
range. For example, if you set the DHCP IP address range to be 192.168.128.0/24, then the URL for
the Administrative Interface becomes http://192.168.128.1
To specify the DHCP address and lease time, do the following:
Step 1. Type the starting IP address for the DHCP range into the DHCP IP Address Range Start field. The
default address is 42.0.0.0.
Step 2. Select the Subnet Mask from the drop-down list of possible masks.
Step 3. Type a value for the DHCP Lease Time, and choose one of the time units from the drop-down list.
You can specify the lease time in seconds, minutes, hours, or days. The default lease time is 1 day.
Step 4. Normally, you should not change the DHCP Netmask setting. It defaults to /30 and this is the
recommended setting. However, under some circumstances where you have users with multiple
interfaces (such as a laptop using a wireless connection that is plugged into a docking station
with a wired interface) you may need to change this setting. If clients are having access problems
caused by losing the route to the private address when a second interface is present, select the
Full DCHP Subnet setting.
Note: It can take some time for this configuration change to be propagated to each Access Controller.
Clients that associate within this time frame may still receive an IP address from the old address range.
It is recommended that you make this type of change during periods when client activity is at a
minimum.
MAC Address Spoofing Detection
MAC Address spoofing occurs when someone impersonates a legitimate client by taking over their MAC
address. You can configure the 700wl Series system to detect the situation where the same MAC address
appears on multiple Access Controller ports within a defined time period. If the same client appears on
different ports a specified number of times within a specified time interval, the client is considered to
have been spoofed, and all instances of that client are logged off the system. You can configure the
number of times a client must appear, and the time interval within which this must occur in order for a
client to be assumed to be spoofed.
MAC address spoofing detection is enabled by default. To change the configuration of spoofing detection,
or to disable it, do the following:
Step 1. Specify the number of times a MAC Address must appear on two or more Access Controller ports
in order to be considered a suspected spoofing event. The default is 5.
Step 2. Specify the time frame (in seconds) in which these appearances must occur. The default is 10
seconds.
Step 3. To disable MAC spoofing detection, click the checkbox. The default is that MAC address
spoofing is enabled.
HP ProCurve Secure Access 700wl Series Management and Configuration Guide 6-23