Filter
Top Products
Configuring the Network
The following are the specifications in tcpdump syntax for the predefined bridging options:
Table 6-7. Tcpdump syntax for pre-defined bridging options
Traffic to enable tcpdump syntax
CDP ether [12:2] <= 1514 and ether dst 01:00:0c:cc:cc:cc
Wireless Network Access
Protocol
ether [12:2] = 0x8781 and ether[0:4] = 0x01a0f8f0
Appletalk ether[12:2] = 0x809b or ether[12:2] = 0x80f3 or (ether[12:2] <= 1500 and
(ether[14:4] = 0xaaaa0308 and ether[18:4] = 0x0007809b) or (ether[14:4] =
0xaaaa0300 and ether[18:4] = 0x000080f3))
IPX/802.3 (Ethernet Raw) ether[12:2] < 0x05ee and (ether[14:2] = 0xffff)
IPX/802.3 (Ethernet) ether[12:2] < 0x05ee and (ether[17:2] = 0xffff or ether[22:2] = 0xffff)
IPX/802.2 (LLC AND SNAP) (ether[12:2] < 0x05ee and ether[14:2] = 0xaaaa and ether[16] = 0x03) or
(ether[12:2] < 0x05dd and ether[14:2] = 0xaa08 and ether[16] = 0x00)
IPX/Ethernet II encapsulation
(TypeII)
ether[12:2] = 0x8037 or ether[12:2] = 0x8137
SLP udp dst port 427 and dst host 224.0.1.22
Note: You must also have a matching Allowed Traffic filter defined and enabled in the
appropriate Access Policies to allow this type of traffic from a client. Allowed Traffic filters are
pre-defined for CDP, WNMP, and Appletalk, so you only need enable them for the appropriate
Access Policies. For IPX and SLP you must create an Allowed Traffic Filter with the same
tcpdump string as is used for the bridging option.
Client Polling
After a client has been idle for a specified length of time (by default 30 seconds), the Access Controller
polls the client with an ARP request to determine if it is still connected. If the Access Controller does not
receive a response to repeated polling after a specified timeout interval (by default five minutes) the
system disassociates the client.
The actual poll interval may be up to 2 times the configured interval—if the client responds to the ARP,
the client is not considered idle. However, if the client is not sending any other traffic, then after the
appropriate interval another ARP request is sent— but the actual interval between those ARPs will be the
the time taken for the ARP response plus the configured idle time interval.
When the Access Controller disassociates a client, the following happens:
• The Access Controller removes the client, the client’s MAC address, and the definition of its rights from
memory.
• The Access Controller sends a message to the Rights Manager that the client is no longer connected.
The Rights Manager starts a linger timeout for that client. The value of the linger timeout is defined in
the Access Policy associated with the client. If the client has not re-established communication before
the linger timeout expires, any active sessions belonging to the client are terminated. The client is not
logged out by this action—whether it will need to reauthenticate depends on the authentication
timeout specified in the Access Policy.
If the client re-establishes communication with any Access Controller before the linger timer
expires, that Access Controller informs the Access Control Server and gets the previous definition of
HP ProCurve Secure Access 700wl Series Management and Configuration Guide 6-25