HP ProCurve Access Point 530

HP Updated: 2009-02-24 RSS
HP ProCurve Access Point 530

ProCurve Lifetime Warranty Ideal for branch or satellite office deployments, the HP ProCurve Access Point 530 is an intelligent edge, dual-radio access point with simultaneous support for IEEE 802.11a and 802.11g standards, as well as dual IEEE 802.11g radio operation. The 530 access point offers a comprehensive range of industry-proven user authentication methods and the latest in standards-based wireless security to provide appropriate and secure access to network resources. With built-in support for HP ProCurve Identity Driven Manager, the ProCurve Access Point 530 enables network administrators to reduce network operating costs by deploying a unified network that offers centralized wired and wireless network policy and device management.

Management
* Wireless sFlow support: With the addition of sFlow sampling of wireless traffic, management applications such as HP ProCurve Manager Plus or other wireless sFlow-capable network analyzers enable unified network visibility into traffic metrics, including wired and wireless network top talkers, top applications, and network connections. Wireless sFlow, when used with HP ProCurve Network Immunity Manager, provides rapid identification and response to specific network threats on wired and wireless network connections.
* Group configuration: simplifies deployment of configuration updates to many access points in the same subnet. An administrator can securely manage up to 12 access points using SNMP, the browser, or the CLI interface of one member of the group. Each configuration change is securely communicated to other members of the group. New members added to the configuration group automatically receive the latest configuration from a peer within the group.
* RADIUS accounting support: separate RADIUS accounting server support per BSSID provides detailed session, usage, and billing information for each client activity
* Remote configuration and management: through secure Web browser or command-line interface (CLI)
* Multiple configuration files: multiple configuration files can be stored to the flash image
* SCP (Secure Copy Protocol): allows secure file transfer to/from the access point; protects against unwanted file downloads or unauthorized copying of switch configuration file

Connectivity
* Advanced dual-radio design:
o Simultaneous IEEE 802.11a and IEEE 802.11g radio operation: supports dual-band wireless clients and provides backward compatibility for IEEE 802.11b wireless devices
o Dual IEEE 802.11b/g radio operation: provides high-capacity IEEE 802.11b/g data and voice wireless LAN coverage in networks where support for IEEE 802.11a is not a requirement
* Adaptive Transmit Power Control: The ProCurve Access Point 530 continuously monitors and automatically adjusts beacon or data transmit power to reduce same-channel interference while increasing channel coverage.
* Antenna flexibility accommodates a wide range of wireless LAN deployments:
o Per-radio integrated diversity antenna with omnidirectional coverage: provides robust, dual-radio wireless LAN coverage for open office environments
o Per-radio external diversity antenna support: RP-SMA antenna connectors enable external antenna configurations to extend wireless coverage or wireless bridging between access points
* Wireless Distribution System (WDS):
o Wireless bridging: Because it expands network connectivity to remote access points located beyond a network's wired infrastructure, wireless bridging is ideal for increasing wireless coverage to adjacent buildings, across large lecture halls, or to outdoor campus environments. Each ProCurve Access Point 530 can support up to six wireless links to remote access points. WPA-PSK encryption secures data on each wireless link. Wireless distribution is supported on IEEE 802.11a, b, and g radio modes of operation.
o Single-radio operation: A wireless link is provided to each remote ProCurve Access Point 530; it also services local wireless clients.
o Dual-radio operation: One radio provides a wireless link to each remote ProCurve Access Point 530. The second radio provides network connectivity to local wireless clients.
* IEEE 802.11h International Telecommunication Union (ITU) compliant: employs Dynamic Frequency Selection (DFS) and Transmit Power Control (TPC) to automatically select another channel and adjust transmit power to reduce interference with systems such as radar, if detected on that same channel
* International country configuration: select the appropriate country, and the access point will automatically configure operation to match regulatory requirements
* Auto Channel Select (ACS): helps reduce radio co-channel interference by automatically selecting an unoccupied radio channel
* Adjustable output power: controls cell size for high-density access point deployments
* IEEE 802.3af Power over Ethernet support: simplifies deployment and dramatically reduces installation costs by helping to eliminate the time and cost involved in supplying local power at each access point location
* Link Layer Discovery Protocol (LLDP): enables real-time mapping of nodes to switch ports; LLDP (IEEE 802.1AB) industry-standard discovery protocol automatically populates both the LLDP and proprietary discovery MIBs for net management systems dependent on these MIBs

Security
* Up to 16 BSSIDs per radio with separate VLAN, security, and authentication: permits network administrators to control user access to network resources based on user authentication and level of trusted security between the client and access point
* Access point authentication: enables secure authentication of the ProCurve Access Point 530 on network ports protected by IEEE 802.1X port-based authentication
* Choice of IEEE 802.11i, Wi-Fi Protected Access 2 (WPA2), or WPA: locks out unauthorized wireless access by authenticating users prior to granting network access; robust Advanced Encryption Standard (AES) or Temporal Key Integrity Protocol (TKIP) encryption secures the data integrity of the wireless traffic
* HP ProCurve Identity Driven Manager (IDM) security and access control:
o Per-user ACLs: permit or deny user access to specific network resources based on user identity and time of day, allowing multiple types of users (employees, visitors, temporary workforce) on the same network to access specific network services without risk to network security or unauthorized access to sensitive data
o Automatic VLAN assignment: automatically assigns users to the appropriate VLAN based on their identity, community, and time of day
o Rate limits: automatically applies ingress rate limits to user traffic based on identity, community, and time of day
* Web authentication: provides authentication for browser-based wireless clients. Built-in login, welcome, and failure Web pages assist users through the login process.
* IEEE 802.1X: provides port-based user authentication with support for Extensible Authentication Protocol (EAP), TLS, TTLS, SIM, GTC, and PEAP, with choice of AES, TKIP, and static or dynamic WEP encryption for protecting wireless traffic between authenticated clients and the access point
* Local RADIUS authentication: enables "enterprise-grade" IEEE 802.11i (WPA2) wireless security for small wireless LAN networks; serves as backup authentication in the event primary and secondary network RADIUS servers are unavailable due to network disruption. The local RADIUS authentication feature supports up to 100 user accounts.
* RADIUS-based MAC authentication: a wireless client is authenticated with a RADIUS server based on the MAC address of the client; this is useful for clients that have minimal or no user interface
* Local MAC authentication: deny or allow network access based on wireless client MAC address, which is compared to a database stored on the access point
* MAC address lockout: prevents configured particular MAC addresses from connecting to the network
* Local wireless bridge client traffic filtering: when enabled, prevents communication between wireless devices associated with the same access point
* Neighbor access point (rogue AP) and ad hoc wireless network detection: Periodic scanning is provided for neighboring access points and ad hoc wireless networks. Information collected during the scan, including BSSID, SSID, channel, RSSI, security setting, and radio type (IEEE 802.11b, b/g, or a mode), is captured for each wireless device detected. If configured, the access point can enter dedicated scan mode to provide continuous scanning of the surrounding RF environment.
* Closed system: restricts broadcast of SSID as a security measure to conceal presence of the wireless network; access point does not respond to the wireless client probe request of "ANY"
* Secure management access: all access methods--CLI, GUI, or MIB--are securely encrypted through SSHv2, SSL, and/or SNMPv3
* Management VLAN: segments traffic to and from management interfaces, including CLI/telnet, Web browser interface, and SNMP
* Management access control: To provide more security for the access point, management interfaces that are not required can be disabled, including the Web browser, telnet, and Secure Shell (SSH), as well as the serial console port and reset button.

Quality of Service (QoS)
* Wi-Fi WMM support: provides QoS functionality in wireless networks by prioritizing wireless traffic from different applications
* SpectraLink voice priority (SVP) support: prioritizes SpectraLink voice IP packets sent from a SpectraLink NetLink SVP server to SpectraLink wireless voice handsets to help ensure excellent voice quality