M and MSM Series
1748217 Members
4114 Online
108759 Solutions
New Discussion юеВ

Re: Client data tunnel issues

 
SOLVED
Go to solution
Marcos Semid├бn
Occasional Advisor

Client data tunnel issues

Hi. I'm new in this forum, so please, be pacient with me :P.

I'm working with MSM765zl controller, and i want to integrated it in a network (big-size network), using the authentication and DHCP resources in use rigth know.

First thing, layer 3 discovery using DHCP option 43 works fine, so AP and controller can see each other without problems.

What i need know is tunnel all clients data traffic to the controller, and the controller egress all traffic to a determinated VLAN, dont mind if is LAN or INTERNET port.

So, my configuration options in the VSC:

- Autentication and acceso control activated, but no one choose.
- Tunnel al wireless data client
- Egress VLAN the VLAN i want (with IP assigned)

I have tried lot of options, but no one works.

Instead, i tried with MTM, but it doesn't works too.

So, is possible to do what i want?. Basically i want my controller just to works like a layer 2 switch for client data traffic.

I hope explain the situation in a correct way.

Thank you in advance

-------------------------------------------------------------------------------------------------------------------------------
PS- This thread has been moved from Communication and Wireless to MSM Series- Forum Moderator

 

10 REPLIES 10
Shadow13
Respected Contributor

Re: Client data tunnel issues

If what you want is to map the wireless to VLANS on the network, you can follow as mentioned in the below link, there are 2 ways, the easy way is the 1st one (authentication only VSC)

https://my.procurve.com/knowledgebase/knowledgemanagement.aspx?wp=showarticle&id=1447

Regards
Jens Fluegel
Frequent Visitor

Re: Client data tunnel issues

Hi, you have to use the new Mobility traffic manager (MTM) feature coming with MSM 5.4.0. Please see the release notes for a description.

http://cdn.procurve.com/training/Manuals/MSM7xx-RN-Apr10-5998-0314-v54.pdf

With MTM you are able to tunnel all wirless client traffic to the controller and bridge it to a VLAN at the controller. The VLANs can be either on the LAN or Internet port.

Regards.
Marcos Semid├бn
Occasional Advisor

Re: Client data tunnel issues

Thank you both of you for yours answers.

First. Shadow13, thanks for your link, because is the first time i see that traffic to the egress vlan is routed, and no tagg is added, so i have to review my config.

Jens Fluegel, i have been reading about MTM, but in the documentation i cant see anything about how controller handles traffic, if i have a DHCP external server.

I need DHCP relay, or with the tunnel proberly configured you can consider the client and the egress network in the same "broadcast domain".

Thank you in advance
Shadow13
Respected Contributor

Re: Client data tunnel issues

For 5.4 you need a care back to get this firmware and it's not for normal warranty devices, so the only applicable option is as mentioned in the link i provided.

and the 1st option the traffic will not be routed and the tagging will not be removed, traffic will go to the switch as it was coming from another switch.
Marcos Semid├бn
Occasional Advisor

Re: Client data tunnel issues

Problem with your suggestion is that i need tunnel all client data traffic from AP to Acceso controller, and Option 1 in your link use a determinated VLAN to egress traffic from AP to controller.

The purpose of my configuration is be able to connect an AP in any place i want in the net, without touching VLAN configuration (only configuration VLAN is needed to reach AP).

The purpose of this configuration is be able to integrate HP Acces Point in a University Network, using their DHCP services, and their access control settings.

I have 5.4 version for MSM765zl, because of i wanted to try with Mobility Traffic Manager.

Regards.
Jens Fluegel
Frequent Visitor
Solution

Re: Client data tunnel issues

Shadow13 is right. If you have an earlier version of MSM software than 5.4 you need a care pack to get 5.4.

MTM is only available with MSM 5.4. With MTM wireless client traffic is bridged through the controller. You do not need DHCP relay on the controller in this case. The DHCP server have to be on the same VLAN as the clients or an ip helper have to be configured on the next-hop gateway to forward DHCP requests to the central DHCP server.

Before MSM 5.4 centralized bridging as with MTM was not possible.

With MSM version <5.4 you only have the following options:

access control enabled:
-> traffic is tunneled to the controller and routed by the controller
-> here you need a DHCP relay

access control disabled:
-> traffic is locally bridged by the AP (local breakout) with or without VLAN tagging
-> no DHCP relay required on the controller because the controller is not in the data path

Regards,

Jens
Shadow13
Respected Contributor

Re: Client data tunnel issues

The 1st option will not use vlans to connect to the controller, the traffic will exit the AP to the specified VLAN on your wired network directly without going to the controller, AP will handle the traffic not the controller, only the management traffic will go the controller and this will go through VLAN configure for the wireless or by L3 if the AP is reaching the controller from diff. network in this case you will provision the AP to discover the controller through a specific IP address.
Marcos Semid├бn
Occasional Advisor

Re: Client data tunnel issues

i know what you mean, but that's out of my purpose. Remember that i need tunnel all client data traffic to the controller, because only management vlan reachs the AP. The controller egress vlan for VSC will be the "guest" vlan.

DHCP services and acces control are external services.

If you want more detail, we want to sustitute the actual wireless plataform (another vendor) at the university for the Procurve one. The actual plataform tunnel all client data traffic to the controller, and egrees the traffic for the "guest" vlan. And the university wants the same thing with Procurve.

I'll try this afternoon with Mobility Traffic Manager,as it's explained in page 227 in the manual linked by Jens Fluegel. I hope it works :P

I'll keep you informed about the results.

P.D: Sorry about my english writing, i know is hard to understand.

Regards.






Aar├│n
Frequent Advisor

Re: Client data tunnel issues

Hello, I work with Marcos. I just did a little schematic explaining our network topology. We have a wide-spread network with multiple buildings. We have a 5412zl to route all the wireless users of all buildings.

So between our 5412zl and the APs there are several routers. En each building we have a vlan for managing the APs, that goes untagged into each AP. We want the user traffic to be tunneled through that link.

WIR1 = Wireless Users Vlan
WIA1 = Router for AP management

Both are separated through our Firewall, so they can not talk to each other, there are just vlan tags between them.

So our controller has an IP adress of WIA1 and can connect to the APs without problem, we want that the user traffic goes directly into WIR1 at level 2, so they can get DHCP directly from our DHCP Servers.


We already have a wireless platform with another vendor working this way.


I've attached a schematic with our networtk topology