M and MSM Series
1748149 Members
3671 Online
108758 Solutions
New Discussion

Re: MSM 760 Basic Network Design

 
Mikesisav
Visitor

MSM 760 Basic Network Design

All,

 

I was asked to implement a MSM 760 into our environment and am unsure of the functionality of the MSM. The goal is to have one SSID and based on authentication via internal db on controller or AD put the user on a specific IP scope/VLAN.

 

The current environment is: one SSID that users connect to and it pulls an address - vlan Trust - from the LAN port and authenticates via internal db on the controller. Vlan trust is untagged on the uplink switch that is connected to the MSM LAN port.

There was finally a break through when I set the Internet port as a DCHP client and the above process started working. So, again, I would assume that a user is coming in and connecting to and getting an address from the LAN port and is being routed out the Internet port - vlan Untrust which is untagged on the uplink switch.

 

Still can't grasp the LAN and Internet port relationship. From my readings, some installations do not even have the LAN port plugged up as everything is configured on the Internet port using the MSM.

 

I understand that each environment is different but for the goal of accessing a vlan based on login, should the vlans just be available untagged or tagged to the LAN port?

 

Please let me know your questions and thanks for any response.

 

 

P.S. This thread has been moved from Communications, Wireless (Legacy ITRC forum) to MSM Series. - HP Forum Moderator

2 REPLIES 2
John Getzke
Honored Contributor

Re: MSM 760 Basic Network Design

Mike,

 

I think what you are trying to describe is example 2 on page 7-13 of the MSM7xx Controller Management and Configuration Guide:

http://bizsupport1.austin.hp.com/bc/docs/support/SupportManual/c02704528/c02704528.pdf

 

Going under this example you would replace the radius server with nothing since it sounds like you are currently auuthenticating users through the locally defined User Accounts on the controller itself.  You are going to want to setup your SSID to be tagged when a user authenticates, otherwise you are exposing your network to anyone who tries to connect.  Let the Local User Accounts table handle which VLAN a given user is assigned to for you.

 

You want to use the LAN port to keep traffic internally circulated.  Only bring the Internet port into play when you want to move traffic off of your network.  Work on setting up your VLAN's, authentication and access Control features first, then throw the Internet port into the mix.

 

 

Kudo's appreciated : ) (The purple thumbs up)
Mikesisav
Visitor

Re: MSM 760 Basic Network Design

John,

 

Thanks for the reply.  From the example and your comments:

 

"You are going to want to setup your SSID to be tagged when a user authenticates"

 

This means that the VSC is non- access controlled and has a vlan tagged to it by the AP group VSC binding egress network of the Vlan ID - in our example vlan 1? Does the LAN port of the MSM need to have vlan 1 tagged or untagged on the uplink interface switch the MSM is connected?  Does anything need to be configured in the network profile or vlan configuration portions of the MSM?

 

"Let the Local User Accounts table handle which VLAN a given user is assigned to for you."

 

Where do I do this under user accounts?  The only thing I see would be the account profile location.

 

"Only bring the Internet port into play when you want to move traffic off of your network."

 

So, do I need the Internet port plugged in at all in the configuration?  If so, how does the switch interface connection to the MSM Internet port need to be configured?

 

Thanks and Kudos to you.