- Community Home
- >
- Networking
- >
- Wireless
- >
- M and MSM Series
- >
- Re: MSM 760 Basic Network Design
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-07-2011 09:27 AM - last edited on 12-01-2013 07:13 PM by Maiko-I
11-07-2011 09:27 AM - last edited on 12-01-2013 07:13 PM by Maiko-I
MSM 760 Basic Network Design
All,
I was asked to implement a MSM 760 into our environment and am unsure of the functionality of the MSM. The goal is to have one SSID and based on authentication via internal db on controller or AD put the user on a specific IP scope/VLAN.
The current environment is: one SSID that users connect to and it pulls an address - vlan Trust - from the LAN port and authenticates via internal db on the controller. Vlan trust is untagged on the uplink switch that is connected to the MSM LAN port.
There was finally a break through when I set the Internet port as a DCHP client and the above process started working. So, again, I would assume that a user is coming in and connecting to and getting an address from the LAN port and is being routed out the Internet port - vlan Untrust which is untagged on the uplink switch.
Still can't grasp the LAN and Internet port relationship. From my readings, some installations do not even have the LAN port plugged up as everything is configured on the Internet port using the MSM.
I understand that each environment is different but for the goal of accessing a vlan based on login, should the vlans just be available untagged or tagged to the LAN port?
Please let me know your questions and thanks for any response.
P.S. This thread has been moved from Communications, Wireless (Legacy ITRC forum) to MSM Series. - HP Forum Moderator
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-07-2011 01:24 PM
11-07-2011 01:24 PM
Re: MSM 760 Basic Network Design
Mike,
I think what you are trying to describe is example 2 on page 7-13 of the MSM7xx Controller Management and Configuration Guide:
http://bizsupport1.austin.hp.com/bc/docs/support/SupportManual/c02704528/c02704528.pdf
Going under this example you would replace the radius server with nothing since it sounds like you are currently auuthenticating users through the locally defined User Accounts on the controller itself. You are going to want to setup your SSID to be tagged when a user authenticates, otherwise you are exposing your network to anyone who tries to connect. Let the Local User Accounts table handle which VLAN a given user is assigned to for you.
You want to use the LAN port to keep traffic internally circulated. Only bring the Internet port into play when you want to move traffic off of your network. Work on setting up your VLAN's, authentication and access Control features first, then throw the Internet port into the mix.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-07-2011 02:37 PM
11-07-2011 02:37 PM
Re: MSM 760 Basic Network Design
John,
Thanks for the reply. From the example and your comments:
"You are going to want to setup your SSID to be tagged when a user authenticates"
This means that the VSC is non- access controlled and has a vlan tagged to it by the AP group VSC binding egress network of the Vlan ID - in our example vlan 1? Does the LAN port of the MSM need to have vlan 1 tagged or untagged on the uplink interface switch the MSM is connected? Does anything need to be configured in the network profile or vlan configuration portions of the MSM?
"Let the Local User Accounts table handle which VLAN a given user is assigned to for you."
Where do I do this under user accounts? The only thing I see would be the account profile location.
"Only bring the Internet port into play when you want to move traffic off of your network."
So, do I need the Internet port plugged in at all in the configuration? If so, how does the switch interface connection to the MSM Internet port need to be configured?
Thanks and Kudos to you.