HPE Community
M and MSM Series
1757083 Members
2251 Online
108858 Solutions
New Discussion юеВ

Re: Msm765zl distributed forwarding

 
wirelessjohn
Occasional Advisor

тАО03-25-2012 09:36 AM

тАО03-25-2012 09:36 AM

Msm765zl distributed forwarding

Has anyone got any information on how to set distributed forwarding up?? HP recomend setting this up but they dont seem to have much documentation on it.

 

Thanks

John

0 Kudos
8 REPLIES 8
Fredrik L├╢nnman
Honored Contributor

тАО03-25-2012 11:05 AM

тАО03-25-2012 11:05 AM

Re: Msm765zl distributed forwarding

Never heard about it, what is it?

---
CCIE Service Provider
MASE Network Infrastructure [2011]
H3CSE
CCNP R&S

0 Kudos
wirelessjohn
Occasional Advisor

тАО03-27-2012 11:58 AM

тАО03-27-2012 11:58 AM

Re: Msm765zl distributed forwarding

Distributed forwarding allows you to off load the traffic from the access point directly to the switch that the access point is connected too, This saves the traffic being sent through the controller.

 

The only bit of information I have found deep inside one of the design guide says you have to create the same vlan that your wireless controller uses for the vsc on each switch with an access point and tag the access point in that vlan. This is all well and good on a fairly simple setup with all the routing between vlans taking place in one place and the rest of the network being layer 2.

 

But my design in bit more complicated and we route at the access layer/level so each switch is its own router and traffic it routed off to the server room or where ever it needs to go, this also means the wireless vlan only exists on the switch with the msm765zl in it and the access points tunnel all there traffic through it.

 

So I am looking for information on how to setup distributed forwarding up in this kind of setup and how I would make the same vlan appear on each router and how things like dhcp and ospf would handle it.

 

Thanks

0 Kudos
Fredrik L├╢nnman
Honored Contributor

тАО03-27-2012 12:19 PM

тАО03-27-2012 12:19 PM

Re: Msm765zl distributed forwarding

Oh, right. Thats pretty much the default behavior of the MSM since tunneling everything through the controller is kinda a hack for guest users. Just create a VSC that is NOT access controlled and when you do the VSC binding you specify an egress VLAN for that VSC and you're done, the VSC will be localy bridged on the APs uplink port.

 

 

---
CCIE Service Provider
MASE Network Infrastructure [2011]
H3CSE
CCNP R&S

0 Kudos
wirelessjohn
Occasional Advisor

тАО03-27-2012 01:03 PM

тАО03-27-2012 01:03 PM

Re: Msm765zl distributed forwarding

Thanks for the reply

 

I must admit my knowledge is fast running out at this point but am I able to create the egress vlan on all routers and span it across the layer 3 network?? How would I IP each vlan and what default gateway would I have for the vlan??

0 Kudos
Fredrik L├╢nnman
Honored Contributor

тАО03-27-2012 08:58 PM

тАО03-27-2012 08:58 PM

Re: Msm765zl distributed forwarding

No if you have a routed network you can't span a VLAN across it, you'll need to terminate the VLAN at every switch.

---
CCIE Service Provider
MASE Network Infrastructure [2011]
H3CSE
CCNP R&S

0 Kudos
wirelessjohn
Occasional Advisor

тАО03-28-2012 01:18 AM

тАО03-28-2012 01:18 AM

Re: Msm765zl distributed forwarding

I didn't think you could span the vlan. So how would I go about making vlan 100 appear on each switch?? I take it  vlan 100 on each switch need a different default gateway?? but within the IP address range that vlan 100 uses??

0 Kudos
ndoudna
Frequent Advisor

тАО03-30-2012 10:00 AM

тАО03-30-2012 10:00 AM

Re: Msm765zl distributed forwarding

 

>>

Distributed forwarding allows you to off load the traffic from the access point directly to the switch that the access point is connected too, This saves the traffic being sent through the controller.

>>

 

Cobbling together from HP's manuals and training "distributed forwarding" means that authentication and wireless user traffic does not go through the controller.  The way to implement this is in the VSC configuration: Authentication UNCHECKED and Access controlled UNCHECKED.  (haven't tried this on a 765zl, but it seems to be the case on my MSM710.)

 

p5-6 of the "HP MSM7xx Controllers Management and Configuration Guide" shows this pretty well, with pictures, even.   A text summary:

 

Centralized access control:

-        Management, authentication and wireless user  traffic all go through the controller.

-        VSC: Authentication CHECK.  Access control: CHECK

-       (seems to be necessary for HTML-based authentication)

 

Distributed forwarding with centralized authentication:

-        Management and authentication traffic go to the controller.

-        Wireless user traffic bypasses the controller.

-        VSC: Authentication CHECK.  Access control: UNCHECK

 

Distributed forwarding:

-        Authentication and wireless user  traffic bypass the controller.

-        Management traffic goes to the controller.

-        VSC: Authentication UNCHECK  Access control: UNCHECK

 

 

thanks,

noemi

ndoudna
Frequent Advisor

тАО03-30-2012 10:26 AM

тАО03-30-2012 10:26 AM

Re: Msm765zl distributed forwarding

>>
So I am looking for information on how to setup distributed forwarding up in this kind of setup and how I would make the same vlan appear on each router and how things like dhcp and ospf would handle it.

I didn't think you could span the vlan. So how would I go about making vlan 100 appear on each switch?? I take it  vlan 100 on each switch need a different default gateway?? but within the IP address range that vlan 100 uses??
>>

Are your APs all on different switches?  In any case, even if they are, if you have a VSC that is using an egress VLAN ID of 100, then:

    - Every port that an AP is attached to needs to be tagged for 100.

    - Any trunk that interconnects the switches needs to be tagged for 100.

    - One of the switches needs to have an ip address associated with its vlan 100

    - That ip address would be the gateway (e.g. 10.10.100.1) for that VSC/subnet/VLAN of 100.

    - That ip interface would need an ip helper-address to convert DHCP discovery broadcasts to unicast, with the helper-address pointing to a DHCP server that has a scope for your VSC/VLAN/subnet (e.g. 10.10.100.11-249).

    -  The switch that has the ip gateway interface on VLAN 100 will also have other IP interfaces and routing to reach the rest of the layer 3 network, especially the DHCP and DNS servers.

 

I find IP interfaces on L2 switches incredibly confusing. This "wired" part of wireless installations takes way more time than the wireless itself!

 

don't know if this answers the question, but it's one I've had a lot!

 

thanks,
noemi

The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.