- Community Home
- >
- Networking
- >
- Wireless
- >
- M and MSM Series
- >
- Re: Question about "Always tunnel" - can't find ri...
M and MSM Series
1752797
Members
5818
Online
108789
Solutions
Forums
Categories
Company
Local Language
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-30-2010 12:19 PM
10-30-2010 12:19 PM
Question about "Always tunnel" - can't find right way to work with it
Hi!
I have MSM765zl and MSM410 AP. If I configure VSC without "always tunnel", it works fine with egress VLAN, binded to AP.
But I can't find out, what I can do with "always tunnel" feature and how to get it work. When "always tunnel" enabled, should MSM765zl bridge traffic or route traffic to egress VLAN?
If bridge, why egress VLAN need IP in configuration? If route, where can I configure network between wireless client and MSM765zl? If I set IP manually on wireless client, I can ping any interface on MSM765zl, but can't ping anything behind it - looks like trafic is not bridged either routed.
I've read MCG and wireless implementation guide and spent all day to try it out - anyway, with "always tunnel" trafic does not go to egress VLAN configured in VSC.
I'll be glad if anyony explain me concept on "always tunnel" feature and give some description of working topology.
Thanks.
I have MSM765zl and MSM410 AP. If I configure VSC without "always tunnel", it works fine with egress VLAN, binded to AP.
But I can't find out, what I can do with "always tunnel" feature and how to get it work. When "always tunnel" enabled, should MSM765zl bridge traffic or route traffic to egress VLAN?
If bridge, why egress VLAN need IP in configuration? If route, where can I configure network between wireless client and MSM765zl? If I set IP manually on wireless client, I can ping any interface on MSM765zl, but can't ping anything behind it - looks like trafic is not bridged either routed.
I've read MCG and wireless implementation guide and spent all day to try it out - anyway, with "always tunnel" trafic does not go to egress VLAN configured in VSC.
I'll be glad if anyony explain me concept on "always tunnel" feature and give some description of working topology.
Thanks.
1 REPLY 1
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-31-2010 09:24 AM
10-31-2010 09:24 AM
Re: Question about "Always tunnel" - can't find right way to work with it
Always tunnel is a feature between the AP and the controller. It is a mean to take the wireless client data traffic and to carry it over a network inside a tunnel. This has 2 advantages in my opinion: it makes sure that the client traffic does not temper with the network and therefore it makes sure it reaches the controller and only the controller. The second advantage is that it works regardless of the network topology between the AP and the controller (VLANs or not, number of hops/switches/routers/etc.)
There are several concepts that needs to be understood, the first is the egress VLAN that you find in the VSC binding. This VLAN applies at the AP and is useless in case of the "always tunnel" feature.
The other concept is the egress VLAN in the VSC itself. This one applies at the controller to determine where the traffic should go once it reaches the controller.
The AP bridges the traffic. But in the vast majority of cases, once the traffic reaches the controller it is always routed through the controller. The fact that you specify a VLAN interface as an egress to the VSC (not the binding, but the actual VSC) means that the traffic is forced to be routed through that interface rather than taking the default routing table.
On top of being routed, your traffic is most likely access controlled (especially true if the "use this controller for: access control" is checked in the VSC, which means that by default no traffic will go through unless your client is authenticated.
Again, the egress mapping of a VSC is not linked to the "Always tunnel" feature.
In terms of topology, it really depend on what you want to achieve. 2 big questions to ask really:
1) Do you want the traffic from your client to be bridged directly and put on the network at the AP so that it can reach any resources directly from there?
2) Or do you want the traffic from your client to be forced towards the controller so that it can be access controlled (with ACLs) before it can actually reach resources?
If none of the above, can you try to explain what you are trying to achieve?
There are several concepts that needs to be understood, the first is the egress VLAN that you find in the VSC binding. This VLAN applies at the AP and is useless in case of the "always tunnel" feature.
The other concept is the egress VLAN in the VSC itself. This one applies at the controller to determine where the traffic should go once it reaches the controller.
The AP bridges the traffic. But in the vast majority of cases, once the traffic reaches the controller it is always routed through the controller. The fact that you specify a VLAN interface as an egress to the VSC (not the binding, but the actual VSC) means that the traffic is forced to be routed through that interface rather than taking the default routing table.
On top of being routed, your traffic is most likely access controlled (especially true if the "use this controller for: access control" is checked in the VSC, which means that by default no traffic will go through unless your client is authenticated.
Again, the egress mapping of a VSC is not linked to the "Always tunnel" feature.
In terms of topology, it really depend on what you want to achieve. 2 big questions to ask really:
1) Do you want the traffic from your client to be bridged directly and put on the network at the AP so that it can reach any resources directly from there?
2) Or do you want the traffic from your client to be forced towards the controller so that it can be access controlled (with ACLs) before it can actually reach resources?
If none of the above, can you try to explain what you are trying to achieve?
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
News and Events
Support
© Copyright 2024 Hewlett Packard Enterprise Development LP