- Community Home
- >
- Networking
- >
- Wireless
- >
- M and MSM Series
- >
- Internet and Lan port on MSM controllers
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-24-2013 12:31 AM
03-24-2013 12:31 AM
Internet and Lan port on MSM controllers
Please can somebody explain the following:
"what is the actual difference between the LAN and INTERNET ports on a MSM controller".
As per some documents only the internet port can be used for connectivity, Then what would be the need for an extra lan port ??
The word "INTERNET PORT" gives a signal that internet line can be directly inserted into it while the the lan port connects to the switch. Is this assumption right ?
Also when would you use both ports ?
I am also confused with the concept of tagging and untagging a port under multiple vlans. As per a guide TAGGING is equal to trunk port on cisco switches and untagging is equal to a access port. Why would you need to tag and untag the same port under multiple vlans ? What does it do ??
Please provide a detailed explaination.
Note # i have several HP config and management guides that do not explain these concepts clearly !!!!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-20-2014 05:27 AM
11-20-2014 05:27 AM
Re: Internet and Lan port on MSM controllers
I have the same doubt
ATP FLEXNETWORK V3 | ACSA
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-23-2014 11:10 AM - edited 11-23-2014 11:44 AM
11-23-2014 11:10 AM - edited 11-23-2014 11:44 AM
Re: Internet and Lan port on MSM controllers
Hello
Let's start from the VLAN tagging / trunking.
In the wired network the edge ports are generally untagged (PCs NICs don't understand dot1q), the inter-switch ports tagged to multiple VLANs. This allows you to separate traffic in different departments from each other for traffic management and security.For example barcode scanners in the warehouse do not need to reach your financial department resources, and marketing department doesn't need to reach the management interfaces of your devices. On the edge switches you would untag the edge device ports accordingly, depending on which department the user belongs to. The inter-switch links might be untagged on the device management VLAN, and to allow other VLAN traffic through these ports you would tag them on the other VLANs.
"As per some documents only the internet port can be used for connectivity"
I don't know where this comes from, but it's plain incorrect. You can use either port alone, or both.
The traffic between these two ports is routed. By deafult Internet interface is in DHCP Client mode, LAN interface assumes default IP address 192.168.1.1. You can change these once you get access to the device, but please note that you shouldn't use 192.168.1.0/24 subnet on the Internet side - it's deeply associated with LAN interface.
Controllers have a built-in Firewall. Traffic that flows out through the Internet port will be firewalled, traffic out of LAN port won't. You can also NAT the traffic on the Internet VLAN.
To give you an example of LAN and Internet port usage let's assume the following scenario:
- You have three departments, and have separated the traffic in the wired LAN to VLANs:
- device management (VLAN 1)
- warehouse (VLAN 2)
- marketing (VLAN 3)
- management (VLAN 4)
- you provide Internet access to all departments on VLAN 10.
You need to provide wireless access to all departments with minimal changes to the current setup. Additionally you need to provide wireless access to guests. Employees accessing the network wirelessly must be able to reach the same resources as they get when they access through the wire, and guests are only allowed to access the Internet. You could do the following:
- Create a new VLAN 20 on the wired side for wireless device management, including mgmt traffic between
APs and controller - do not put a DHCP server or enable DHCP relay on this VLAN
- Connect LAN port and all AP ports to switch ports which are Untagged on VLAN 20, and tagged on VLANs 2-4
- Enable the DHCP server on global level in the controller
- The APs will receive IP addresses from the controller's global DHCP server on VLAN 20
- For warehouse employees:
- Create VLAN 2 on the controller
- Configure a non-Access Controlled, non-Authenticating VSC
- In the VSC binding egress Warehouse VSC to VLAN 2
- Because the VLAN exists on the controller and there's a VSC binding, the AP port will be tagged on VLAN 2 (this
is why the switch port must also be tagged on this VLAN)
- Since the VSC is non-AC, the traffic will be sent directly from the AP LAN port to VLAN 2 on the wired network
- The warehouse employee devices will receive IP addresses from the same DHCP server on VLAN 2
that is used for the wired devices
- The devices will have the same Default GW as the wired devices
- The warehouse employees will be authenticated the same way they would authenticate on the wired LAN
- Configure the other two employee VSCs the same way
- For guests:
- Create an Access-Controlled, Authenticating VSC on the controller
- Create a DHCP server in the Guest VSC
- Connect the Internet port to a switch port which is Untagged in VLAN 10
- Configure controller's Default Route and DNS to the Internet router in VLAN 10
- The guest devices will receive IP addresses directly from the controller
- The controller will become the Default GW for the guest devices, and provide DNS service
- Guests will be authenticated on the controller
- Since the VSC is AC, guest traffic will be tunneled to the controller, which will NAT it according to the routing table
through the Internet port directly to VLAN 10
- Since there is no Guest VLAN in the wired network, the guests will have no access to the intranet resources
(except if the Internet router is configured to do it)
If you create the VSCs using the Wizard, this is pretty much how the configuration will look like.
HTH,
Arimo
HPE Networking Engineer