- Community Home
- >
- Networking
- >
- Wireless
- >
- M and MSM Series
- >
- Re: MSM Deployment Scenario - How To Guide
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-07-2013 12:13 PM
тАО09-07-2013 12:13 PM
Re: MSM Deployment Scenario - How To Guide
Hi,
Excellent guide...will help me a lot in deployments..
Can we do cerificate with usename /password authention (two factor auhentication) with MSM controller ?
Regards
George
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-09-2013 09:19 AM
тАО09-09-2013 09:19 AM
Re: MSM Deployment Scenario - How To Guide
With the 6.0.x firmware, ACLs/attributes will NO LONGER WORK if the tunneled guest traffic routes back out through the LAN port (this can happen in some cases - DEPENDING on your routing configuration within the MSM. I learned this recently after upgrading some of my customer controllers from 5.7.x to 6.0.x. Whereas previously, based on the ACLs/attributes, tunneled traffic on the guest VSC no longer had access to the specific locations (for example, an internally hosted website) that were allowed via the attributes.
Again, in most cases ACLs/attributes will continue to work, except when that traffic is destined for specific locations (via ACLs/attributes) and based on the controllers Routing tables, is pushed out the LAN port.
This is something new in 6.0.x code. I guess it's a bit 'tighter' of a security configuration.
Also, one quick mention....in the guide, I mention TAGGING each AP at the switch port level for the guest VSC and VLAN. This is NOT really necessary IF you always tunnel that traffic through the controller anyways. Really depends on your setup...
George, are you referring to 802.1X EAP/TLS which uses both a certificate and computer/user authentication? If so, yes. I have done that for customers in the past.
Regards,
JR
Source One Technology, Inc.
HP Partner
MSM 5.7.x deployment guide:
- Tags:
- ACLs
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-16-2013 12:52 PM
тАО09-16-2013 12:52 PM
Re: MSM Deployment Scenario - How To Guide
Hi,
Thanks for your kind reply..
For Access controlled users ,when you are doing egress VLAN doest it require to tag internet port wiith that paricular VLAN..? or will it work with untagged as per design guide..
How we configure if multiple access controlled vlans are required..?
Can I do dynamic VLAN assignment in access controller users..One SSID but users should maped as per radius attributes..? is it required to configure multiple IP adresses in Internet port..?
I am confused..Please help..
Regards
George
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-21-2013 09:05 AM
тАО10-21-2013 09:05 AM
Re: MSM Deployment Scenario - How To Guide
For access controlled VSCs, you do NOT have to have the AP tagged for that VLAN. I used to do it that way, but I don't anymore...
You can configure multiple access controlled VSCs on the same controller. I have done that on occasion. However, doing that changes the way I typically deploy the MSM controllers. If I need to deploy, for example, (2) different access controlled VSCs, and have each on a different VLAN, then I will NOT assign an IP address to the Internet Port of the controller (which is the default way controllers are setup). Instead, I will do the following (for example):
- From the Network|Network Profiles page, I will create my two profiles, GuestA (on VLAN 30) and GuestB (on VLAN40)
- From the Network|VLANs page, I will set GuestA as Mapped to the Internet Port (tagged).
- From the Network|VLANs page, I will set GuestB as Mapped to the Internet Port (tagged).
-From the Network|IP Interfaces page, I will remove ALL IP addressing from the Internet port itself.
-From the Network|IP Interfaces page, I will add a New Interface for GuestA and assign it an IP address on that VLAN as applicable.
-From the Network|IP Interfaces page, I will add a New Interface for GuestB and assign it an IP address on that VLAN as applicable.
-On the Switch, I change the actual port where the Internet Port is plugged into from Untagged to Tagged on both VLAN30 and VLAN40.
-From Network Tree|Controller|VSC, I will select the GuestA VSC, and then navigate to VSC egress mapping and select the applicable Mapping for all three traffic types.
-From Network Tree|Controller|VSC, I will select the GuestB VSC, and then navigate to VSC egress mapping and select the applicable Mapping for all three traffic types.
I have never yet done dynamic VLAN assignment based on specific users or RADIUS but I believe it can be done.
Source One Technology, Inc.
HP Partner
MSM 5.7.x deployment guide:
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-21-2013 11:14 AM - edited тАО10-21-2013 11:15 AM
тАО10-21-2013 11:14 AM - edited тАО10-21-2013 11:15 AM
Re: MSM Deployment Scenario - How To Guide
Thank You Jesse !! You rocks.. !! :)
I shared your excellent config guide link in my blog :)
Regards
George
- « Previous
-
- 1
- 2
- Next »