49
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

Tb2387 groenveld expert_one wlan_final

Embed Size (px)

DESCRIPTION

 

Citation preview

Page 1: Tb2387 groenveld expert_one wlan_final

© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

Page 2: Tb2387 groenveld expert_one wlan_final

© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

ExpertOne: Introduction to HP Networking Wireless SolutionsPraveen BahethiJune, 2012

Page 3: Tb2387 groenveld expert_one wlan_final

© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

Initial Setup and Configuration

Page 4: Tb2387 groenveld expert_one wlan_final

© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.4

Objectives

Plan how to connect an MSM Controller’s ports based on a company’s requirements Deploy an MSM Controller and complete the initial configuration Deploy MSM APs and enable them to become controlled

Page 5: Tb2387 groenveld expert_one wlan_final

© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

MSM Controller Ports and Networks

Page 6: Tb2387 groenveld expert_one wlan_final

© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.6

MSM710, MSM760, and MSM765 zl Ports

Two portsInternet LANRoutedDifferent subnets

One default network profile per port • Associated with untagged traffic• Associated with an IP interface

Page 7: Tb2387 groenveld expert_one wlan_final

© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.7

MSM765 zl Internal Ports

Page 8: Tb2387 groenveld expert_one wlan_final

© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.8

MSM Controller Schematic

Page 9: Tb2387 groenveld expert_one wlan_final

© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.9

Exploring How the Controller Handles Incoming Traffic

Traffic destined to the controllerController management (Web, SOAP, SNMP, and so forth)AP management

Traffic associated with access-controlled clients (default: untagged LAN port traffic)DHCP discovery broadcastsTraffic directed to the controller for routing

Page 10: Tb2387 groenveld expert_one wlan_final

© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.10

Web Browser Interface Traffic

Page 11: Tb2387 groenveld expert_one wlan_final

© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.11

Other Management Traffic

Page 12: Tb2387 groenveld expert_one wlan_final

© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.12

Traffic From Access-controlled Clients (Default)

Default VSC has access control enabledUntagged LAN port interface devices are treated as access-controlled clientsIf enabled, the DHCP server responds to requestsOther traffic is captured

Page 13: Tb2387 groenveld expert_one wlan_final

© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.13

Adding VLANs to MSM710, MSM760, or MSM765zl Controller Ports

Page 14: Tb2387 groenveld expert_one wlan_final

© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.14

MSM720 PortsMSM720 ports act like switch portsYou canAggregate ports (static trunk and active LACP)Assign network profiles as untagged and tagged to multiple ports or trunks

Do not create loops

Page 15: Tb2387 groenveld expert_one wlan_final

© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.15

MSM720 Networks

– You can associate a mapped profile with an IP interface:

• Access network interface = (untagged) LAN port interface

• Internet network interface = (untagged) Internet port interface

• Non-default profile interfaces = Non-default profile interfaces

– Any profile can be tagged or untagged

Page 16: Tb2387 groenveld expert_one wlan_final

© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.16

How does the controller handle the packet?

MSM760

DHCP requests

MSM760

HTTP requests

MSM720

DHCP requests

MSM720

HTTP requests

1Responds

3Ignores

7Ignores

9Sends to Access Con

2Ignores

4Sends to Access

8Responds

10Responds

5Ignores

6Responds

Activity: Exploring How the Controller Handles Incoming Wired Traffic (Untunneled)

________ ________ ________ ________

________

________ ________

________

________ ________

Page 17: Tb2387 groenveld expert_one wlan_final

© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

Initial Setup

Page 18: Tb2387 groenveld expert_one wlan_final

© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.18

Initial Setup Process

1. Obtain initial access2. Configure IP settings3. Connect the controller to the network4. Restrict management to the correct interface5. Temporarily disable the default VSC (optional)

Page 19: Tb2387 groenveld expert_one wlan_final

© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.19

Select an IP interface (and port) on which to manage the controller

Planning the Controller’s Connection

Typical: Internet Another option: LAN port + tagged management

Page 20: Tb2387 groenveld expert_one wlan_final

© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.20

A way to reach the controller remotely at its default IP address—but be careful to leave the controller’s DHCP services disabled or to isolate the LAN port

Fastest way to get the controller connected when: • You manage the controller on

the untagged Internet port network

• The controller can use DHCP to receive its management address

C DIndirect Ethernet connectionIndirect Ethernet connection & no DHCP

Obtaining Initial Access

Easiest way to obtain initial access when you have physical access to the controller

Another way to assign the controller its IP settings before connecting it to the network—required for MSM765 zls

A BDirect Ethernet connection Console connection or zl switch CLI

Page 21: Tb2387 groenveld expert_one wlan_final

© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.21

Configuring IP and Other Initial Settings

Specify IP settings for the controller management interfaceCreate a default routeFor a non-default IP interface, create a route rather than specify the interface gateway

Set a DNS server and time server

Page 22: Tb2387 groenveld expert_one wlan_final

© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.22

Temporarily Disabling the Default VSC (optional)

Prevent the controller and APs fromsupporting the default VSC until you are readyDisable access controlDisable virtual AP

Page 23: Tb2387 groenveld expert_one wlan_final

© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.23

Connecting the Controller in Its Final Location• MSM720

• IP address: 10.1.1.2/24 on the Internet network

• MSM765 zl

• IP address: 10.1.1.2/24 on Management (11) mapped to the LAN port

• MSM760

• IP address: 10.1.1.2/24 on the (untagged) Internet port

• Configure the VLAN assignment on the switch port

• Connect the management interface

• Isolate the untagged LAN port (or Access network) interface

• Connect the controller port

• Verify connectivity

Page 24: Tb2387 groenveld expert_one wlan_final

© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.24

Restricting Management to the Correct InterfaceAccess the controller on the IP address configured to manage itDisable management on other interfaces

Page 25: Tb2387 groenveld expert_one wlan_final

© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.25

Deploy the MSM controller and complete initial configuration

Lab Activity 2.1

Page 26: Tb2387 groenveld expert_one wlan_final

© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.26

Lab Activity 2.1 Debrief

What advantages and disadvantages did you discover for the deployment methods that you explored?What other challenges did you face, and how did you meet the challenges?What other discoveries did you make?

Page 27: Tb2387 groenveld expert_one wlan_final

© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

AP Deployment

Page 28: Tb2387 groenveld expert_one wlan_final

© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.28

Planning the AP Deployment

To which VLANs and subnets will APs connect?How will you assign IP addresses to the MSM APs?Can you configure the APs’ VLANs on the controller, or do you need to set up Layer 3 discovery? Should the controller accept all MSM APs that discover it, or do you want to enforce authentication?

Page 29: Tb2387 groenveld expert_one wlan_final

© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.29

AP Deployment SolutionsSolution 1—Dedicated AP

VLAN (Layer 2 discovery)

Solution 2—All APs and controller managed on

the same VLANSolution 3—Dedicated

AP VLANs (Layer 3 discovery)

Page 30: Tb2387 groenveld expert_one wlan_final

© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.30

Solution 1—Deploying APs in a Dedicated VLAN 1 Dedicated AP VLAN

Recommendto separate controlled AP communications from network traffic

Page 31: Tb2387 groenveld expert_one wlan_final

© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.31

Using DHCP to Assign IP Addresses to APs

Typically, use a network DHCP serverA routing switch or router is the APs’ default gateway and DHCP relayThe controller can support the AP VLAN on any IP interface

Page 32: Tb2387 groenveld expert_one wlan_final

© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.32

Solution 2—Deploying APs in an existing VLAN 2 Existing VLAN

Less recommended but allows quick AP deployment when a DHCP scope already exists for the VLAN

Page 33: Tb2387 groenveld expert_one wlan_final

© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.33

Make sure step 2 succeeds by enabling discovery on the correct interface

Layer 2 AP Discovery

Page 34: Tb2387 groenveld expert_one wlan_final

© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.34

AP ManagementThe controller stores a configuration for each APThe configuration includes group and AP-level settingsSynchronize the AP to apply configuration changes

Page 35: Tb2387 groenveld expert_one wlan_final

© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.35

Deploy, discover, and begin to manage the MSM APs

Lab Activity 2.2

Page 36: Tb2387 groenveld expert_one wlan_final

© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.36

Lab Activity 2.2 Debrief

What messages did you observe during the discovery process?What status indications did you observe during the discovery process?

Page 37: Tb2387 groenveld expert_one wlan_final

© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.37

Solution 3—Deploying APs Across Layer 3 Boundaries

• Allows you to deploy APs across routed segments but requires Layer 3 discovery

• Can use Layer 3 for all APs or for some

3 APs across Layer 3 boundaries

Page 38: Tb2387 groenveld expert_one wlan_final

© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.38

Assigning IP Addresses to MSM APs in Multiple Subnets

Most flexible and efficient option but setup required on the DHCP server

Gives you complete control over AP’s IP addresses but requires pre-provisioning and introduces room for error

Recommended: Network DHCP server

Static assignments 3A 3B

Page 39: Tb2387 groenveld expert_one wlan_final

© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.39

Layer 3 AP Discovery

Solution 3 requires Layer 3 discoveryDelivers the controller’s IP address to the APChoose an IP address that the AP can reachMake sure discovery is enabled on the interface

Requires initial setup on APs, network services, or bothRequires you to double-check routesThree methodsDHCPDNSStatic pre-provisioning

Page 40: Tb2387 groenveld expert_one wlan_final

© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.40

DHCP

Layer 3 AP DiscoveryOption 43 on the DCHP server

– Vendor class = Colubris-AP (ASCII)

– Class option• Name = Name• Type = IP address (array)• Code = 1

– Option in pool = Controller addresses

Page 41: Tb2387 groenveld expert_one wlan_final

© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.41

DNS

Layer 3 AP Discovery

The DNS server requires an entry that resolves the controller hostname

Page 42: Tb2387 groenveld expert_one wlan_final

© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.42

Static

Layer 3 AP Discovery

No changes to network services required, but you must pre-provision APs

Page 43: Tb2387 groenveld expert_one wlan_final

© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.43

Provisioning APs

Controller-based provisioning (typically preferred)1. Discover the APs at Layer 22. Configure the provisioning settings:• Discovery• Connectivity

3. Enable controlled AP provisioning4. Resynchronize the APs5. Install the APs in their final locations

Individual AP, or non-staged provisioning, is possible before AP is managed

Page 44: Tb2387 groenveld expert_one wlan_final

© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.44

Provisioning APs with other Settings

Acting as an 802.1X supplicant–Helps to protect the network against rogue endpoints or APs

Connecting with a tagged VLAN–Prevents issues if the AP fails to receive an IP address

Page 45: Tb2387 groenveld expert_one wlan_final

© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.45

Lab Activity 2.3Enable MSM APs to discover the controller at Layer 3

Page 46: Tb2387 groenveld expert_one wlan_final

© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.46

Lab Activity 2.3 Debrief

What discoveries did you make?What challenges did you face and how did you resolve them?

Page 47: Tb2387 groenveld expert_one wlan_final

© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.47

Review: Planning an MSM Controller and AP Deployment

Page 48: Tb2387 groenveld expert_one wlan_final

© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.48

Summary

MSM Controller ports and networksBest practices for controller deploymentBest practices for AP deployment

Page 49: Tb2387 groenveld expert_one wlan_final

© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

Thank you