Upload
hp-enterprise
View
1.682
Download
0
Embed Size (px)
DESCRIPTION
Citation preview
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
ExpertOne: Introduction to HP Networking Wireless SolutionsPraveen BahethiJune, 2012
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Initial Setup and Configuration
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.4
Objectives
Plan how to connect an MSM Controller’s ports based on a company’s requirements Deploy an MSM Controller and complete the initial configuration Deploy MSM APs and enable them to become controlled
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
MSM Controller Ports and Networks
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.6
MSM710, MSM760, and MSM765 zl Ports
Two portsInternet LANRoutedDifferent subnets
One default network profile per port • Associated with untagged traffic• Associated with an IP interface
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.7
MSM765 zl Internal Ports
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.8
MSM Controller Schematic
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.9
Exploring How the Controller Handles Incoming Traffic
Traffic destined to the controllerController management (Web, SOAP, SNMP, and so forth)AP management
Traffic associated with access-controlled clients (default: untagged LAN port traffic)DHCP discovery broadcastsTraffic directed to the controller for routing
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.10
Web Browser Interface Traffic
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.11
Other Management Traffic
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.12
Traffic From Access-controlled Clients (Default)
Default VSC has access control enabledUntagged LAN port interface devices are treated as access-controlled clientsIf enabled, the DHCP server responds to requestsOther traffic is captured
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.13
Adding VLANs to MSM710, MSM760, or MSM765zl Controller Ports
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.14
MSM720 PortsMSM720 ports act like switch portsYou canAggregate ports (static trunk and active LACP)Assign network profiles as untagged and tagged to multiple ports or trunks
Do not create loops
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.15
MSM720 Networks
– You can associate a mapped profile with an IP interface:
• Access network interface = (untagged) LAN port interface
• Internet network interface = (untagged) Internet port interface
• Non-default profile interfaces = Non-default profile interfaces
– Any profile can be tagged or untagged
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.16
How does the controller handle the packet?
MSM760
DHCP requests
MSM760
HTTP requests
MSM720
DHCP requests
MSM720
HTTP requests
1Responds
3Ignores
7Ignores
9Sends to Access Con
2Ignores
4Sends to Access
8Responds
10Responds
5Ignores
6Responds
Activity: Exploring How the Controller Handles Incoming Wired Traffic (Untunneled)
________ ________ ________ ________
________
________ ________
________
________ ________
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Initial Setup
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.18
Initial Setup Process
1. Obtain initial access2. Configure IP settings3. Connect the controller to the network4. Restrict management to the correct interface5. Temporarily disable the default VSC (optional)
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.19
Select an IP interface (and port) on which to manage the controller
Planning the Controller’s Connection
Typical: Internet Another option: LAN port + tagged management
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.20
A way to reach the controller remotely at its default IP address—but be careful to leave the controller’s DHCP services disabled or to isolate the LAN port
Fastest way to get the controller connected when: • You manage the controller on
the untagged Internet port network
• The controller can use DHCP to receive its management address
C DIndirect Ethernet connectionIndirect Ethernet connection & no DHCP
Obtaining Initial Access
Easiest way to obtain initial access when you have physical access to the controller
Another way to assign the controller its IP settings before connecting it to the network—required for MSM765 zls
A BDirect Ethernet connection Console connection or zl switch CLI
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.21
Configuring IP and Other Initial Settings
Specify IP settings for the controller management interfaceCreate a default routeFor a non-default IP interface, create a route rather than specify the interface gateway
Set a DNS server and time server
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.22
Temporarily Disabling the Default VSC (optional)
Prevent the controller and APs fromsupporting the default VSC until you are readyDisable access controlDisable virtual AP
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.23
Connecting the Controller in Its Final Location• MSM720
• IP address: 10.1.1.2/24 on the Internet network
• MSM765 zl
• IP address: 10.1.1.2/24 on Management (11) mapped to the LAN port
• MSM760
• IP address: 10.1.1.2/24 on the (untagged) Internet port
• Configure the VLAN assignment on the switch port
• Connect the management interface
• Isolate the untagged LAN port (or Access network) interface
• Connect the controller port
• Verify connectivity
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.24
Restricting Management to the Correct InterfaceAccess the controller on the IP address configured to manage itDisable management on other interfaces
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.25
Deploy the MSM controller and complete initial configuration
Lab Activity 2.1
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.26
Lab Activity 2.1 Debrief
What advantages and disadvantages did you discover for the deployment methods that you explored?What other challenges did you face, and how did you meet the challenges?What other discoveries did you make?
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
AP Deployment
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.28
Planning the AP Deployment
To which VLANs and subnets will APs connect?How will you assign IP addresses to the MSM APs?Can you configure the APs’ VLANs on the controller, or do you need to set up Layer 3 discovery? Should the controller accept all MSM APs that discover it, or do you want to enforce authentication?
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.29
AP Deployment SolutionsSolution 1—Dedicated AP
VLAN (Layer 2 discovery)
Solution 2—All APs and controller managed on
the same VLANSolution 3—Dedicated
AP VLANs (Layer 3 discovery)
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.30
Solution 1—Deploying APs in a Dedicated VLAN 1 Dedicated AP VLAN
Recommendto separate controlled AP communications from network traffic
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.31
Using DHCP to Assign IP Addresses to APs
Typically, use a network DHCP serverA routing switch or router is the APs’ default gateway and DHCP relayThe controller can support the AP VLAN on any IP interface
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.32
Solution 2—Deploying APs in an existing VLAN 2 Existing VLAN
Less recommended but allows quick AP deployment when a DHCP scope already exists for the VLAN
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.33
Make sure step 2 succeeds by enabling discovery on the correct interface
Layer 2 AP Discovery
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.34
AP ManagementThe controller stores a configuration for each APThe configuration includes group and AP-level settingsSynchronize the AP to apply configuration changes
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.35
Deploy, discover, and begin to manage the MSM APs
Lab Activity 2.2
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.36
Lab Activity 2.2 Debrief
What messages did you observe during the discovery process?What status indications did you observe during the discovery process?
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.37
Solution 3—Deploying APs Across Layer 3 Boundaries
• Allows you to deploy APs across routed segments but requires Layer 3 discovery
• Can use Layer 3 for all APs or for some
3 APs across Layer 3 boundaries
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.38
Assigning IP Addresses to MSM APs in Multiple Subnets
Most flexible and efficient option but setup required on the DHCP server
Gives you complete control over AP’s IP addresses but requires pre-provisioning and introduces room for error
Recommended: Network DHCP server
Static assignments 3A 3B
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.39
Layer 3 AP Discovery
Solution 3 requires Layer 3 discoveryDelivers the controller’s IP address to the APChoose an IP address that the AP can reachMake sure discovery is enabled on the interface
Requires initial setup on APs, network services, or bothRequires you to double-check routesThree methodsDHCPDNSStatic pre-provisioning
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.40
DHCP
Layer 3 AP DiscoveryOption 43 on the DCHP server
– Vendor class = Colubris-AP (ASCII)
– Class option• Name = Name• Type = IP address (array)• Code = 1
– Option in pool = Controller addresses
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.41
DNS
Layer 3 AP Discovery
The DNS server requires an entry that resolves the controller hostname
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.42
Static
Layer 3 AP Discovery
No changes to network services required, but you must pre-provision APs
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.43
Provisioning APs
Controller-based provisioning (typically preferred)1. Discover the APs at Layer 22. Configure the provisioning settings:• Discovery• Connectivity
3. Enable controlled AP provisioning4. Resynchronize the APs5. Install the APs in their final locations
Individual AP, or non-staged provisioning, is possible before AP is managed
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.44
Provisioning APs with other Settings
Acting as an 802.1X supplicant–Helps to protect the network against rogue endpoints or APs
Connecting with a tagged VLAN–Prevents issues if the AP fails to receive an IP address
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.45
Lab Activity 2.3Enable MSM APs to discover the controller at Layer 3
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.46
Lab Activity 2.3 Debrief
What discoveries did you make?What challenges did you face and how did you resolve them?
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.47
Review: Planning an MSM Controller and AP Deployment
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.48
Summary
MSM Controller ports and networksBest practices for controller deploymentBest practices for AP deployment
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Thank you