Wireless Access

Hi. I'm new in this forum, so please, be pacient with me :P.

I'm working with MSM765zl controller, and i want to integrated it in a network (big-size network), using the authentication and DHCP resources in use rigth know.

First thing, layer 3 discovery using DHCP option 43 works fine, so AP and controller can see each other without problems.

What i need know is tunnel all clients data traffic to the controller, and the controller egress all traffic to a determinated VLAN, dont mind if is LAN or INTERNET port.

So, my configuration options in the VSC:

- Autentication and acceso control activated, but no one choose.
- Tunnel al wireless data client
- Egress VLAN the VLAN i want (with IP assigned)

I have tried lot of options, but no one works.

Instead, i tried with MTM, but it doesn't works too.

So, is possible to do what i want?. Basically i want my controller just to works like a layer 2 switch for client data traffic.

I hope explain the situation in a correct way.

Thank you in advance

-------------------------------------------------------------------------------------------------------------------------------
PS- This thread has been moved from Communication and Wireless to MSM Series- Forum Moderator

 

If what you want is to map the wireless to VLANS on the network, you can follow as mentioned in the below link, there are 2 ways, the easy way is the 1st one (authentication only VSC)

https://my.procurve.com/knowledgebase/knowledgemanagement.aspx?wp=showarticle&id=1447

Regards

Hi, you have to use the new Mobility traffic manager (MTM) feature coming with MSM 5.4.0. Please see the release notes for a description.

http://cdn.procurve.com/training/Manuals/MSM7xx-RN-Apr10-5998-0314-v54.pdf

With MTM you are able to tunnel all wirless client traffic to the controller and bridge it to a VLAN at the controller. The VLANs can be either on the LAN or Internet port.

Regards.

Thank you both of you for yours answers.

First. Shadow13, thanks for your link, because is the first time i see that traffic to the egress vlan is routed, and no tagg is added, so i have to review my config.

Jens Fluegel, i have been reading about MTM, but in the documentation i cant see anything about how controller handles traffic, if i have a DHCP external server.

I need DHCP relay, or with the tunnel proberly configured you can consider the client and the egress network in the same "broadcast domain".

Thank you in advance

For 5.4 you need a care back to get this firmware and it's not for normal warranty devices, so the only applicable option is as mentioned in the link i provided.

and the 1st option the traffic will not be routed and the tagging will not be removed, traffic will go to the switch as it was coming from another switch.

Problem with your suggestion is that i need tunnel all client data traffic from AP to Acceso controller, and Option 1 in your link use a determinated VLAN to egress traffic from AP to controller.

The purpose of my configuration is be able to connect an AP in any place i want in the net, without touching VLAN configuration (only configuration VLAN is needed to reach AP).

The purpose of this configuration is be able to integrate HP Acces Point in a University Network, using their DHCP services, and their access control settings.

I have 5.4 version for MSM765zl, because of i wanted to try with Mobility Traffic Manager.

Regards.

Shadow13 is right. If you have an earlier version of MSM software than 5.4 you need a care pack to get 5.4.

MTM is only available with MSM 5.4. With MTM wireless client traffic is bridged through the controller. You do not need DHCP relay on the controller in this case. The DHCP server have to be on the same VLAN as the clients or an ip helper have to be configured on the next-hop gateway to forward DHCP requests to the central DHCP server.

Before MSM 5.4 centralized bridging as with MTM was not possible.

With MSM version <5.4 you only have the following options:

access control enabled:
-> traffic is tunneled to the controller and routed by the controller
-> here you need a DHCP relay

access control disabled:
-> traffic is locally bridged by the AP (local breakout) with or without VLAN tagging
-> no DHCP relay required on the controller because the controller is not in the data path

Regards,

Jens

The 1st option will not use vlans to connect to the controller, the traffic will exit the AP to the specified VLAN on your wired network directly without going to the controller, AP will handle the traffic not the controller, only the management traffic will go the controller and this will go through VLAN configure for the wireless or by L3 if the AP is reaching the controller from diff. network in this case you will provision the AP to discover the controller through a specific IP address.

i know what you mean, but that's out of my purpose. Remember that i need tunnel all client data traffic to the controller, because only management vlan reachs the AP. The controller egress vlan for VSC will be the "guest" vlan.

DHCP services and acces control are external services.

If you want more detail, we want to sustitute the actual wireless plataform (another vendor) at the university for the Procurve one. The actual plataform tunnel all client data traffic to the controller, and egrees the traffic for the "guest" vlan. And the university wants the same thing with Procurve.

I'll try this afternoon with Mobility Traffic Manager,as it's explained in page 227 in the manual linked by Jens Fluegel. I hope it works :P

I'll keep you informed about the results.

P.D: Sorry about my english writing, i know is hard to understand.

Regards.

Hello, I work with Marcos. I just did a little schematic explaining our network topology. We have a wide-spread network with multiple buildings. We have a 5412zl to route all the wireless users of all buildings.

So between our 5412zl and the APs there are several routers. En each building we have a vlan for managing the APs, that goes untagged into each AP. We want the user traffic to be tunneled through that link.

WIR1 = Wireless Users Vlan
WIA1 = Router for AP management

Both are separated through our Firewall, so they can not talk to each other, there are just vlan tags between them.

So our controller has an IP adress of WIA1 and can connect to the APs without problem, we want that the user traffic goes directly into WIR1 at level 2, so they can get DHCP directly from our DHCP Servers.


We already have a wireless platform with another vendor working this way.


I've attached a schematic with our networtk topology

It worked! Finally, the configuration we used is explained in the page 227 of the manual MSM7xx-MCG-Apr10-5998-0308-v54.pdf

In the VSC, no user control (no Authentication nor Access control), mobility on with Consider the user at home and everything else disabled.

Vlan tagged through Internet Port with no Ip Address.

In VSC Bindings the eggress vlan in same vlan we have tagged through the Internet Port.

Thank you very much for your help, I hope this helps other users.