HP MSM710, MSM730, MSM750, MSM760, MSM765zl Management And Configuration Manual
5400zl Switches
Installation and Getting Started Guide
HP MSM7xx Controllers Management and Configuration Guide
HP MSM7xx Controllers
Management and Configuration Guide
HP MSM7xx Controllers
Management and Configuration Guide
Copyright and Disclaimer Notices
© Copyright 2011 Hewlett-Packard Development Company, L.P. The
information contained herein is subject to change without notice.
This guide contains proprietary information, which is protected
by copyright. No part of this guide may be photocopied,
reproduced, or translated into another language without the
prior written consent of Hewlett-Packard.
Publication Number
5998-1136
January 2011
Applicable Products
See Products covered on page 1-2.
Trademark Credits
Windows NT®, Windows®, and MS Windows® are US
registered trademarks of Microsoft Corporation.
Disclaimer
HEWLETT-PACKARD COMPANY MAKES NO WARRANTY OF
ANY KIND WITH REGARD TO THIS MATERIAL, INCLUDING,
BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE. Hewlett-Packard shall not be liable for errors
contained herein or for incidental or consequential damages in
connection with the furnishing, performance, or use of this
material.
The only warranties for HP products and services are set forth
in the express warranty statements accompanying such
products and services. Nothing herein should be construed as
constituting an additional warranty. HP shall not be liable for
technical or editorial errors or omissions contained herein.
Hewlett-Packard assumes no responsibility for the use or
reliability of its software on equipment that is not furnished by
Hewlett-Packard.
Warranty
See the warranty information included with the product.
A copy of the specific warranty terms applicable to your
Hewlett-Packard products and replacement parts can be
obtained from your HP Sales and Service Office or authorized
dealer.
Open Source Software Acknowledgement
Statement
This software incorporates open source components that are
governed by the GNU General Public License (GPL), version 2.
In accordance with this license, HP will make available a
complete, machine-readable copy of the source code
components covered by the GNU GPL upon receipt of a written
request. Send a request to:
Hewlett-Packard Company, L.P.
GNU GPL Source Code
Attn: ProCurve Networking Support
Roseville, CA 95747 USA
Safety and regulatory information
Before installing and operating this product, please read
• Safety information on page 1-12.
• Appendix A: Safety and EMC regulatory statements
Hewlett-Packard Company
8000 Foothills Boulevard
Roseville, California 95747
www.hp.com/networking/
Contents
1 Introduction
About this guide ...........................................................................................................1-2
Products covered...................................................................................................1-2
Important terms..................................................................................................... 1-3
Conventions ...........................................................................................................1-4
New in this release ......................................................................................................1-6
Introducing the MSM7xx Controllers........................................................................1-7
Simplified configuration, deployment, and operation ......................................1-7
Controller teaming ................................................................................................1-8
Seamless mobility..................................................................................................1-9
Contents
Best-in-class public/guest network access service .........................................1-11
Safety information......................................................................................................1-12
HP support ..................................................................................................................1-13
Getting started ............................................................................................................1-13
Online documentation ...............................................................................................1-13
2 Management
Management tool..........................................................................................................2-2
Management scenarios .........................................................................................2-2
Management station ..............................................................................................2-2
Starting the management tool..............................................................................2-2
Customizing management tool settings..............................................................2-3
Password security policies...................................................................................2-7
Management tool security features..................................................................... 2-8
Web server..............................................................................................................2-8
Auto-refresh ...........................................................................................................2-9
Device discovery ..........................................................................................................2-9
Mobility controller discovery.............................................................................2-10
Controlled AP discovery.....................................................................................2-11
iii
Contents
SNMP ...........................................................................................................................2-13
Configuring the SNMP agent..............................................................................2-13
SOAP............................................................................................................................2-16
Configuring the SOAP server .............................................................................2-16
CLI................................................................................................................................2-17
Configuring CLI support.....................................................................................2-18
System time.................................................................................................................2-19
3 Network configuration
Port configuration........................................................................................................3-3
LAN port configuration.........................................................................................3-4
Internet port configuration...................................................................................3-5
PPPoE client ..........................................................................................................3-6
DHCP client............................................................................................................3-8
Static addressing....................................................................................................3-9
Network profiles ........................................................................................................3-12
About the default network profiles...................................................................3-12
To define a network profile................................................................................3-12
Address allocation......................................................................................................3-13
DHCP server......................................................................................................... 3-14
DHCP relay agent ................................................................................................3-16
VLAN support .............................................................................................................3-19
GRE tunnels ................................................................................................................3-19
Bandwidth control .....................................................................................................3-21
Internet port data rate limits..............................................................................3-22
Bandwidth levels .................................................................................................3-22
Example................................................................................................................3-23
Discovery protocols...................................................................................................3-24
LLDP agents .........................................................................................................3-24
CDP .......................................................................................................................3-24
DNS ..............................................................................................................................3-25
DNS servers..........................................................................................................3-26
DNS advanced settings ....................................................................................... 3-26
iv
IP routes ......................................................................................................................3-27
Configuration ....................................................................................................... 3-28
Network address translation (NAT).........................................................................3-30
NAT security and static mappings.....................................................................3-30
VPN One-to-one NAT...........................................................................................3-33
RIP................................................................................................................................ 3-33
IP QoS..........................................................................................................................3-34
Configuration ....................................................................................................... 3-34
Example................................................................................................................3-35
IGMP proxy.................................................................................................................3-37
4 Wireless configuration
Contents
Wireless coverage.........................................................................................................4-2
Factors limiting wireless coverage......................................................................4-2
Configuring overlapping wireless cells...............................................................4-3
Supporting 802.11n and legacy wireless clients ................................................4-7
Radio configuration .....................................................................................................4-8
Radio configuration parameters........................................................................4-18
Advanced wireless settings ................................................................................4-29
Wireless neighborhood..............................................................................................4-34
Scanning modes...................................................................................................4-34
Viewing wireless information...................................................................................4-35
Viewing all wireless clients ................................................................................ 4-35
Viewing info for a specific wireless client........................................................ 4-36
Viewing wireless client data rates .....................................................................4-38
Wireless access points ........................................................................................4-39
Working with VSCs
5
Key concepts.................................................................................................................5-3
Viewing and editing VSC profiles ........................................................................5-4
The default VSC .....................................................................................................5-4
VSC configuration options ..........................................................................................5-5
About access control and authentication...........................................................5-6
v
Contents
Summary of VSC configuration options .............................................................5-8
Access control........................................................................................................5-9
Virtual AP..............................................................................................................5-10
VSC ingress mapping...........................................................................................5-16
VSC egress mapping............................................................................................5-17
Bandwidth control...............................................................................................5-17
Default user data rates........................................................................................5-18
Wireless mobility .................................................................................................5-18
Fast wireless roaming.........................................................................................5-20
Wireless security filters.......................................................................................5-20
Wireless protection..............................................................................................5-23
802.1X authentication .........................................................................................5-26
RADIUS authentication realms..........................................................................5-26
HTML-based user logins .....................................................................................5-27
VPN-based authentication..................................................................................5-28
MAC-based authentication .................................................................................5-28
Location-aware ....................................................................................................5-29
Wireless MAC filter..............................................................................................5-29
Wireless IP filter...................................................................................................5-30
DHCP server......................................................................................................... 5-30
DHCP relay agent ................................................................................................5-31
VSC data flow .............................................................................................................5-32
Access control enabled.......................................................................................5-32
Access control disabled......................................................................................5-34
Using multiple VSCs...................................................................................................5-36
About the default VSC ...............................................................................................5-36
Quality of service (QoS) ............................................................................................5-37
Priority mechanisms ...........................................................................................5-38
IP QoS profiles .....................................................................................................5-40
Upstream DiffServ tagging .................................................................................5-41
Upstream/downstream traffic marking ............................................................5-41
QoS example ........................................................................................................5-43
vi
Creating a new VSC....................................................................................................5-44
Assigning a VSC to a group .......................................................................................5-44
Working with controlled APs
6
Key concepts.................................................................................................................6-3
Key controlled-mode events ....................................................................................... 6-4
Discovery of controllers by controlled APs..............................................................6-6
Discovery overview............................................................................................... 6-6
Discovery methods................................................................................................6-7
Discovery order .....................................................................................................6-9
Discovery recommendations .............................................................................6-10
Discovery priority................................................................................................6-11
Discovery considerations ...................................................................................6-13
Monitoring the discovery process .....................................................................6-13
Contents
Authentication of controlled APs.............................................................................6-19
Building the AP authentication list ...................................................................6-20
Configuring APs..........................................................................................................6-22
Overview...............................................................................................................6-22
Inheritance ...........................................................................................................6-23
Configuration strategy ........................................................................................ 6-24
Working with groups...........................................................................................6-25
Working with APs................................................................................................6-26
Assigning egress VLANs to a group...................................................................6-30
Assigning country settings to a group...............................................................6-30
Provisioning APs ........................................................................................................ 6-31
Provisioning methods .........................................................................................6-32
Displaying the provisioning pages.....................................................................6-33
Provisioning connectivity...................................................................................6-34
Provisioning discovery........................................................................................6-37
Provisioning summary ........................................................................................6-38
Provisioning example..........................................................................................6-39
vii
Contents
AeroScout RTLS .........................................................................................................6-40
Software retrieval/update..........................................................................................6-42
Monitoring...................................................................................................................6-42
7 Working with VLANs
Key concepts.................................................................................................................7-2
VLAN usage ............................................................................................................7-2
Defining a VLAN ...........................................................................................................7-3
Creating a network profile ...................................................................................7-3
Defining a VLAN ....................................................................................................7-4
Defining a VLAN on a controller port ................................................................. 7-4
User-assigned VLANs...................................................................................................7-6
Traffic flow for wireless users....................................................................................7-6
Traffic flow examples ................................................................................................7-10
Example 1: Overriding the VSC egress on a controller with a user-assigned
VLAN .....................................................................................................................7-10
Example 2: Overriding the egress network in a VSC binding with a user-
assigned VLAN .....................................................................................................7-12
8 Controller teaming
Key concepts.................................................................................................................8-2
Centralized configuration management .............................................................8-2
Centralized monitoring and operation................................................................8-2
Redundancy and failover support .......................................................................8-3
Scalability ...............................................................................................................8-3
Deployment considerations .................................................................................8-3
Limitations..............................................................................................................8-5
Creating a team.............................................................................................................8-5
viii
Configuration example .........................................................................................8-6
Controller discovery ..................................................................................................8-10
Monitoring the discovery process .....................................................................8-11
Viewing all discovered controllers....................................................................8-14
Contents
Viewing all team members........................................................................................8-16
Team configuration ....................................................................................................8-17
Accessing the team manager..............................................................................8-18
Team configuration options ...............................................................................8-18
Removing a controller from a team ..................................................................8-19
Editing team member settings ...........................................................................8-20
Discovery of a controller team by controlled APs.................................................8-22
Failover........................................................................................................................8-22
Supporting N + N redundancy ...........................................................................8-22
Primary team manager failure ...........................................................................8-24
Mobility support .........................................................................................................8-26
Single controller team operating alone.............................................................8-27
Single controller team operating with non-teamed controllers.....................8-28
Multiple teamed and non-teamed controllers..................................................8-29
9 Mobility traffic manager
Key concepts.................................................................................................................9-4
The mobility domain .............................................................................................9-6
Home networks......................................................................................................9-7
Local networks ......................................................................................................9-8
Configuring Mobility Traffic Manager .......................................................................9-9
Defining the mobility domain ..............................................................................9-9
Defining network profiles...................................................................................9-10
Assigning a home network to a user .................................................................9-11
Defining local networks on a controller...........................................................9-12
Assigning local networks to an AP....................................................................9-13
Configuring the mobility settings for a VSC.....................................................9-14
Binding a VSC to an AP.......................................................................................9-15
Monitoring the mobility domain...............................................................................9-16
Controllers............................................................................................................9-16
Networks in the mobility domain......................................................................9-17
Mobility clients ....................................................................................................9-17
Forwarding table .................................................................................................9-18
Mobility client event log .....................................................................................9-19
ix
Contents
Scenario 1: Centralizing traffic on a controller ...................................................... 9-21
How it works........................................................................................................9-21
Configuration overview ...................................................................................... 9-21
Scenario 2: Centralized traffic on a controller with VLAN egress .......................9-24
How it works........................................................................................................9-24
Configuration overview ...................................................................................... 9-24
Scenario 3: Centralized traffic on a controller with per-user traffic routing ......9-28
How it works........................................................................................................9-28
Configuration overview ...................................................................................... 9-28
Scenario 4: Assigning home networks on a
per-user basis ..............................................................................................................9-38
How it works........................................................................................................9-38
Configuration overview ...................................................................................... 9-39
Scenario 5: Traffic routing using VLANs .................................................................9-44
How it works........................................................................................................9-44
Configuration overview ...................................................................................... 9-45
Scenario 6: Distributing traffic using VLAN ranges ...............................................9-52
How it works........................................................................................................9-52
Configuration overview ...................................................................................... 9-53
Subnet-based mobility ...............................................................................................9-60
10 User authentication, accounts, and addressing
Introduction ................................................................................................................10-3
Authentication support.......................................................................................10-3
Other access control methods ...........................................................................10-5
Using more than one authentication type at the same time ..........................10-6
User authentication limits ..................................................................................10-7
802.1X authentication ................................................................................................10-8
Supported 802.1X protocols...............................................................................10-9
Configuring 802.1X support on a VSC.............................................................10-10
Configuring global 802.1X settings for wired users ......................................10-12
Configuring global 802.1X settings for wireless users ..................................10-13
Configuring 802.1X support on an MSM317 switch port ..............................10-14
MAC-based authentication......................................................................................10-14
Configuring global MAC-based authentication..............................................10-16
x
Contents
Configuring MAC-based authentication on a VSC.........................................10-17
Configuring MAC-based authentication on an MSM317 switch port..........10-19
Configuring MAC-based filters on a VSC........................................................10-19
Configuring MAC-based filters on an MSM317 switch port .........................10-20
HTML-based authentication....................................................................................10-22
Configuring HTML-based authentication on a VSC ......................................10-22
VPN-based authentication.......................................................................................10-24
Configuring VPN-based authentication on a VSC..........................................10-24
No authentication.....................................................................................................10-26
Locally-defined user accounts................................................................................10-26
Features ..............................................................................................................10-26
Defining a user account....................................................................................10-30
Defining account profiles ................................................................................. 10-32
Defining subscription plans .............................................................................10-35
Accounting persistence ....................................................................................10-36
User addressing and related features ....................................................................10-36
11 Authentication services
Introduction ................................................................................................................11-2
Using the integrated RADIUS server .......................................................................11-2
Server configuration............................................................................................11-3
User account configuration................................................................................11-5
Using a third-party RADIUS server..........................................................................11-5
Configuring a RADIUS server profile on the controller .................................11-6
Using an Active Directory server ...........................................................................11-10
Active Directory configuration ........................................................................11-11
Configuring an Active Directory group...........................................................11-13
Configuring a VSC to use Active Directory ....................................................11-16
12 Security
Firewall........................................................................................................................12-2
Firewall presets ...................................................................................................12-2
Firewall configuration ........................................................................................12-4
xi
Contents
Customizing the firewall.....................................................................................12-4
Working with certificates ..........................................................................................12-5
Trusted CA certificate store ...............................................................................12-5
Certificate and private key store .......................................................................12-7
Certificate usage ..................................................................................................12-9
About certificate warnings...............................................................................12-10
IPSec certificates............................................................................................... 12-11
MAC lockout .............................................................................................................12-13
13 Local mesh
Key concepts...............................................................................................................13-2
Simultaneous AP and local mesh support........................................................13-2
Using 802.11a/n for local mesh .......................................................................... 13-3
Quality of service.................................................................................................13-3
Maximum range (ack timeout) ..........................................................................13-4
Local mesh terminology ............................................................................................13-5
Local mesh operational modes.................................................................................13-6
Node discovery...........................................................................................................13-6
Operating channel ......................................................................................................13-6
Local mesh profiles....................................................................................................13-7
Configuration guidelines ....................................................................................13-8
Configuring a local mesh profile .......................................................................13-9
Provisioning local mesh links.................................................................................13-12
Sample local mesh deployments ............................................................................13-15
RF extension ...................................................................................................... 13-15
Building-to-building connection ......................................................................13-15
Dynamic network .............................................................................................. 13-16
xii
14 Public/guest network access
Introduction ................................................................................................................14-3
Key concepts...............................................................................................................14-4
Access control......................................................................................................14-4
Access lists ...........................................................................................................14-5
Contents
The public access interface................................................................................14-5
Location-aware ....................................................................................................14-7
Configuring global access control options .............................................................14-8
User authentication.............................................................................................14-9
Client polling......................................................................................................14-10
User agent filtering............................................................................................14-10
Zero configuration.............................................................................................14-11
Location configuration......................................................................................14-12
Display advertisements.....................................................................................14-12
Public access interface control flow .....................................................................14-13
Customizing the public access interface...............................................................14-14
Sample public access pages .............................................................................14-15
Common configuration tasks...........................................................................14-15
Setting site configuration options ..........................................................................14-19
Allow subscription plan purchases .................................................................14-20
Display the Free Access option .......................................................................14-20
Support a local Welcome page.........................................................................14-21
Use frames when presenting ads.....................................................................14-22
Allow SSLv2 authentication ............................................................................. 14-23
Redirect users to the Login page via...............................................................14-23
Customizing the public access Web pages............................................................14-24
Site file archive ..................................................................................................14-24
FTP server ..........................................................................................................14-24
Current site files ................................................................................................14-25
Configuring the public access Web server............................................................14-32
Options................................................................................................................14-33
Ports ....................................................................................................................14-33
MIME types ........................................................................................................14-33
Security...............................................................................................................14-34
Managing payment services....................................................................................14-35
Payment services configuration ......................................................................14-35
Service settings..................................................................................................14-35
Billing record logging...............................................................................................14-42
Settings ...............................................................................................................14-42
Persistence .........................................................................................................14-43
External billing records server profiles..........................................................14-44
xiii
Contents
Billing records log .............................................................................................14-47
Location-aware authentication...............................................................................14-48
How it works......................................................................................................14-48
Example..............................................................................................................14-50
Security...............................................................................................................14-50
15 Working with RADIUS attributes
Introduction ................................................................................................................15-3
Controller attributes overview .................................................................................15-4
Customizing the public access interface using the site attribute..................15-4
Defining and retrieving site attributes ..............................................................15-5
Controller attribute definitions..........................................................................15-8
User attributes ..........................................................................................................15-13
Customizing user accounts with the user attribute ......................................15-13
Defining and retrieving user attributes...........................................................15-14
User attribute definitions .................................................................................15-20
Administrator attributes..........................................................................................15-31
Colubris AV-Pair - Site attribute values .................................................................15-33
Access list........................................................................................................... 15-34
Configuration file...............................................................................................15-44
Custom SSL certificate .....................................................................................15-44
Custom public access interface Web pages ...................................................15-45
Default user interim accounting update interval...........................................15-51
Default user bandwidth level ...........................................................................15-51
Default user idle timeout..................................................................................15-52
Default user quotas ...........................................................................................15-52
Default user data rates......................................................................................15-53
Default user one-to-one NAT............................................................................15-53
Default user session timeout............................................................................15-54
Default user public IP address.........................................................................15-54
Default user SMTP server.................................................................................15-54
Default user URLs .............................................................................................15-55
HTTP proxy upstream.......................................................................................15-55
IPass login URL..................................................................................................15-56
xiv
Global MAC-based authentication...................................................................15-56
Multiple login servers........................................................................................15-57
Contents
Redirect URL......................................................................................................15-59
NOC authentication...........................................................................................15-62
HP WISPr support .............................................................................................15-62
Traffic forwarding (dnat-server)......................................................................15-63
Multiple DNAT servers......................................................................................15-64
Colubris AV-Pair - User attribute values................................................................15-67
Access list........................................................................................................... 15-67
Advertising .........................................................................................................15-68
Bandwidth level .................................................................................................15-68
Data rate .............................................................................................................15-69
One-to-one NAT .................................................................................................15-69
Public IP address ...............................................................................................15-70
Quotas .................................................................................................................15-70
Redirect URL......................................................................................................15-71
SMTP redirection...............................................................................................15-71
Station polling....................................................................................................15-72
Custom public access interface Web pages ...................................................15-72
Colubris AV-Pair - Administrator attribute values................................................15-74
Administrative role............................................................................................15-74
Public access interface ASP functions and variables..........................................15-75
Javascript syntax ...............................................................................................15-75
Forms ..................................................................................................................15-76
Form errors ........................................................................................................15-78
RADIUS...............................................................................................................15-79
Page URLs ..........................................................................................................15-81
Session status and properties ..........................................................................15-82
iPass support......................................................................................................15-85
Web......................................................................................................................15-87
Client information .............................................................................................15-87
Subscription plan information.........................................................................15-90
Other ...................................................................................................................15-91
Session information ..........................................................................................15-93
xv
Contents
16 Working with VPNs
Overview .....................................................................................................................16-2
Securing wireless client sessions with VPNs..........................................................16-3
Configure an IPSec profile for wireless client VPN ........................................16-4
Configure L2TP server for wireless client VPN...............................................16-5
Configure PPTP server for wireless client VPN ..............................................16-5
VPN address pool ................................................................................................16-5
Securing controller communications to remote VPN servers..............................16-6
Configure an IPSec policy for a remote VPN server.......................................16-7
Configure PPTP client for a remote VPN server .............................................16-8
Keeping user traffic out of the VPN tunnel ....................................................16-10
Additional IPSec configuration ..............................................................................16-11
IPSec VLAN mapping ........................................................................................16-11
Local group list ..................................................................................................16-11
IPSec security policy database ........................................................................16-11
17 LLDP
Overview .....................................................................................................................17-2
LLDP-MED............................................................................................................17-2
Local mesh............................................................................................................17-3
SNMP support ......................................................................................................17-3
Configuring LLDP on the controller ........................................................................17-4
TLV settings ..........................................................................................................17-6
Configuring LLDP on an AP......................................................................................17-8
LLDP agent ...........................................................................................................17-8
Media endpoint discovery (MED) features ......................................................17-9
LLDP settings .....................................................................................................17-10
Application type profiles ..................................................................................17-11
xvi
18 sFlow
Overview .....................................................................................................................18-2
sFlow proxy..........................................................................................................18-2
MIB support..........................................................................................................18-3
Configuring and activating sFlow ............................................................................18-3
Advanced sFlow configuration..........................................................................18-5
19 Working with autonomous APs
Key concepts...............................................................................................................19-2
Autonomous AP detection .................................................................................19-3
Viewing autonomous AP information...............................................................19-3
Switching a controlled AP to autonomous mode............................................19-4
Configuring autonomous APs...................................................................................19-5
VSC definitions ....................................................................................................19-5
Working with third-party autonomous APs ............................................................19-6
VSC selection .......................................................................................................19-6
Contents
20 Maintenance
Config file management.............................................................................................20-2
Manual configuration file management ............................................................20-2
Scheduled operations..........................................................................................20-3
Software updates........................................................................................................20-4
Performing an immediate software update......................................................20-5
Performing a scheduled software update.........................................................20-5
Licenses .......................................................................................................................20-6
Factory reset considerations .............................................................................20-7
Generating and installing a feature license......................................................20-7
xvii
Contents
A Safety and EMC regulatory statements
Safety Information ......................................................................................................A-2
Informations concernant la sécurité......................................................................... A-2
Hinweise zur Sicherheit.............................................................................................. A-3
Considerazioni sulla sicurezza .................................................................................. A-4
Consideraciones sobre seguridad ............................................................................. A-5
Safety Information (Japan) ........................................................................................ A-6
Safety Information (China)........................................................................................ A-7
EMC Regulatory Statements...................................................................................... A-8
U.S.A....................................................................................................................... A-8
Japan ...................................................................................................................... A-8
Recycle Statements................................................................................................... A-10
Waste Electrical and Electronic Equipment (WEEE) Statements............... A-10
B Console ports
Overview ...................................................................................................................... B-2
MSM710 Console port.......................................................................................... B-2
MSM730 Console port.......................................................................................... B-2
MSM750 Console port.......................................................................................... B-3
Using the console port................................................................................................ B-3
Resetting to factory defaults
C
How it works................................................................................................................ C-2
Using the Reset button......................................................................................... C-2
Using the management tool................................................................................. C-2
Using the Console (serial) port........................................................................... C-3
xviii
D NOC authentication
Main benefits ...............................................................................................................D-2
How it works................................................................................................................ D-2
Activating a remote login page with NOC authentication .....................................D-4
Addressing security concerns....................................................................................D-5
Securing the remote login page ..........................................................................D-5
Authenticating with the login application ......................................................... D-6
Authenticating the controller..............................................................................D-6
NOC authentication list .......................................................................................D-6
Setting up the certificates ..........................................................................................D-6
Install certificates on the Web server.................................................................D-7
Define attributes ...................................................................................................D-7
Install a certificate on controller........................................................................D-7
Contents
Authenticating users ...................................................................................................D-8
Returned values .................................................................................................... D-9
Examples of returned HTML code ................................................................... D-11
Simple NOC authentication example .....................................................................D-12
Forcing user logouts ................................................................................................. D-13
E DHCP servers and Colubris vendor classes
Overview ...................................................................................................................... E-2
Windows Server 2003 configuration......................................................................... E-2
ISC DHCP server configuration.......................................................................... E-7
xix
Contents
xx
Chapter 1: Introduction
Introduction
Contents
About this guide ...........................................................................................................1-2
Products covered...................................................................................................1-2
Important terms..................................................................................................... 1-3
Conventions ...........................................................................................................1-4
New in this release.......................................................................................................1-6
Introducing the MSM7xx Controllers........................................................................1-7
Simplified configuration, deployment, and operation ......................................1-7
1
Controller teaming ................................................................................................1-8
Seamless mobility..................................................................................................1-9
Best-in-class public/guest network access service .........................................1-11
Safety information......................................................................................................1-12
HP support ..................................................................................................................1-13
Getting started ............................................................................................................1-13
Online documentation ...............................................................................................1-13
Introduction
About this guide
About this guide
This guide explains how to configure, and operate the MSM7xx Controllers. It also provides
controlled-mode information for MSM3xx and MSM4xx Access Points, and the MSM317
Access Device. For information on the operation of access points that support autonomous
mode, see the MSM3xx/MSM4xx Access Points Management and Configuration Guide.
Products covered
This guide applies to the following MSM7xx Controller products:
Model Part
MSM710 (E-MSM710) Access Controller J9328A
MSM710 (E-MSM710) Mobility Controller J9325A
MSM730 (E-MSM730) Access Controller J9329A
MSM730 (E-MSM730) Mobility Controller J9326A
MSM750 (E-MSM750) Access Controller J9330A
MSM750 (E-MSM750) Mobility Controller J9327A
MSM760 (E-MSM760) Access Controller J9421A
MSM760 (E-MSM760) Mobility Controller J9420A
MSM765zl (E-MSM765zl) Mobility Controller J9370A
The product models in the above table include alternative product names in parenthesis. For
example, the MSM710 is also known as the E-MSM710. Both names refer to the same product.
The original product names (without “E-”) are used throughout this document.
This guide provides controlled-mode information for the following MSM3xx and MSM4xx
Access Points (“WW” identifies worldwide versions for the rest of the world):
Model WW Americas Japan Israel
E-MSM430 J9651A J9650A J9652A J9653A
E-MSM460 J9591A J9590A J9589A J9618A
E-MSM466 J9622A J9621A J9620A
1-2
Model WW USA Japan
MSM310 (E-MSM310) J9379A/B J9374A/B J9524A/B
MSM310-R (E-MSM310-R) J9383A/B J9380A/B
MSM320 (E-MSM320) J9364A/B J9360A/B J9527A/B
Introduction
About this guide
Model WW USA Japan
MSM320-R (E-MSM320-R) J9368A/B J9365A/B J9528A/B
MSM325 (E-MSM325) J9373A/B J9369A/B
MSM335 (E-MSM335) J9357A/B J9356A/B
MSM410 (E-MSM410) J9427A/B J9426A/B J9529A/B
MSM422 (E-MSM422) J9359A/B J9358A/B J9530A/B
MSM317 Access Device J9423A J9422A
The product models in the table immediately above include alternative product names in
parenthesis. For example, the MSM422 is also known as the E-MSM422. Both names refer to
the same product. Except for E-MSM430, E-MSM460, and E-MSM466, the original MSM
product names (without “E-”) are used throughout this document.
Important terms
The following terms are used in this guide.
Ter m Description
AP Refers to any HP MSM3xx or MSM4xx Access Point or the MSM317 Access
Device which is an AP with integrated Ethernet switch. Specific model
references are used where appropriate. Non-HP access points are identified
as third-party APs. These APs do not support controlled-mode operation.
controller Refers to any HP MSM7xx Controller, including both Access Controller and
Mobility Controller variants.
Controller teams
Most of the concepts discussed in this guide apply equally to both teamed and
non-teamed controllers. Any reference to the term controller, also implies
controller team unless indicated otherwise.
1-3
Introduction
Network
Tree
Main menu
Sub-menu
About this guide
Conventions
Management tool
This guide uses specific syntax when directing you to interact with the management tool user
interface. Key user-interface elements are identified as follows:
Example directions in this guide What to do in the user interface
Select Controller >> Security > Firewall. On a non-teamed MSM7xx controller
In the Network Tree select the Controller element, then on
the main menu select Security, and then select Firewall on
the sub-menu. All elements to the left of the double angle
brackets >> are found in the Network Tree.
On an MSM7xx controller team
In the Network Tree on the team manager, select the Team
[team-name] element, then on the main menu select
Security, and then select Firewall on the sub-menu. All
elements to the left of the double angle brackets >> are found
in the Network Tree.
Select Controller > VSCs > [VSC-name]
>> Configuration.
On a non-teamed MSM7xx controller
Expand the Controller branch (click its + symbol), expand
the VSCs branch, select a [VSC-name], then select
Configuration on the main menu.
On an MSM7xx controller team
In the Network Tree on the team manager, expand the Team:
[team-name] branch (click its + symbol), expand the VSCs
branch, select a [VSC-name], then select Configuration on
the main menu.
For Password specify secret22.In the Password field enter the text secret22 exactly as
shown.
1-4
Commands and program listings
Monospaced text identifies commands and program listings as follows:
Example Description
Introduction
About this guide
use-access-list
ip_address
ssl-certificate=URL [%s]
[ONE | TWO]
Command name. Specify it as shown.
Items in italics are parameters for which you must supply
a value.
Items enclosed in square brackets are optional. You can
either include them or not. Do not include the brackets.
In this example you can either include the “%s” or omit it.
Items separated by a vertical line indicate a choice.
Specify only one of the items. Do not include the vertical
line.
Warnings and cautions
Do not proceed beyond a WARNING or CAUTION notice until you fully understand the
hazardous conditions and have taken appropriate steps.
Warning Identifies a hazard that can cause physical injury or death.
Caution Identifies a hazard that can cause the loss of data or configuration information, create a non-
compliant condition, or hardware damage.
1-5
Introduction
New in this release
New in this release
The following new features and enhancements have been added in releases 5.5.x:
New feature or enhancement For information see...
New APs This release supports the following new 802.11n dual-radio
access points: E-MSM430, E-MSM460, and E-MSM466. For
information, see the Quickstarts for these products.
Band steering Band steering on page 5-11
Broadcast filtering Broadcast filtering on page 5-11
Transmission protection Tx protection on page 4-30
Beamforming Tx beamforming on page 4-29
Country configuration per group Assigning country settings to a group on page 6-30
Moving multiple APs between groups Moving multiple APs between groups on page 6-29
Identify RADIUS server by host name Primary/Secondary RADIUS server on page 11-9
User agent filtering User agent filtering on page 14-10
HTTPS proxy support Support applications that use on page 14-11
Improved mobility status pages Monitoring the mobility domain on page 9-16
Manager login credentials reset Manager username/password reset on page 2-6
PayPal support PayPal service on page 14-37
LEAP support Supported 802.1X protocols on page 10-9
MSM317 switch port enhancements
Inheritance on a per port basis
Port isolation
Loop protection
Network Policy TLV support
Enhanced VLAN support
See the MSM317 Installation and Getting Started Guide.
1-6
Introduction
Network Operating Center
Controller
Secure management tunnels
Site #1 Site #3Site #2
AP
W
L
A
N
AP
W
L
A
N
AP
W
L
A
N
Introducing the MSM7xx Controllers
Introducing the MSM7xx Controllers
MSM7xx Controllers provide centralized management and control of intelligent HP MSM APs
for a wide range of deployments, from small Internet cafes and businesses, to large
corporations and institutions, and even entire towns.
MSM controllers let you take advantage of both distributed and centralized approaches to
deploying a wireless networking solution, letting you design a wireless infrastructure that
perfectly meets the needs of your users.
Simplified configuration, deployment, and operation
For trouble-free deployment in geographically distributed networks, HP MSM controllers
automate discovery, authentication and configuration for all installed APs. Using standard
dynamic look-up procedures, APs identify the controller to which they are assigned.
Authentication using digital certificates assures security and eliminates the risk of rogue AP
connectivity. Once authenticated, the controller establishes a secure management tunnel for
the exchange of configuration and control information with the AP.
The controller provides centralized management for all APs. It eliminates time-consuming AP
configuration, troubleshooting and maintenance tasks by providing a single management
interface for the entire group of APs it manages. The controller automates installation of AP
software updates and ensures a consistent set of services are delivered throughout the
network. All security, quality of service (QoS), and other policies can be centrally defined
through the controller's intuitive and secure Web-based management tool.
Controller managing APs installed in different physical locations
1-7
Introduction
Secure management tunnels
Area #1
AP
Area #3Area #2
AP AP
P
U
B
L
I
C
W
L
A
N
P
U
B
L
I
C
W
L
A
N
P
U
B
L
I
C
W
L
A
N
Backbone Network
Controller
Controller team
Router
Controlled APs deployed
across a layer 3 network
In this example, all controllers are
connected to the network via their
LAN ports. The Internet port can
also be used.
Team
manager
1
2
3
4
5
Team manager sends
configuration settings
to all team members.
Team members then
update the APs that
they are managing.
Introducing the MSM7xx Controllers
Controller managing APs installed in different areas at a single location
Controller teaming
Controller teaming enables you to easily configure and monitor multiple controllers and their
APs. Up to five controllers can be combined into a team providing support for up to 800 APs
(four controllers x 200 APs per controller plus one additional controller for backup/
redundancy). For example:
Key benefits of controller teaming include:
Scalability: Controller teaming enables you to scale up your wireless network as your
needs increase. Simply add additional APs, controllers, and licenses to meet the required
demand. Up to 800 APs are supported per controller team (four controllers x 200 APs per
controller plus one additional controller reserved for backup/redundancy).
Redundancy and failover support: A controller team provides for service redundancy
in case of failure. If one of the controllers in a team becomes inoperative (due to network
problems, hardware failure, etc.), its APs will automatically migrate to another controller
in the team allowing for continuation of services.
1-8
Centralized management and control: Configuration and monitoring of all team
members and their APs is performed using the management tool on the team manager.
The team manager is responsible for handling the addition and deletion of controlled
Loading...