Thông tin tài liệu
HP MSM7xx Controllers Configuration
Guide
Abstract
This document describes how to configure and manage the MSM7xx Controllers. This document applies to the MSM710,
E-MSM720, MSM760, and MSM765zl Controllers. These products are hereafter referred to generically as controller.
HP Part Number: 5998-1422
Published: September 2012
Edition: 2
© Copyright 2012 Hewlett-Packard Development Company, L.P.
The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express
warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall
not be liable for technical or editorial errors or omissions contained herein.
Acknowledgments
Windows® is a U.S. registered trademark of Microsoft Corporation.
Warranty
WARRANTY STATEMENT: See the warranty information sheet provided in the product box.
Contents
1 Introduction 14
New in release 5.7.0.0 14
2 Using the management tool 15
Starting the management tool 15
Using automated workflows 15
Setting up manager and operator accounts 17
Administrative user authentication 19
Passwords 20
Configuring management tool security 20
Configuring the Login page message 21
Configuring Auto-refresh 22
Setting the system time 22
LEDs 23
Power saving 23
Identify chassis 23
3 Network configuration 24
Working with network profiles 24
About the default network profiles 24
To define a new network profile 25
Configuring IP interfaces 25
To assign an IP address to a new interface on the E-MSM720 26
To assign an IP address to a new interface on other controllers 28
Configuring the Access network/LAN port interface 30
Configuring the Internet network/Internet port interface 31
Configuring port settings 34
Configuring E-MSM720 ports 35
Configuring the LAN/Internet port (MSM710, MSM760, MSM765zl) 36
Configuring DHCP services 36
Configuring the global DHCP server 37
Configuring the DHCP relay agent 40
Configuring GRE tunnels 41
Bandwidth control 42
Data rate limits 43
Bandwidth levels 43
Example 44
Discovery protocols 45
CDP configuration 45
LLDP configuration 46
DNS configuration 49
DNS servers 50
DNS advanced settings 50
Defining IP routes 51
Configuring IP routes 51
Network address translation (NAT) 53
NAT security and static mappings 54
VPN One-to-one NAT 56
IP QoS 56
Configuring IP QoS profiles 56
Example 57
Customizing DiffServ DSCP mappings 59
Contents 3
IGMP proxy 59
4 Port trunking 61
Deployment considerations 62
Static trunks 63
Dynamic trunks 63
Creating a static trunk 63
Creating a dynamic trunk 66
5 Wireless configuration 71
Wireless coverage 71
Factors limiting wireless coverage 71
Configuring overlapping wireless cells 72
Automatic transmit power control 75
Supporting 802.11a and legacy wireless clients 75
Radio configuration 76
Radio configuration parameters 77
Advanced wireless settings 85
Wireless neighborhood 89
Scanning modes 90
Identifying unauthorized APs 90
Viewing wireless information 91
Viewing all wireless clients 91
Viewing info for a specific wireless client 92
Viewing wireless client data rates 92
Wireless access points 94
6 Working with VSCs 98
Key concepts 98
Binding VSCs to APs 98
Viewing and editing VSC profiles 98
The default VSC 99
VSC configuration options 99
About access control and authentication 100
Summary of VSC configuration options 102
Access control 102
Virtual AP 103
VSC ingress mapping 108
VSC egress mapping 109
Bandwidth control 109
Default user data rates 109
Wireless mobility 110
Fast wireless roaming 111
Wireless security filters 111
Wireless protection 114
802.1X authentication 116
RADIUS authentication realms 117
HTML-based user logins 118
VPN-based authentication 118
MAC-based authentication 118
Location-aware 119
Wireless MAC filter 119
Wireless IP filter 119
DHCP server 120
DHCP relay agent 120
VSC data flow 121
4 Contents
Access control enabled 121
Access control disabled 123
Using multiple VSCs 124
About the default VSC 124
Quality of service (QoS) 125
Priority mechanisms 126
IP QoS profiles 127
Upstream DiffServ tagging 127
Upstream/downstream traffic marking 127
QoS example 129
Creating a new VSC 129
Assigning a VSC to a group 129
7 Working with controlled APs 130
Key concepts 130
Plug and play installation 130
Automatic software updates 130
Centralized configuration management 130
Manual provisioning 130
Secure management tunnel 130
AP authentication 130
AP licensing 131
Key controlled-mode events 131
Discovery of controllers by controlled APs 133
Discovery overview 133
Discovery methods 134
Discovery order 135
Discovery recommendations 136
Discovery priority 137
Discovery considerations 138
Monitoring the discovery process 139
Authentication of controlled APs 143
Building the AP authentication list 144
Configuring APs 146
Overview 146
Inheritance 147
Configuration strategy 148
Working with groups 148
Working with APs 149
Assigning egress VLANs to a group 153
Assigning country settings to a group 153
Provisioning APs 154
Provisioning methods 154
Displaying the provisioning pages 155
Provisioning connectivity 156
Provisioning discovery 158
Provisioning summary 160
Provisioning example 160
AeroScout RTLS 160
To enable AeroScout support 161
Viewing status information 161
Software retrieval/update 162
Monitoring 162
8 Working with VLANs 163
Key concepts 163
Contents 5
VLAN usage 163
Defining a VLAN 164
Defining a VLAN on a controller port 164
Assigning VLANs to controlled APs 165
User-assigned VLANs 166
VLAN assignment via RADIUS 166
VLAN assignment via the local user accounts 166
Traffic flow for wireless users 166
Binding to a VSC that has Wireless mobility disabled 167
Binding to a VSC that has Wireless mobility and Mobility traffic manager enabled 169
Binding to a VSC that has Wireless mobility and Subnet-based mobility enabled 170
Terms used in the tables 171
Traffic flow examples 171
9 Controller teaming 175
Teaming overview 175
Teaming On the MSM760 and MSM765zl 175
Teaming on the E-MSM720 175
Key concepts 175
Centralized configuration management 175
Centralized monitoring and operation 176
Redundancy and failover support 176
Scalability 176
Deployment considerations 176
Limitations 178
Creating a team 178
About the team management IP address 179
Configuration examples 179
Controller discovery 190
Monitoring the discovery process 191
Viewing discovered controllers 193
Viewing team members 194
Team configuration 195
Accessing the team manager 195
Team configuration options 196
Removing a controller from a team 196
Editing team member settings 197
Discovery of a controller team by controlled APs 199
Failover 199
Supporting N + N redundancy 199
Primary team manager failure 200
Mobility support 201
Single controller team operating alone 202
Single controller team operating with non-teamed controllers 203
Multiple teamed and non-teamed controllers 204
10 Mobility traffic manager 205
Key concepts 205
The mobility domain 207
Home networks 208
Local networks 209
Mobility controller discovery 209
Network requirements 210
Controller discovery and teaming 210
Configuring Mobility Traffic Manager 210
Defining the mobility domain 211
6 Contents
Defining network profiles 212
Assigning a home network to a user 212
Defining local networks on a controller 213
Assigning local networks to an AP 213
Configuring the mobility settings for a VSC 214
Binding a VSC to an AP 215
Monitoring the mobility domain 215
Controllers 216
Networks in the mobility domain 216
Mobility clients 217
Forwarding table 217
Mobility client event log 218
Scenario 1: Centralizing traffic on a controller 219
How it works 219
Configuration overview 220
Scenario 2: Centralized traffic on a controller with VLAN egress 221
How it works 221
Configuration overview 222
Scenario 3: Centralized traffic on a controller with per-user traffic routing 224
How it works 224
Configuration overview 225
Scenario 4: Assigning home networks on a per-user basis 232
How it works 232
Configuration overview 233
Scenario 5: Traffic routing using VLANs 236
How it works 236
Configuration overview 238
Scenario 6: Distributing traffic using VLAN ranges 243
How it works 243
Configuration overview 245
Subnet-based mobility 250
11 User authentication, accounts, and addressing 251
Introduction 251
Authentication support 251
Other access control methods 253
Using more than one authentication type at the same time 253
User authentication limits 255
802.1X authentication 255
Supported 802.1X protocols 256
Configuring 802.1X support on a VSC 257
Configuring global 802.1X settings for wired users 259
Configuring global 802.1X settings for wireless users 259
Configuring 802.1X support on an MSM317 switch port 260
MAC-based authentication 260
MAC-based filtering 261
Configuring global MAC-based authentication 262
Configuring MAC-based authentication on a VSC 263
Configuring MAC-based authentication on an MSM317 switch port 264
Configuring MAC-based filters on a VSC 264
Configuring MAC-based filters on an MSM317 switch port 265
HTML-based authentication 267
Configuring HTML-based authentication on a VSC 267
VPN-based authentication 268
Configuring VPN-based authentication on a VSC 269
Contents 7
No authentication 269
Locally-defined user accounts 269
Features 270
Defining a user account 274
Defining account profiles 276
Defining subscription plans 277
Accounting persistence 278
User addressing and related features 279
12 Authentication services 280
Introduction 280
Using the integrated RADIUS server 280
Primary features 280
Server configuration 281
User account configuration 282
Using a third-party RADIUS server 282
Configuring a RADIUS server profile 283
Authenticating manager logins using a third-party RADIUS server 287
Using an Active Directory server 287
Supported protocols 288
Active Directory configuration 288
Configuring an Active Directory group 290
Configuring a VSC to use Active Directory 292
13 Security 293
Firewall 293
Firewall presets 293
Firewall configuration 294
Customizing the firewall 295
Managing certificates 295
Trusted CA certificate store 296
Certificate and private key store 297
Certificate usage 299
About certificate warnings 300
IPSec certificates 300
Certificate expiration alerts 302
MAC lockout 302
Adding a MAC lockout address 302
14 Local mesh 303
Key concepts 303
Simultaneous AP and local mesh support 303
Using 802.11a/n for local mesh 304
Local mesh terminology 304
Local mesh operational modes 305
Node discovery 305
Operating channel 305
Local mesh profiles 306
Configuration guidelines 306
Configuring a local mesh profile 306
Provisioning local mesh links 310
Sample local mesh deployments 312
RF extension 312
Building-to-building connection 313
Dynamic network 313
8 Contents
15 Public/guest network access 315
Introduction 315
Key concepts 315
Access control 315
Access lists 316
The public access interface 316
Location-aware 318
Configuring global access control options 318
User authentication 319
Client polling 320
User agent filtering 321
Zero configuration 321
Location configuration 321
Display advertisements 322
Public access interface control flow 322
Customizing the public access interface 324
Sample public access pages 325
Common configuration tasks 325
Setting site configuration options 328
About ASP variables 328
Allow subscription plan purchases 328
Display the Free Access option 329
Support a local Welcome page 330
Use frames when presenting ads 330
Allow SSLv2 authentication 331
Redirect users to the Login page via 331
Customizing the public access Web pages 331
Site file archive 331
FTP server 332
Current site files 333
Configuring the public access Web server 338
Options 338
Ports 339
MIME types 339
Security 340
Managing payment services 340
Payment services configuration 340
Service settings 341
Billing record logging 346
Settings 347
Persistence 347
External billing records server profiles 348
Billing records log 350
Table 350
Location-aware authentication 351
How it works 351
Example 352
Security 353
16 Working with RADIUS attributes 354
Introduction 354
Controller attributes overview 354
Customizing the public access interface using the site attribute 354
Defining and retrieving site attributes 355
Controller attribute definitions 357
Contents 9
User attributes 362
Customizing user accounts with the user attribute 362
Defining and retrieving user attributes 362
Retrieving attributes from a RADIUS server 366
PCM IDM support 366
User attribute definitions 367
Access request 368
Access accept 370
Access reject 372
Access challenge 372
Accounting request 373
Accounting response 376
Administrator attributes 376
Access request 376
Access accept 377
Colubris AV-Pair - Site attribute values 377
Access list 379
Configuration file 386
Custom SSL certificate 386
Custom public access interface Web pages 387
Default user interim accounting update interval 391
Default user bandwidth level 392
Default user idle timeout 392
Default user quotas 392
Default user data rates 393
Default user one-to-one NAT 393
Default user session timeout 393
Default user public IP address 394
Default user SMTP server 394
Default user URLs 394
HTTP proxy upstream 394
IPass login URL 395
Global MAC-based authentication 395
Multiple login servers 396
Redirect URL 398
NOC authentication 399
HP WISPr support 400
Traffic forwarding (dnat-server) 401
Multiple DNAT servers 401
Colubris AV-Pair - User attribute values 403
Access list 403
Advertising 404
Bandwidth level 404
Data rate 404
One-to-one NAT 405
Public IP address 405
Quotas 405
Redirect URL 406
SMTP redirection 406
Station polling 407
Custom public access interface Web pages 407
Placeholders 408
Colubris AV-Pair - Administrator attribute values 408
Administrative role 409
Public access interface ASP functions and variables 409
10 Contents
[...]... Windows Server 2003 configuration .477 Creating the vendor class 477 Defining vendor class options 478 Applying the vendor class .479 ISC DHCP server configuration 481 Contents 13 1 Introduction This guide describes how to configure and manage HP MSM7xx Controllers This document applies to the MSM710, E-MSM720, MSM760, and MSM765zl Controllers These... Configuration and operation of this new controller is covered in this guide For installation instructions, see the E-MSM720 Controllers Installation Guide Automated workflows have been added to help perform common configuration tasks “Using automated workflows” (page 15) The IP interface configuration page is new in this release “Network configuration (page 24) It enables an IP address to be assigned to... Internet port network and LAN port network configuration pages to improve usability Port configuration has been simplified In this release the “Configuring port settings” (page 34) Network > Ports page is only used to set parameters that affect the physical configuration of ports IP addresses are assigned using the new IP interface configuration page VLAN configuration has been moved from the Network... path to the configuration page for each setting that was changed by the workflow For example: 16 Using the management tool At this point you can: • Select a page link to make further configuration changes When done, select Automated workflows to return to the confirmation page • Select Done to return to the Automated workflows home page TIP: See also the MSM7xx Controller Installation Guide specific... also the MSM7xx Controller Installation Guide specific to your controller model for details on how to install and initially configure your controller New in release 5.7.0.0 Information on the primary new and changed features in release 5.7.0.0 is located as follows: New or changed in this release For information, see New E-MSM720 Access Controller and the E-MSM720 Premium Mobility Controller Configuration. .. conform to the selected security policy as follows • Follow FIPS 140-2 guidelines: When selected, implements the following requirements from the FIPS 140-2 guidelines: ◦ All administrator passwords must be at least six characters long ◦ All administrator passwords must contain at least four different characters For more information on these guidelines, refer to the Federal Information Processing Standards... interface The following configuration options are available if you select the Internet network interface (on an E-MSM720) or Internet port interface (on all other controllers) in the table Configuring IP interfaces 31 By default, the Internet port operates as a DHCP client Select the option you want to use and select Configure Refer to the following sections for additional configuration information... own page It has also been redesigned • “Assigning VLANs to controlled APs” (page 165) for better usability and to support the new features available on the E-MSM720 A VLAN configuration page has also been added for controlled APs GRE configuration has been moved from the Network > Ports page to its own page It works the same way as in previous releases “Configuring GRE tunnels” (page 41) Licensing page... guidelines, refer to the Federal Information Processing Standards Publication (FIPS PUB) 140-2, Security Requirements for Cryptographic Modules • Follow PCI DSS 1.2 guidelines: When selected, implements the following requirements from the PCI DSS 1.2 guidelines: ◦ All administrator passwords must be at least seven characters long ◦ All administrator passwords must contain both numeric and alphabetic characters... information on these guidelines, refer to the Payment Card Industry Data Security Standard v1.2 document Manager username/password reset Not supported on the MSM-765 The Allow password reset via console port feature provides a secure way to reset the manager login username/password on a controller to factory default values (admin/admin), without having to reset the entire controller configuration to its . HP MSM7xx Controllers Configuration
Guide
Abstract
This document describes how to configure and manage the MSM7xx Controllers. This document. Introduction
This guide describes how to configure and manage HP MSM7xx Controllers. This document applies
to the MSM710, E-MSM720, MSM760, and MSM765zl Controllers.
Ngày đăng: 24/03/2014, 08:20
Xem thêm: HP MSM7xx Controllers Configuration Guide pdf