Wireless Access

 View Only

  • 1.  MM-VA-500 Mobility Master Virtual Appliance & ESXi - trunks or more interfaces?

    Posted Mar 24, 2022 07:01 PM

    Hi Folks,

    Thanks for taking the time to look at my question!

    I have a MM-VA-500 Mobility Master Virtual Appliance, and I'm wanting it to go on an ESXi host. We use 7005 controllers which will be running 8.6, and we want the MM-VA to be "the same" from the standpoint of the interfaces compared to hardware controllers.

    In looking at the instructions for building the VM, it seems we need to allow promiscuous mode. This may allow us to use trunks which terminate on a single virtual port There may be an issue with doing this in our InfoSec department. So, we could use the 4 virtual ports to get up to 4 VLANs running as separate access interfaces. But the problem is our "regular" 7005 controllers use trunks feeding 5 - 7 VLANs to port 0 of the controllers, and that port's trunked.

    So the first short question is, can we do something to the OVA or the VM startup / BIOS / etc. that will allow us to have 8 interfaces, not 4 on the VM appliance? Basically, how can we emulate a 7008 controller?

    If we do this, or if the are able to get by with the default 4 all attached to separate VLANs, will that "work", would our rules and policies still be able to handle what should have been trunked ports on separate ports.

    Thanks,

    Ambi



    ------------------------------
    Ambidexter
    ------------------------------


  • 2.  RE: MM-VA-500 Mobility Master Virtual Appliance & ESXi - trunks or more interfaces?

    Posted Mar 24, 2022 08:11 PM
    I do not believe you need to enable promiscuous mode to allow you to trunk the VLANs. You shouldn't need to have more than one VLAN on the Mobility Conductor/Master. The Mobility Conductor/Master does not terminate user traffic, and is used for configuration management and management of some services like airmatch and airgroup.

    Promiscuous mode is needed to enable VRRP between a pair of Mobility Conductors/Masters. This would allow you to deploy a redundant Mobility Conductor/Master and create a Virtual IP for Controllers to communicate to.

    ------------------------------
    Dustin Burns

    Lead Mobility Engineer @Worldcom Exchange, Inc.

    ACCX 1271| ACMX 509| ACSP | ACDA | MVP Guru 2022
    If my post was useful accept solution and/or give kudos
    ------------------------------

    Original Message


  • 3.  RE: MM-VA-500 Mobility Master Virtual Appliance & ESXi - trunks or more interfaces?

    Posted Mar 28, 2022 01:48 PM
    Edited by mkk Mar 28, 2022 01:49 PM
    Promiscuous mode is only needed when build a redundant Mobility Conductor (formerly Mobility Master) because the need of the VRRP protocol. 

    The Mobility Conductor is only management data and don't handle any client data. So one management interface is enough and should be reachable by the Managed Devices for establish IPSEC to the Mobility Conductor.

    ------------------------------
    Marcel Koedijk | MVP Expert 2022 | ACEP | ACMP | ACCP | ACDP | Ekahau ECSE | Not an HPE Employee | Opinions are my own
    ------------------------------

    Original Message


  • 4.  RE: MM-VA-500 Mobility Master Virtual Appliance & ESXi - trunks or more interfaces?

    Posted Mar 25, 2022 02:43 AM
    Hello, 
    regarding MM-VA , previus comment is correct, it does not terminates any traffic on itself.  this is just a management platform. 

    but, if you meant virtual mobility controller, so in this case i have question for your Infosec team members why they afraid a trunked VLANs in ESXi environment ? what are their concern about it and how it is different from other trunks implemented in organisation wide ?

    ------------------------------
    Temur Kalandia
    ------------------------------

    Original Message


Related Content