Wireless Access

 View Only
  • 1.  MSM765zl, MSM410 and AP530 - again ...

    Posted Mar 09, 2010 08:22 AM

    Hi all.

    My 765zl is giving me a hard time here. I have a VLAN (ID 107) with a DHCP server/firewall and a bunch of AP530s on it. It's working and has done so for some time.

    Now I'm deploying MSM410's through a 765zl module in a 5406zl switch. For various reasons I do not want to change the setup of the DHCP server on VLAN 107, so I have connected VLAN 107 untagged to the internet port of the 765zl and set the module as a DHCP client.

    On the LAN port, I want separate management access and data/user traffic from the MSM410s.
    So, I have connected my management VLAN untagged and the user VLAN (ID 120) tagged to the LAN port of the 765zl.
    Both VLANs are given fixed IP addresses, and the 765zl provides a DHCP server for the APs on VLAN 120.
    Out in the network, the APs are connected to VLAN 120 on untagged ports.

    The MSM410s are recognized, provided with expected IP addresses, configured and synced OK.

    The management works on the specified address using a browser.

    The 765zl module gets an IP address on the internet port as expected.

    So - everything seems to be allright.

    I still don't have access to the internet through all this, so that's kind of strange. I've shut off every filter and every access control I can find, and I only use wireless protection in the shape of WPA2 with pre-shared keys. This I'm not so concerned about at this time.

    My question is: In ProCurve Manager Plus 3.0, the 765zl shows up on the 5406zl switch, but when I click the details button on the module, the browser tries to open with the module's address for the internet port.
    How can this be, when my management VLAN is not even connected to that port? Of course it has not luck, and I need to change the broweser address to the address I set for the LAN port.

    A bug in PCM+ maybe? I've rediscovered and delete/discovered several times, but no luck.

    Best regards

     

    P.S. This thread has been moved from Communications, Wireless (Legacy ITRC forum) to MSM Series. -HP Forum Moderator



  • 2.  RE: MSM765zl, MSM410 and AP530 - again ...

    Posted Mar 09, 2010 09:14 AM
    I still don't have access to the internet through all this, so that's kind of strange. I've shut off every filter and every access control I can find, and I only use wireless protection in the shape of WPA2 with pre-shared keys. This I'm not so concerned about at this time.


    Have you unchecked Wireless security filters ?


  • 3.  RE: MSM765zl, MSM410 and AP530 - again ...

    Posted Mar 09, 2010 09:22 AM
    Yes, wireless security filters are unchecked.

    I'm sort of a newbie to routing, but is there any way I can control what is routed in the 765zl?
    Wherever I can, I set the gateway to my external firewall/router/DHCP server on the internet port, but perhaps the gateway on the LAN side should be set to the module's LAN side address, so that the MSM410s use the 765zl as a gateway?


  • 4.  RE: MSM765zl, MSM410 and AP530 - again ...

    Posted Mar 09, 2010 10:02 AM
    Will, i can tell you that there is a usefull guide on my.procurve.com

    It's the Implementation guide for MSM products you can login to the website and download it maybe it will help.


  • 5.  RE: MSM765zl, MSM410 and AP530 - again ...

    Posted Mar 09, 2010 10:32 AM
    Yikes! 852 pages! I gotta keep my fingers away from the "print" button ...

    Looks good, though ... much more patient language for a beginner. I'll look through some of the examples and see if there's a setup that looks like mine or if I can learn what I need from them.

    Thanks for the tip - That is the kind of document I was looking for.


  • 6.  RE: MSM765zl, MSM410 and AP530 - again ...

    Posted Mar 10, 2010 09:22 AM
    Allright - I ended up with a very simple solution:

    I connected my admin VLAN untagged to the LAN port of the 765zl, gave the LAN port a fixed IP address matching my admin network and left the internet port alone without an IP address.
    The MSM410s are connected untagged to the admin VLAN and tagged to the user VLAN which goes to the firewall. My VSC setup is identical to the setup of the AP530s and it is bound to the group of new APs with egress VLAN set to the user VLAN.

    This way the old AP530 are running like they used to, the MSM410s get their IP address (through DHCP in the admin range) and their setup from the controller, and they communicate on the user VLAN.

    The users get their IP addresses through DHCP from the firewall and never see the difference ...

    Cool!

    Now I just need to figure out how to tell PCM+ that the 765zl module has a different IP address than the 5406zl ... PCM insists on opening a browser with a nonexisting subpage of the switch's IP address.


  • 7.  RE: MSM765zl, MSM410 and AP530 - again ...

    Posted Mar 19, 2010 07:46 AM
    Okay, my solution did not work after all, but I have now sorted it out.

    With regards to PCM+ (and a web browser), the MSM765zl module seems to need an IP address set on its internet port. So I connected my admin VLAN untagged to this port with a fixed IP address. Then I could manage the module from PCM+ with the correct address set in the 5406zl live view.

    For my access points, I set up two more VLANs to mix my old standalone AP530s with controlled MSM410s.

    The AP530s have two VLANs - the admin VLAN (1) untagged, and the user VLAN (107) tagged. This has worked for a long time.

    The MSM410 have two VLANs also - the user VLAN (107) tagged, and a new control VLAN (207) untagged.
    The control VLAN is also connected untagged to the LAN port of the 765zl module, and the LAN port has a fixed IP address in another subnet than the one on the module's internet port. Also, the 765zl acts as DHCP server on the control VLAN.

    So, what I have is:

    The AP530s have fixed IP addresses on the admin VLAN and provide user access through VLAN 107. The wireless users get their IP address from a DHCP server (let's call it DHCP-1) on the firewall.

    The MSM410s get their IP addresses from the DHCP server on the 765zl module (DHCP-2) through VLAN 207.
    The wireless users on the MSM410s get their IP address like the users on the AP530s as described above.

    The MSM765zl module is available on the admin VLAN and accessible from a web browser or from PCM+. It's not terribly well integrated into PCM, but I guess that's a matter of time.

    Everything works, my APs are easy to maintain and I'm a happy camper.

    Almost.
    One tiny bug is remaining:

    In PCM+ the two ports of the MSM765zl module has disappeared in the Port assignment tab in the 5406zl device page, but only on that tab and on the Modify port assignment page
    On the two other tabs, the ports are there.

    Oh well ...