1. Trang chủ
  2. » Công Nghệ Thông Tin

HP MSM7xx Controllers Configuration Guide pdf

484 13,9K 4

Đang tải... (xem toàn văn)

Tài liệu hạn chế xem trước, để xem đầy đủ mời bạn chọn Tải xuống

THÔNG TIN TÀI LIỆU

Thông tin cơ bản

Định dạng
Số trang 484
Dung lượng 11,83 MB

Nội dung

HP MSM7xx Controllers Configuration Guide Abstract This document describes how to configure and manage the MSM7xx Controllers. This document applies to the MSM710, E-MSM720, MSM760, and MSM765zl Controllers. These products are hereafter referred to generically as controller. HP Part Number: 5998-1422 Published: September 2012 Edition: 2 © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein. Acknowledgments Windows® is a U.S. registered trademark of Microsoft Corporation. Warranty WARRANTY STATEMENT: See the warranty information sheet provided in the product box. Contents 1 Introduction 14 New in release 5.7.0.0 14 2 Using the management tool 15 Starting the management tool 15 Using automated workflows 15 Setting up manager and operator accounts 17 Administrative user authentication 19 Passwords 20 Configuring management tool security 20 Configuring the Login page message 21 Configuring Auto-refresh 22 Setting the system time 22 LEDs 23 Power saving 23 Identify chassis 23 3 Network configuration 24 Working with network profiles 24 About the default network profiles 24 To define a new network profile 25 Configuring IP interfaces 25 To assign an IP address to a new interface on the E-MSM720 26 To assign an IP address to a new interface on other controllers 28 Configuring the Access network/LAN port interface 30 Configuring the Internet network/Internet port interface 31 Configuring port settings 34 Configuring E-MSM720 ports 35 Configuring the LAN/Internet port (MSM710, MSM760, MSM765zl) 36 Configuring DHCP services 36 Configuring the global DHCP server 37 Configuring the DHCP relay agent 40 Configuring GRE tunnels 41 Bandwidth control 42 Data rate limits 43 Bandwidth levels 43 Example 44 Discovery protocols 45 CDP configuration 45 LLDP configuration 46 DNS configuration 49 DNS servers 50 DNS advanced settings 50 Defining IP routes 51 Configuring IP routes 51 Network address translation (NAT) 53 NAT security and static mappings 54 VPN One-to-one NAT 56 IP QoS 56 Configuring IP QoS profiles 56 Example 57 Customizing DiffServ DSCP mappings 59 Contents 3 IGMP proxy 59 4 Port trunking 61 Deployment considerations 62 Static trunks 63 Dynamic trunks 63 Creating a static trunk 63 Creating a dynamic trunk 66 5 Wireless configuration 71 Wireless coverage 71 Factors limiting wireless coverage 71 Configuring overlapping wireless cells 72 Automatic transmit power control 75 Supporting 802.11a and legacy wireless clients 75 Radio configuration 76 Radio configuration parameters 77 Advanced wireless settings 85 Wireless neighborhood 89 Scanning modes 90 Identifying unauthorized APs 90 Viewing wireless information 91 Viewing all wireless clients 91 Viewing info for a specific wireless client 92 Viewing wireless client data rates 92 Wireless access points 94 6 Working with VSCs 98 Key concepts 98 Binding VSCs to APs 98 Viewing and editing VSC profiles 98 The default VSC 99 VSC configuration options 99 About access control and authentication 100 Summary of VSC configuration options 102 Access control 102 Virtual AP 103 VSC ingress mapping 108 VSC egress mapping 109 Bandwidth control 109 Default user data rates 109 Wireless mobility 110 Fast wireless roaming 111 Wireless security filters 111 Wireless protection 114 802.1X authentication 116 RADIUS authentication realms 117 HTML-based user logins 118 VPN-based authentication 118 MAC-based authentication 118 Location-aware 119 Wireless MAC filter 119 Wireless IP filter 119 DHCP server 120 DHCP relay agent 120 VSC data flow 121 4 Contents Access control enabled 121 Access control disabled 123 Using multiple VSCs 124 About the default VSC 124 Quality of service (QoS) 125 Priority mechanisms 126 IP QoS profiles 127 Upstream DiffServ tagging 127 Upstream/downstream traffic marking 127 QoS example 129 Creating a new VSC 129 Assigning a VSC to a group 129 7 Working with controlled APs 130 Key concepts 130 Plug and play installation 130 Automatic software updates 130 Centralized configuration management 130 Manual provisioning 130 Secure management tunnel 130 AP authentication 130 AP licensing 131 Key controlled-mode events 131 Discovery of controllers by controlled APs 133 Discovery overview 133 Discovery methods 134 Discovery order 135 Discovery recommendations 136 Discovery priority 137 Discovery considerations 138 Monitoring the discovery process 139 Authentication of controlled APs 143 Building the AP authentication list 144 Configuring APs 146 Overview 146 Inheritance 147 Configuration strategy 148 Working with groups 148 Working with APs 149 Assigning egress VLANs to a group 153 Assigning country settings to a group 153 Provisioning APs 154 Provisioning methods 154 Displaying the provisioning pages 155 Provisioning connectivity 156 Provisioning discovery 158 Provisioning summary 160 Provisioning example 160 AeroScout RTLS 160 To enable AeroScout support 161 Viewing status information 161 Software retrieval/update 162 Monitoring 162 8 Working with VLANs 163 Key concepts 163 Contents 5 VLAN usage 163 Defining a VLAN 164 Defining a VLAN on a controller port 164 Assigning VLANs to controlled APs 165 User-assigned VLANs 166 VLAN assignment via RADIUS 166 VLAN assignment via the local user accounts 166 Traffic flow for wireless users 166 Binding to a VSC that has Wireless mobility disabled 167 Binding to a VSC that has Wireless mobility and Mobility traffic manager enabled 169 Binding to a VSC that has Wireless mobility and Subnet-based mobility enabled 170 Terms used in the tables 171 Traffic flow examples 171 9 Controller teaming 175 Teaming overview 175 Teaming On the MSM760 and MSM765zl 175 Teaming on the E-MSM720 175 Key concepts 175 Centralized configuration management 175 Centralized monitoring and operation 176 Redundancy and failover support 176 Scalability 176 Deployment considerations 176 Limitations 178 Creating a team 178 About the team management IP address 179 Configuration examples 179 Controller discovery 190 Monitoring the discovery process 191 Viewing discovered controllers 193 Viewing team members 194 Team configuration 195 Accessing the team manager 195 Team configuration options 196 Removing a controller from a team 196 Editing team member settings 197 Discovery of a controller team by controlled APs 199 Failover 199 Supporting N + N redundancy 199 Primary team manager failure 200 Mobility support 201 Single controller team operating alone 202 Single controller team operating with non-teamed controllers 203 Multiple teamed and non-teamed controllers 204 10 Mobility traffic manager 205 Key concepts 205 The mobility domain 207 Home networks 208 Local networks 209 Mobility controller discovery 209 Network requirements 210 Controller discovery and teaming 210 Configuring Mobility Traffic Manager 210 Defining the mobility domain 211 6 Contents Defining network profiles 212 Assigning a home network to a user 212 Defining local networks on a controller 213 Assigning local networks to an AP 213 Configuring the mobility settings for a VSC 214 Binding a VSC to an AP 215 Monitoring the mobility domain 215 Controllers 216 Networks in the mobility domain 216 Mobility clients 217 Forwarding table 217 Mobility client event log 218 Scenario 1: Centralizing traffic on a controller 219 How it works 219 Configuration overview 220 Scenario 2: Centralized traffic on a controller with VLAN egress 221 How it works 221 Configuration overview 222 Scenario 3: Centralized traffic on a controller with per-user traffic routing 224 How it works 224 Configuration overview 225 Scenario 4: Assigning home networks on a per-user basis 232 How it works 232 Configuration overview 233 Scenario 5: Traffic routing using VLANs 236 How it works 236 Configuration overview 238 Scenario 6: Distributing traffic using VLAN ranges 243 How it works 243 Configuration overview 245 Subnet-based mobility 250 11 User authentication, accounts, and addressing 251 Introduction 251 Authentication support 251 Other access control methods 253 Using more than one authentication type at the same time 253 User authentication limits 255 802.1X authentication 255 Supported 802.1X protocols 256 Configuring 802.1X support on a VSC 257 Configuring global 802.1X settings for wired users 259 Configuring global 802.1X settings for wireless users 259 Configuring 802.1X support on an MSM317 switch port 260 MAC-based authentication 260 MAC-based filtering 261 Configuring global MAC-based authentication 262 Configuring MAC-based authentication on a VSC 263 Configuring MAC-based authentication on an MSM317 switch port 264 Configuring MAC-based filters on a VSC 264 Configuring MAC-based filters on an MSM317 switch port 265 HTML-based authentication 267 Configuring HTML-based authentication on a VSC 267 VPN-based authentication 268 Configuring VPN-based authentication on a VSC 269 Contents 7 No authentication 269 Locally-defined user accounts 269 Features 270 Defining a user account 274 Defining account profiles 276 Defining subscription plans 277 Accounting persistence 278 User addressing and related features 279 12 Authentication services 280 Introduction 280 Using the integrated RADIUS server 280 Primary features 280 Server configuration 281 User account configuration 282 Using a third-party RADIUS server 282 Configuring a RADIUS server profile 283 Authenticating manager logins using a third-party RADIUS server 287 Using an Active Directory server 287 Supported protocols 288 Active Directory configuration 288 Configuring an Active Directory group 290 Configuring a VSC to use Active Directory 292 13 Security 293 Firewall 293 Firewall presets 293 Firewall configuration 294 Customizing the firewall 295 Managing certificates 295 Trusted CA certificate store 296 Certificate and private key store 297 Certificate usage 299 About certificate warnings 300 IPSec certificates 300 Certificate expiration alerts 302 MAC lockout 302 Adding a MAC lockout address 302 14 Local mesh 303 Key concepts 303 Simultaneous AP and local mesh support 303 Using 802.11a/n for local mesh 304 Local mesh terminology 304 Local mesh operational modes 305 Node discovery 305 Operating channel 305 Local mesh profiles 306 Configuration guidelines 306 Configuring a local mesh profile 306 Provisioning local mesh links 310 Sample local mesh deployments 312 RF extension 312 Building-to-building connection 313 Dynamic network 313 8 Contents 15 Public/guest network access 315 Introduction 315 Key concepts 315 Access control 315 Access lists 316 The public access interface 316 Location-aware 318 Configuring global access control options 318 User authentication 319 Client polling 320 User agent filtering 321 Zero configuration 321 Location configuration 321 Display advertisements 322 Public access interface control flow 322 Customizing the public access interface 324 Sample public access pages 325 Common configuration tasks 325 Setting site configuration options 328 About ASP variables 328 Allow subscription plan purchases 328 Display the Free Access option 329 Support a local Welcome page 330 Use frames when presenting ads 330 Allow SSLv2 authentication 331 Redirect users to the Login page via 331 Customizing the public access Web pages 331 Site file archive 331 FTP server 332 Current site files 333 Configuring the public access Web server 338 Options 338 Ports 339 MIME types 339 Security 340 Managing payment services 340 Payment services configuration 340 Service settings 341 Billing record logging 346 Settings 347 Persistence 347 External billing records server profiles 348 Billing records log 350 Table 350 Location-aware authentication 351 How it works 351 Example 352 Security 353 16 Working with RADIUS attributes 354 Introduction 354 Controller attributes overview 354 Customizing the public access interface using the site attribute 354 Defining and retrieving site attributes 355 Controller attribute definitions 357 Contents 9 User attributes 362 Customizing user accounts with the user attribute 362 Defining and retrieving user attributes 362 Retrieving attributes from a RADIUS server 366 PCM IDM support 366 User attribute definitions 367 Access request 368 Access accept 370 Access reject 372 Access challenge 372 Accounting request 373 Accounting response 376 Administrator attributes 376 Access request 376 Access accept 377 Colubris AV-Pair - Site attribute values 377 Access list 379 Configuration file 386 Custom SSL certificate 386 Custom public access interface Web pages 387 Default user interim accounting update interval 391 Default user bandwidth level 392 Default user idle timeout 392 Default user quotas 392 Default user data rates 393 Default user one-to-one NAT 393 Default user session timeout 393 Default user public IP address 394 Default user SMTP server 394 Default user URLs 394 HTTP proxy upstream 394 IPass login URL 395 Global MAC-based authentication 395 Multiple login servers 396 Redirect URL 398 NOC authentication 399 HP WISPr support 400 Traffic forwarding (dnat-server) 401 Multiple DNAT servers 401 Colubris AV-Pair - User attribute values 403 Access list 403 Advertising 404 Bandwidth level 404 Data rate 404 One-to-one NAT 405 Public IP address 405 Quotas 405 Redirect URL 406 SMTP redirection 406 Station polling 407 Custom public access interface Web pages 407 Placeholders 408 Colubris AV-Pair - Administrator attribute values 408 Administrative role 409 Public access interface ASP functions and variables 409 10 Contents [...]... Windows Server 2003 configuration .477 Creating the vendor class 477 Defining vendor class options 478 Applying the vendor class .479 ISC DHCP server configuration 481 Contents 13 1 Introduction This guide describes how to configure and manage HP MSM7xx Controllers This document applies to the MSM710, E-MSM720, MSM760, and MSM765zl Controllers These... Configuration and operation of this new controller is covered in this guide For installation instructions, see the E-MSM720 Controllers Installation Guide Automated workflows have been added to help perform common configuration tasks “Using automated workflows” (page 15) The IP interface configuration page is new in this release “Network configuration (page 24) It enables an IP address to be assigned to... Internet port network and LAN port network configuration pages to improve usability Port configuration has been simplified In this release the “Configuring port settings” (page 34) Network > Ports page is only used to set parameters that affect the physical configuration of ports IP addresses are assigned using the new IP interface configuration page VLAN configuration has been moved from the Network... path to the configuration page for each setting that was changed by the workflow For example: 16 Using the management tool At this point you can: • Select a page link to make further configuration changes When done, select Automated workflows to return to the confirmation page • Select Done to return to the Automated workflows home page TIP: See also the MSM7xx Controller Installation Guide specific... also the MSM7xx Controller Installation Guide specific to your controller model for details on how to install and initially configure your controller New in release 5.7.0.0 Information on the primary new and changed features in release 5.7.0.0 is located as follows: New or changed in this release For information, see New E-MSM720 Access Controller and the E-MSM720 Premium Mobility Controller Configuration. .. conform to the selected security policy as follows • Follow FIPS 140-2 guidelines: When selected, implements the following requirements from the FIPS 140-2 guidelines: ◦ All administrator passwords must be at least six characters long ◦ All administrator passwords must contain at least four different characters For more information on these guidelines, refer to the Federal Information Processing Standards... interface The following configuration options are available if you select the Internet network interface (on an E-MSM720) or Internet port interface (on all other controllers) in the table Configuring IP interfaces 31 By default, the Internet port operates as a DHCP client Select the option you want to use and select Configure Refer to the following sections for additional configuration information... own page It has also been redesigned • “Assigning VLANs to controlled APs” (page 165) for better usability and to support the new features available on the E-MSM720 A VLAN configuration page has also been added for controlled APs GRE configuration has been moved from the Network > Ports page to its own page It works the same way as in previous releases “Configuring GRE tunnels” (page 41) Licensing page... guidelines, refer to the Federal Information Processing Standards Publication (FIPS PUB) 140-2, Security Requirements for Cryptographic Modules • Follow PCI DSS 1.2 guidelines: When selected, implements the following requirements from the PCI DSS 1.2 guidelines: ◦ All administrator passwords must be at least seven characters long ◦ All administrator passwords must contain both numeric and alphabetic characters... information on these guidelines, refer to the Payment Card Industry Data Security Standard v1.2 document Manager username/password reset Not supported on the MSM-765 The Allow password reset via console port feature provides a secure way to reset the manager login username/password on a controller to factory default values (admin/admin), without having to reset the entire controller configuration to its . HP MSM7xx Controllers Configuration Guide Abstract This document describes how to configure and manage the MSM7xx Controllers. This document. Introduction This guide describes how to configure and manage HP MSM7xx Controllers. This document applies to the MSM710, E-MSM720, MSM760, and MSM765zl Controllers.

Ngày đăng: 24/03/2014, 08:20

TỪ KHÓA LIÊN QUAN