Setting
up HP Switches and WAPs
Support
Our wireless
solution was purchased over 2 years (Summer 11 & Summer 12) from Computer
Systems in Education (CSE).
CSE
Education Systems Ltd
Goodman's
Yard
New
Yatt Road
North
Leigh
Oxon
OX29
6TN
Tel:
01993 886688
Fax:
01993 886666
CSE have
cabled all the AP points, and configured the controller and the first batch of
switches that were installed during August 2011.
Hardware
PoE
Switches
|
HP Procurve
2520G-8-POE
|
WAPs
|
HP E-MSM430
Dual Radio 802.11n Access Points
|
WIFI
Controller
|
MSM765
Integrated Controller (Module within core switch)
Username:
admin
Password:
s********3m
|
WIFI
Controller options
There are 3
VSDs configured:
StCharles-Guest
|
Purpose:
For users who do not exist in Active Directory
HP Visitor
Management software must be used to create temporary accounts to permit guest
access.
Users can
connect to this VSD without providing an initial key/password, but on first
use are redirected to a login page which authenticates against the local user
database on the controller.
|
StCharles-Student
|
Purpose:
For users who exist in Active Directory but who are using unknown devices.
Users can
connect to this VSD without providing an initial key/password, but on first
use are redirected to a login page which authenticates against Active
Directory.
|
StCharles-Internal
|
Purpose:
For known users on known devices (e.g. students using College laptops)
Connection
to this VSD requires the valid WPA2 key to be entered.
This key
must never be given to anybody outside of IT Services.
It is used
on College owned equipment which are members of Active Directory and have up
to date antivirus protection.
|
Guest access
Controller à Users à Account Profiles
There are 3,
but we don’t use Default AC
Known users
are found in AD, Unknown users are local on the controller
Each profile
uses the Access List ‘sccunknowndevice’ (Access Control List)
At present
both profiles are the same
Account
profiles are associated with User accounts
NB. For ACLs
go to Public Access à Attributes
Active Directory Users
Controller à Authentication à Active Directory
Switch
Configuration
The PoE
switches must be configured before use.
General
|
|
Manager
password
|
Set this to
the standard switch password.
Do not set
up a username or an operator password
|
Spanning
tree
|
Enable this
|
VLAN 1
|
This is the default and already
exists
|
IP Address
|
Use the spreadsheet
called IP Address – Switches from
within the Network System folder.
If the
switch already exists in the spreadsheet, ensure the correct IP address is
used. If not, add the details to the
spreadsheet (location in spreadsheet is based on cabinet location).
|
Subnet
|
Use the
appropriate subnet for the location of the switch
|
Default
Gateway
|
Use the
appropriate Gateway for the location of the switch
|
IP IGMP
|
Configure
this to be on
|
VLAN 30
|
This needs creating and configuring
|
Name
|
Wireless
|
Untagged
ports
|
1 to 8
|
Tagged
ports
|
10 (used
for uplink to existing network switch)
|
IP IGMP
|
Configure
this to be on
|
Don’t forget to save your settings
before you exit else they will be lost the next time the switch loses power (WR
MEM).
Other
switch configuration
Every switch
port in the ‘journey’ between the Core Switch and the Edge PoE switch you have
just configured must be aware of the Wireless VLAN (30) and configured to use
it.
Each switch
port concerned must be Tagged on VLAN 30.
(NB: Tagged NOT Untagged).
So, if the
PoE switch (port 10) is connected to Switch X (port 46) and Switch X (port 48)
is connected to the Core Switch (port A12) then every one of these switches
must have VLAN 30 (Wireless) configured and the relevant port tagged.
VLAN 30
|
This needs creating and configuring
if it does not already exist
|
Name
|
Wireless
|
Untagged
ports
|
n/a
|
Tagged
ports
|
Whichever
ports are used in the ‘journey’ between the Core Switch and the edge PoE
switch
|
IP IGMP
|
Configure
this to be on
|
Appendix:
Other RDE Notes
WPA2 Key: ITServices11
Smoothwall Port 805
Ip: 172.20.1.2
telnet
core
manager = #
config
vlan 30
show vlan 30
show lldp I r
On core switch, vlan 30, links to edge
switched need to be tagged
Directly connected APs must be untagged
On edge switch
Show run – displays the config
Type…
Config
Vlan 30 (This adds the vlan)
Name wireless
Ip igmp – adds multicast filtering
Tagged 47,48
Wr mem
Show lldp I r 48 (where 48 is a port
number)
This will give IP address of new switch
(for telnet)
|
New 8 port switch
Telnet
Config
Hostname MF1A-Model
Vlan 1
Ip address 172.16.100.61 255.255.0.0
(you will lose connection to switch)
config
spanning-tree
vlan 1
ip igmp
vlan 30
name wireless
ip igmp
show lldp I r (see uplink port)
tagged 10
untagged 1-9
show interfaces
Back to config
Password manager (enter)
$w1tch
|
RDE, 8th
November 2012.
Knowledge base:
- Edge switch: Here, edge switch or other switch means all
the link switches between the Core
switch and PoE switch.
- Tagged port: You have HP switch. When you see a port that is tagged it is
a trunk port (meaning there is multiple VLANs on that port) each VLAN gets
an ID (tag) when you have multiple
VLANs on a port you have tagging enabled to separate the traffic so it
stays on its same VLAN, on ports that only belong to one VLAN do not need
tagging as all traffic will be on the same VLAN. so to simply answer your
question a tagged port is a trunk port. This is different from the 802.1q tunnelling
but is 802.1q VLAN Trunking.
Whether a port is tagged or not is dependent mainly on how many VLANs are on a particular port. The standard for this is based on 802.1Q.The standard states that on any given port you can have one untagged VLAN. This means that you can have one VLAN per port and there is no need to tag the port. Tagging means that the port will send out a packet with a header that has a tag number that matches the VLAN tag number. If there is only one VLAN there is no need to distinguish what VLAN the traffic is for as there is only one. When there are more than one VLAN per port the port must differentiate what VLAN each packet is destined to. So for example if we have 3 VLANs on port 1 VL1, VL2, VL3 and I am sending out a packet on each one I have to have a way to tell the other side which packet is for which VLAN. So if the .1Q tag for VL1 is 1 and for VL2 is 2 and VL3 is 3 then the port will insert a header with the right tag number on each packet. The other side needs to be set up the same way and will see that if a packet of 1 comes in it will forward it on VL1.So when a port is tagged it inserts and receives packets with the 802.1Q tag for every packet that has a VLAN on it. The standard does allow for one untagged VLAN per port as mentioned above which means that you could have VL1 with no tag and VL2 and VL3 with tags because technically all three VLANs are unique. Any packet that has no tag will go to VL1. This is what Cisco does with their native VLAN.
- DHCP Tool: Use
the dhcp server tool to find the switch dhcp ip address
- PoE switch
- Find out the IP Address using help of DHCP
- Find the other switch it is connected with link
port
- Requirement for other
Main Switch
- Find the port number of the switch it is connected
to PoE switch
- Find how many port switch is it? (24 port or 48 port)
- Make note of the link port: Which port are
connected by fibre link
- Find the ip address of this switch from “IP
Addresses - Switches.xls” file
- Open a browser and type the ip address
i.
Go
to the “Configuration” tab
·
Look
at the link ports and check if it matches
ii.
When
you are certain about the other main switch ip address then
·
Open
command prompt
·
Type:
telnet ip_address and press enter
·
Type password
·
It
will open up telnet connecting to the switch in configuration mood: #
iii.
Type: show lldp i r 2 (2 is the port of the
PoE switch connected to). Output will be the
·
ip_address of the PoE switch,
·
port_id of the PoE switch
- Repeat step 2 to
find the ip_address and port for all other switches involved
- Now time to
configure all the related switches
and port
Note