HP Networking PCM–VLAN MAP

This week we’ve been rolling out more Mitel VOIP handsets and had to make sure we had the Voice VLAN pushed out to all the switches and check the tagging on the uplinks to make sure the handsets would all connect properly.

After an hour of chasing VLAN tagging via the CLI I thought I’d better see if there was a smarter way to check the switches and fired up ProCurve Manager Plus.  Under Default Management Group –> Network Map –> VLANS you can select the VLAN number that you want to check and PCM will show a network map with the switches that have that VLAN tagged and show you how those switches are connected to each other. Or more importantly, not connected. VLANMAP

The screen capture above shows our VOIP VLAN and that I tagged all the right ports to connect the PE switch, but missed the VOIP tagging between the Queens Wing switch and the core. Easy to spot in PCM and just as easy to fix, and one less problem to fix once the handsets are rolled out

When I paid Adam (@DJADSA) a visit last week I noticed that he’d labelled important interfaces on his switches. When I was wondering which ports from the 5400 to tag for the edge switches, it occurred to me that we could be more organised with our switches and do something similar. Having that sort of documentation on the network ports/trunks/uplinks would save time when quickly adding new VLANs etc and would save time troubleshooting other network issues

from the CLI

interface A10 
   name "WirelessAP"
interface A20
   name "10Gb Uplink from Core"

Radius – Server 2008 R2 NPS

We’ve OLYMPUS DIGITAL CAMERA         been using NPS on Server 2008 for a while now and its been perfect for handling 802.1x authentication (EAPTLS) and radius auth from the HP WESM in the 5400zl. The radius setup for the HP Wireless Edge Services was pretty easy, it only needs radius clients for the Primary WESM and any Redundant WESM’s.

Now that we’re adding another 50-70 E-MSM422 AP’s for the MSM765 controller we need to add radius clients for each AP. After a conversation with Adam (@DJADSA) we worked out that we were going to hit the 50 radius client limit in Server 2008 Standard. Adam showed me a couple of neat tricks with their NPS configuration that would save us a tonne of time and are new additions to R2!

The first trick was adding a subnet range for Radius Clients instead of adding a radius client for AP individually. Adding the IP/CIDR and shared secret will let all devices in the range talk to the NPS server.


The next tip from Adam was with the Accounting in NPS. We’d tried to get SQL logging to behave in Server 2008 a few times and failed miserably. The NPS application in 2008 would connect to a SQL database but wouldn’t create the structure etc. There was a sql script on the web that would create it for you but we didn’t have any luck getting it all to work properly. 2008 R2 has a new wizard for setting up NPS accounting and the final stage of the wizard gives you the option of creating the SQL structure of the database. very tidy


With SQL logging enabled it give us the option of writing a web part or two for SharePoint to let staff know which users are connected where, and lets us easily run scripts to find client/authentication problems.