HP Networking PCM–VLAN MAP

This week we’ve been rolling out more Mitel VOIP handsets and had to make sure we had the Voice VLAN pushed out to all the switches and check the tagging on the uplinks to make sure the handsets would all connect properly.

After an hour of chasing VLAN tagging via the CLI I thought I’d better see if there was a smarter way to check the switches and fired up ProCurve Manager Plus.  Under Default Management Group –> Network Map –> VLANS you can select the VLAN number that you want to check and PCM will show a network map with the switches that have that VLAN tagged and show you how those switches are connected to each other. Or more importantly, not connected. VLANMAP

The screen capture above shows our VOIP VLAN and that I tagged all the right ports to connect the PE switch, but missed the VOIP tagging between the Queens Wing switch and the core. Easy to spot in PCM and just as easy to fix, and one less problem to fix once the handsets are rolled out

When I paid Adam (@DJADSA) a visit last week I noticed that he’d labelled important interfaces on his switches. When I was wondering which ports from the 5400 to tag for the edge switches, it occurred to me that we could be more organised with our switches and do something similar. Having that sort of documentation on the network ports/trunks/uplinks would save time when quickly adding new VLANs etc and would save time troubleshooting other network issues

from the CLI

interface A10 
   name "WirelessAP"
exit
interface A20
   name "10Gb Uplink from Core"
exit

Radius – Server 2008 R2 NPS

We’ve OLYMPUS DIGITAL CAMERA         been using NPS on Server 2008 for a while now and its been perfect for handling 802.1x authentication (EAPTLS) and radius auth from the HP WESM in the 5400zl. The radius setup for the HP Wireless Edge Services was pretty easy, it only needs radius clients for the Primary WESM and any Redundant WESM’s.

Now that we’re adding another 50-70 E-MSM422 AP’s for the MSM765 controller we need to add radius clients for each AP. After a conversation with Adam (@DJADSA) we worked out that we were going to hit the 50 radius client limit in Server 2008 Standard. Adam showed me a couple of neat tricks with their NPS configuration that would save us a tonne of time and are new additions to R2!

The first trick was adding a subnet range for Radius Clients instead of adding a radius client for AP individually. Adding the IP/CIDR and shared secret will let all devices in the range talk to the NPS server.

radiusclient

The next tip from Adam was with the Accounting in NPS. We’d tried to get SQL logging to behave in Server 2008 a few times and failed miserably. The NPS application in 2008 would connect to a SQL database but wouldn’t create the structure etc. There was a sql script on the web that would create it for you but we didn’t have any luck getting it all to work properly. 2008 R2 has a new wizard for setting up NPS accounting and the final stage of the wizard gives you the option of creating the SQL structure of the database. very tidy

accountingwiz

With SQL logging enabled it give us the option of writing a web part or two for SharePoint to let staff know which users are connected where, and lets us easily run scripts to find client/authentication problems.

MSM765 SNTP Time Sync

msm765

This week we’ve been reconfiguring our MSM765 wireless controller and adding some new features for Students and guests to the School. With our old ZL WESM we were able to have a VLAN on the wireless network with an HTML based login, which allowed the students to use their own machines on the wireless network with their AD credentials. We wanted to replicate this setup on the MSM by using HTML-based user logins and still use their AD logins. We hit a problem when we tried to configure the Active Directory Authentication on the controller because the time on the controller wasn’t in sync with the 5400 chassis or the domain!

When we check Controller –> Management –> System Time, we could see the the time was incorrect, but there was no option to change it or specify an NTP server. The command ling reference for the controller (MSM7xx-CLI-RG-May09-5992-5933.pdf) gave a few clues on how to set the SNTP server and get the controller connected to our Windows time server

Connecting the terminal to the 5400 with the controller (MSM is in Bay I)

BGSCore(config)# services  I 2
BGSCore(msm765-application-I)> enable
BGSCore(msm765-application-I)# conf
BGSCore(msm765-application-I)(config)#
BGSCore(msm765-application-I)(config)# ntp protocol sntp
BGSCore(msm765-application-I)(config)# ntp server 1 192.168.1.19
BGSCore(msm765-application-I)(config)# ntp server
BGSCore(msm765-application-I)(config)#

The time sync’d straight away and made the connection to AD without a hitch

image