hp procurve multi service mobility (msm) wlan solution
TRANSCRIPT
HP ProCurve Multi Service Mobility (MSM) WLAN Solution Overview
HP Solution Architecture The HP ProCurve Multiservice Mobility (MSM) Architecture is leading the way to the next generation of enterprise WLAN solutions. Its innovative design allocates separate resources to management, control, and data forwarding and distributes network intelligence to the wireless edge. By combining the operational advantages of centralized management and control with the scalability, efficiency and performance of distributed intelligence, the TriPlane WLAN Architecture implements an optimized WLAN switching system. At the centre of the solution are the HP ProCurve MSM 700 series controllers that are used for centralized management and configuration of all WLAN services together with HP ProCurve Manager that is also monitoring and managing the network switches and ports for the wired network. The MSM architecture preserves the strengths of first generation WLAN switches while eliminating the weaknesses of so called thin Access Points. As its name implies, the TriPlane Architecture assigns management, control and data forwarding functions to separate “planes,” each with dedicated processing resources.
TriPlane Architecture TriPlane optimizes WLAN efficiency and performance by switching client traffic at the network edge. MSM700s process only network control and management information, enabling client traffic to flow directly from source to destination via the Data Plane without unnecessary detours. As a result the MSM700s handle only a small fraction of total WLAN traffic, they are highly scalable and deliver excellent price/performance.
The Data Plane The data plane is responsible for data forwarding, QoS enforcement and security enforcement. Sitting at the wired/wireless boundary, intelligent APs forward packets directly between clients and servers, rather than shunting everything through a central WLAN switch. Local 802.11 MAC protocol processing, hardware-assisted data encryption, and RADIUS authentication eliminate most dependencies on a central resource. By applying security policies, APs stop unauthenticated traffic at the network edge. The data plane also performs real-time WLAN intrusion detection and prevention. Dual radio models of the AP product line provide the first line of WLAN defense by detecting and de-activating rogue devices before their traffic can pose a threat to the enterprise network. The Control Plane The control plane is the key to the TriPlane Architecture. By maintaining centralized control over the distributed data plane, the control plane ensures consistent service delivery and strict enforcement of QOS and Security policies across the entire WLAN, but without the shortcomings of a central WLAN switch. As the WLAN is deployed and expanded, MSM700s and APs automatically discover each other and establish a secure layer-3 communications tunnel for the exchange of WLAN control information. Mutual X.509 authentication and encryption between the APs and the MSM700 eliminate any security risk and high availability features built into the configuration and control protocol ensure continuous MSM AP-MSM700 connectivity. The MSM700 configures groups of MSM APs to deliver a common set of services depending on location or user requirements. It sets the Virtual Service Communities (VSC) to be delivered by the group along with associated virtual AP, its security, QoS and other policies that are common to the group. All WLAN configuration and management functions can be centrally administered through the MSM700 series secure management interfaces. In support of real-time mobility, the MSM700 ensures fast, seamless handoffs as wireless devices roam from AP to AP, regardless of whether APs are on the same or different IP subnets. The MSM700 knows which MSM APs are neighbours, so it can anticipate handoffs. Pre-shared PMK caching allows WPA2/802.1x re-association in less than 50 milliseconds, while QoS and security policies follow users as they roam. The Management Plane The management plane, supports classic fault, configuration, accounting and performance functions for a large network of composed of multiple MSM700s and MSM APs:
• Policy management – Network operators can define services and set policies for the entire WLAN. A friendly user interface simplifies the configuration process, while the NMS automatically pushes configuration and policy information to the MSM700 and APs.
• Troubleshooting – Troubleshooting tools and automatic firmware updates aid quick problem resolution.
• Capacity planning – Performance analysis and trending tools assist in WLAN capacity planning. • Remote management – A standard XML management interface enables rich, straightforward
remote management in complement to SNMP MIB support. • RF Security – configuration of security policies to be monitored and enforced by APs, plus ongoing
auditing to ensure policies are always up-to-date.
Intelligence at the edge of the Network A key strength of the HP ProCurve MSM WLAN solution is the use of intelligent “dependent” APs combined with centralized management that is normally reserved for “thin” APs. Analysts have adopted the Dependent AP nomenclature to describe APs that depend on a centralized controller or switch for their configuration, management and operation. The level of “intelligence” of such Dependent APs varies significantly between vendors. HP ProCurve MSM AP devices offer superior intelligence that allows an optimization of the achievable bandwidth. This approach is known as Distributed Data Forwarding (DDF) while a traditional WLAN Switch relies on a Centralized Data Forwarding approach. The architecture integrates WLAN traffic flows into the wired network and with the help of the DDF approach the traffic flows are switched by intelligent access points at the network edge, enabling traffic to follow the most direct path without traversing the controller and optimizing the use of costly high-speed backbone links The design also leverages the strong security and QoS features embedded in LAN networks by exposing WLAN client traffic flows to the wired network’s IDS/IPS, network admission control and VLAN security features. One key benefit of this architecture is the ability to offer VoWIFI without the latency of large networks sending traffic back to the WLAN controller and directly to the voice servers, thereby improving the voice call quality. In addition the DDF design allows support for 802.11n without changes to the number of AP devices supported by the MSM700 series with the overall capacity in terms of the number of managed APs staying the same while the overall bandwidth available is significantly increased. The TriPlane maintains end-to-end QoS for real-time applications by leveraging the wired network’s native 802.1p and DiffServ prioritization capabilities. Wireless and wired priority schemes are translated at the WLAN/LAN boundary, enabling all traffic to be classified and prioritized by wired switches and routers according to existing QoS policies. Reports from Burton Group (see document “Burton Group_WLAN Evolution_April 07”) and Forrester are recognizing the value of a Distributed Data Forwarding approach in order to adequately handle Voice over Wi-Fi and 802.11n traffic. This is best illustrated by the following diagrams:
HP ProCurve Multi-Service Mobility System (MSM) The HP Procurve Multi-Service Mobility WLAN Solution is designed with the challenges of providing secure multiple services. The support for multiple VSC’s each with their distinct Virtual AP, QoS, security and filter settings enables flexible services to be supported with different user groups. In addition with the central management capabilities it’s easy to assign Access Points to a location, by using the plug and play features of central deployment. In addition the MSM solution is designed around a de-centralised architecture to provide an optimal user experience when using Voice over IP with Voice traffic direct straight to the SIP server or Voice gateway. Important technical differentiators for VSCs include:
• Easily offer many different service levels on a single infrastructure
• Bandwidth management and
QoS controls differentiate latency-sensitive or business-critical traffic from other traffic types
• Leverages virtual access point
technology with unique MAC address for each VSC, allowing the broadest wireless client connectivity
HP Procurve MSM 700 series controllers will be used for centralized management of HTML web authenticated guest access and also WPA(2)/802.1x secured clients. The MSM-700 controllers include a rich set of features as custom welcome page and walled garden such for secure WLAN based guest or visitor services. The guest traffic is automatically securely tunneled to the controller for HTML based authentication (web) and can be further segmented by use of VLAN’s. In addition there is a Windows based tool to create user accounts and vouchers that can support a variety of time based accounts according to needs. The intelligent AP’s can be configured to support a variety of services, by simply changing the mode of the radio. Access Point mode - whereby any type of WiFi approved client can connect using either 802.11 a, b, g or n. Supporting connections from OPEN, WEP,WPA/2, and 802.1x connectivity. Local Mesh mode – in this mode a radio can be used to create a WLAN bridge to another AP at a remote site and be managed remotely via the controller, and ideal way to extend over campus areas. Monitor mode – the radio is constantly monitor the neighbouring networks and allows for WLAN troubleshooting. Sensor mode – the radio is configured as 24x7 abg sensor to detect and prevent unauthorized WLAN connectivity from various forms of attack and bad configuration and locate offending devices.
MSM offers important advantages for wireless LAN networks. • Centralized management and control: Multi-Service Mobility (MSM700) Controllers handle
everything from roaming to access control to QoS policies from a central location.
• Distributed network intelligence: By distributing intelligence throughout the network, MSM gives you service awareness and the freedom to add new services or expand RF coverage as needed.
• High-performance architecture: Separate network elements process WLAN client data, provide
network control, and handle management traffic. This eliminates bottlenecks and achieves the highest scalability in the industry.
• Application performance tuning: Because MSM allows custom QoS and security policies for each
VSC you can tune the network for each application without impacting others. Only HP ProCurve MSM offers the combination of the industry’s most scalable network with the powerful concept of custom services using VSCs. Business Model benefits MSM is truly purpose-built to facilitate the rollout of new services and deliver critical benefits Capital expense (CAPEX) investment protection
• Leverage existing facilities investments by extending the network with simple-to-deploy wireless technology (including HP ProCurve MSM Local Mesh capabilities for wireless backhaul).
• Highly modular architecture allows you to invest as you go. Operating expense (OPEX) minimization
• Leverage central AAA policy for both wired and wireless infrastructures. • Integrates into existing SNMP management and RADIUS servers. • Flexible, centralized service provisioning for VSCs. • Advanced diagnostic tools enable remote troubleshooting and support helpdesk operations.
Profitable service provision
• Single infrastructure to deliver multiple service products. • Flexible architecture allows demanding applications like VOIP to safely share a network with
hotspot and enterprise data applications. • Deliver custom-fit solutions to your customers.
Low barrier to customer adoption
• Error-free connection facilitates simple and habitual use. • Incorporates the broadest available support for client devices to ease transition. • Modularity allows growth from small to large-scale WLAN deployments, to suit individual needs
and requirements.
MSM Architectural Benefits By dedicating separate resources to management, control and data forwarding and by distributing intelligence to the wireless edge, the MSM Architecture delivers benefits that earlier, switch-centric architectures cannot achieve.
• Readiness for 802.11n: MSM offers centralized management with a Distributed Data Forwarding approach that allows the MSM700 series to manage 802.11n devices without the need for additional processing capabilities. The approach also minimizes the impact of the additional bandwidth of 802.11n AP devices on the existing LAN infrastructure since it avoids sending unnecessary traffic through multiple LAN devices that unnecessary increases the load on the edge and aggregation layers of the LAN infrastructure.
• Unprecedented performance and scalability – Separation of the control and data planes dramatically increases WLAN performance and scalability, but without sacrificing the convenience and control of centralization. A WLAN can start at the right size and cost for any situation and then grow to serve more users simply by adding more APs.
• Superior QoS – By enforcing QoS at the wired/wireless boundary, TriPlane creates a superior foundation for delay-sensitive voice and multimedia applications. Forwarding packets directly toward their destination instead of detouring them through a WLAN switch eliminates the jitter and latency of at least one network hop and efficiently leverages the QoS features of the wired network. Intelligent APs apply QoS to the RF links, ensuring that voice and other delay-sensitive traffic is prioritized end-to-end.
• Real-time mobility – Intelligent APs, coordinated by the MSM700-series, support real-time mobility. Wireless clients can move throughout the WLAN footprint, maintaining secure, continuous connections with intra- and inter-subnet handoffs in under 50 milliseconds.
• Integrated client security policy enforcement – The TriPlane architecture exposes individual user flows to wired Ethernet access switches, enabling their security features to analyze and act upon the WLAN traffic. This allows client security policies to be consistently enforced for wired and wireless LAN users alike. It provides full compliance with TNC specifications for quarantine of users under network admission control facilities.
• Scalable RF Security – Real-time IDS/IPS on 100% of the WLAN traffic, enabling it to detect threats that are unique to WLANs. Unlike WLAN switches that centralize all RF security functions along with client packet processing, the TriPlane architecture forwards only threat information from AP to RF Manager. This hierarchical RF security approach is more scalable and eliminates the heavy network traffic load associated with centralized RF security solutions.
• Service reliability – Distributed data plane intelligence increases WLAN service reliability, since the failure of a AP doesn’t affect other network elements. Because APs are intelligent, they continue to forward client packets and accept new connections normally, even if an MSM700 were to become unreachable.
• Low TCO and investment protection –The TriPlane Architecture protects the WLAN investment by allowing the addition of next-generation APs—to support 802.11n, for example—without requiring an MSM700 upgrade and operations costs stay low since the NMS scales to manage thousands of APs as a single system.
• Remote AP management and connectivity - The MSM 700 series offers the ability to have remote standalone Access Points in branch offices managed over a secure tunnel over the internet with local traffic egress. A cost effective way of providing managed WLAN access to remote satellite company locations.
HP WLAN Solution The HP MSM WLAN solution is based upon MSM-700 Series WLAN controllers that each can configure and manage up to 200 Access Points. A balance of MSM-3x0 or 4xx series Access Points can be deployed depending on the site survey results and depending on coverage and needs of the users. See page 18 below for Access Point details. In addition should extra switch ports be required for connecting AP’s then again new switches that have as a minimum, support for 802.3af PoE and 802.1q VLANs should be specified and if possible Gigabit Ethernet for future 802.11n support should be considered. There are several HP Procurve switches that are ideally suited for such an application, in addition to other. The MSM-700 controllers include a rich set of features for provision of secure WLAN based guest or visitor services. The guest traffic is automatically securely tunneled to the controller for HTML based authentication (web) and can be further segmented by use of VLAN’s. Advanced features such as custom welcome page and walled garden can further tailor the experience to the hosting company. In addition there is a Windows based tool to create user accounts and vouchers that can support a variety of time based accounts according to needs. The diagram below provides for a basic solution overview, showing 2 SSIDs being broadcast “Staff” and “Visitors” and a hidden SSID “Voice”.
Local Mesh Protocol Introduction Local mesh support is a feature that is available for both controlled and autonomous MSM Access Points at no extra cost and ships included on the MSM AP. The local mesh feature replaces the need for Ethernet cabling between APs, enabling expanded Wi-Fi coverage through the use of wireless bridges to transport network traffic in hard-to-wire or outdoor areas. Local mesh can be configured via the MSM700 series controller when using the MSM Access Points in controlled mode. The MSM700 provides a central place to manage all local mesh links and to view the status of connections. Key local mesh features Automatic link establishment Nodes automatically establish wireless links to create a fully connected network. A dynamic network identifier (local mesh group ID) restricts connectivity to groups of nodes, enabling distinct groups to be created with nodes in the same physical area. Self healing In a properly designed LM implementation, redundant paths can be provided. If a node fails, the mesh will automatically reconfigure itself to maintain connectivity. The process provides a fall-back operation to recover from node failure. Maintains network integrity when using DFS channels In accordance with the 802.11h standard, dynamic frequency selection (DFS) detects the presence of certain radar devices on a channel and automatically switches the network node to another channel if such signals are detected. 802.11h is intended to resolve interference issues with military radar systems and medical devices. Depending on the radio regulations of some countries, DFS channels are only available on the 802.11a band, which is the preferred band for local mesh backhaul. If more than one node detects radar simultaneously and must switch channels, each node does not necessarily switch to the same channel, and the network might never re-converge. To avoid this problem, the local mesh root node detects a change in channel and provides a means to reconnect on the next available channel by scanning on multiple channels.
Local Mesh Protocol
Local Mesh added to WLAN Solution – Diagram below
WLAN Network Controllers and RF Management HP Procurve Multi-Service Mobility Controllers (MSM 700 series) form the central nervous system of your wireless network. With form factors to fit any environment from a small office to a large campus, HP ProCurve MSM 700 series include modular software for public/guest Internet access, fast secure roaming and automatic configuration and management of HP ProCurve MSM Multi-Service Mobility Access Points. An embedded graphical user interface makes it easy to centrally configure and operate the entire WLAN.
Multi-Service Controller Product Line Model Description
HP Part Number MSM710 J9328A
MSM730 J9329A
MSM750 J9329A
Positioning Entry Mid-range High-end Maximum APs - controlled MSM APs - autonomous MSM AP / 3rd party AP
10
unlimited
40
unlimited
200
unlimited
Max. Public/Guest Access Users (active sessions)
100
500
2000
Internal radius accounts 500 1000 2000 COS Configuration Access
Service Mobility
Pack Access Service
Mobility Pack
Access Service
Mobility Pack
Fast Roaming and Voice over Wi-Fi
* * *
Plug and Play Operation * * * * * * Public / Guest Access * * * * * * HP Part No. (Mobility upgrade)
J9331A J9332A J9333A
Product Height(ins/RU) Width (ins) Depth (ins) MSM710 1.74/1 10.0 (rack mount ears are available) 7.5 MSM730 1.73/1 16.87 14.17 MSM750 1.73/1 16.87 17.2 RF Manager 50 IDS/IPS
1.73/1 16.87 14.17
RF Manager 100 IDS/IPS
1.73/1 16.87 17.2
WLAN Controller Access Service - AP configuration and Management Feature Benefit
AP configuration Configure APs APs in controlled mode will automatically register at MSM700 and download pre-defined AP configuration
AP network management Monitor APs, troubleshoot end user connectivity problems
AP software Upgrades
Update software for APs and MSM700 Loading new image on MSM700 will result in updating controlled mode APs
WLAN Controller Access Service - Embedded RADIUS server Feature Benefit
Embedded RADIUS
Local authentication of 802.1X (EAP-PEAP, EAP-TTLS, EAP-TLS) and MAC authentication at the MSM700 (with WPA/WPA2), i.e. no need for external RADIUS servers in smaller deployments where RADIUS is required.
Proxy RADIUS
Eliminates the need to explicitly configure unique NAS-ID for each VSC or each AP on external access servers Support for REALM-based selection of external RADIUS AAA Server (useful in wholesale/retail scenario) EAP-SIM, EAP-AKA, EAP-FAST and EAP-GTC supported in proxy mode only
Active Directory Native Integration with Microsoft Active Directory
Locally-defined user profiles
Standards-based authentication directly at the MSM700 Quicker authentication process Account profiles for locally authenticated users (VLAN, QoS, Access Control, VSC, Bandwidth, Session time out, Idle time out, 3rd-party attributes)
WLAN Controller Enterprise Mobility - License Feature Benefit
IP subnet roaming Seamless Mobility for End User devices from IP subnet to IP subnet
Fast roaming (Voip) AP to AP hand-offs: less than 50 milliseconds Secure WPA2 hand-offs: less than 50 milliseconds Supports superior VoWLAN performance
WLAN Controller Access Service – Guest Access (HMTL) controller Feature Benefit
Fully customizable captive portal
This enables the entire public access interface to be customized for any type of deployment, with support for dynamic content on a per-user or per-location basis. Site configuration using RADIUS attributes provides for centralized management and control of geographically distributed sites
AAA authentication
User authentication via third-party RADIUS server with support for multiple RADIUS profiles. Users can login using their 802.1x or WPA client software, or via an HTML-based login page, or be automatically authenticated by their MAC address
RADIUS accounting Supported per-client, tracking usage time and data transferred
Access lists Provide customizable access control at three levels: site, user group, and individual user
Zero-configuration client support
Enables client stations with a static IP address or using HTTP proxy to connect without reconfiguring
SMTP redirection and proxy Permits full support for client email applications
Tiered Services (Bandwidth Management)
Using VSC and VLAN tags the controller enables to tier services such that a single AP can deliver, bandwidth limited free Internet Access, preferred Internet Access, metered services, bandwidth guaranteed and prioritized Local Government or Corporate VPN services and Voice Services
Location –aware authentication Authenticate user based on location (Access Point)
Adaptive NAT Transparent support for multiple VPN tunnels
DHCP Option82 location support Enable differential services and billing based on location
HP Procurve Guest Management Software The Guest Management software (J9355A) provides the ability to easily setup secure WLAN access for guests visiting a business or hotel. Enterprises can securely extend their wireless access that has been deployed for employees to contractors, partners and visiting customers. In addition hotels or other companies offering hospitality services can now offer a solution to their customers that will not lock them into a service provider. The Windows based software is designed for use by receptionists and administrative staff with an intuitive user interface, with a step-by-step method to create visitor accounts and then print an access voucher containing details of how to access the WLAN. There is a dashboard as shown below that provides an at-a-glance display of visitor accounts and enables the administrator to adjust sessions in real-time. Visitor sessions can be easily deactivated before their scheduled expiry, or extended as needed to suit the visitor’s schedule. Typically deployed by the network administrator on one or more PCs, the Guest Management Software gives the administrator full control, ensuring that only authorized staff can create Visitor accounts. Access to the software is secured by user name/password login and all network communication is secured with a digital certificate. It is easy for businesses to customize the guest access service. The look and feel of the guest access voucher can be customized with a corporate logo and a “terms of usage” notice. Parameters such as how long the wireless access is valid and the maximum connection time are easily adjusted based on individual user requirements and corporate policies.
RF Manager IDS/IPS System A solution that delivers the same comprehensive protection to a WLAN as a wired network firewall and IPS offers. It automatically identifies and prevents security risks and attacks, graphically displays the location of wireless devices, provides real-time network audits and assists in RF performance troubleshooting. The RF Planner models WLAN coverage by factoring in physical variables and WLAN equipment characteristics. The Planner also facilitates deployment by enabling the assessment of security risks and generating equipment lists. The following are some common types of attack. Man-in-the-middle The HP ProCurve MSM RF Manager and sensors provides detection and prevention against wireless Man-in-the-middle based attacks. Use of wireless encryption utilizing dynamic session keying (such as WPA2/Radius) will provide effective defense against high-jacking user sessions by this type of attack. Rogue APs The HP ProCurve MSM RF Manager and sensors provide complete automatic detection and prevention against Rogue APs. Using mutual authentication based methods such as EAP-TLS can provide effective client defense against this type of attack. DoS (brute force, others) The MSC provides functionality to constrain DoS network attacks against it by limiting bandwidth and connections so that rogue users cannot adversely affect performance of other legitimate service users. The HP ProCurve MSM RF Manager and sensors can also detect and neutralize wireless based DoS attacks in the air. Sign-up pages spoofing For the legitimate client to access the spoofed sign up pages (UAM) then a Rogue AP would either be using its own unique but similar SSID (and hoping that the client will just select the wrong SSID) – this cannot easily be stopped, it’s basically a type of phishing and whilst the AP can be detected it is difficult to decide if it is doing anything illegal since it could easily be a legitimate service. The only way to detect that it wasn’t the real service in this case would be by the client checking the server certificate. However, if the Rogue AP tried to use the same SSID as the service provider then this can automatically be identified as a Honeypot AP and the HP ProCurve MSM RF Manager and sensors can guard against this attack by automatically preventing clients associating with the rogue device. MAC/IP address spoofing The MSC tracks both MAC and IP addresses of authenticated users and any attempt for another rogue user to spoof an IP address will result in the MSC disconnecting the rogue user. The HP ProCurve MSM RF Manager and sensors can protect against an unauthorized access points trying to spoof an authorized AP by advertising the same MAC identity information. Dictionary attacks HP ProCurve MSM web based management interfaces have integrated provision to minimize dictionary attacks by using configurable silent discarding techniques. For user authentications (UAM) then it is recommended that similar protection is provided by the external authentication server.
Types of attack
RF Manager IDS/IPS dashboard
RF Manager Product Line
RF Manager Appliance HP ProCurve RF Manager 50 IDS/IPS System
J9398A
HP ProCurve RF Manager 100 IDS/IPS System
J9397A Positioning Entry-level Enterprise / Campus Base Sensor support 50 100 Sensor Capacity Upgrade J9399A
Increments of 50 Increments of 50
MAX Sensor Capacity 100 200
Migration to 802.11n HP ProCurve MSM 410 and 422 are compliant with draft 2.0 of the 802.11n standard. The HP ProCurve MSM Intelligent Mobility System (MSM) is ready to support 802.11n AP today. This is possible because the centralized management capabilities are complemented by a Distributed Data Forwarding architecture that removes bandwidth limitations that would otherwise result from Wi-Fi architecture solutions that rely on a Centralized Data Forwarding solution. A key strength of the HP ProCurve MSM’ solution is the use of intelligent “dependent” APs combined with centralized management that is normally reserved for “thin” APs. The MSM422 multi-radio devices provide an “ALWAYS-N” solution where the AP incorporates an 802.11n radio module together with a standard 802.11a/b/g radio module to guarantee the best possible performance to any 802.11n client devices while legacy devices are handled by the 802.11a/b/g radio module. The MSM410 offers a single configurable 802.11 a/b/g/n radio, in a unit that has built –in antennas and with a small form factor, it offers a discrete solution for a wall or ceiling mounted access point. The MSM 400 series Access Points are able to connect using a standard 802.3af Power over Ethernet interface. It is recommended that customers who wish to deploy 802.11n networks should use the 5 GHz frequency to run their networks. The use of the 5 GHz frequency offers up to 9 double width or 40 MHz non overlapping channels offering the best performance option for customers. Customers should make PC purchase based upon choosing an 802.11na supported adapter inside the PC. The MSM 400 series Access Points are WiFi Draft n certified products, meaning that they are interoperable with many the many client devices that are also certified see the WiFi Alliance whitepaper http://wi-fi.org/whitepaper_80211n_draft2_technical.php The MSM 400 series is certified by the Wi-Fi Alliance as being compliant with Draft 2.0 of the IEEE 802.11n standard. Based on the expected ratification of the standard by the IEEE in 2009, HP ProCurve plans to provide a firmware update to allow Draft 2.0 units to become fully compliant with the ratified standard. This firmware update is based on the assumption that the ratified standard will not deviate in any ways that would require hardware changes to the radio module. Look for the logo
Access Points HP ProCurve MSM offers a family of APs delivering both single and dual radio as well as indoor and outdoor solutions. HP Part no AP name Indoor/
Outdoor Radios Ethernet Power
source Power draw
J9379A MSM310 Indoor, Plenum rated
Single 802.11a/b/g
2x10/100 802.3af PoE and external PSU
6.5 Watts
J9383A MSM310-R Outdoor, NEMA-4 rated
Single 802.11a/b/g
1x10/100 802.3af PoE 6.5 Watts
J9364A MSM320 Indoor, Plenum rated
Dual 802.11a/b/g
2x10/100 802.3af PoE and external PSU
8.6 Watts
J9368A MSM320-R Outdoor, NEMA-4 rated
Dual 802.11a/b/g
1x10/100 802.3af PoE 8.6 Watts
J9373A MSM325 AP/ Sensor
Indoor, Plenum rated
Dual 802.11a/b/g
2x10/100 802.3af PoE and external PSU
8.6 Watts
J9359A MSM422 Indoor, Plenum rated
Dual 802.11a/b/g 802.11a/b/g/n
1x10/100/1000
802.3af PoE and external PSU
12 Watts
J9427A MSM410 Indoor, Plenum rated
Single 802.11a/b/g/n
1x10/100/1000
802.3af PoE Only
8 Watts
J9357A MSM335 AP/Sensor
Indoor, Plenum rated
Triple 802.11a/b/g
1x10/100/1000
802.3af PoE and external PSU
12 Watts
Notes. The MSM325 (AP/Sensor) has Sensor feature enabled as well as the same features as MSM320. All MSM Access Points will require a separate power supply if there is no PoE available J9405A - HP ProCurve MSM31x and MSM32x Power Supply J9406A - HP ProCurve MSM335 and MSM422 Power Supply
Access Point illustrations
In the above picture on the left is the outdoor Access Point which can be either the MSM310-R or the MSM320-R. Note: MSM320-R and the MSM310-R are visually identical. On the right hand side is the indoor Access Point shown with 2 antennas to the front. The MSM310 and MSM320 are identical from the front. The MSM320 has two antenna jacks on the rear.
The above two photographs show the enclosure for the three radio MSM335 and the dual radio 802.11n MSM422. The AP has three antennas in each flap. When the flaps are closed the AP acts a ground plane and the antennas become directional giving 180 degree coverage away from the top of the AP, which is perfect for external wall or ceiling mount i.e. places where RF leakage needs to be controlled. When the flaps are open the antennas become omni-directional.
The above photograph shows the MSM410 single radio 802.1a/b/g/n Access Point.
Overview of features for indoor and outdoor Access Points Applies to MSM3x0, MSM 3x5, and MSM4xx series Feature
Benefit
Software configurable a/b/g radio
Future proof migration without requiring changes to the AP Support for 802.11g maximizes the available performance in the 2.4GHz space while preserving backward compatibility with legacy 802.11b client devices
DFS/TPC Complies with 802.11h and 802.11d standards.
Auto Channel Selection Automatically selects the channel during initial power up of the AP based on an interference scan
Dynamic Channel Selection Monitors all available channels on a periodic basis and switches channels if one has less congestion than the current operating channel
Auto Power Adjustment When enabled will auto adjust the output power if all channels have co-channel interference
Adjustable Multicast Rate Optimized for streaming video Per VSC Configuration
Virtual Service Community VSC with unique MAC address per SSID
Broad interoperability with 3rd party client devices, including Symbol devices. Also enables broadcast of each SSID for easy client association and fast hand-offs. VSC can be configure with or without VLAN.
Independently configurable security policies per VSC Enables security policies to be defined per user group or application type.
Independently configurable QoS policy per VAP Enables QoS policies to be defined per user group or application type.
Adjustable DTIM per VSC Supports range of power save mode settings for wireless client devices.
Adjustable Data Rate per VSC Prevents low speed clients (i.e. 1Mbps devices in an 802.11b network) from connecting to the Access Point and reducing overall performance
L2 Isolation per VSC Prevents client to client snooping within a single VSC. L2 isolation only apply to a single AP.
Configurable Security (protocol) Filter per VSC
Build in wireless firewall enforces security by filtering unwanted traffic. Allow user to define custom security filter based on PCAP format. Provide multiple APs L2 isolation capability
IP Filter per VSC (IP address or IP subnet)
Enforces security by forwarding client traffic only to specific IP addresses e.g. VPN server
QoS
Spectralink SVP Support for QoS protocol used by leading VoWLAN provider WMM™ with trigger power save mode
Supports 802.11e standard for interoperability with QoS devices. Trigger power save mode enables client device to optimize battery life
Service Aware QoS Support legacy and non QoS Clients
L2/L3/L4 Classifier APping and prioritization according to 802.1p, DiffServ, ToS, UTP/TCP Port
Security & Management
WPA/WPA2 WPA and WPA2 are subset of IEEE 802.11i specification. WPA2 protects user privacy by encrypting traffic using the advanced encryption standard (AES), a state of the art algorithm that is approved by the US government.
Full IEEE 802.11i compliance Standard based 802.11i support for secure communications between the wireless client and access point.
Static Per VSCVLAN tagging Provides an easy method to statically AP all user devices associated with a specific SSID to a unique VLAN
Per-user dynamically assigned VLAN tags
Provides a flexible, per-user VLAN assignment based on centralized RADIUS AAA authentication response
Security & Management
RADIUS Accounting Support all mandatory accounting objects and provide further security and network control visibility and tracking.
Multiple Syslog Servers Able to send configuration and operational information to Multiple Syslog servers to improve manageability and redundancy.
Multiple SNMP Trap Destinations
to send SNMP trap information to multiple network management systems, providing enhanced troubleshooting capability.
Web GUI, CLI, XML/SOAP, SNMP Ease of use and flexible configuration tools
Extending Reach
Local Mesh (LM) Protocol System Mode (Wireless backhaul)
Cost effective campus-wide WLAN support provide WLAN coverage to all areas. MSM radios support LM only or LM + AP mode. Dual radios can be configured with one radio in AP mode and the other radio in LM mode or both radios in LM mode.
QoS, VLAN, Security Security features include AES/CCMP-PSK encryption support, and TKIP-PSK support. VLAN tags across LM links will be preserved with support for up to 4096 VLANs.
Dynamic LMP Provide ease of configuration and redundancy capability
HP ProCurve MSM111 WLAN Client Bridge
The MSM111 WLAN Client Bridge is designed to bridge legacy serial devices or remote Ethernet LAN segments to a WLAN infrastructure, using 802.11 a/b/g connectivity with full support for WEP, 802.1X, WPA and WPA2 security types. The client bridge is an ideal solution to connect user groups that would be difficult to cable and can also offer Ethernet connectivity for security cameras. The MSM111 is feature rich and can support fast roaming in mobility scenarios whereby the MSM 111 is moving between AP’s and is well suited to automated warehouse or remote industrial applications.
HP Procurve Mobility Manager HP Procurve Mobility Manager offers a platform that allows enterprises to manage and monitor both their wired and their wireless networks from one interface. The HP Procurve Mobility Manager provides a central point to view the Multi Service Mobility WLAN Controllers and catch any device alerts that are being generated by the controller. The ability to see when an Access Point has gone offline allows a network administrator to be reactive rather than proactive and have frustrated WLAN users to deal with. Alerts are also generated by the wireless clients and it’s possible to also show when a client may be having problems getting connected to the network, this being shown as an alert for a failed association. Device syslogs are also fully available allowing for some degree of troubleshooting The PCM offers the ability to simply click on a device and then see what that device is running in terms of its loaded firmware. In addition by viewing the traffic statistics it is possible to see what guest traffic is being generated at its Ethernet ports.
For more information To learn more about HP ProCurve Networking, please visit ProCurve.eu © Copyright 2009 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein.
4AA2-4144EEE, January 2009