HPE Community
M and MSM Series
1753783 Members
7003 Online
108799 Solutions
New Discussion

MSM 760, VLAN and Radius

 
MIkkelAnd
New Member

‎08-15-2011 09:44 AM

‎08-15-2011 09:44 AM

MSM 760, VLAN and Radius

Hi,

We are working on a setup which in all likelyhood is very basic.

Hardware:

Controller: MSM 760

Radio: MSM 430

Switch: 5406 / 2910

Radius: Windows 2008 R2 (NPS)

 

What we need to configure is the following

2 distinct SSIDs (SSID101 and SSID102) each on different VLANs (101 and 102). Both VLANs are private VLANs. 

1 user group (Group101) needs to have access to just VLAN101

1 user group (Group102) needs to have access to both VLANs

Firewall duties is handled elseware and shouldn't take place in the MSM products.

 

What we have so far

1. MSM 760 LAN port untagged on the regular server VLAN (VLAN50)

2. MSM 430 APs untagged on various wired VLANs (1020, 1021...)3. 1 SSID with dynamically assigned VLAN (Radius)

4. Radius doing authentication based on group membership and assigning VLAN (101 or 102)

5. VLAN 101 and 102 tagged on switchports in the ProCurve 5406/2910 connecting to the APs and the MSM760 LAN Port

 

We would much rather have

1. switch ports for APs untagged with just a dedicated management VLAN

2. use "client data tunnel" to tunnel all data from APs to controller

3. Combination of SSID (Called-station-ID) and user group determine if access is allowed
I just can't wrap my head around the correct way of doing this. I've read the MSM Implementation guide a couple of times, but can't seem to get any closer to a working setup and would very much appreciate some assistance.


Sincerely

Mikkel

0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.