- Community Home
- >
- Networking
- >
- Wireless
- >
- M and MSM Series
- >
- Re: MSM 765zl Configuration
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-17-2011 06:05 PM - last edited on тАО08-25-2013 07:04 PM by Liuqing
тАО01-17-2011 06:05 PM - last edited on тАО08-25-2013 07:04 PM by Liuqing
Planning on setting up a team of these and I need some help with what I should do for the Guest WLAN.
Right now I am placing the controller and APs on my internal network (VLAN 1) which is 10.1.x.x. I crated VLAN 3 for guest wireless traffic for subnet 192.168.3.x. My switch is setup with an ip helper address on VLAN 3 and all works well when a client connects to a VLAN 3 port via the wired network.
So for my Guest VSC:
Authentication: Enabled
Security: HTTP Web Based User Log in
Access Control: Enabled
Client Client Data: Enabled
Egress Port: VLAN 3
DHCP Relay: Enabled
DHCP Relay Egress Port: VLAN 3
Does this make sense? I want the guest traffic to get out to the VLAN 3 network and then get an IP address from my internal DHCP server. After that I want the client on the Guest WLAN to be redirected to a HTTP login page.
The LAN port on the controller would be untagged 10.1.1.1 and VLAN 3 would be tagged via the LAN port with no IP. Should I do anything with the Internet port?
Please help!
P.S. This thread has been moved from Communications, Wireless (Legacy ITRC forum) to MSM Series.
-HP Forum Moderator
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-18-2011 12:09 PM
тАО01-18-2011 12:09 PM
Re: MSM 765zl Configuration
because you want html authentication
welcome page on controller lan port from to guest user, therefore you must use lan port untagged state on vlan 3 (guest vlan)and all guest user default gateway address must have controller lan port
my solution
lan port connect guest network on untagged state switch port, all guest user connect (guest vsc)directly guest network with default group vsc binding for vlan 3
vlan 3 dhcp server must be on msm controller
all access point login to controller on internet port on different vlan for example vlan 2 ,vlan2 dhcp services corpare dhcp server all access point ip address take corpare dhcp server for controller connection, all corpare user connect different vsc to different vlan with default group vcs binding.
very easy
only necessary you to understand device deployment architechture
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-18-2011 12:32 PM
тАО01-18-2011 12:32 PM
Re: MSM 765zl Configuration
Also, this configuration will have two MSM765zl in a team. When in a team you can not use them as DHCP servers.
And from what I can understand from your reply, is to create an untagged VLAN 3 using the the LAN port. What I don't understand that since this is module in a 5412zl how do I leave it untagged or tagged for that matter?
Anyone else with a suggestion?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-20-2011 04:08 PM
тАО01-20-2011 04:08 PM
SolutionTypically I would setup the guest traffic to route out the Internet port directly to a reserved port on your firewall. Setup a subnet and assign a .1 to the Internet port and a .254 to your Firewall. You can provide DHCP via a dhcp relay to your firewall or to a internal DHCP server. Use the "Extend Internet Port subnet to LAN port" to alter the DHCP requests going to your DHCP server to show the .1 address of the Internet port as the router id. This will assign and address to clients in this range.
Setup a default route to your firewall over the internet port and an inside route to your internal router (10.0.0.0/8). The guest traffic will be the only traffic that routes over the MSM so you dont need any other routes. The inside route is really only so you can manage the MSM from other VLANs inside your network.
I hope this gets you going in the right direction.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-20-2011 07:25 PM
тАО01-20-2011 07:25 PM
Re: MSM 765zl Configuration
So I'll leave the LAN port untagged and tag the Internet port for my Guest VLAN (VLAN 3). Do I do the tagging in the controller or in the switch?
I'll just have the DHCP Relay go out my Internet port and have the the switch's IP helper on that VLAN handle the relay to the internal DHCP server. Is that ok?
So the default gateway for the controller would be on the VLAN 3 network of 192.168.3.x?
If I understand you correctly the secure clients will enter the network via the AP and will not be routed through the controller. Hence I don't have to worry about the default gateway being on another subnet?
Last where do I place the web site for authentication. Do I need to connect it to a port or does it happen inside the controller itself?
Thanks a lot again. Finally feeling confident about all this.
- Tags:
- "This is is useful"
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-20-2011 07:49 PM
тАО01-20-2011 07:49 PM
Re: MSM 765zl Configuration
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-22-2011 09:48 AM
тАО01-22-2011 09:48 AM
Re: MSM 765zl Configuration
You will want to "untag" the internet port for your "internet" vlan. Set the internet port IP address on that VLAN as .1 and make sure your DHCP scope sets this as the clients default gateway (router id).
You then just need to put a default route to the internet vlans gateway on your firewall or switch..wherever it points.
The clients are actually tunneled through the client data tunnell from the AP to the controller and the traffic is handled from the controller, not the AP. The html site is on the controller and you just need to set the VSC for "Access control" and "html authentication".
Let me know if that gets you goin!
Kyle
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-22-2011 01:38 PM
тАО01-22-2011 01:38 PM
Re: MSM 765zl Configuration
Setup my DHCP scope for the guest to point the default gateway to the Internet port on the controller. Then setup a default route on the controller for the Internet port going to my Internet port's gateway.
For the guest VSC what should I set the egress port to? Default? or Internet port? Or do I set the egress port on the VSC binding page for my APs?
Let me say that your help has been tremendous. Do you have any other suggestions for me that you ran into in your setup?
Thanks again!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-24-2011 07:28 AM
тАО01-24-2011 07:28 AM
Re: MSM 765zl Configuration
Since the traffic is 'routed' at the controller for guests, there is no need to set an egress layer 2 vlan on the binding or vsc.
I usually setup the gateway for the internet port directly on a firewall so that it is completely segregated off the network. Also make sure you use public DNS servers on the controller DNS config, since guests will be using these to resolve internet queries.
Make sure when you setup your DHCP scope for guests to set the DNS server to the Internet port address of the MSM, since it will hijack all DNS requests.
Let me know if that works!
- Tags:
- plz advise imrans
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-24-2011 08:59 AM
тАО01-24-2011 08:59 AM