M and MSM Series
cancel
Showing results for 
Search instead for 
Did you mean: 

Create Guest WIFI on MSM760

 
SOLVED
Go to solution
Highlighted
joekober
Occasional Contributor

Create Guest WIFI on MSM760

Hi there,

 

I am having trouble setting up my guest WIFI on my MSM760.

I have set up a guest SSID that uses HTML based logins.  This works totally fine, however all traffic on my proxy shows as the MSM760's internet port IP address.  I would like this so i can see the IP address that is associated with the device.  So we can track web filtering on our proxy.

Current setup:

Interfaces: Internet port IP: 10.10.1.15 mask 255.255.0.0

LAN port IP: 10.140.1.1 mask 255.255.0.0

Guest VLAN: 140

DHCP server config (on the MSM) 
IP:  10.140.0.1 - 10.140.11.184

GW 10.140.1.1.

 

I believe this is a problem on the NAT on the interner interface, but i cant seem to get internet once i untick this.  Any help would be great!


Thanks.

2 REPLIES 2
Highlighted
joekober
Occasional Contributor

Re: Create Guest WIFI on MSM760

Anyone at all? 

Highlighted
NeilR
Esteemed Contributor
Solution

Re: Create Guest WIFI on MSM760

Hi, I did this on my MSM765. Now FW 6.6.8.2-23491, but this was some years back

You will need to create an extra IP interface and vlan to egress the traffic out to your proxy or firewall.

Add the egress VLAN, and IPv4 interface under Controller/Network/Interfaces - give it an ip address. My egress vlan is just a pipe with 2 address, 1 on each end, so I use .1 on the controller, and .254 on the firewall where I dump the guest traffic and NAT out to the internet.

Make the egress vlan available on any switches between the controller and the destination. My firewall is the destination where I NAT the traffic out. Yours will be on the proxy server.

On the VSC, use the VSC Egress Mapping to send the traffic you want to the egress vlan. I send all (unauth, auth and intercepted) to the egress.

The traffic will have the source addresses 10.140.0.* assigned by the DHCP server on the VSC. You will need to route return traffic headed back 10.140.0.0 to the interface on the other end of the EGRESS vlan (.1 in my case) which is on the MSM

Hope this helps