HPE Community
M and MSM Series
1754014 Members
7482 Online
108811 Solutions
New Discussion

Re: Free internet access with restrict access company resource

 
YenLin
Frequent Advisor

‎07-26-2013 12:32 AM

‎07-26-2013 12:32 AM

Free internet access with restrict access company resource

Hi all,

 

Is there any method that we can config on MSM controller to let clients only be able to access internet, but not allow them to access others?

0 Kudos
6 REPLIES 6
OliverS_1
Occasional Visitor

‎07-29-2013 11:50 PM

‎07-29-2013 11:50 PM

Re: Free internet access with restrict access company resource

yes you can do that wih a new vsc and authentication local users via html. tunnel always client traffic must be enabled.

 

in ths vsc you can also define the network for the users.

 

kind regards

 

oliver

0 Kudos
oweng
Advisor

‎07-30-2013 09:03 PM

‎07-30-2013 09:03 PM

Re: Free internet access with restrict access company resource

what's the function of always tunnel client trafffic?
0 Kudos
YenLin
Frequent Advisor

‎08-05-2013 05:37 PM

‎08-05-2013 05:37 PM

Re: Free internet access with restrict access company resource

Hi thanks for the reply,

 

But what we want to accomplish is users are guest.

We don't want to have any username, Password or authtication for them.

 

Is there any method that we can use a VSC and only allow them to access internet only?

0 Kudos
Arimo
Respected Contributor

‎08-07-2013 05:18 AM

‎08-07-2013 05:18 AM

Re: Free internet access with restrict access company resource

Yes, that's possible. Have a look at the Implementation Guide, http://bizsupport1.austin.hp.com/bc/docs/support/SupportManual/c02682324/c02682324.pdf

 


HTH,

Arimo
HPE Networking Engineer
0 Kudos
Arimo
Respected Contributor

‎08-08-2013 04:51 AM - edited ‎08-08-2013 04:51 AM

‎08-08-2013 04:51 AM - edited ‎08-08-2013 04:51 AM

Re: Free internet access with restrict access company resource

About tunneling client traffic, from the controller online help:
 
Client data tunnel
 
(Only available when Access control is enabled.)
 
When a VSC is access-controlled, client traffic that is sent between the AP and controller can be carried in the client data tunnel. This provides the following benefits:
 
 
  • User traffic is segregated from the backbone network and can only travel to the controller.
  • Underlying network topology is abstracted enabling full support for L2-connected users across routed networks.
 
The client data tunnel is always used when the connection between a controlled AP and its controller traverses at least one router. The client data tunnel supports NAT traversal, so it can cross routers that implement NAT.
 
Optionally, the client data tunnel can also be used when a controlled AP and its controller are on the same subnet. To do this, enable the Always tunnel client traffic option.
 
Performance and security settings for the client data tunnel can be customized by selecting Controller >> Controlled APs > Client data tunnel.
 
Always tunnel client traffic
 
Use this option to manually force wireless client traffic into the client data tunnel, even when an AP is on the same layer 2 subnet as the controller.

HTH,

Arimo
HPE Networking Engineer
0 Kudos
Juggyv
Occasional Advisor

‎08-25-2013 10:54 AM

‎08-25-2013 10:54 AM

Re: Free internet access with restrict access company resource

I do this by having a trunk/tag on the AP port. One for corporate and one of guest. The guest is a simple broadband router usually so this gives out the dhcp/dns. You need to configure a egress vlan on the profile to match the vlan you use for the internet. I do not always layer 3 the vlan for the internet as I do not want it to become part of the routing domain but an access list can help you here too
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.