I have a pair of MSM 760 controllers in a team running the latest software ( ) .  I have a simple setup but am having problems getting basic connectivity working.


I have 3 wireless SSIDs.  Two of them are not access-controlled and work just fine.  I'm having problems with the 3rd network, which is a guest network which is access controlled (an open network, no authentication).


My LAN and INTERNET interfaces are both on 10.x.x.x subnets.  Note, they're on different actual subnets, but they both happen to start with the number 10 (I know, I know, the idea of classful networks is obsolete, but it comes back up in this story).  Now since I have 2 interfaces, one of which points to the internet, I put my default route pointing to the next hop out the INTERNET interface.  Then on the LAN interface, I added 3 static routes for private, RFC 1918 address ranges (, and  Simple, right?  Whatever subnets are added to my internal network, those 3 routes should cover them.


When I built the guest network in a separate 10.x.x.x subnet, I could get an IP address just fine via an external DHCP server (my only option since I'm using teaming), but I couldn't even ping my default gateway (which is the controller).


So I opened a case with HP support and they had me do a packet capture while I was trying to do a constant ping to my default gateway (the controller), and it looks like the return traffic is being sent out the LAN interface without being put into the tunnel back to the AP because of the static route.  They said the controller was confused because the guest subnet also started with a 10 (even though they were in separate subnets).  So it seemed the controller might be finding the first match in the routing table, instead of the best match ?!?!?!..... hmmmmm... 


So I said fine, I'll change the guest network to a 192.168.x.x range since that's not really used inside our network and then I removed the generic static route.  Things worked for a while (surprisingly) but now all internet access stopped working for guest users.


Packet capture showed internet traffic being sent out the LAN port, instead of following the default route to the INTERNET port.


Now HP support is trying to tell me I can't have my LAN and INTERNET ports start with a 10 address!!!!   They think the controller is getting "confused".  Basic static IP routing seems like a fundamental thing.


I'm running the latest code...


The "VSC Egress" mapping  is set  to <Default> on all 3 traffic types, which should mean the controller's routing table is used to forward traffic.


I've gone through the manual  and I don't think I'm doing anything wrong.  I've had a few different HP wireless support guys look at my config and we keep coming back to this routing issue.


Does anyone have any ideas?






Fredrik Lönnman
Can you give us a show ip route from the controller? Sounds weird if its failing to do longest match routing.
