HPE Community
M and MSM Series
1752557 Members
4547 Online
108788 Solutions
New Discussion юеВ

MSM710 Guest HTML Auth

 
SOLVED
Go to solution
JREBOLA
Occasional Advisor

тАО02-22-2010 10:50 AM

тАО02-22-2010 10:50 AM

MSM710 Guest HTML Auth

Hi guys,

First a minimalist resume of my LAN:

On my network all VLANS had as gateway my firewall.

We have a MSM710 Mobility controler with MSM335 APs and we make the follwing setup:

- I only have the LAN port connect, i ignore the internet port
- We define 3 SSID (Users A / Users B / Guest Users)
- Each SSID goes to a specifies VLAN (1,2,3)
- When i connect on SSID "Users A" i'm going to VLAN1, what is right, and for the others SSIDs it's work fine too.

But i want to implement HTML auth to our GUEST Users before the users can go to internet but how can i define this ??? With this setup my users goes to internet without HTML auth and i setup this on VCS Guest SID.

I think that it's happen because the MS710 have to be the gateway of this LAN (guest) but when i setup this i can't go to internet and i can't auth because no weblogin apears on browser !!!

How can i do this setup ?
0 Kudos
10 REPLIES 10
Fred!
Trusted Contributor

тАО02-22-2010 12:48 PM

тАО02-22-2010 12:48 PM

Re: MSM710 Guest HTML Auth

In the following answer, I assumes that you did not played too much the defaults settings of the product.

There are many things that needs to be verified in order for HTML authentication to work however; the defaults takes you almost there and I believe that in your situation, it is just a matter of changing few settings in the VSC page.

The first step is to make sure that you have properly configured your "Guest User" VSC to enable guest authentication. Guest access is achieved using a combination of "access control" and HTML authentication in the product

In the Global box of your VSC, make sure the 2 check boxes are checked: "Use this controller" for authentication and for access control.

Then make sure HTML-based user logins is enabled with your choice of local or RADIUS for authentication.

Now, I see that you are using VLANs and it really depend on what you want to do here. If you want to be able to observe the guest traffic in clear on VLAN 3 between the AP and the controller you will have to create a VLAN 3 at the controller level and to map it to the VSC by checking the VLAN check box (and assign the newly created VLAN) in the VSC Ingress Mapping.

Not necessarily my favority if you are not familiar with the product. The other way to do it is to tunnel the traffic of the Guest VSC back to the controller. In order to do so, check the "Always tunnel client traffic" checkbox in the Virtual AP section of the VSC.

Don't forget to re-synchronized your network and in theory, this should take you to the next step and your guest clients will be able to see the login page
0 Kudos
JREBOLA
Occasional Advisor

тАО02-25-2010 03:25 AM

тАО02-25-2010 03:25 AM

Re: MSM710 Guest HTML Auth

Hi Fred,

Thanks for your answer but, when i setup "Always tunnel client traffic" i'm not receive the ip address and not goes to weblogin !!!!
0 Kudos
Fred!
Trusted Contributor

тАО02-25-2010 07:42 AM

тАО02-25-2010 07:42 AM

Re: MSM710 Guest HTML Auth

OK, I missed that one. So basically you had a DHCP on your network giving out addresses on all your VLANs, right?

If that is the case, you will have to enable DHCP relay in the controller on the VSC that supports guest access/HTML authentication.

That way your DHCP should go through the tunnel and get relayed to your DHCP server. If your DHCP server does not support relayed requests, another solution would be to use the MSM760 internal DHCP server for your guest VSC to provide your IP addresses.
0 Kudos
JREBOLA
Occasional Advisor

тАО02-25-2010 08:32 AM

тАО02-25-2010 08:32 AM

Re: MSM710 Guest HTML Auth

yes i have a dhcp server on my lan.

do you know if microsoft dhcp server accept relay requests ?
0 Kudos
JREBOLA
Occasional Advisor

тАО02-25-2010 09:12 AM

тАО02-25-2010 09:12 AM

Re: MSM710 Guest HTML Auth

i define a dhcp server on my msm710 but the problem continues !!!!!

I'm crazy with this MSM
0 Kudos
Fred!
Trusted Contributor

тАО02-25-2010 09:17 AM

тАО02-25-2010 09:17 AM

Re: MSM710 Guest HTML Auth

Did you enabled the checkbox for the DHCP server of the MSM710 to listen from within the tunnel? This is in the DHCP server configuration.
0 Kudos
JREBOLA
Occasional Advisor

тАО02-25-2010 09:31 AM

тАО02-25-2010 09:31 AM

Re: MSM710 Guest HTML Auth

yes

i will attach some screenshots to you see.

thanks
0 Kudos
Fred!
Trusted Contributor

тАО02-25-2010 09:49 AM

тАО02-25-2010 09:49 AM

Re: MSM710 Guest HTML Auth

Somehow the site do not allow me to download your file (it says file not found). Not sure where it is stored on the forum, but it does not seem to work.
0 Kudos
JREBOLA
Occasional Advisor

тАО02-26-2010 03:21 AM

тАО02-26-2010 03:21 AM

Re: MSM710 Guest HTML Auth

can send me a email jc@leya.com and i reply to you my screenshots
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.