M and MSM Series
cancel
Showing results for 
Search instead for 
Did you mean: 

MSM710 Guest HTML Auth

 
SOLVED
Go to solution
Highlighted
JREBOLA
Occasional Advisor

MSM710 Guest HTML Auth

Hi guys,

First a minimalist resume of my LAN:

On my network all VLANS had as gateway my firewall.

We have a MSM710 Mobility controler with MSM335 APs and we make the follwing setup:

- I only have the LAN port connect, i ignore the internet port
- We define 3 SSID (Users A / Users B / Guest Users)
- Each SSID goes to a specifies VLAN (1,2,3)
- When i connect on SSID "Users A" i'm going to VLAN1, what is right, and for the others SSIDs it's work fine too.

But i want to implement HTML auth to our GUEST Users before the users can go to internet but how can i define this ??? With this setup my users goes to internet without HTML auth and i setup this on VCS Guest SID.

I think that it's happen because the MS710 have to be the gateway of this LAN (guest) but when i setup this i can't go to internet and i can't auth because no weblogin apears on browser !!!

How can i do this setup ?
10 REPLIES 10
Highlighted
Fred!
Trusted Contributor

Re: MSM710 Guest HTML Auth

In the following answer, I assumes that you did not played too much the defaults settings of the product.

There are many things that needs to be verified in order for HTML authentication to work however; the defaults takes you almost there and I believe that in your situation, it is just a matter of changing few settings in the VSC page.

The first step is to make sure that you have properly configured your "Guest User" VSC to enable guest authentication. Guest access is achieved using a combination of "access control" and HTML authentication in the product

In the Global box of your VSC, make sure the 2 check boxes are checked: "Use this controller" for authentication and for access control.

Then make sure HTML-based user logins is enabled with your choice of local or RADIUS for authentication.

Now, I see that you are using VLANs and it really depend on what you want to do here. If you want to be able to observe the guest traffic in clear on VLAN 3 between the AP and the controller you will have to create a VLAN 3 at the controller level and to map it to the VSC by checking the VLAN check box (and assign the newly created VLAN) in the VSC Ingress Mapping.

Not necessarily my favority if you are not familiar with the product. The other way to do it is to tunnel the traffic of the Guest VSC back to the controller. In order to do so, check the "Always tunnel client traffic" checkbox in the Virtual AP section of the VSC.

Don't forget to re-synchronized your network and in theory, this should take you to the next step and your guest clients will be able to see the login page
Highlighted
JREBOLA
Occasional Advisor

Re: MSM710 Guest HTML Auth

Hi Fred,

Thanks for your answer but, when i setup "Always tunnel client traffic" i'm not receive the ip address and not goes to weblogin !!!!
Highlighted
Fred!
Trusted Contributor

Re: MSM710 Guest HTML Auth

OK, I missed that one. So basically you had a DHCP on your network giving out addresses on all your VLANs, right?

If that is the case, you will have to enable DHCP relay in the controller on the VSC that supports guest access/HTML authentication.

That way your DHCP should go through the tunnel and get relayed to your DHCP server. If your DHCP server does not support relayed requests, another solution would be to use the MSM760 internal DHCP server for your guest VSC to provide your IP addresses.
Highlighted
JREBOLA
Occasional Advisor

Re: MSM710 Guest HTML Auth

yes i have a dhcp server on my lan.

do you know if microsoft dhcp server accept relay requests ?
Highlighted
JREBOLA
Occasional Advisor

Re: MSM710 Guest HTML Auth

i define a dhcp server on my msm710 but the problem continues !!!!!

I'm crazy with this MSM
Highlighted
Fred!
Trusted Contributor

Re: MSM710 Guest HTML Auth

Did you enabled the checkbox for the DHCP server of the MSM710 to listen from within the tunnel? This is in the DHCP server configuration.
Highlighted
JREBOLA
Occasional Advisor

Re: MSM710 Guest HTML Auth

yes

i will attach some screenshots to you see.

thanks
Highlighted
Fred!
Trusted Contributor

Re: MSM710 Guest HTML Auth

Somehow the site do not allow me to download your file (it says file not found). Not sure where it is stored on the forum, but it does not seem to work.
Highlighted
JREBOLA
Occasional Advisor

Re: MSM710 Guest HTML Auth

can send me a email jc@leya.com and i reply to you my screenshots