M and MSM Series
1745795 Members
3576 Online
108722 Solutions
New Discussion юеВ

MSM710 + MSM410 APs - Question about Guest access

 
SOLVED
Go to solution
Hadrien9
Occasional Visitor

MSM710 + MSM410 APs - Question about Guest access

I am hoping the following is possible. I have read the manual from cover to cover and am still confused about a few things regarding Public Access on the MSM710. Let me explain what I want to do first and then maybe someone can tell me where I can or cannot do this.

I would like to have the ability to control 4 - MSM410s that are intended for our connecting to our internal protected network. This is for laptop users that want to hop from desk to desk, go out to the shop floor, etc.

I would also like to have 2 "hotspots" (2 - MSM422 APs) in our building where guests can get internet access only but not touch our internal protected network.

I currently have the MSM710 plugged in via the LAN port for management and have 2 VSCs for our internal users up and running with no problems. Our DHCP server is passing traffic to those clients and they can get access to everything just as they would being wired in.

Where I am lost at is how to pipe the guests through to a VSC that has outside internet access but leaves them protected using the MSM710s firewall and serving up ip addresses to them using the MSM710s DHCP server on their own /24 subnet. According to the manual the DHCP server will be active on the LAN port, which is obviously a bad thing in my case.

I am almost certain the MSM710 can do this, but the manual is not clear on how to get it done. I am guessing I have to use VLANs for this, but having not really used VLANs for much, am a bit lost on where to start.
6 REPLIES 6
Holger Hasenaug
Trusted Contributor
Solution

Re: MSM710 + MSM410 APs - Question about Guest access

1. Enable DHCP Service for the client data tunnel that guest will receive an IP address from the controller:
-Service Controller - Network / Adress Allocation / DHCP services /DHCP server: press "Configure"
--DHCP server configuration / Settings / Listen for DHCP requests on / Client data tunnel: mark this option


2. Create a new VSC under Service Controller / VSC. The following only describe non-default values you need to configure:
- Global / Profile Name: choose your name of choice
- Virtual AP / WLAN / Name (SSID): choose your SSID of choice
- Virtual AP / Client data tunnel / Always tunnel client traffic: mark this option
- DHCP server / DNS: the DNS server the clients will use, this must be the same address as under Gateway - example 192.168.0.1
- DHCP server / Start: start IP for guest IP range-example 192.168.0.20
- DHCP server / End: start IP for guest IP range-example 192.168.0.100
- DHCP server / Gateway: default gateway which will become a virtual IP at the controller - example 192.168.0.1
- DHCP server / Netmask: example 255.255.255.0
- DHCP server / Subnet: example 192.168.0.0

3. Connect you Internet port to your Internet connection and configure IP addresses accordignly. If you do not get the IP via DHCP don#T forget to set point a static default route towards the Internet and configure an Internet DNS server:
- Service Controller - Network / DNS
- Service Controller - Network / IP Routes

4. Now you only need to setup User accounts either directly on controller under "Service Controller - Users" or use the "Guest Management Software" for that.



Hadrien9
Occasional Visitor

Re: MSM710 + MSM410 APs - Question about Guest access

Thank you so much. That options for limitng the DHCP services to the client data tunnel is where I was getting lost.

It seems odd that you ahve to setup the DHCP server on the LAN and ALSO in the VSC. I was thinking it would only be in the VSC.

I still have not yet wrapped my mind around how it just magically knows to send the traffic straight out to the internet, but it is working so I am very happy.

Now to get the rest of the MSM422s up and configured for a mesh. Thank you again.

Trevor Commulynx
Regular Advisor

Re: MSM710 + MSM410 APs - Question about Guest access

Change the VLAN that your MSM is on and use it for your wireless control network. it is pretty stupid that you have to have DHCP enabled on the LAN interface to service additional VLAN's for Guest.

I suppose it is the thikning of Coluburis that the MSM controllers are the source of truth on any network. I think a firmware upgrade is in order as many IT admins/integrators are deploying the MSM controllers onto networks with existing DHCP servers, firewalls, NAT devices etc.

Anyway.....

Trev.
David Wright_13
New Member

Re: MSM710 + MSM410 APs - Question about Guest access

Hi Hadrien,

What version of software are you using on your MSM710?

I've got 5.2.6 (see attached) and trying to achieve a similar thing to you, but I can't see any of the options about client data tunnelling that Holger suggests
Ralf Krause
Frequent Advisor

Re: MSM710 + MSM410 APs - Question about Guest access

Hi David,

I think the "Always tunnel client traffic" option within the VSC was introduced with 5.3.x, so you will not be able to see it.

Regards,
Ralf
Hadrien9
Occasional Visitor

Re: MSM710 + MSM410 APs - Question about Guest access

I am running 5.3.3. I don't remember if the option was even available in 5.2.x.