HPE Community
M and MSM Series
1753500 Members
4440 Online
108794 Solutions
New Discussion

Re: MSM710 Wireless Guest LAN

 
Imex Dan
Occasional Contributor

‎07-25-2011 02:52 AM

‎07-25-2011 02:52 AM

MSM710 Wireless Guest LAN

Hi

I have a customer running MSM710 controllers with the latest software, and internally their wireless setup works absolutely fine. The LAN port is connected to the corporate network and WPA keys are used to allow for security for internal users.

The have a seperate DSL feed via a basic router and wish to connect this to the Internet Port of the MSM710 to allow for basic unrestriced guest lan access. I have follow multiple guides from HP on how to set this scenairo up but i think they are often too complicated (VLANs, RADIUS etc). I simply want to be able to connected to a GuestLAN SSID and have a DHCP address assigned which routes traffic out via the internet port.

Could anybody shed some light on the simplest way to set this up?

I have tried and failed on multiple occasions to put a config in place that will do this.

HTML forms authentication is fine if necessary but ideally it would be just a WPA key to be entered by the guest to gain access.

 

Currently I have the internet port as a DHCP client, a Guest VSC with client data tunnel routed, a DHCP scope configured on the VSC and HTML authentication enabled. I pickup the IP address OK from the wireless connection but am unable to see the MSM710 controller or route traffic through it.

 

Any help much appreciated.

Dan

0 Kudos
3 REPLIES 3
gtrsteve
Occasional Visitor

‎07-30-2011 08:53 AM

‎07-30-2011 08:53 AM

Re: MSM710 Wireless Guest LAN

Hi Dan,

 

Use the public attributes to create an ACL that blocks all traffic from your guest network to your internal network. You need two attributes, something like:

 

ACCESS-LIST:   guest,DENY,all,172.16.1.0/24,all <-- assuming 172.16.1.0/24 is your internal subnet
USE-ACCESS-LIST:  guest

 

Then in the guest VSC:

- Keep both authentication and access control checked

- Uncheck HTML authentication.

- Check "always tunnel client traffic".

- Uncheck wireless security filters.

 

Hope this helps!

Steve

0 Kudos
hgtwn
Visitor

‎11-28-2011 12:38 PM

‎11-28-2011 12:38 PM

Re: MSM710 Wireless Guest LAN

These attributes seemed to work to restrict access to my internal network. However, they restricted ALL of my SSID connections. I have a Guest and a Secure wireless network but now both networks only have access to the internet. How do i bind the Access lists to a particular network?

0 Kudos
scifan3
Advisor

‎11-29-2011 08:56 AM

‎11-29-2011 08:56 AM

Re: MSM710 Wireless Guest LAN

I "egress" my 802.1x traffic directly into a vlan at the access point/switch ports...

 

That access list while it's named guest, will apply to any traffic being routed through your msm...

 

What's your network addressing scheme for your different ssid's? 

 

(you could add another access-list entry to allow your non-guest wireless traffic onto the 172.16.x.x segment.) your guest access is way open from my perspective... My student's would abuse that type of open connectivity... make sure you setup a bandwidth limit...

 

 

Sometimes you have to try multiple times before you succeed.
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.