M and MSM Series
cancel
Showing results for 
Search instead for 
Did you mean: 

MSM710 and VSCs and DHCP

 
Highlighted
Stuggi
Advisor

MSM710 and VSCs and DHCP

Hi, I have the following setup; I have a MSM710 and 3 MSM430 APs. The AP's are all connected to the LAN-port on the MSM710 through a small PoE switch and are completely separated from the office network. Then I've configured 2 VLANs on the Internet port, one for the office VLAN and one for a VLAN that contains a subnet without any routnings to our internal network and only a straight routning out to the internet.

 

I have then set up 2 VSCs, one for the internal use and one for public use. The idea is that the MSM710 should tunnel guest/public VSC clients to the public VLAN and office VSC clients to the office VLAN. What I can't get to work is to make the MSM710 tunnel DHCP requests to the DHCP-servers that are running on the respective subnets. And how should I configure the VSC ingress and egress VLAN settings? I'm using Active Directory for auth. on the office VSC and local auth. on the public.

 

Another quick question, why aren't there any 802.1X Authentication settings on the VSCs I've configured, when they do pop up in the preinstalled HP ProCurve VSC?

 

Thanks for the help, these things have so many settings and new concepts that one easily gets confused. :)

6 REPLIES 6
Highlighted
Stuggi
Advisor

Re: MSM710 and VSCs and DHCP

Okay, scrap that, we're gonna try this again from the beginning;

 

How do I set up 2 VSCs, one for the internal corporate network and one for guest access? I have a separate internet uplink on VLAN 60, and the corporate network on VLAN 10.

 

What I really would like to do is get the clients that access the corporate VSC to be assigned a IP from our internal DCHP, so that the clients could work seamlessly with no differences between wired or wireless connections.

 

The guest VSC on the other hand could be assigned IPs from a separate DCHP-server, preferably in the MSM710.

 

In addition to all this, I would like auto-discovery and configuration for the APs to work out of the box, separate the APs from the rest of the network on a separate subnet (192.168.1.0 for example) and also get them and the MSM710 integrated with the PCM+/PMM that is running on a separate subnet.

 

So, how do I go about doing this?

Highlighted
Schaff
Occasional Contributor

Re: MSM710 and VSCs and DHCP

This is exactly what I am trying to do.  Have you had any luck?  None of the configuration examples in the implementation guide match this configuration close enough to be of much help.  One of the main problems I am running into is the differences between the Internet Port and the LAN port.  There are some very specific things that one can do that the other cannot and vice versa but it there is no comprehensive list of what those things are and no real guidance on when you should use one or the other or both. 

 

 

Highlighted
Stuggi
Advisor

Re: MSM710 and VSCs and DHCP

The way I've understood it, the LAN port can only be used as an ingress port, while the internet port can be used as an ingress/egress port.

Highlighted
C0LDWiR3D
Frequent Advisor

Re: MSM710 and VSCs and DHCP

Only use the internet port.

Unless you team (which MSM 710 doesn't support) - THEN you use the LAN port for sync.

 

Keep in mind that MSM behaves like a router, not like a switch, can be a bit confusing if you have experience with other vendor wireless.

 

Highlighted
ndoudna
Frequent Advisor

Re: MSM710 and VSCs and DHCP

>Only use the internet port.

 

Why?  My HP S.A. says the same thing, and reports that his internal HP resources say the same thing -- but no one has any explanation for why or what the differences are!

 

I can find little things in the manual like "DHCP doesn't work on the Internet port if it's being used for PPPoE" but that's not enough to explain why you'd only use the "Internet" port for "LAN" traffic.

 

I think I'm having the same problem as you are, for separating traffic by VLANs.  There doesn't appear to be a way to get the controller to tag its own traffic, like to keep its main DHCP server's responses separate from its management traffic (like HTTP to reach the GUI).   It looks like you have to use the controller's DHCP server for "access-controlled" VSCs, which HTML-authenticated VSCs are.

 

But I digress -- why does everyone say just use the Internet port?

 

thanks,

noemi

Highlighted
ISoliman
Super Advisor

Re: MSM710 and VSCs and DHCP

Which version are you using ?

 

For the corporate VSC configure it as Authentication only, and then go to the group where the APs are and click on "VSC Binding" and there bind the VSC for Corporate and check "use egress vlan" and choose the VLAN for the coporate and then sync the config, this way the APs will send the traffic directly to the network TAGGED so make sure the ports connected to the APs is tagged on the corporate VLAN and untagged on the wireless management vlan.

 

For guest, you can specify a seperate DHCP scope under the VSC itself once you configure it as "Access Controlled" this way the clients will get IP address from the controller and send all the traffic to the controller then the controller will route it out to the internet, make sure that DHCP Server is enabled on the controller, for the egress, I know in old firmwares sending the egress to the LAN was not possible but in the new ones it is possible although I didn't test it myself, depending on the firmware you have I can tell you if it is possible and how to test it to confirm.