- Community Home
- >
- Networking
- >
- Wireless
- >
- M and MSM Series
- >
- Re: MSM720 Premium does not work properly on a seg...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-10-2013 09:08 AM
06-10-2013 09:08 AM
MSM720 Premium does not work properly on a segmented network
Hi all.
I am facing a problem with a MSM720 controller, regarding DHCP Server and IP leases to wireless supplicants.
My customer network is quite simple, with one vlan (default, VLAN ID 1) to the network devices and corporate users, and another VLAN to wireless guest users, in this case, VLAN ID 200. The controller have two ports connected to the core switch: port 5 with VLAN 1 assigned and port 6 with VLAN 200 assigned to it.
VLAN 1 subnet is 10.22.0.0/16
VLAN 200 subnet is 10.20.200.0/24
The controller is directly connected to the core switch (5500G-EI, 2 units XRN stack), that forwards all external traffic to an HSRP environment, which is connected to a router of a host service company. The VLAN 1 DHCP Server is hosted in this service hosting site, in a different subnet, and the DHCP Relay is performed by the core switch.
The DHCP Server of the VLAN 200 is performed by the core switch, and it's working fine when a client is attached to a Ethernet port on the controller but does not leases IP address when the same user tries to obtain an IP address on the guest wireless SSID.
The controller reaches all the IP addresses (routers and servers) and responds to these network devices IP addresses also. My customer needs the controller on the VLAN 1 and I cannot enable the DHCP Server on the controller, because there is already a server to its subnet in order to lease IP addresses to the corporate clients. That's why I'd enabled the DHCP Server on the core switch.
I already tried to create a mgmt VLAN with enabled DHCP Server on the mgmt and guest VLANs, but in this scenario the corporate users didn't get IP addresses. I tried also to tag the VLAN 200 on the edge switch ports where the APs are connected, tried to assign only VLAN 1, with and without local networks assigned on the APs of the group... But still unsuccessful.
The VSCs are created as the config guide suggests, the bindings are correct, with the egress VLAN assigned (guests = VLAN 200), the corporate users are getting IP addresses and authenticated on the AD server (that is the same that works as DHCP Server), the only thing that does not work is the DHCP service when a user is connecting to the guest VSC/SSID. The user simply does not get a valid IP address, but the requests came in the DHCP statistics on the core switch. It seems that the controller does not allow the users to get an IP address.
Do anyone has experience with a similar problem? Attached, there is a topology image of the environment.
Fred Mancen
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-10-2013 09:11 AM
06-10-2013 09:11 AM
Re: MSM720 Premium does not work properly on a segmented network
Fred Mancen
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-11-2013 08:48 AM
06-11-2013 08:48 AM
Re: MSM720 Premium does not work properly on a segmented network
Hi.
Using both Internet network ports but no Access network ports is a bit unusual configuration. I don't remember a sample configuration that's created this way. I'd suggest you put your internal users out from the Access network ports, and guest users from the Internet network ports - this is the usual way.
Does this change the picture?
HTH,
Arimo
HPE Networking Engineer
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-12-2013 01:45 PM
06-12-2013 01:45 PM
Re: MSM720 Premium does not work properly on a segmented network
Tks, Arimo.
But how can I enable the DHCP Relay to the guest users? In the config guide there's a tip where the relay service only works at the LAN port.
Fred Mancen
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-14-2013 06:22 AM
06-14-2013 06:22 AM
Re: MSM720 Premium does not work properly on a segmented network
Hi
Well, what's in MSM710 and MSM76x referred to as "LAN" port is in MSM720 "Access network". That's ports 1 - 4... so right now all your traffic is actually on the "Internet" side :-)
Have you tried setting this up using the Automated workflows?
HTH,
Arimo
HPE Networking Engineer
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-17-2013 01:26 PM
06-17-2013 01:26 PM
Re: MSM720 Premium does not work properly on a segmented network
Hi Arimo.
Yes I did, but still unsuccessful. It seems that the traffic is blocked by the controller (of course we know that isn't true, because the firewall is disabled). Which is more bizarre is that the DNS response is okay, but none of the web pages we tried to reach opens... When we work with a user in the same VLANs out of the wireless environment we get web access instantly.
Fred Mancen
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-19-2013 05:00 AM - edited 06-19-2013 05:01 AM
06-19-2013 05:00 AM - edited 06-19-2013 05:01 AM
Re: MSM720 Premium does not work properly on a segmented network
Hi
The Firewall only applies to incoming traffic from the Internet ports.
Just based on the symptoms this is simply a configuration issue. I'd suggest you check the Implementation guide at http://bizsupport1.austin.hp.com/bc/docs/support/SupportManual/c02682324/c02682324.pdf. This is a bit older so it only talks about LAN and Internet interfaces, but the principle is still the same - just remember you have 4 "LAN" ports and 2 "Internet" ports :-)
It's a big book, but the overview of different solutions (5) gives you an idea what they are aimed for. I believe first or second one could be used as a base for your implementation as well. You will find there step-by-step instructions how to configure the whole thing, including the wired side.
HTH,
Arimo
HPE Networking Engineer