M and MSM Series
cancel
Showing results for 
Search instead for 
Did you mean: 

MSM730 dhcp server problem

 
SOLVED
Go to solution
Highlighted
Cfabio
Frequent Advisor

MSM730 dhcp server problem

Hi

I would want to use my MSM730 controller in dhcp server mode on internet port (WAN).

For network architecture reasons (I can't insert a router in the network) I can't use the LAN port so I have connected the APs and the gateway to internet on the WAN port.

If I try to configure the dhcp server in address allocation section I obtain an error.
I do something wrong or it is simply impossible this configuration with this controller?

Have you some suggests to solve the problem?

Regards

 

P.S. This thread has been moved from Communications, Wireless (Legacy ITRC forum) to MSM Series. -HP Forum Moderator

18 REPLIES 18
Highlighted
kianwei
Advisor

Re: MSM730 dhcp server problem

There is normal to use WAN port to do deployment. LAN DHCP server on controller will assign the IP address to the client that connect to the VSC in access control mode. Any error message you get?
Highlighted
Fred!
Trusted Contributor

Re: MSM730 dhcp server problem

Is the product complaining that the subnet your are trying to define in the DHCP server is not the same as the LAN port? (or something like this, I don't remember the exact label)
Highlighted
Cfabio
Frequent Advisor

Re: MSM730 dhcp server problem

Hi

The wan interface address is 147.xxx.xxx.2

I configure the dhcp server section with:
start address 147.xxx.xxx.3
stop address 147.xxx.xxx.100
gateway 147.xxx.xxx.1

The LAN port have address 192.xxx.xxx.xxx but anything is connect to this port.

I obtain error: DHCP RANGE IS INVALID

I thinked that is caused by the impossibility to configure the wan port in dhcp server mode. It isn't true? I wrong something in my configuration?


Regards
Highlighted
Fred!
Trusted Contributor
Solution

Re: MSM730 dhcp server problem

Yes, that was my guess, your configuration is invalid.

To answer your original question, there is no DHCP server that sits on the WAN port.

The DHCP server resides on the LAN port only. What you see on the address allocation page is really the settings for DHCP server or DHCP relay that sits and is only active on top of the LAN port.

However, there is a way to make it work in your scenario but it is really to provide DHCP addresses to your clients and not the APs.

If that's what you want to do you can make it work. If you want to be able to give IPs to anyone on the WAN port (including APs or wired stations) then I'm afraid that will be difficult with the product.

If you want to give IPs to your clients you will have to configure the Address Allocation > DHCP Server page in a private subnet that happens to be within the same subnet as your disconnected LAN port. Basically you will have to configure the LAN port with an address (let's say 192.168.1.1) and the DHCP to give away addresses in that subnet (192.168.1.x for example).Then in the VSC make sure you force the client traffic inside the tunnel (always tunnel client traffic) and in the DHCP server that you enable the checkbox "listen for client data tunnel request". That way a client will connect to the VSC, will get tunneled to the MSM controller and reach the DHCP server. The client will get a 192.168.1.x address.

Not sure that's what you want to do, but that's kind of the only way you can do it and use the internal DHCP server of the product when only connected with the WAN port.
Highlighted
kianwei
Advisor

Re: MSM730 dhcp server problem

Fred is correct. The DHCP server range in MSM Controller only can assign the IP range in LAN port.For your case 192.xxx.xxx.xxx. You don't have to connect anything in your LAN port but the DHCP server will assign 192.xxx.xxx.xxx to your wireless access control user once they connected to SSID. Actually, you may assign different IP address range to every VSC as long as the VSC is a access control VSC (check access control in VSC page). You must define the dns, gateway and range for every VSC. After perform this, a virtual gateway will create in the controller for every single VSC.
Highlighted
Cfabio
Frequent Advisor

Re: MSM730 dhcp server problem

Hi

I have understand your suggest but this doesn't resolve my problem.

I want to assign public IP addresses to clients and these IP addresses must be in the same subnet of the WAN port. In my scenario I can't use nat.

My original problem is that I use EAP-TTLS authentication of the clients and for this I use an external radius server. At the moment I use an external dchp server. I enable accounting for my VSC but in the account start message I don't receive the IP address of the client (the public IP address that the external DHCP has assigned to the client just after authentication). I receive the IP address only in the account stop message (in the Framed-IP-Address field).

I tried to put the Frame-IP-Address field in the access-accept message with the public IP address for the client just authenticated but it doesn't work. The MSM730 controller don't accept this attribute in access-accept message.

So I thought to use the controller in dhcp server mode because in this way I was thinking that assigning it the IP address it would put the IP address in the account start message. (Is it true?).

However I suppose, as I said above, that I can't use the controller in dhcp server mode.

Have you a solution?
Highlighted
Cfabio
Frequent Advisor

Re: MSM730 dhcp server problem

Anyone?

Fred!? kianwei?

Have you understand my problem? or I wasn't clear....



Highlighted
Fred!
Trusted Contributor

Re: MSM730 dhcp server problem

Well, if you cannot use NAT, you will have no choice but to do a VSC that does not involve the controller.

If you make sure that the "use this MSC for: authentication, access-control" checkboxes are unchecked, then the traffic will flow from your client through the AP and directly on the network. Not to mention that the RADIUS authentication will also go straight from the AP to the controller.

You will be able to assign a public IP address using an external DHCP server. In your case you won't be able to use the MSC internal DHCP server for that task.

I'm afraid that's the only solution I see. There are other solution involving the controller but it will have to NAT your addresses if you are just connecting the WAN port or to be connected through the LAN port. So both don't apply in your case.
Highlighted
Cfabio
Frequent Advisor

Re: MSM730 dhcp server problem

Hi

Sorry but I'm not sure I've understand what you suggested me.

I have checked in my VSC profile the options "use service controller for authentication" and " use service controller for access control". (I don't find in the configuration interface "use this MSC for: authentication, access-control"...)

I don't use NAT but the traffic go through the service controller and after on the network. The authentication also works correctly. Controller is in dhcp relay mode.

My problem is that I don't receive in the Accounting-Request start message the IP of the client (using 802.1X authentication).
I receive the IP (in Framed-IP-Address field) only in the Accounting-Request stop message. Instead everything, about the accounting, works fine if I use "HTML-based user logins authentication" in the same configuration conditions.

In your opinion this problem is due to the absence of NAS? and there aren't solutions?

Thanks
Regards