- Community Home
- >
- Networking
- >
- Wireless
- >
- M and MSM Series
- >
- MSM760 beginner's question - two networks
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-29-2010 06:53 AM - last edited on тАО12-02-2013 12:05 AM by Lisa198503
тАО07-29-2010 06:53 AM - last edited on тАО12-02-2013 12:05 AM by Lisa198503
Hi all,
we're using an MSM760 to control access to our internal network. Users authenticate with 802.1X and then access our LAN - that works fine.
Now, we would like to create a visitor WLAN. That is, we would like to have a second SSID. We would like to connect an extra Internet router to the public Ethernet interface. Visitors should connect to that SSID, authenticate via HTML and then get access to Internet (NOT to the internal network).
My question: Is that possible at all? Or can I restrict access only to ONE network, that is, EITHER to my internal network OR to Internet?
P.S. This thread has been moved from Communications, Wireless (Legacy ITRC forum) to MSM Series. -HP Forum Moderator
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-29-2010 07:24 AM
тАО07-29-2010 07:24 AM
Re: MSM760 beginner's question - two networks
and examine this config on controller
controller connection setings will be
username admin
password dunyacom
ip 192.168.1.1 on lan port
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-29-2010 07:26 AM
тАО07-29-2010 07:26 AM
Re: MSM760 beginner's question - two networks
all ap resiade guest network (different vlan)
controller internet port your local network
different vlan and lokal network connect internet.
note config password 123456
may it be easy
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-29-2010 07:33 AM
тАО07-29-2010 07:33 AM
Re: MSM760 beginner's question - two networks
I understand that you want me to connect the "public" Port of the MSM to my internal network, the "LAN" port to my Internet router, and my access points on a separate VLAN on the "public" Port. Did I understand you correct?
Why doesn't that work the other way round? And, what should I do with AP's at other locations? I would have to route that AP vlan to the other locations to make that work.
Did I understand you correctly?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-04-2010 12:14 AM
тАО08-04-2010 12:14 AM
SolutionThere are few way to complete your mission.
The most suitable for your situation as below,
1. Connect the dedicate internet line (guest internet) to Internet port of MSM760. Assign an IP address and gateway to your dedicated internet modem or router.
2. Connect all the APs to LAN port of MSM760. Make sure APs can getting DHCP address assign else Controller unable to discover APs.
3. Create two VSC, first VSC is guest VSC which will be using HTML based authentication. Let everything default. Make sure access control and authentication is checked. (You may re-use the default HP ProCurve VSC)
4. Second VSC is secure VSC, which will be using by internal user. Check Authentication and leave Access Control uncheck. Use 802.1x authentication as you did.
5. On the dhcp services in Controller. Uncheck the LAN and check the client data tunnel in DHCP page. (uncheck the LAN because we try to avoid 2 DHCP function at a same time)
6. Try connect to guest SSID you should be getting DHCP assignment from controller LAN subnet and gateway to controller. Open a browser you should be hitting captive portal which request password from you.
7. Try connect to secure VSC you should be getting DHCP assignment from your untagged traffic in your existing LAN segment.
Try it out and good luck.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-04-2010 12:22 AM
тАО08-04-2010 12:22 AM
Re: MSM760 beginner's question - two networks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-04-2010 09:08 AM
тАО08-04-2010 09:08 AM
Re: MSM760 beginner's question - two networks
I had to enable the "Restrict wireless traffic" option, before that the users had, once authenticated, access to Internet and to our internal LAN.
Also, since the Guests get an IP address of the controller's LAN subnet, I had to configure a static route to this network on the DSL router - and first to find one that supports static routes =) ... but now, everything is pefect!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-05-2010 06:44 PM
тАО08-05-2010 06:44 PM