M and MSM Series
cancel
Showing results for 
Search instead for 
Did you mean: 

MSM760 beginner's question - two networks

 
SOLVED
Go to solution
Highlighted
Stephan van Helden
Occasional Advisor

MSM760 beginner's question - two networks

Hi all,

we're using an MSM760 to control access to our internal network. Users authenticate with 802.1X and then access our LAN - that works fine.

Now, we would like to create a visitor WLAN. That is, we would like to have a second SSID. We would like to connect an extra Internet router to the public Ethernet interface. Visitors should connect to that SSID, authenticate via HTML and then get access to Internet (NOT to the internal network).

My question: Is that possible at all? Or can I restrict access only to ONE network, that is, EITHER to my internal network OR to Internet?

 

 

P.S. This thread has been moved from Communications, Wireless (Legacy ITRC forum) to MSM Series. -HP Forum Moderator

7 REPLIES 7
Highlighted
cenk sasmaztin
Honored Contributor

Re: MSM760 beginner's question - two networks

copy and paste my config on 760 controller

and examine this config on controller

controller connection setings will be
username admin
password dunyacom
ip 192.168.1.1 on lan port
cenk

Highlighted
cenk sasmaztin
Honored Contributor

Re: MSM760 beginner's question - two networks

controller connect lan port on guest network
all ap resiade guest network (different vlan)

controller internet port your local network
different vlan and lokal network connect internet.


note config password 123456

may it be easy
cenk

Highlighted
Stephan van Helden
Occasional Advisor

Re: MSM760 beginner's question - two networks

Thanks! So, the basic answer to my question is "Yes, that is possible"?

I understand that you want me to connect the "public" Port of the MSM to my internal network, the "LAN" port to my Internet router, and my access points on a separate VLAN on the "public" Port. Did I understand you correct?

Why doesn't that work the other way round? And, what should I do with AP's at other locations? I would have to route that AP vlan to the other locations to make that work.

Did I understand you correctly?
Highlighted
kianwei
Advisor
Solution

Re: MSM760 beginner's question - two networks

Hi Stephan,

There are few way to complete your mission.
The most suitable for your situation as below,

1. Connect the dedicate internet line (guest internet) to Internet port of MSM760. Assign an IP address and gateway to your dedicated internet modem or router.
2. Connect all the APs to LAN port of MSM760. Make sure APs can getting DHCP address assign else Controller unable to discover APs.
3. Create two VSC, first VSC is guest VSC which will be using HTML based authentication. Let everything default. Make sure access control and authentication is checked. (You may re-use the default HP ProCurve VSC)
4. Second VSC is secure VSC, which will be using by internal user. Check Authentication and leave Access Control uncheck. Use 802.1x authentication as you did.
5. On the dhcp services in Controller. Uncheck the LAN and check the client data tunnel in DHCP page. (uncheck the LAN because we try to avoid 2 DHCP function at a same time)
6. Try connect to guest SSID you should be getting DHCP assignment from controller LAN subnet and gateway to controller. Open a browser you should be hitting captive portal which request password from you.
7. Try connect to secure VSC you should be getting DHCP assignment from your untagged traffic in your existing LAN segment.

Try it out and good luck.
Highlighted
kianwei
Advisor

Re: MSM760 beginner's question - two networks

By the way, YES you can restrict your traffic going out to internet thru internal internet or dedicated internet line.
Highlighted
Stephan van Helden
Occasional Advisor

Re: MSM760 beginner's question - two networks

Thanks kianwei! It works! Wuhuu! :)

I had to enable the "Restrict wireless traffic" option, before that the users had, once authenticated, access to Internet and to our internal LAN.

Also, since the Guests get an IP address of the controller's LAN subnet, I had to configure a static route to this network on the DSL router - and first to find one that supports static routes =) ... but now, everything is pefect!
Highlighted
kianwei
Advisor

Re: MSM760 beginner's question - two networks

You are welcome. Nice to hear it's work. MSM wireless controller have many other features that really need your time to play around with it.