- Community Home
- >
- Networking
- >
- Wireless
- >
- M and MSM Series
- >
- Re: MSM765zl + Guest/Employee VLAN
M and MSM Series
1748165
Members
3779
Online
108758
Solutions
Forums
Categories
Company
Local Language
юдл
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
юдл
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-03-2010 06:41 AM
тАО12-03-2010 06:41 AM
MSM765zl + Guest/Employee VLAN
Hi!
I'm stuck in the different scenarios of the MSM Solution and Implementation Guide because none of the scenarios really fit to my requirements.
What I have:
1x 54xx with MSM765zl installed
several MSM422 APs
2 VLANs (Guest/Employee) configured on the switch
1 external Firewall
1 Company DHCP Server
What I need:
VSC for employee traffic which should be bridged egress to Employee VLAN after sucessful AD authentication (no Radius Server; no 802.1x).
VSC for Guest traffic which should bridged egress to
Guest VLAN with HTML authentication (Guest Traffic will be handled by the company's firewall). The customer want's to manage the Guest accounts with the Guest Management Software.
DHCP should be handled by the Company's DHCP Server for employees and guests.
I have tried already various VLAN egress options and have read lots of HP Guides, but am still confused about best practice in my scenario.
Some Questions:
Do I need the internet port in my scenario?
Do I need account profiles for the AD authentication?
I have put the MSM AP's tagged into the 2 VLANs - is that ok?
I would appreciate any help or hint leading into the direction of my scenario very much.
With regards
Manfred M.
I'm stuck in the different scenarios of the MSM Solution and Implementation Guide because none of the scenarios really fit to my requirements.
What I have:
1x 54xx with MSM765zl installed
several MSM422 APs
2 VLANs (Guest/Employee) configured on the switch
1 external Firewall
1 Company DHCP Server
What I need:
VSC for employee traffic which should be bridged egress to Employee VLAN after sucessful AD authentication (no Radius Server; no 802.1x).
VSC for Guest traffic which should bridged egress to
Guest VLAN with HTML authentication (Guest Traffic will be handled by the company's firewall). The customer want's to manage the Guest accounts with the Guest Management Software.
DHCP should be handled by the Company's DHCP Server for employees and guests.
I have tried already various VLAN egress options and have read lots of HP Guides, but am still confused about best practice in my scenario.
Some Questions:
Do I need the internet port in my scenario?
Do I need account profiles for the AD authentication?
I have put the MSM AP's tagged into the 2 VLANs - is that ok?
I would appreciate any help or hint leading into the direction of my scenario very much.
With regards
Manfred M.
3 REPLIES 3
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-28-2010 12:30 PM
тАО12-28-2010 12:30 PM
Re: MSM765zl + Guest/Employee VLAN
Do I need the internet port in my scenario?
yesss
Do I need account profiles for the AD authentication?
yesss
I have put the MSM AP's tagged into the 2 VLANs - is that ok?
no guest vlan must be untag Employee vlan tag port
---------------------------------------
lan port serve guest and all access point device
open controller dhcp server and connect guest vlan switch port (untagged)
all access point port must be untag guest vlan and tagged employee vlan
controller lan port untagged guest vlan tagged employe vlan
controller internet port connect employe vlan untag port
company dhcp server serve employee vlan
your firewall lan port connect only employe vlan untag port
yesss
Do I need account profiles for the AD authentication?
yesss
I have put the MSM AP's tagged into the 2 VLANs - is that ok?
no guest vlan must be untag Employee vlan tag port
---------------------------------------
lan port serve guest and all access point device
open controller dhcp server and connect guest vlan switch port (untagged)
all access point port must be untag guest vlan and tagged employee vlan
controller lan port untagged guest vlan tagged employe vlan
controller internet port connect employe vlan untag port
company dhcp server serve employee vlan
your firewall lan port connect only employe vlan untag port
cenk
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-04-2011 02:33 AM
тАО01-04-2011 02:33 AM
Re: MSM765zl + Guest/Employee VLAN
Hi,
i have the same requirements, but with teaming active.
Is it possible to put the controller in a "management" vlan with "management" ip for this scenario?
Thanks
Thomas
i have the same requirements, but with teaming active.
Is it possible to put the controller in a "management" vlan with "management" ip for this scenario?
Thanks
Thomas
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-11-2011 03:41 PM
тАО02-11-2011 03:41 PM
Re: MSM765zl + Guest/Employee VLAN
The guest traffic is tunneled to the controller in an access-controlled VSC and the egress VLAN settings will not apply. You dont need a guest VLAN on your switches since the client datat tunnel is setup via the IP address on the AP to the ip address on the controller LAN port. The traffic is then routed from the MSM.
I would use the internet port with a network (/30) that is directly connected to your firewall for the guest traffic. Set a default route on the MSM to your firewall port so that guest traffic is routed there. I would provide DHCP to guest clients from the MSM also.
The employee traffic will be bridged via your egress setting to your LAN.
In 'teamed' mode you will have to use a DHCP relay and the "bridge internet port to LAN port" option to get IP addresses for guests.
Kyle
I would use the internet port with a network (/30) that is directly connected to your firewall for the guest traffic. Set a default route on the MSM to your firewall port so that guest traffic is routed there. I would provide DHCP to guest clients from the MSM also.
The employee traffic will be bridged via your egress setting to your LAN.
In 'teamed' mode you will have to use a DHCP relay and the "bridge internet port to LAN port" option to get IP addresses for guests.
Kyle
www.traversasolutions.com;http://www.linkedin.com/pub/kyle-massey/22/23/126
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
News and Events
Support
© Copyright 2024 Hewlett Packard Enterprise Development LP