- Community Home
- >
- Networking
- >
- Wireless
- >
- M and MSM Series
- >
- Re: MSM775 Access Control Multiple sites
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-17-2016 01:52 PM
тАО08-17-2016 01:52 PM
MSM775 Access Control Multiple sites
We have a MS775 controls all of our sites' APs. What we need to do is handle access control for VLAN 9 (Public Inet). When setting up a test SSID, disabling auth and ac will render an IP - but when checked, it will not.
DHCP forwarding is an option, but won't that affect ALL the sites? (vlan 9 is local to each individual site)
Any Ideas how to get AC working in this scenario?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-19-2016 08:02 AM
тАО08-19-2016 08:02 AM
Re: MSM775 Access Control Multiple sites
Howdy,
Are you trying to :
A) aggregate all of the "public" traffic from each of your sites and bring it together (i.e. tunnel it back) into a "super-network" at your main site behind the wireless controller?
Or
B) provide a "secured" pass-through network on each site such that "public" traffic on each of the remote sites can access a local internet breakout?
Or
C) Something completely different again. :-)
A is way easier to manage and B keeps public traffic off your WAN backbone. There are pro's and cons each way.
What hoops do you wish the public to jump through in order to gain the free internet access?
Where is your DHCP service - is this the "built-in" service of the controller itself?
Thanks
Ian
## ---------------------------------------------------------------------------##
Which is the only cheese that is made backwards?
Edam!
Tweets: @2techie4me
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-19-2016 08:17 AM
тАО08-19-2016 08:17 AM
Re: MSM775 Access Control Multiple sites
I think what I am looking for is more along the lines of your example, B.
I want to be able to HTML authenticate with Access Control at the controller, but after authentication, the clients will use the local Internet connection for access.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-19-2016 08:20 AM
тАО08-19-2016 08:20 AM
Re: MSM775 Access Control Multiple sites
Q: What hoops do you wish the public to jump through in order to gain the free internet access?
A: Just HTML Authentication
Q:Where is your DHCP service - is this the "built-in" service of the controller itself?
A: DHCP service is provided by a SonicWall located at their site.
Thanks,
Dan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-19-2016 09:21 AM
тАО08-19-2016 09:21 AM
Re: MSM775 Access Control Multiple sites
Howdy,
Just to level set:
Have you tested that the trunked link into the AP is properly delivering vlan 9 as a tagged network on the trunk? If you were to plug a mini switch into where the AP lives and the switch had a trunk and an access port in vlan 9 would the client get a IP address in the right subnet from the sonicwall?
Thinking about it I'm sure there was a rule about if you want to break-out locally you have to use a non-Access-Controlled VSC. Access controlled means the traffic gets back-hauled to the controller (and then uses the egress VLAN aligned to the VSC or follows the defaults to push traffic out of the box).
There is a "VSC Data Flow" diagram in one of the manuals - it was MSM Controller Config Guide or suchlike.
There is also a useful chart entitled "Trafic Flow for Wireless Users" that will help.
If we need to think outside the box, what ethernet switch have you got behind the AP providing the trunk? - a lot of the Comware ones can do a per-session HTML user login or a portal redirect but how would you centrally manage that function?
Might be better to aggregate all of that public traffic into a single pool behind the controller (you can always rate-limit it across the WAN) and egress it all from one place.
HTH
Ian
## ---------------------------------------------------------------------------##
Which is the only cheese that is made backwards?
Edam!
Tweets: @2techie4me
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-19-2016 10:27 AM
тАО08-19-2016 10:27 AM
Re: MSM775 Access Control Multiple sites
Ian,
Thank you for getting back to me -
Yes, VLAN 9 is working correctly. I currently have the production-side of everything working and everyone is able to connect at the sites and the like successfully without AC.
On the VSC profile, there is an option to egress Unauth, Auth and Intercepted traffic to different VLANs - if Each of our locations has VLAN 7 as a break-out, if I were to set the egress to VLAN 7, would that push traffic out on VLAN 7 at that location?
We have sites located all around the country, some of which with limited bandwidth as it is; including our main hq. Piping all the public traffic through the controller and out our internet connection is not really logical, in my opinion.
I will try to locate the manuals you're referring to - hopefully theyre online somewhere.
Thanks,
Dan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-19-2016 11:13 AM
тАО08-19-2016 11:13 AM
Re: MSM775 Access Control Multiple sites
Howdy,
Controller config guide at a whopping 17MB should give you a few clues!
The study Guide book from HP(E) press for the old HP0-Y44 "HP ASE Wireless Networks" is crammed full of this stuff and is maybe worth picking up secondhand.
I see the code has moved on a bit and picked up a few more options. Maybe I need to blow the dust off and update my MSM760 test rig :-)
If you are on the latest 6.6.2 code at least you will be as up to date as you can be
Kind regards
Ian
## ---------------------------------------------------------------------------##
Which is the only cheese that is made backwards?
Edam!
Tweets: @2techie4me
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-26-2016 05:40 AM
тАО08-26-2016 05:40 AM
Re: MSM775 Access Control Multiple sites
"If you are on the latest 6.6.2 code at least you will be as up to date as you can be"
Nope... current code is 6.6.4 (look under Maintenance releases), and 6.6.5 is expected in a few weeks...
HTH,
Arimo
HPE Networking Engineer