M and MSM Series
cancel
Showing results for 
Search instead for 
Did you mean: 

MSM775 Public Network implmentation question

 
Highlighted
JB712
Occasional Visitor

MSM775 Public Network implmentation question

We currently have an MSM775zl wireless controller implemented in our environment which we currently only use it for business clients / employees.  It's been requested for a public network for customers as well.  I have since then developed my customer VLAN and have it routed out a separate circuit.  But right now, i'm unable to get the http redirection working.  Going back over my documentation i see for my VSC that i would need to change the egress mapping (the option on the VSC config itself, not the VSC binding).  I already have in place my public VSC to bind with my public vlan.  But i can't find where i need to configure the "Map To" for the traffic type.  I also noticed that some examples for public networks show the use of a RADIUS server.  For one i came across it seems like the RADIUS component is necessary for the redirection to work.  Is that the case?

4 REPLIES 4
Highlighted
RamKrish
Valued Contributor

Re: MSM775 Public Network implmentation question

Hi

For public html based authentication (portal redirection), you need to ensure following: (assuming DHCP server is an external DHCP server on the network side)

- make sure the VSC profile is not the default VSC profile on the controller configuration

- guest vlan created, mapped to any of the controller port (internet or lan)

- make sure it has ip address assigned (add ip address on the network section - add interface)

- make sure DNS IP address has been added to Network --> DNS page of the controller.  This is very important, without an active IP address added, portal redirection will NOT work.

- make sure the DHCP server has proper scope defined with default gateway and DNS server ip options

- once you have configured ip address for the newly created vlan on the controller, go to the VSC profile - at the bottom screen you should see egress setting mappings along with DHCP forward to egress interface settings.  Refer to attached screen snap for reference for similar VSC settings which uses option for external DHCP server.

Regards
Ram
Highlighted
JB712
Occasional Visitor

Re: MSM775 Public Network implmentation question

Hi Ram,

Thanks for the information.  And i apologize for the late response.  I was thinking i would get an email response when someone replied. 

Regarding your comment on DNS...  I guess i don't quite get the role of this controller tab.  I understand the role of DNS.  I have my internal DNS servers added in this field which I need in there for the controller to resolve internal hostnames, which i assumed that's all it was for.  For my public network, my DHCP scope is configured to give the client a public DNS address.  I don't want them resolving from my internal DNS addresses as this is just for internet access out a separate ISP.  So in that case, is this configured correctly then?  Should i add a public DNS server?  I'm not sure how this piece plays a role in the redirection.  Unless i need a record of some sorts to point to the redirection site?  Is that the case?

Thanks!

JB

Highlighted
JB712
Occasional Visitor

Re: MSM775 Public Network implmentation question

Let me add this as well.  In your screenshot, i see you're using the "Always tunnel client traffic."  Is this necessary?  The reason i ask is because i've struggled with the concept and implementation of the "client data tunnel".  I've only ever used controllers for management of APs and the SSID's and just let network topology route the traffic as is, but this option seems like it tries to tell all traffic to go through the controller like it is a router itself.  Please correct me if i'm wrong, but it's been a head-ache.  My private network doesn't use it as authentication is certificate based to join with group membership required in AD all controlled by my RADIUS server.  Once connected, it acts like just another VLAN on the network.

Granted, i know you don't exactly want that for your public network for all sorts of security reasons, but here's what i run into with this option.  When the "Always tunnel client traffic" is selected, when the client connects, DHCP gives it an IP address on the same vlan as my AP's are on.  Now on each switch port where the AP is plugged into, i have my WLAN vlan's tagged on the ports, but the AP vlan is untagged.  So is the client data tunnel supposed to run on the untagged vlan of the AP?  I would think if it were that could pose to be a security issue.

Highlighted
Dennis Handly
Acclaimed Contributor

Re: MSM775 Public Network implmentation question

>I was thinking i would get an email response when someone replied. 

 

You need to enable that.  For posts there is a box on right with: Email me when someone replies

Or in your profile you can enable it for every post:

https://community.hpe.com/t5/user/myprofilepage/tab/user-preferences

Automatically subscribe me to topics or reviews I participate in (Check box)

https://community.hpe.com/t5/user/myprofilepage/tab/user-subscriptions%3Anotification-settings