HPE Community
M and MSM Series
1752345 Members
5366 Online
108787 Solutions
New Discussion юеВ

Re: Maintain Source Address of Wireless Clients MSM720

 
TruDave
Occasional Advisor

тАО08-11-2013 01:48 PM

тАО08-11-2013 01:48 PM

Maintain Source Address of Wireless Clients MSM720

I am working with an MSM 720 at a clients and I've run into a bit of an issue. I need to maintain the source address of the wireless clients however I'm having difficulty doing that. I need to maintain the source address as I need to manipulate traffic on the main router based on what IP address has been given.

 

Access Network : 192.168.1.1/24

Internet Network : 192.168.5.2/24

 

I have two VSC's : Staff get an IP address of 192.168.10.0/24 and Students get an IP address of 192.168.1.0/24. I need to configure any Student that logs onto that VSC to be forwarded to the MDM login page, where successful authentication will provide them with an iPad profile. 

 

The issue I'm having here is no matter how I set this up the main router see's all  wireless traffic as coming from 192.168.5.2 (note that NAT is on). If I disable the NAT it appears to break everything, and if I try to use the DHCP relay function it doesn't appear to work. Does anybody have any suggestions how the source IP address can traverse the "Internet Network" without having it's source modified?

0 Kudos
11 REPLIES 11
JesseR
Regular Advisor

тАО08-12-2013 06:53 AM

тАО08-12-2013 06:53 AM

Re: Maintain Source Address of Wireless Clients MSM720

You'll need to turn off NAT I believe. The DHCP relay option does work properly, I have it setup that way at about 15 or so sites using an External DHCP server.
Jesse R
Source One Technology, Inc.
HP Partner


MSM 5.7.x deployment guide:

0 Kudos
DougB-CCCP
Frequent Advisor

тАО08-12-2013 10:10 AM - edited тАО08-12-2013 10:10 AM

тАО08-12-2013 10:10 AM - edited тАО08-12-2013 10:10 AM

Re: Maintain Source Address of Wireless Clients MSM720

I just fixed this problem today with a customer.

 

Under the DHCP relay options, click 'extend egress subnet to ingress' (however it's worded).  I also had to change the default gateway of the controller to the same gateway that I wanted clients to egress on for some reason.

 

EDIT: And yes, you have to disable NAT.

----------------
HP ASE (Mobility), Infrastructure Engineer
0 Kudos
TruDave
Occasional Advisor

тАО08-13-2013 05:39 PM

тАО08-13-2013 05:39 PM

Re: Maintain Source Address of Wireless Clients MSM720

So you're saying that if you wanted your wired clients to egress from 10.0.0.1 you'd need to set that as the gateway on the controller as well?

0 Kudos
DougB-CCCP
Frequent Advisor

тАО08-14-2013 09:07 AM

тАО08-14-2013 09:07 AM

Re: Maintain Source Address of Wireless Clients MSM720

It was very strange to me, but yes, for the traffic to egress on the 10.0.0.x network and hit the correct default gateway, I had to configure the controllers' default gateway to be on the same network.

 

In my configuration, the internal network was 10.100.0.x/24 and the tunneled was 10.11.0.x/24.  I would try without first because I don't recall having the controller configured like that in the past for other setups; the big part was the check box under DHCP relay.

----------------
HP ASE (Mobility), Infrastructure Engineer
0 Kudos
TruDave
Occasional Advisor

тАО08-21-2013 08:19 AM

тАО08-21-2013 08:19 AM

Re: Maintain Source Address of Wireless Clients MSM720

Thank  you for your assistance, it is very much appreciated. Unfortunately I've been having no luck - please see attached photos of the configuration.

 

internet network configuration.png

 

NOTE : The NAT checkbox is checked when I test - I had to re-enable it to access it from a remote computer to take this SS, but when I test it the NAT box is not checked.

 

internet network.png

 

dhcp relay agent.png

 

routes.png

0 Kudos
JesseR
Regular Advisor

тАО08-21-2013 09:45 AM

тАО08-21-2013 09:45 AM

Re: Maintain Source Address of Wireless Clients MSM720

On the DHCP relay configuration screen, you NEED to be listening on the Client Data Tunnel *IF* you're trying to get a DHCP address from an external DHCP server for a VSC that is Client Data Tunneled. So, make sure that box is checked.

Please also post your VSC screenshots.

I'm assuming your external DHCP server is 192.168.5.1 based on the settings you are using? Just checking...
Jesse R
Source One Technology, Inc.
HP Partner


MSM 5.7.x deployment guide:

0 Kudos
TruDave
Occasional Advisor

тАО08-22-2013 08:02 PM

тАО08-22-2013 08:02 PM

Re: Maintain Source Address of Wireless Clients MSM720

Please see below for the DHCP Relay section of the VSC in question - please let me know if you need additional information  / screenshots. Thanks again

vsc.png

0 Kudos
JesseR
Regular Advisor

тАО08-27-2013 02:05 PM

тАО08-27-2013 02:05 PM

Re: Maintain Source Address of Wireless Clients MSM720

For my External DCHP servers, I *always* have the "Forward to Egress interface" option selected.
Jesse R
Source One Technology, Inc.
HP Partner


MSM 5.7.x deployment guide:

0 Kudos
TruDave
Occasional Advisor

тАО08-27-2013 04:32 PM

тАО08-27-2013 04:32 PM

Re: Maintain Source Address of Wireless Clients MSM720

Thanks again for your message - I appreciate your help. At this stage I think I may need to bite the bullet and pay for support.

 

I've made the changes you had suggested and it looks like I still have no leases in the DHCP server I want to have. I also have lots of the following in the system log : 

 

Aug 27 18:55:17

warni monitord

Unexpected termination for process 'dhcpd -f -q br0' [pid 30990, up for 361 sec(s)]

0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.