M and MSM Series
cancel
Showing results for 
Search instead for 
Did you mean: 

Replicate Autonomous MSM430 setup on MSM720 controller

Highlighted
RichM79
Occasional Visitor

Replicate Autonomous MSM430 setup on MSM720 controller

Hi,

I'm struggling setting up the MSM720 controller to replicate what I can already achieve by the APs running autonomously.

Our router has a vrf inplace so that the native vlan is our main network and then we have a separate vlan 92 on a different subnet with it's own dhcp server and transparent proxy applied for guest traffic.

On the MSM430 AP in autonomous mode I create 2 vsc's, one for the main network with radius authentication and an additional one for Guest traffic.  I tag the router port on the switch for vlan 92 and tag the port the AP is connected to on vlan 92.  I create a network profile on the AP and assign it to vlan 92 and then go into vlans and tag port 1 on the AP to vlan 92.  All I then need to do is go into the vsc and tick egress vlan 92 and all traffic connecting on that vsc drops onto the correct network and gets an IP address etc.

I've tried to recreate this on the MSM720 but i'm struggling, I don't require access control or a login page I just need all the traffic to drop onto the correct network.  I think I should be able to set this up without using the internet ports and just the the access ports and creating a network profile and tagging the ports in vlans and then click on the AP group and click vsc bindings and egress that ssid onto vlan 92 and tunnel all traffic back.  My clients don't get a DHCP address, I don't think I'm far away from it working but it's frustrating.  It is relatively straight forward setup on an autonomous AP and on other wireless systems just tick the vlan and tunnel all traffic back to the controller.

Please can someone advise?

Thanks

1 REPLY
NeilR
Trusted Contributor

Re: Replicate Autonomous MSM430 setup on MSM720 controller

Yes you are close. You don't want access control, as you don't want to tunnel.

To get the traffic to egress the switch that the AP is connected to you will need to have your radius server send the attribute HP-Egress-VLAN-Name(65) along with the matching VLAN name as part of the Access accept response back to the AP. You will need to add a 1 in front of the name for tagged or 2 for untagged - 1MYVLAN

Or you can use HP-Egress-VLANID(64) <tagged/untagged(0x31 or 0x32)>000<VLAN_ID (as hex)>

Name is a little friendlier - search HP-Egress-VLAN for more details.