M and MSM Series
cancel
Showing results for 
Search instead for 
Did you mean: 

Struggling with MSM710, help please!!

 
Highlighted
davehedgehog
Advisor

Struggling with MSM710, help please!!

Please could someone advise on the following. I have been able to get parts of this working just not all at once!

 

I need to setup a site with 3 VLANS...

 

VLAN11 = Staff
VLAN12 = PDA's

VLAN13 = Guest / Non-corporate internet access

 

I have set the above up on a Procurve 3500 switch, so far so good. VLAN11 and VLAN12 have IP interfaces defined on the switch for routing purposes. VLAN 13 is just a regular VLAN with no IP address assigned on the switch.

 

The switchport that is attached to the LAN port on the MSM710 is untagged VLAN11, tagged for 12 and 13.

The internet port on the MSM710 has a public ISP assigned IP address.

 

I have setup 3 VSC's, one for each VLAN. All the AP's talk to the MSM over VLAN11 untagged. The guest VSC also provides DHCP and NAT. This works fine.

 

The problem is I cannot get the 2 tagged corporate VLAN's working, I've read the config guide and need someone to confirm if this will work... can I have all the guest traffic using the client data tunnel to the controller, but have all the traffic on the other 2 VLAN's just go direct, tagged from the AP? The controller can see the AP's, but I can't seem to get the egress VLAN's working correctly, I always seem to end up on the untagged VLAN no matter which SSID I connect to.

 

You may wonder why I have defined the guest VLAN on the switch, if I am tunnelling all the client data back to the MSM, then straight out over the internet port. The reason is that if ever in the future we need to connect something hardwired that needs an internet connection that can't go on the corporate network, I can just plug it into the switch on VLAN 3 and it should get an IP from the Guest VSC.

 

If anyone has read this far and understands my ramblings please help :-) Think i'll stop there and see if anyone is with me so far!

 

 

2 REPLIES 2
Highlighted
Fredrik Lönnman
Honored Contributor

Re: Struggling with MSM710, help please!!


@davehedgehog wrote:
can I have all the guest traffic using the client data tunnel to the controller, but have all the traffic on the other 2 VLAN's just go direct, tagged from the AP?

Absolutely. First of all you need to make the Staff and PDA VSC's NOT access controlled. Then under Network you need to create two profiles, one per VLAN. The profiles/VLANs will be choosable when you do the VSC-APgroup mapping, then you choose the correct profile as Egress VLAN. That should be it.

---
CCIE Service Provider
MASE Network Infrastructure [2011]
H3CSE
CCNP R&S

Highlighted
davehedgehog
Advisor

Re: Struggling with MSM710, help please!!

Thanks, I *think* it is all working now, just need to test some stuff, but I think that has done it

 

:-)