HPE Community
M and MSM Series
1753856 Members
7343 Online
108809 Solutions
New Discussion

Topology question on MSM710 with 6 AP's behind DMZ

 
sketchy
Occasional Contributor

‎05-17-2011 07:56 AM

‎05-17-2011 07:56 AM

Topology question on MSM710 with 6 AP's behind DMZ

I have a new MSM710 with 6 AP's (and a new 8 port HP PoE switch to connect the AP's together) that I plan on deploying behind a special DMZ segment on my firewall.  After reading (and re-reading) the manual several times, the illustrations and the wording is confusing me as to how this should be deployed.  In particular, the use of the LAN port versus the Internet port. 

 

The illustrations and wording implies (and contradicts itself) as to the use of each.  In my case, I'd like to set it up on this wireless network on a special DMZ segment behind my corporate firewall.  A guest VSC that would have internet access.  And a employee VSC that I would allow VPN access to our internal network.  So with that desired goal, my questions are:

 

1.  Will the AP's live behind the Controller via the LAN port?

 

2.  Will (or should) all traffic funnel through the controller and out of the "Internet" port to my upstream router/firewall, or should it come out of the LAN side as well, with the "Internet" port being not used/disabled?

0 Kudos
3 REPLIES 3
wifiqos
Occasional Advisor

‎05-18-2011 01:19 PM

‎05-18-2011 01:19 PM

Re: Topology question on MSM710 with 6 AP's behind DMZ

 

the simple answers are

 

1 - yes

2 - all traffic funnels through the controller and out of the "Internet" port to my upstream router/firewall

 

note - and this is important - you must set the bandwidth settings to match your upstream connection, and you really should create a user account, with bandwidth limits for the guest users that are low enough to insure that the company people have priority.  Also, you should assign an upload bandwidth limit to on a per client basis (guest or company) otherwise one laptop uploading something via FTP can cause everyone else to think the network is slow.

 

Murray

prowifi.net

 

 

0 Kudos
sketchy
Occasional Contributor

‎05-18-2011 08:57 PM

‎05-18-2011 08:57 PM

Re: Topology question on MSM710 with 6 AP's behind DMZ

Ah... thanks for the confirmation.  What you stated was eventually what I was able to deduce from the documentation.  (they need a person to clear up some of that documentation and illustrations).  Hashing over the entire manual, and rebuilding the config a few different times under the simplest of configurations, I was able to add a couple of VSC's, and the the controller discovered an AP fine. 

 

However, when I got to "Controlled APs > Neighborhood", it doesn't show the AP like the illustration.  I also do cannot get any wireless devices (tested a laptop and iphone)  to see that SSID for that VSC.  The documentation (P. 6-24) refers to a tickbox should be checked, and shows a tickbox for "Egress Network" as opposed to what I see, which is "Use Egress VLAN"  Enabling doesn't seem to make a difference.  So I'm a bit stuck at the moment.  From the behavior I describe, what should I check out?

0 Kudos
sketchy
Occasional Contributor

‎05-19-2011 05:57 PM

‎05-19-2011 05:57 PM

Re: Topology question on MSM710 with 6 AP's behind DMZ

Turns out this was just a the radio setting.  Had to take it off of the 802.11a/n setting and get it to b/g.  Unlike what I've seen commented, you do not have to break the inheritance from the controller to do this.

 

On to looking into the other issues...

0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.