M and MSM Series
Showing results for 
Search instead for 
Did you mean: 

Tunnel Guests to Internet-Port on MSM710

Occasional Advisor

Tunnel Guests to Internet-Port on MSM710



I have a MSM710 with a couple of accesspoints to provide WLAN access for office users, this works all right. Now I want to configure a VSC which only uses a PSK encrytion and no further authentication. The traffic of this VSC should be tunneled to the MSM710 an then NATed trough the internet port. I just can't figure out how this can be done. Is there a step-by-step manual how to do this? I Get the vsc configured all right (I think) but i can't find out how to map this traffic to the internet port. I configure the DHCP settings in the vcs where I set a gateway adress. How and where do I set this adress on the controller?


Any help very much appreceated!



Honored Contributor

Re: Tunnel Guests to Internet-Port on MSM710



These would be the steps:


Enable the dhcp server on the controller

Controller - Network - Address Allocation - dhcp server. Scope is not important, will be defined at the vsc level.


You should define an access-controlled VSC with these settings:

Controller - VSCs

* define vsc:

 use controller for access-control : yes

 # disable the html ( web portal) auth:

 use html authentication : no

# ensure the APs tunnel traffic to the controller

 always tunnel client data : yes

# define a dedicated IP subnet for the guests

# This is a very tricky part, the default gateway which is set on the dhcp scope is also the new IP inteface + address

 # of the controller on this VSC.

dhcp server:

 define scope+gateway address

 # egress vlan

 set to "default" : this is ok if the internet port is connected to e.g. a dedicated guest ADSL connection and gets a dhcp address from the ADSL router. This is the outbound NAT interface for the guests


Best regards,Peter


Occasional Advisor

Re: Tunnel Guests to Internet-Port on MSM710

Hi Peter,


tahnks for our help! I figured it out by now. The only differenc to your instruction is, that when you use "always tunnel client data : yes" you have to configure DHCP:  "DHCP requests on:" -> "Client data tunnel", otherwise your clients never get an ip-address :-( Configured it w/o client data tunnel, tagged a vlan to the inet port so I can select it as egerss port, et voilá, works as designed!



Honored Contributor

Re: Tunnel Guests to Internet-Port on MSM710

yes, forgot that one, I turn that option on "by default" as a habit.

The reason I suggested the tunnel is that it works even when the APs are not on the same subnet/vlan as the controller (like in remote sites).

When AP and controller can connect through a vlan your config works fine as well of course.


Good to hear you made it work !