- Community Home
- >
- Networking
- >
- Wireless
- >
- M and MSM Series
- >
- Re: Yet another issue with msm 730 - 760 guest acc...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-04-2011 04:13 AM - last edited on тАО12-01-2013 07:16 PM by Maiko-I
тАО08-04-2011 04:13 AM - last edited on тАО12-01-2013 07:16 PM by Maiko-I
Yet another issue with msm 730 - 760 guest access and Vlan Configuration
Hi HP MSM's mates.
Since a few weeks (or month) we try to add a guest access to our existing wireless configuration :
- MSM730 controlller
- Few AP's connected on the lan port into a specific VLAN on the switche(s) (unttaged)
- Hp PoE switches
- 2 VSC each egressed to a different vlan on internet port :
- First VSC = business > egressed to vlan 2 on the internet port with an ip adress > this internet port connected to a firewall on vlan 2 to connect to the rest of the network
- Second VCS = guest > egressed to vlan 4 on the internet port with an ip adress > internet port connected to the same firewall / routeur on the vlan 4 to connect to map to the internet.
Specials options on the MSM :
- Expand Internet port subnet to the Lan Port
- Dhcp relay on each VSC, redirecting each VSC to 2 different dhcp server. IP adressing works fine.
- Access control enabled on each VSC.
With this configuration we can connect to each VSC an obtain the good IP adress and association.
You can ping controller vlan on the internet port and firewall vlan port.
1- Does this configuration seems to be correct for you?
2- The lan port seems to doing route job beetween the two VLAN (and then between the two VSC). So even if a client of one VSC can't ping a client on the other VSC, I'm suprised to see that a client associated on a VSC can ping the VLAN port of the other VSC. The Vlans dont's seems to be completely isolated.
3- How do you configure the routing table to permit to the two VSC clients to be routed to the good place on the firewall ?
I hope this is not too confusing. I can give additionnal informations on demand. Thanks in advance.
P.S : If I completely mismatch the good configuration could you suggest me the good one? Bye
P.S. This thread has been moved from Communications, Wireless (Legacy ITRC forum) to MSM Series. - Hp Forum Moderator
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-05-2011 06:02 AM
тАО08-05-2011 06:02 AM
Re: Yet another issue with msm 730 - 760 guest access and Vlan Configuration
I answer to myself, but unfortunately not to tell you that I solved my problem.
I really don't understand WHY my two Vlans aren't perfectly isolated.
- A user connected to a VSC egressed to a Vlan X can ping the adress of the internet port of MSM VLAN's Y !
- That certainly the reason why I can't put two routes in the routing table. I'd like to put one route per vlan, but this, as we can guess, crash the controller management interface. (the packets don't know which route to use).
- Ho can I correctly isolate my two Vlans??? (or where do I make a network mistake?)
Any help would be fully appreciated...
Poilou
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-08-2011 08:32 AM
тАО08-08-2011 08:32 AM
Re: Yet another issue with msm 730 - 760 guest access and Vlan Configuration
Another try, another problem :
I really don't know how to isolate (separate) traffic between two VSC. No success with Vlan configuration, no success without.
I don't find how to make the internal firewall works, because it controls the internet port and all trafic follow the bridge port to communicate inter-vsc.
Even with the "Allow traffic between "no" Wireless clients", my public clients ping the workers clients.
No one?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-11-2011 05:58 AM
тАО11-11-2011 05:58 AM
Re: Yet another issue with msm 730 - 760 guest access and Vlan Configuration
maybe your switch is routing or your firewall is routing