M and MSM Series
cancel
Showing results for 
Search instead for 
Did you mean: 

configure MSM720 with html-auth and external dhcp

 
Highlighted
tasklogic
Occasional Advisor

configure MSM720 with html-auth and external dhcp

hi all,

i must configure the msm720 with this feature.

 

vlan 18, 19 for employee and guest (with html-authentication)

 

vlan 20 for connectivity and discovery AP

 

dhcp-server is on vlan 1 and release address on vlan 1, 18, 19

 

 

must connect only internet port? or both internet port and lan port?

 

thanks for replay

 

 

 

 

7 REPLIES 7
Highlighted
cenk sasmaztin
Honored Contributor

Re: configure MSM720 with html-auth and external dhcp

if you want using html base authentication for guest user you must use lan  and internet ports.same time

 

 

firstly create vlan's on switch

 

 

vlan 20 for wireless management

vlan 19 for employe

vlan 18 for guest

 

internet port connect vlan 20 untag port on switch

lan port connect vlan 18 untag port on switch

 

all wireless access point port must be

 

untag state for vlan 20

tagged state for vlan 19 and 18

 

 

vlan 20 and vlan 19 use same dhcp server (with ip helper)

vlan 18 must use controller dhcp service because guest network must be sperate all other network..

you create two network profile on controller for vlan 19 an 18 and asign under default group

 

controller discover ap device from internet port (must be enable internet port discovery on controller management tab)

 

in this way

when connect employe client on employe ssid ; client go to employe vlan

 

 

when connect guest client on guest ssid :client go to do controller lan port for html authentication

 

guest client after successfull autentication connect to the internet on your local network... with nat

you must be configure controller firewall high lavel  for better security

 

 

 

 

cenk

Highlighted
tasklogic
Occasional Advisor

Re: configure MSM720 with html-auth and external dhcp

ths for replay!

 

i want use html-base authentication both vlan 18 and vlan 19

 

and both must receive ip address from dhcp-server on vlan 1.

 

i can not use dhcp-server service on controller because there is already one dhcp-server on vlan 1

 

i must configure:

vlan 20 for wireless management

vlan 19 for employe

vlan 18 for guest

 

internet port connect vlan 20 untag port on switch;  ip address internet port ????

lan port connect vlan 18 & 19 tag port on switch??? (i'm not sure)  ip address lan port??

 


network profile


lan port vlan id 1 (because is connect on vlan 1, where there is the dhcp-server?)

 

internet port vlan id 20 (because discovery the ap on this vlan)

 

 

all wireless access point port must be

untag state for vlan 20

tagged state for vlan 19 and 18

 

 

i create network profile on vlan 18 & 19 and assign to default group

 

i configure controller discover ap device from internet port on vlan 20

 

 

attach network scheme for detail.

 

ths , wait for reply

 

Highlighted
cenk sasmaztin
Honored Contributor

Re: configure MSM720 with html-auth and external dhcp

Hi Luca

 

I work this night for you

I create new config and send to detailed configuration information

 

Cenk

cenk

Highlighted
Connect-Colleg
Occasional Visitor

Re: configure MSM720 with html-auth and external dhcp

Hi,

i've same problem on MSM720 with ,more or less, same request from customer,

Could i have the working configuration ?

Why the ap with tag & untag port ?

 

Thanks in advance.

Cipo 

Highlighted
krisv
Occasional Visitor

Re: configure MSM720 with html-auth and external dhcp

Hello,

 

We are having exactly the same problem. The only way I can seem to make it work is using the controller as DHCP server, but this is not preferred because there already is a DHCP server on that subnet.

 

So if you could also send me that configuration, that would be great!

 

Thanks,

Kris

Highlighted
Humppasonni
Occasional Visitor

Re: configure MSM720 with html-auth and external dhcp

Hi,

 

we have a VERY simple setup where we have

 

1) Zyxel USG200 firewall, with 2 LAN's - one for WLAN and other for company LAN.

LAN: 192.168.0.1/24

LAN2: 192.168.2.1/24

Route 192.168.1.0/24 and 192.168.11.0/24 pointing to 192.168.2.2 (MSM720 internet interface)

 

2) behind that USG we have an MSM720, directly connected to a LAN-port of the FW

Internet-port (5) IP 192.168.2.2/24 (to LAN2 net of FW)

Access net ip 192.168.1.1/24

 

3) WLAN AP's directly connected to the MSM720

IP's 192.168.1.2-.5

 

4) One Guest WLAN, with no auth.

 

Now, I have tried two things

1) DHCP relay from the FW. This gives the clients correct IP's, but can't ping ANYTHING


2) DHCP from the MSM720, with subnet 192.168.11.0/24.

This pings both 192.168.1.1 and 192.168.2.2, but nothing further.

 

From LAN1 it's possible to ping both 192.168.2.2 and 192.168.1.1 through the FW, so routing is OK at least for those nets. Can't ping 192.168.11.x, though the routing goes all the way to 192.168.2.2

 

Any hints?

 

 

 

 

Highlighted
seb88
Occasional Visitor

Re: configure MSM720 with html-auth and external dhcp

Hi Humppasonni,

Are you resolved this problem? I have this same problem with configuration MSM720 with 3 VLANs: AP, Users and Guest.

 

AP: 192.168.117.32/27 vlan 43

Users: 192.168.104.0/23 vlan 17

Guest: 192.168.115.0/24 vlan 3

 

And I don't known how configuring

 

http://i57.tinypic.com/t6yt10.jpg