HPE Community
M and MSM Series
1753416 Members
5044 Online
108793 Solutions
New Discussion

Re: MSM guest network

 
Georgeisaac
Advisor

‎10-22-2013 08:57 AM

‎10-22-2013 08:57 AM

MSM guest network

Hi,

 

I am facing issue in one POC.

 

Customer Network

 

Controller ACCESS port -VLAN 10

Controller Internet port -VLAN 20

FIrewall LAN port -VLAN 10

Guest users -VLAN 20

 

Requirement : Guest SSID 

 

Customer requires controller and WAPs should be in VLAN 10 (Management VLAN)

 

 

Internet port is connected to firewall port through layer 3 switch


Here guest users (access controlled)  are able to reach every other vlan connected to layer 3 switch except vlan 10.

 

So there are not able to get internet.

 

Is this right behaviour..?

 

My explanation : when access controlled packets destined to vlan 10 reaches controller it will look to routing table and it will find a connected route in access port.Since its a tunneled user , packet will be dropped (stateful firewall will not allow tunneled user to go to access port network )

 

Is this right explanation ...?

0 Kudos
1 REPLY 1
Tim_Bawden
Occasional Advisor

‎11-04-2013 05:07 PM

‎11-04-2013 05:07 PM

Re: MSM guest network

What are your settings regarding "Ingress and Egress" on the Guest SSID? Do you have the right VLANs assigned, etc.

 

Are you using HTML Based Authentication or WEP/WPA/RADIUS?

 

Any IP Routes and Gateways configured?

 

 

Our Scenario:

Earlier in the year we struggled with connecting clients to the Internet through an Access Controlled SSID with HTML Authentication. We overcame this by configuring a Guest-SSID that egressed into the Guest VLAN (access control was not configured) Clients would connect using an 8 character WPA key changed every now and then as required.

 

Our firewall had an interface dedicated to Guest Traffic (IP: 172.16.91.253/24) Clients would receive an IP Address from our internal DHCP Server ( eg. 172.16.91.1/24 ) this was possible with the use of dhcp ip helpers on the Guest VLAN. Clients then had the ability to connect to the internet on a filtered set of rules by the firewall.

 

 

Hope this gives you an idea of another possible solution for Guest Access.

0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.