HPE Community
M and MSM Series
1753970 Members
7449 Online
108811 Solutions
New Discussion

MSM720 setup with guest wifi and private wifi via Radius. Is this a usable design?

 
Arnhem_NL
Occasional Contributor

‎10-01-2012 07:24 AM

‎10-01-2012 07:24 AM

MSM720 setup with guest wifi and private wifi via Radius. Is this a usable design?

Hello,

I hope someone can give his remarks/recommendations about the setup I am deploying with a customer. To be honest I am used to work with Cisco stuff, but from time to time I have to deploy HP wireless devices.

At this moment I have rolled out an HP MSM 720 with 12 MSM430 AP's.
The internet gateway is an ISA server with originally 2 nics: 1 Lan, 1 internet.
I added 1 interface as a DMZ to use a guest wifi and route traffic via this interface with a dedicated public ip

the config looks like this:

ISA server DMZ interface 10.11.11.33 to SWITCH1-port49 untagged vlan 10
SWITCH1-port48 tagged vlan 10 to MSM720-port5 (internet port)tagged vlan 10
MSM720-port1 untagged vlan 1 to SWITCH1 port 1 untagged vlan 1 (office network)
Accesspoints all untagged in vlan 1 on POE SWITCH1 since traffic is tunneled, they cannot reach inside lan.

Now I need to add the private office network with RAdius authentication.
The inside network doesn't have enough free address space so I decided to add a vlan;
I set up an additional interface on the ISA, since this thing and some of the customers'switches donot support vlan tagging, with subnet 172.20.0.0/16
on the SWITCH1 and the MSM720 I created vlan 12 for this subnet
on SWITCH1 I connected the subnet to untagged vlan 12 port
On MSM port 6 I have tagged vlan 12 to a vlan 12 tagged port on the SWITCH1
The AP's will be tagged for vlan 12 and connect to SWITCH1 via tagged vlan 12
The MSM controller port 1 untagged for vlan 1 and tagged for vlan 12 connects to SWITCH1
Traffic for guest wifi travels tunneled via port 1 untagged
Traffic for private office network travels also via port 1 but tagged vlan 12. The ISA handles/routes the connection to the inside office LAN.

 


Thank you for any help.

 

Regards,

Rolf

Netherlands

0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.