- Community Home
- >
- Networking
- >
- Wireless
- >
- M and MSM Series
- >
- Re: 765zl - multiple guest vlans?
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-30-2010 01:01 PM
тАО03-30-2010 01:01 PM
765zl - multiple guest vlans?
So far, everything is clear, my problem is with the configuration of the 5412zl switch and the vlans for the Internet port (5412 slot/port C1). During my initial tests, C1 was just untagged in the 5412 Default vlan and the VSC egress was just set to
Do I leave C1 in the default vlan as tagged and also tag it to the Guest1 vlan? Do I remove it from the default vlan and set it as untagged in the Guest1 vlan?
So far, everything I've tried has terminated access to the MSM.
I guess what I'm looking for is a setting that would be set on SeviceController>Network/Ports/InternetPort where I could assign it a vlan tag. That way, I could still access the MSM but have both guest vlans be controlled via ACLs.
The Lan port (5412 slot/port C2) is in a RADIO vlan and only contains the APs. The rest of the network should be accessible via the Internet port (C1).
Thanks!
Tom
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-30-2010 01:29 PM
тАО03-30-2010 01:29 PM
Re: 765zl - multiple guest vlans?
Then you can assign these VLANs into your corresponding VSCs as the egress interface.
Now in your switch I kind of guess that you are using the untagged interface to manage the product through the internet port. You will need to maintain that untag path to the product if you plan on continuing managing the product that way. Then you will need to create 2 VLANs within your switch to match the egress mapping of the VSCs (Guest1 and Guest2).
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-30-2010 01:34 PM
тАО03-30-2010 01:34 PM
Re: 765zl - multiple guest vlans?
In ServiceController>Network>Ports, I have two vlans, DEFAULT_VLAN on the Internet port with an ID of 1 and no IP address, and a Guest1 vlan on the Internet port with an ID of 1011 and a static IP address assigned in my public IP space.
The IDs and names match with the 5412 vlans.
VSC Guest1 has all three egress vlans assigned to Guest1 vlan.
Also, in case it matters, I manage the MSM via a system connected on the Internet port.
Tom
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-30-2010 03:00 PM
тАО03-30-2010 03:00 PM
Re: 765zl - multiple guest vlans?
Tom
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-30-2010 09:13 PM
тАО03-30-2010 09:13 PM
Re: 765zl - multiple guest vlans?
This vlan put it as ingress in the Guest vsc and tag the ports of the AP and the Controller in this vlan.
In the group where you have the binding to the VSC edit the binding the check use egress vlan and put the ID of the new created vlan (used in ingress of the VSC)
Now in the guest1 vlan that has the public IP address and you assigned it as egress, enable NATING,
This should work.
Make sure you uncheck (Wireless security filters) and enable the DHCP server in the controller
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-31-2010 07:28 AM
тАО03-31-2010 07:28 AM
Re: 765zl - multiple guest vlans?
To Tom: I see several things. First I think the default VLAN ID 1 that you have created inside the controller does not do anything. I understand that you probably want to match this configuration with your switch configuration. But the problem is that most switches fake/use VLAN ID 1 internally for what is actually untagged traffic. In other words, the untagged traffic received on the switch port will be internally mapped inside the switch to the group VLAN ID 1 (At least that's what it is doing on Cisco switches and a couple of others - I don't know about the 5412). The reason why I'm saying that it does not do anything is that you don't have any IP address assigned to it. So clearly that is not the interface used to manage you product. I would guess that if you delete that default VLAN ID 1 from the MSM controller, you won't see any difference.
Now, you need to understand that the MSM controller is a router primarily. It routes traffic from the LAN to the Internet port side and vice-versa. Therefore it kind of needs different subnets to be able to have different/unique routes and to properly route traffic from one side of the network to the other side of the network. By playing with the egress of the VSC you can force traffic to be routed on particular route, but if all your VLANs are on the same subnet I'm afraid you will have hard time making this work. The VLANs are really used to segment the broadcast domains and the network into different subnets. For a L2 switch product having VLANs on the same subnet does not matter much, but for a router (which is what the MSM controller is, primarily), it is a problem as the routes are not clearly segmented.
If I understand correctly, for your test you want all traffic to go untagged on the Internet port. Therefore, to do your test, you will have to select "default" as your egress mapping for the VSC. This means that all traffic will be routed using the default routing table. In theory, the untagged interface will be the first in the list of routes (unless you have overriden the routing table with some other routes).
Now you are also talking about having public IP addresses for your clients, which is a different problem. Shadow13 proposed to have nating enabled on your guest VLANs, which would mean that your clients will get private IPs from the MSM controller DHCP and then will be NATed on the Internet port. The other way would be to the MSM controller for DHCP relay and to relay your DHCP request to your external DHCP server. That way the clients will get their IPs on the proper subnet, not a private subnet. So again here it all depends on how you want your client traffic to appear on the Internet port. Whether you want the client IP to be preserved (therefore you will have to use DHCP relay) or if you can have the client all seen as a single IP address (which will be the controller one and NATing).
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-31-2010 09:34 PM
тАО03-31-2010 09:34 PM