HPE Community
M and MSM Series
1767188 Members
5788 Online
108959 Solutions
New Discussion

MSM760 Wireless Controller with Muptiple VSC's (What setup is more secure?)

 
Josh_Foster
Occasional Collector

‎11-11-2020 10:11 PM

‎11-11-2020 10:11 PM

MSM760 Wireless Controller with Muptiple VSC's (What setup is more secure?)

The controller is configured with 2 VSC's (Guest.wifi, Office.wifi)

 Option A (Not using the WAN Port on the controller) Connecting the LAN Port of the controller to a managed switch. This connection trunked with 2 Vlans (Guest Vlan, Office Vlan) The Guest.wifi VSC is assigned to the LAN port of the controller and bound to the Guest Vlan. The Guest Vlan receives DHCP from the Firewall. The Guest Vlan is configured to have access to the Gateway for internet with no other network access. The Office.wifi VSC is assigned to the LAN port of the controller and bound to the Office Vlan. The Office Vlan received DHCP from a server on the network. The Office Vlan is configured to have access to the Gateway for internet and shares access with other wired network Vlans (Production, Administration, Management).

Option B (Using the WAN Port on the controller) Connecting the WAN Port of the controller to the modem and the LAN Port of the controller to a managed switch. The Guest.wifi VSC is Assigned to the WAN port of the controller. The Guest.wifi receives DHCP from the controller with access to the internet via the WAN Port. The Office wifi and Vlan networks have no changes in this configuration and are connected through the LAN Port receiving DHCP from a server on the office network. There is no "Guest Vlan" in this configuration since no Guest.wifi traffic is routed to the switch.

I am considering what option is better and why...

 

0 Kudos
1 REPLY 1
Emil_G
HPE Pro

‎11-12-2020 01:49 AM

‎11-12-2020 01:49 AM

Re: MSM760 Wireless Controller with Muptiple VSC's (What setup is more secure?)

Hello

Maybe I better answer can be provided if we have more details about the configuration in both scenario. I can think of the following questions which can give us a better understanding of the traffic flow.

  • In the VSC menu of the respective VSCs for both scenarios, how are configured the options Use Controller for Authentication, Use Controller for Access Control?
  • If Use Controller for Access Control is enabled for any VSC, what is configured as VSC egress mapping in the VSC menu?
  • If Use Controller for Access Control is not enabled, what is configured as Egress Network under AP Group ->VSC Binding for the respective VSC?
  • What options for Wireless Protection (WPA) and Authentication (PSK, 802.1x, html-based, mac auth) are configured for both VSCs in both scenarios?

Also I think we need to know what aspect of the security you are concerned about. Is it mainly preventingof the guest users from accessing the office network? Or generally the wireless security, things like secure authentication, privacy etc?

I am an HPE employee

Accept or Kudo


0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.