HPE Community
M and MSM Series
1753767 Members
5797 Online
108799 Solutions
New Discussion юеВ

Re: MSN 760 and AP point 422

 
SOLVED
Go to solution
Fred!
Trusted Contributor

тАО04-09-2010 06:10 AM

тАО04-09-2010 06:10 AM

Re: MSN 760 and AP point 422

OK. Now it becomes clearer. So if you want to use a single port with all you want to do, I would reverse the controller ports. Meaning only using the Internet port of the product and not the LAN port.

The idea here is that you would first delete the VLANs from your LAN port. Then create 3 VLANs on the Internet port, 80 (on subnet 188.x) for management, 11 (subnet 186.x) and 12 (subnet 187.x). For VLAN 11 and 12 make sure you have no nating when you create it.

Then what you have to do is make sure that the APs can be discovered on the Internet port (in the discovery page there is a checkbox for that)

You also have to configure both your VSCs to always force the data traffic through the data tunnel.

And finally you assign VLAN 11 and VLAN 12 (that you have previously created) as egress of your respective VSCs in the authenticated drop down.

That's pretty much the only way I see this working. The guest traffic will be tunneled and isolated through the network, they will get their IP within the scopes that you have defined in the VSC and once authenticated they would go on their respective VLANs. Using the LAN port to come in and come out is not a good option when using a single port scenario like you are using. The product does many things on the LAN port that I won't detail here, but because of the access control functionality, a lot of things are going on with the port.
0 Kudos
Shadow13
Respected Contributor

тАО04-09-2010 06:15 AM

тАО04-09-2010 06:15 AM

Re: MSN 760 and AP point 422

aha Fred, but now the LAN port will not be used on anything right ?

so when he switches everything to the internet port the traffic will be the same as using the LAN port the management traffic and the vlans traffic will be handled by the internet port, ?

And now he needs to untagged the internet port in the management vlan and tag it on the other vlans, and remove the tagging and untagging from the LAN port right ?
0 Kudos
Shadow13
Respected Contributor

тАО04-09-2010 06:22 AM

тАО04-09-2010 06:22 AM

Re: MSN 760 and AP point 422

One more thing, can he use the lan port for ingress on the management vlan (untagged), then create the other 2 vlans on the internet port and use it for egress (tagged for the other 2 vlans only), will it be better ?

0 Kudos
Fred!
Trusted Contributor

тАО04-09-2010 06:23 AM

тАО04-09-2010 06:23 AM

Re: MSN 760 and AP point 422

Oh and ProCurve-Super I forgot to mention that you need to go inside the DHCP server configuration page and make sure that you check the box so that the IPs can be delivered within the tunnel.

Shadow13: Yes, he pretty much needs to replicate what he had already configured in terms of connectivity to the Internet port instead.

The LAN port will not be connected. But because of the product behavior with regard to access control, there are services such as DHCP and access control that is sitting on that side. Again as I said the product is basically a router and it routes from one interface (the LAN) to another (the Internet). With the help of the tunnel we can 'fake' this behavior because the tunnel is coming straight inside the services (DHCP/access control) and from there it will be routed based on the egress VLAN of the VSCs.
0 Kudos
Fred!
Trusted Contributor

тАО04-09-2010 06:26 AM

тАО04-09-2010 06:26 AM

Re: MSN 760 and AP point 422

Shadow13: Our last replies crossed. My previous reply was responding to you first comment. To answer your question, in his case he would have just one port connected (which will be the Internet port), he won't use the LAN for anything, no management. The management would come from the internet side. If he wants to use both port, he would have to connect both ports and we can revisit the way the scenario works in that case. But my understanding is that he wants a single port to be connected.
0 Kudos
Shadow13
Respected Contributor

тАО04-09-2010 06:29 AM

тАО04-09-2010 06:29 AM

Solution

Re: MSN 760 and AP point 422

Lol
Fred: so if he needs to use 2 port what i mentioned will work normally is that right ? the traffic will ingress the LAN port through the management vlan and match the VSC, clients will get ip addresses form the right scopes and then egress the traffic through the internet port for the mapping on the VSCs to each vlan, right ?

BTW is this you real name coz i have a doubt :D
Fred!
Trusted Contributor

тАО04-09-2010 09:05 AM

тАО04-09-2010 09:05 AM

Re: MSN 760 and AP point 422

OK. I get it now :) Hum, I would say yes, it should work, but personally I do prefer to segment the traffic for clarity. So either in the 2 port case I would assign different VLANs on the LAN port or I would enable the tunnel.. otherwise you kind of mix up management with your client data traffic. But that's a personnal choice.

And yes, it is my real name, unlike some I don't use complicated names that hide my identity ;-)
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.