M and MSM Series
1748185 Members
4165 Online
108759 Solutions
New Discussion

Tunnel Guests to Internet-Port on MSM710

 
LeoKurz
Occasional Advisor

Tunnel Guests to Internet-Port on MSM710

Hello,

 

I have a MSM710 with a couple of accesspoints to provide WLAN access for office users, this works all right. Now I want to configure a VSC which only uses a PSK encrytion and no further authentication. The traffic of this VSC should be tunneled to the MSM710 an then NATed trough the internet port. I just can't figure out how this can be done. Is there a step-by-step manual how to do this? I Get the vsc configured all right (I think) but i can't find out how to map this traffic to the internet port. I configure the DHCP settings in the vcs where I set a gateway adress. How and where do I set this adress on the controller?

 

Any help very much appreceated!

 

__Leo

3 REPLIES 3
Peter_Debruyne
Honored Contributor

Re: Tunnel Guests to Internet-Port on MSM710

Hi,

 

These would be the steps:

 

Enable the dhcp server on the controller

Controller - Network - Address Allocation - dhcp server. Scope is not important, will be defined at the vsc level.

 

You should define an access-controlled VSC with these settings:

Controller - VSCs

* define vsc:

 use controller for access-control : yes

 # disable the html ( web portal) auth:

 use html authentication : no

# ensure the APs tunnel traffic to the controller

 always tunnel client data : yes

# define a dedicated IP subnet for the guests

# This is a very tricky part, the default gateway which is set on the dhcp scope is also the new IP inteface + address

 # of the controller on this VSC.

dhcp server:

 define scope+gateway address

 # egress vlan

 set to "default" : this is ok if the internet port is connected to e.g. a dedicated guest ADSL connection and gets a dhcp address from the ADSL router. This is the outbound NAT interface for the guests

 

Best regards,Peter

 

LeoKurz
Occasional Advisor

Re: Tunnel Guests to Internet-Port on MSM710

Hi Peter,

 

tahnks for our help! I figured it out by now. The only differenc to your instruction is, that when you use "always tunnel client data : yes" you have to configure DHCP:  "DHCP requests on:" -> "Client data tunnel", otherwise your clients never get an ip-address :-( Configured it w/o client data tunnel, tagged a vlan to the inet port so I can select it as egerss port, et voilá, works as designed!

 

__Leo

Peter_Debruyne
Honored Contributor

Re: Tunnel Guests to Internet-Port on MSM710

yes, forgot that one, I turn that option on "by default" as a habit.

The reason I suggested the tunnel is that it works even when the APs are not on the same subnet/vlan as the controller (like in remote sites).

When AP and controller can connect through a vlan your config works fine as well of course.

 

Good to hear you made it work !