Wireless Access

hi all,

i must configure the msm720 with this feature.

vlan 18, 19 for employee and guest (with html-authentication)

vlan 20 for connectivity and discovery AP

dhcp-server is on vlan 1 and release address on vlan 1, 18, 19

must connect only internet port? or both internet port and lan port?

thanks for replay

if you want using html base authentication for guest user you must use lan  and internet ports.same time

firstly create vlan's on switch

vlan 20 for wireless management

vlan 19 for employe

vlan 18 for guest

internet port connect vlan 20 untag port on switch

lan port connect vlan 18 untag port on switch

all wireless access point port must be

untag state for vlan 20

tagged state for vlan 19 and 18

vlan 20 and vlan 19 use same dhcp server (with ip helper)

vlan 18 must use controller dhcp service because guest network must be sperate all other network..

you create two network profile on controller for vlan 19 an 18 and asign under default group

controller discover ap device from internet port (must be enable internet port discovery on controller management tab)

in this way

when connect employe client on employe ssid ; client go to employe vlan

when connect guest client on guest ssid :client go to do controller lan port for html authentication

guest client after successfull autentication connect to the internet on your local network... with nat

you must be configure controller firewall high lavel  for better security

ths for replay!

i want use html-base authentication both vlan 18 and vlan 19

and both must receive ip address from dhcp-server on vlan 1.

i can not use dhcp-server service on controller because there is already one dhcp-server on vlan 1

i must configure:

vlan 20 for wireless management

vlan 19 for employe

vlan 18 for guest

internet port connect vlan 20 untag port on switch;  ip address internet port ????

lan port connect vlan 18 & 19 tag port on switch??? (i'm not sure)  ip address lan port??

network profile

lan port vlan id 1 (because is connect on vlan 1, where there is the dhcp-server?)

internet port vlan id 20 (because discovery the ap on this vlan)

all wireless access point port must be

untag state for vlan 20

tagged state for vlan 19 and 18

i create network profile on vlan 18 & 19 and assign to default group

i configure controller discover ap device from internet port on vlan 20

attach network scheme for detail.

ths , wait for reply

Attachment(s)

klp_forum.doc.docx   703 B 1 version

Hi Luca

I work this night for you

I create new config and send to detailed configuration information

Cenk

Hi,

i've same problem on MSM720 with ,more or less, same request from customer,

Could i have the working configuration ?

Why the ap with tag & untag port ?

Thanks in advance.

Cipo 

Hello,

We are having exactly the same problem. The only way I can seem to make it work is using the controller as DHCP server, but this is not preferred because there already is a DHCP server on that subnet.

So if you could also send me that configuration, that would be great!

Thanks,

Kris

Hi,

we have a VERY simple setup where we have

1) Zyxel USG200 firewall, with 2 LAN's - one for WLAN and other for company LAN.

LAN: 192.168.0.1/24

LAN2: 192.168.2.1/24

Route 192.168.1.0/24 and 192.168.11.0/24 pointing to 192.168.2.2 (MSM720 internet interface)

2) behind that USG we have an MSM720, directly connected to a LAN-port of the FW

Internet-port (5) IP 192.168.2.2/24 (to LAN2 net of FW)

Access net ip 192.168.1.1/24

3) WLAN AP's directly connected to the MSM720

IP's 192.168.1.2-.5

4) One Guest WLAN, with no auth.

Now, I have tried two things

1) DHCP relay from the FW. This gives the clients correct IP's, but can't ping ANYTHING

2) DHCP from the MSM720, with subnet 192.168.11.0/24.

This pings both 192.168.1.1 and 192.168.2.2, but nothing further.

From LAN1 it's possible to ping both 192.168.2.2 and 192.168.1.1 through the FW, so routing is OK at least for those nets. Can't ping 192.168.11.x, though the routing goes all the way to 192.168.2.2

Any hints?

Hi Humppasonni,

Are you resolved this problem? I have this same problem with configuration MSM720 with 3 VLANs: AP, Users and Guest.

AP: 192.168.117.32/27 vlan 43

Users: 192.168.104.0/23 vlan 17

Guest: 192.168.115.0/24 vlan 3

And I don't known how configuring

http://i57.tinypic.com/t6yt10.jpg