Wireless Access

Hi,

I've spent a day learning this product and have read through the configuration guide (which I found from another post on this forum).

I've a few burning questions.

First my goal. To set up 2 SSIDs for two companies in a shared building, each authenticating against it's own RADIUS. I think I know how to get this done. Additionally, I would like a guest network, with all traffic on this network being tunnelled to the controller and then pushed out the INTERNET port over a local internet subnet.

Hopefully, this sounds reasonable?

My questions are:

1. Is it best practice to have a management VLAN on which you place the MSM760 untagged?

2. Something very simple and stupid, but I'm guessing that, when enabled under the default VSC, the device doesn't apply access control and authentication on all traffic placed on the network that touches the LAN port, just IP traffic destined to it's interface due to default gateway or upstream settings on a foreign AP (for example)?

3. If I shouldn't be using my default VSC for the guest network, what should I be using it for - or should I just disable the SSID on it and leave it pretty much useless? I accept that it is supposed to handle all traffic where no SSID or VLAN tag is present, but I can't think of a situation when this would be the case? Any examples?

4. My solution to all of this (in my head at the moment) is to :
a). Effectively disable the default VSC by turning off the wireless
b). Create three additional VSCs called CO1, CO2 and GUEST
c). Attach the CO1 and CO2 VSCs to the correct VLANs by using EGRESS when binding these to the AP groups.
d). Use access control on the GUEST VSC to force a tunnel (always) between the client and the Service Controller and put a DHCP server on this VSC for guest IP address configs (this was the bit I couldn't get working as I wanted it to when using the default VSC as my guest wireless) - it would only let me put a range equivalent to the IP of the unit (which figures I guess).

Any other suggestions anyone?

 

 

P.S. This thread has been moved from Communications, Wireless (Legacy ITRC forum) to MSM Series. -HP Forum Moderator

let me answer only 1 question :D
d). Use access control on the GUEST VSC to force a tunnel (always) between the client and the Service Controller and put a DHCP server on this VSC for guest IP address configs (this was the bit I couldn't get working as I wanted it to when using the default VSC as my guest wireless) - it would only let me put a range equivalent to the IP of the unit (which figures I guess).

the option for DHCP server in the VSC will not show on the default VSC, create another VSC and from there you can configure the DHCP server for this VSC.


Now i have a question, can you please show me how to configure external RADIUS to be used with the controller, i need the config. done on the controller coz the manual is not clear for me.

Regards

Thanks for taking the time to reply.

I had worked out the No DHCP on default VSC bit (although I think you can set the default Address Allocation up and this covers it).

Any ideas on my questions about the default VSC and it's intended purpose?

On the RADIUS front - I haven't quite got there yet but hope to next week when I next get a chance to work on this again - I'll definitely reply with my findings - sorry if this isn't quite soon enough!

Regards,

DS

if no tag on the traffic or the VSC with matching SSID then the Default VSC will act as the default vlan on the switch, the traffic will be forwarded through this Default VSC.