VSC to VLAN mapping on MSM765ZL Confussion (5328 Views)
Reply
Occasional Visitor
AndrewB732
Posts: 1
Registered: ‎06-21-2011
Message 1 of 7 (5,328 Views)

VSC to VLAN mapping on MSM765ZL Confussion

Hello, I hope you can help!

 

My previous experience with a 765ZL controller was 4-5 years ago.  Back then you could define a VLAN for the LAN and Internet ethernet ports on the controller, tag the coresponding port on the switch, and then assign an SSID network to utilize each port.  This allowed for a very simple segmentation of wireless networks to VLAN's.

 

I'm trying to setup a new MSM version and running into confusion.  Here's the goal:

 

3 different VLAN segmented networks tagged 1, 2, and 3.  Our wired network already has these networks successfully segmented and tagged.  I want three VSC's (SSID's) to  each point to those networks via eggress mapping.  One of the networks is to be wide open for internet access and is connected to a DMZ.  The other two are separate private networks with different subnets, gateways, etc. 

 

So far all I can do is create the three VSC's with appropriate security and connect to them.  They all allow access to the default VLAN (1) network, and receive DHCP on that VLAN.  No matter what I try though -- I've created the network ports and assigned the VLAN ID's to them.  Gone into the switch settings and tagged switch ports in each VLAN, attempted to set Egress mappings on the Group VSC Bindings -- it won't let me connect to any other VLAN's over a wireless network.

 

At least two of these networks need to be without Authentication or Access Control.

 

I know this is a complicated question, but thought maybe someone has a decently quick answer to where I'm going wrong logically on this scenario. 

 

Thanks,

 

Andrew

Please use plain text.
Frequent Advisor
DougB-CCCP
Posts: 38
Registered: ‎05-31-2011
Message 2 of 7 (5,296 Views)

Re: VSC to VLAN mapping on MSM765ZL Confussion

Which version of code are you running on the controller? 

 

If it's the newer 5.5.x code, you'll need to create a network profile for the specific VLAN, making sure you check the 'VLAN' box and enter the VLAN number.  Then on the egress settings for the group binding, choose that network profile and it should work as long as you have 'untagged' on VLAN1 and 'tagged' on VLAN 2 and 3.

----------------
HP ASE (Mobility), Infrastructure Engineer
Please use plain text.
Advisor
Stuggi
Posts: 20
Registered: ‎08-01-2011
Message 3 of 7 (5,204 Views)

Re: VSC to VLAN mapping on MSM765ZL Confussion

Hi, I tried the same scheme with an MSM710 and MSM430 APs, and I got this error when I tried to bind the guest VSC to the untagged internet port interface.

 

Untagged network can only be selected when VSC has mobility enabled with mobility traffic manager option.

Please use plain text.
Frequent Advisor
C0LDWiR3D
Posts: 33
Registered: ‎11-23-2011
Message 4 of 7 (4,802 Views)

Re: VSC to VLAN mapping on MSM765ZL Confussion

Spoiler
 

Hi,

 

the Binding on the AP groups are for Local Switching VLAN on the APs.

VSC Egress are for Access Controlled (AC) / Tunelled Client Data.

 

However, I cannot make it work like the documentation claims.

Please use plain text.
Occasional Advisor
scottdoorey
Posts: 10
Registered: ‎09-18-2012
Message 5 of 7 (3,977 Views)

Re: VSC to VLAN mapping on MSM765ZL Confussion

Hi,

 

i've also had this problem trying to setup an auhenticated SSID to bridge to a vlan on the internet port. Did you have any luck with this?

 

I'm using 5.7 on a 720

 

Scott

Please use plain text.
Trusted Contributor
Richard Litchfield
Posts: 266
Registered: ‎07-11-2003
Message 6 of 7 (3,925 Views)

Re: VSC to VLAN mapping on MSM765ZL Confussion

Maybe you can try your 3 VSCs binding to the 3 preconfigured network profiles via the Internet port only (ignore the LAN port for now). I usually find it easier to start with the most simple config and add features in (like auth) as it makes troubleshooting much easier.

 

It sounds like 2 are connected without access control and one is an access-controlled VSC?

 

Even though you have the premium mobility licence, you probably don't want to use MTM - that is another complicating factor.

Please use plain text.
Frequent Advisor
Aarón
Posts: 37
Registered: ‎12-22-2008
Message 7 of 7 (3,292 Views)

Re: VSC to VLAN mapping on MSM765ZL Confussion

Hello Andrew,

 

I suppose you already found the solution but just in case I want to share our configuration. We have our wireless network segmented by a VLAN per building and tagged on to the Internet port of the controller. All this using Controlled AP groups to delimit what APs are from which building.

 

The VSC configuration is the following:

 

  • Authentication enabled
  • In VSC Ingress mapping: SSID
  • Virtual AP enabled with default configuration
  • Wireless mobility enabled -> Mobility traffic manager -> Block User

Then in Network -> Network profile create the new profile with the VLAN ID needed, in Network -> Ports -> Add new vlan in the Internet port.

 

After this you can create the Controlled AP Groups you need and use it to egress which VSC you want. For this go to the Group -> VSC Bindings -> Add new binding -> choose the VSC Profile defined earlier and in Egress Network the network profile (VLAN) you want to use.

 

 

All this is explained in the manual "E-MSM7xx Controllers Management and Configuration Guide v5.5.0", chapter 9, "Scenario 2: Centralized traffic on a controller".

 

 

Cheers,

 

Aarón

Please use plain text.
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation