06-21-2011 12:58 PM
Hello, I hope you can help!
My previous experience with a 765ZL controller was 4-5 years ago. Back then you could define a VLAN for the LAN and Internet ethernet ports on the controller, tag the coresponding port on the switch, and then assign an SSID network to utilize each port. This allowed for a very simple segmentation of wireless networks to VLAN's.
I'm trying to setup a new MSM version and running into confusion. Here's the goal:
3 different VLAN segmented networks tagged 1, 2, and 3. Our wired network already has these networks successfully segmented and tagged. I want three VSC's (SSID's) to each point to those networks via eggress mapping. One of the networks is to be wide open for internet access and is connected to a DMZ. The other two are separate private networks with different subnets, gateways, etc.
So far all I can do is create the three VSC's with appropriate security and connect to them. They all allow access to the default VLAN (1) network, and receive DHCP on that VLAN. No matter what I try though -- I've created the network ports and assigned the VLAN ID's to them. Gone into the switch settings and tagged switch ports in each VLAN, attempted to set Egress mappings on the Group VSC Bindings -- it won't let me connect to any other VLAN's over a wireless network.
At least two of these networks need to be without Authentication or Access Control.
I know this is a complicated question, but thought maybe someone has a decently quick answer to where I'm going wrong logically on this scenario.
07-06-2011 01:14 PM
Which version of code are you running on the controller?
If it's the newer 5.5.x code, you'll need to create a network profile for the specific VLAN, making sure you check the 'VLAN' box and enter the VLAN number. Then on the egress settings for the group binding, choose that network profile and it should work as long as you have 'untagged' on VLAN1 and 'tagged' on VLAN 2 and 3.
HP ASE (Mobility), Infrastructure Engineer
08-03-2011 01:48 AM
Hi, I tried the same scheme with an MSM710 and MSM430 APs, and I got this error when I tried to bind the guest VSC to the untagged internet port interface.
Untagged network can only be selected when VSC has mobility enabled with mobility traffic manager option.
02-13-2012 04:39 AM
the Binding on the AP groups are for Local Switching VLAN on the APs.
VSC Egress are for Access Controlled (AC) / Tunelled Client Data.
However, I cannot make it work like the documentation claims.
09-20-2012 04:28 PM
i've also had this problem trying to setup an auhenticated SSID to bridge to a vlan on the internet port. Did you have any luck with this?
I'm using 5.7 on a 720
09-28-2012 12:23 AM
Maybe you can try your 3 VSCs binding to the 3 preconfigured network profiles via the Internet port only (ignore the LAN port for now). I usually find it easier to start with the most simple config and add features in (like auth) as it makes troubleshooting much easier.
It sounds like 2 are connected without access control and one is an access-controlled VSC?
Even though you have the premium mobility licence, you probably don't want to use MTM - that is another complicating factor.
03-07-2013 01:03 AM
I suppose you already found the solution but just in case I want to share our configuration. We have our wireless network segmented by a VLAN per building and tagged on to the Internet port of the controller. All this using Controlled AP groups to delimit what APs are from which building.
The VSC configuration is the following:
- Authentication enabled
- In VSC Ingress mapping: SSID
- Virtual AP enabled with default configuration
- Wireless mobility enabled -> Mobility traffic manager -> Block User
Then in Network -> Network profile create the new profile with the VLAN ID needed, in Network -> Ports -> Add new vlan in the Internet port.
After this you can create the Controlled AP Groups you need and use it to egress which VSC you want. For this go to the Group -> VSC Bindings -> Add new binding -> choose the VSC Profile defined earlier and in Egress Network the network profile (VLAN) you want to use.
All this is explained in the manual "E-MSM7xx Controllers Management and Configuration Guide v5.5.0", chapter 9, "Scenario 2: Centralized traffic on a controller".