Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Wireless Vlan Configuration 1

Status
Not open for further replies.

anthonymeluso

IS-IT--Management
May 2, 2005
226
US
This is probably a dumb question but I'm still unsure if this is right. We have multiple Procurve 5412zl and will be adding procurve wireless AP's soon. We would like to divide our wireless network into two VLAN one for our internal clients that use a RADIUS type configuration and a second VLAN that would be for guest.

My question is how should I configure the switch port that the APs are connected to on the 5412's? Should I tagged the port for both VLAN ids or something else?

Thanks!
 
I have not done a teaming config myself as I have yet to upgrade my controller from the 750 (the 750 did not supprt teaming) to the 760 or 765zl, but based on what I have read, you can set up DHCP relay on the controller to point to your main DHCP server where you'll create a new scope for that "Public" VSC subnet (page 61 of MSM760 Management and Config Guide I know you will probably need to put a check on the "Client Data Tunnel", but again, since I have not done this myself, you probably will just have to play a little with the other settings, if they are even needed (Circuit ID and Remote ID... might not even need that info to work)
 
Thanks again! For the public access web site can you place it on any interface or VLAN? Also, what does your VSC look like for your guest network in terms of authentication, access-control, ingress and egress networks, and bindings to APs.
 
I have my public access website on my DMZ. My WAN port on my controller is connected into this DMZ vlan as well, so that Public traffic is already on my DMZ before it heads out to the Internet. I have authentication and access controlled checked, ingress is mapped to the public vsc, and egress is default. All of my APs bind to both VSCs in my situation, but you may choose differently.
 
Sorry to sound dumb here but by DMZ do you mean another server in your DMZ or something else?
 
I have a DMZ network defined on my firewall. This DMZ port is then connected to a switch with a VLAN and ports just for that subnet I have defined for that DMZ. I have my public facing web server, Barraccuda SPAM firewall, a SSL VPN appliance, and the WAN port of my MSM750 wireless controller. I don't have a IP address assigned to that VLAN on my switch so even though it shares the same hardware with some other networks, they don't see each other because, without an IP address assigned to the VLAN, it don't route internally. My DMZ gateway IP is the IP address of my firewall's DMZ port. So it's at my firewall that I define what type of traffic I allow or deny to my internal subnets or out to the Internet.
 
Cajuntank,

Thank you again for your time. I think I got it laid out now.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top