Wireless Access

Hi everybody. I have a problem with the dhcp server. I have 3 vsc and I try that my controller obtain  ip from different subnets.

For example in my employees ssid I what that the user obtain ip address from 172.16.8.0. To my  manager ssid from 172.16.9.0 and from my gerent ssid form 172.16.10.0. I tried this with a dhcp linux server with webmin, but I only obtain ip address from the network 172.16.8.0. Could you help me?. Thanks.

Do you mean that you're trying to get your linux server to be the DHCP server for your VSCs, without the controller?

For the linux server to be the DHCP server for all VSCs, bypass the controller's DHCP altogether.   Each VSC goes into its own VLAN, like this:

Controller:

 - Set the Controller to Controller >> Network >> Address allocation >> DHCP Services: None.  

 - Define a VLAN for each VSC (Controller >> Network >> Network profiles)

 - Bind each VSC to its VLAN profile as an egress network (Controlled APs >> Default Group >> VSC bindings).

Wired network:

 - For every AP, put the AP switch port into all the VSC VLANs.

 - For every VLAN, add an ip-helper address in the VLAN's IP interface pointing to your linux DHCP server.

 - Make sure the routing between the VLAN IP interface and the DHCP server works.

 - Make sure your Linux server has a DHCP scope defined for each VSC subnet.

The AP will tag DHCP Discover frames from each VSCs' wireless clients with the VLAN ID for that VSC.  The IP interface for that VLAN will convert the broadcast into unicast with its own source address, then will forward the DHCP Discover to the DHCP server.  Then the rest of the DHCP relay process (discover, offer, request, ack) proceeds.

So in this scenario, DHCP for VSCs is handled entirely by the wired network, and not at all by the Controller.  (However, I can't get this to work with access-controlled VSCs -- that is, it works TOO well, since traffic bypasses the controller, and for HTML-based authentication I can't get the splash page to come up.)  But if that's what you want, that's how!

thanks,

noemi

Thanks noemi for your time. Do you think is a better idea that use the dhcp from the controller instead of the dhcp from the server in Linux?.

If I were you, I would continue to use the Linux (or Windows) DHCP server for all VSCs.   The only exception is that I often use the built in controller's DHCP for the guest/public network which is NAT'd.

Thanks for you answer. There is something that I dont understand. I try to use the linux dhcp server but I think that I need to configurate this with dhcp relay in the controller no with the configuration of naomi. What is better?. Could you help me with the configuration?, Thanks

>>

If I were you, I would continue to use the Linux (or Windows) DHCP server for all VSCs. The only exception is that I often use the built in controller's DHCP for the guest/public network which is NAT'd.

>>

What if you didn't want to NAT the public/guest network at the controller, would you still use the controller's own DHCP server?  Can you get a splash page to come up for a guest network without using the controller for DHCP?

>

I try to use the linux dhcp server but I think that I need to configurate this with dhcp relay in the controller

>

If I understand this question: you *can* use your Linux DHCP server without the controller's DHCP at all.  Set the controller to "DHCP Services: None."

The problem comes in for so-called "access-controlled" networks. I've been banging my head against a brick wall for months trying to get a splash page to show up for HTML-authenticated VSCs.  I'm not even sure what makes the VSC "access-controlled" when clients can connect, get an IP address from normal network DHCP broadcast, and then get out to the Internet with no splash page intercepting it for authentication.  I'm not even sure regular wireless user traffic (ping 8.8.8.8) is getting sent to the controller at all, though maybe the AP is encapsulating it in one of those UDP port 1194 packets.  I read somewhere that you have to use the Controller for DHCP relay or server for HTML authentication, but I see no reason why and it's not stated that way in the manual anywhere.

Anyway, as long as you don't need to do HTML authentication for a public/guest WLAN, you can skip the controller for DHCP.  And if you do need HTML authentication -- then hopefully someone else can tell how!

thanks,

noemi

At the end I tried to use your configuration but I don't have the same properties in my controller. I don't have "Network Profiles". My Current firmware version is: 5.3.5.0-01-7983. 

Could you help me with this problem?. Thanks.

Hi cenk sasmaztin. This is my switch configuration.

Running configuration:

; J8697A Configuration Editor; Created on release #K.14.41

hostname "ProCurve Switch 5406zl"
module 1 type J9154A
module 2 type J8702A
module 3 type J9309A
module 4 type J8702A
module 5 type J8706A
module 6 type J8702A
ip routing
vlan 1
name "DEFAULT_VLAN"
untagged B1,B6-B24,C1-C4,D2-D24,E1-E9,E11-E24,F7-F9,F18,F20,F22-F23
no untagged A1-A2,B2-B5,D1,E10,F1-F6,F10-F17,F19,F21,F24
no ip address
exit
vlan 10
name "PB"
untagged F10
ip helper-address 172.16.11.253
ip address 172.16.10.252 255.255.255.0
tagged E1
exit
vlan 99
name "ADMIN"
untagged D1
ip address 172.16.99.99 255.255.255.0
tagged B5,E1-E10
exit
vlan 11
name "PISO-1"
untagged F11
ip helper-address 172.16.11.253
ip address 172.16.1.252 255.255.255.0
tagged E2
exit
vlan 12
name "PISO-2"
untagged F12
ip helper-address 172.16.11.253
ip address 172.16.2.252 255.255.255.0
tagged E3
exit
vlan 13
name "PISO-3"
untagged F6,F13
ip helper-address 172.16.11.253
ip address 172.16.3.252 255.255.255.0
tagged E4-E5
exit
vlan 14
name "PISO-4"
untagged F5,F14
ip helper-address 172.16.11.253
ip address 172.16.4.252 255.255.255.0
tagged E4-E5
exit
vlan 15
name "PISO-5"
untagged F15
ip helper-address 172.16.11.253
ip address 172.16.5.252 255.255.255.0
tagged E6
exit
vlan 16
name "PISO-6"
untagged F16
ip helper-address 172.16.11.253
ip address 172.16.6.252 255.255.255.0
tagged E7
exit
vlan 17
name "PISO-7"
untagged F17
ip helper-address 172.16.11.253
ip address 172.16.7.252 255.255.255.0
tagged E8
exit
vlan 18
name "APs"
untagged A2,B2-B4
ip address 172.16.8.253 255.255.255.0
tagged B5,E1-E8
exit
vlan 20
name "UPLINK"
untagged A1,F1-F4
ip address 172.16.11.249 255.255.255.248
exit
vlan 19
name "GUEST"
untagged F19
ip address 172.16.9.252 255.255.255.0
tagged E4
exit
vlan 21
name "DESARROLLO"
untagged F21
ip helper-address 172.16.11.253
ip address 172.16.21.252 255.255.255.0
tagged E4
exit
vlan 90
name "ACCESOS"
untagged F24
ip address 172.16.20.252 255.255.255.0
tagged E1-E8
exit
vlan 22
name "INFRA"
ip address 172.16.22.252 255.255.255.0
tagged E4
exit
qos protocol IP priority 7
ip route 0.0.0.0 0.0.0.0 172.16.11.254
snmp-server community "public" unrestricted
snmp-server community "Servmae"
snmp-server host 172.16.0.123 "public" all
snmp-server contact "<email>:" location "<name>:"
no autorun

The vlans that I want to use in my controller  in different vsc are vlan 18 and vlan 19.