1 Reply Latest reply on Apr 1, 2013 9:07 AM by daniel.blackmon

    vWLAN - configuring a remote location

    danb Visitor

      Hello,

      We have a main location using 1800s and vWLAN.  Authentication is external LDAP for employees and we also supply a guest login on the splash page.  We authenticate users and allow them to our network resources including internet access through our local broadband cable.  Our guest logins are allowed internet access only through a local separate DSL connection at the main site.

      Our second location is connected to our main location over a VPN connection.  It's native and only LAN (VLAN 1) is on a different subnet than the main location.

      The perfect setup would be for the second (remote) location to be authenticated through our main location LDAP server and be allowed resources on all subnets (main location as well as remote).  However, we would like the remote location to use their local broadband for internet access and only send private subnet traffic over the VPN to the main site. 

      We would like users accessing through the vWLAN guest login (splash page) to only access the local internet at the remote location.

      We have the main site configuration working fine.

      We attempted to add the remote location today and, while the user did authenticate with the LDAP server they were not able to get an address from the local subnet.

      Thoughts?

      Dan

        • Re: vWLAN - configuring a remote location
          daniel.blackmon Employee

          @danb

           

          Check your locations in the controller. Depending on what platform/version of controller you are using this information will be in a different spot. If you have trouble finding it, let me know what your controller is (including software version). If you see a location in red, it means no AP is capable of reaching that location. You will likely what to check the locations table for the specific AP as well. You will see this on the AP status page on a per AP basis.

           

          You likely want to check your switch/router/firewall setup as well. Make sure the switchport the AP is plugged into is a trunk port using 802.1q encapsulation, and also that the specific VLAN is allowed over that trunk port.

           

          Verify that you have a DHCP server capable of responding to the DHCP Discover messages from the clients. This response is also how the AP knows it has access a specific VLAN. The AP will send out it's own discover message, and if it gets an offer then the location will automatically be added the locations table.

           

          Depending on the type of VPN you are using, the traffic allowed to traverse the connection is controlled at the firewall. You can use the Roles to limit access, but ultimately routing will be handled by your routers and/or firewalls.