Is there a way to setup a BSC600 to allow my staff wireless access to my protected (staff) network 10.1.x.x; I allow public access to 192.168.x.x.
For instance the public accesses or network and get a 192.168.x.x address, I want my staff to get a 10.1.x.x address so they can access my network resources, and log in with their network username/password.
I have a BSC600 at one location and a BSC2100 at a 2nd location.
jwhausk, Does the 10.1.x.x network exist at both locations or only at one?
Thanks,
Erik
Hi Erik,
Yes the 10.1.x.x network exist at both locations
John
Okay, thanks, John. Do you use Bluesocket APs or 3rd party APs? And are the APs connected to the "Managed" or "Protected" side of the BSC?
Erik
We use BlueSocket APs 1500 and 1800, they are connected to the managed side of the BSC
John
Got it, John. If you would like staff members to be in the same subnet as the wired clients on the 10.1.x.x, I might suggest moving your APs to the protected side of the network. That would require configuring the APs to discover the controller's protected interface, something not required when they are connected to a managed interface that is acting as a DHCP server. By placing the APs on the 10.1.x.x, you can create (or edit if you already have one) an SSID for "staff" that is configured with the "Edge-to-Edge" feature enabled. The effect is that clients connecting to this "Edge-to-Edge" enabled SSID will not be tunneled through the controller, but rather will be bridged right out onto the same network that the APs are connected to - the 10.1.x.x. They will get their DHCP from that subnet and will function just as wired devices would. Your other SSID for public/guest use WOULD be tunneled through the controller (provided that Edge-to-Edge is not enabled on the SSID) and they would function just as it does now.
If you want to test this setup out, you could do so for just one AP and test before rolling it out system-wide. Just assign that Edge-to-Edge SSID to the one AP you test with on the protected side.
Does that help? Reply with any questions.
Thanks,
Erik
Erik,
I think I am missing something how do I tell if an AP is connected to the managed or protected side? Is there a setting on the BSC I am missing?
John
Thanks, John. Probably the easiest way is to see if the AP is getting an IP address from the managed side's DHCP server.
Erik
Hi Erik,
I am testing this on the BSC600, it has 4 managed ports and 1 protected port.
Our 3 APs plug directly into 3 of the managed ports, the protected port goes to a switch on the 10.1.x.x
Thanks,
John
Thanks, John. Yes, so if you are using the physical managed ports, the APs will only operate on the managed side. To employ the solution I describe, you would need to move the APs to the switched network on the protected side - e.g., an available switch port perhaps on the same switch that the BSC's protected interface is connected to.
That means that you will also need to determine how they will get an IP address. They can be set for DHCP to pull from the scope on the 10.1.x.x, or they can be set with static IP addresses on the switched network.
Again, the key difference in placing them on the protected side is that the APs will need to be configured to "discover" the BSC. The steps (complete with screenshots) to do this are found in the various AP installation guides. In the install guide for the 1800 series AP ( Bluesocket Access Point (BSAP) 1800 v2 Installation Guide), for example, you will find those instructions on pp. 18-22 - specifically, steps 6 & 7 on pg. 21. Those steps illustrate how to set the AP to "static discovery" and input the controller's IP address so that the AP knows who its controller is and how to connect to it.
Please take a look at those instructions and see if that helps you configure one of the "test" APs on the protected side.
Thanks again,
Erik
I went ahead and flagged this post as “Assumed Answered.” If any of the responses on this thread assisted you, please mark them as either Correct or Helpful answers with the applicable buttons. This will make them visible and help other members of the community find solutions more easily as well as award points to the users that helped you. If you still need assistance, I would be more than happy to continue working with you on this - just let me know in a reply