HSG3 - Single SSID, Single Portal, Multi-VLAN
This sample scenario represents a very large HSG deployment, where you want to offer a seamless user experience across the entire network.
However, due to large size of the network, you may have a single SSID, but mapped to Multi-VLANs at different locations, all sharing the same login portal.
- Can use any type of AP at LAN side
- Have dedicated management VLAN for AP management addressing (VLAN1)
- Single SSID, but mapped to different VLANs at different locations
- Same portal across all VLANs, and seamless user roaming experience across VLANs
Common use cases
- Big Hotels
- Big shopping malls
- Large tourism places
- Airports, stadiums, etc.
Deployment steps
- Connect HSG eth0 (WAN) to Internet (ISP link ONT or modem). NOTE: If you're using 10G ports for LAN and WAN, the port number is different, please consult vendor.
- Connect HSG eth1 (LAN) to LAN switch
- Connect HSG eth2 to management PC (configure PC with DHCP, then connect to mbox GUI using http://10.10.10.1, login with mboxadmin/Letthem0ut7&)
- HSG eth3 is reserved for private LAN. It's pre-configured to issue DHCP IP.
- Connect AP to LAN PoE switch
- use default VLAN1 as management VLAN for AP/WLC.
- AP will be getting DHCP IP from HSG from network 192.168.8.0/22
- Reserved IP for WLC or other device, range from 192.168.8.2 to 192.168.8.99
- add all VLANs on switch (VLAN10, 20, 30, 40, 50), configure all switch-ports to be in trunk mode, and permit all VLANs for each port (default)
- configure AP to broadcast desired SSID and assign AP (eg. at different locations) to different VLANs, by sharing the same SSID
- HSG default pre-configured VLANs are VLAN10, 20, 30, 40, 50. Auto roaming between VLANs are enabled.
- please refer to respective vendor doc for configuring AP to map SSID to VLAN
- use default VLAN1 as management VLAN for AP/WLC.
3-Step deployment from sample config
NOTE: please upgrade your box to firmware version 20190606-1500, and above (follow this guide to upgrade firmware)
- download Sample config for HSG3-SingleSSID/Portal-MultiVLAN
- follow this video guide to deploy HSG by restoring from sample config
- follow this video guide to customize landing page and login options and create schedule reports.
NOTE: please make sure the portal name remains as "portal".
Sample config default settings
- the eth0(WAN) port is pre-configured to get dhcp IP from ISP ONT/modem (or upstream router). If you need to change interface IP/route, please follow this guide.
- In order to enable auto-roaming between VLANs, seamless relogin is enabled for 1 day. (see details on seamless relogin).
- syslog server (user access logging) is enabled to collect DNS access logs and storing data up to last 5 days (see more details on DNS logging)
- user access records are stored up to last 90 days
- user info (username and profile data) is kept unlimited
- monthly auto backup is configured, keeping the last 3 backup files (see details on backup & restore)