01-05-2010 07:47 AM - edited 03-06-2019 09:09 AM
I have an access controller called an IP3. The device is used to control user access to the Internet. It is a typical device you would find in a hotel to give user’s access to the Internet. When you attempt to access Google or another site you would get a welcome page and have to complete a logon. I heavily use VLAN’s in my network and I have a specific VLAN I use just for guest Internet access. The VLAN is 10.0.255.0 with a subnet mask of 0.255.0.255. I have 20+ remote locations and in each location they have a guest VLAN just for Internet access. Examples: 10.2.255.0/24, 10.3.255.0/24, 10.4.255.0/24, etc… By using ACL’s I have isolated this traffic so it does not cross onto the corporate network. Internet access is via my main corporate office for all remote locations. The access controller is designed to be an inline device. The problem I am trying to solve is how can I deploy this access controller in my main corporate office so all guest Internet traffic will pass through it for authentication without interfering with corporate traffic. I thought perhaps using GRE tunnels might allow me to achieve this?
Any suggestions anyone would have would be greatly appreciated.
01-05-2010 08:03 AM
Hello HMidkiff,
you can use policy based routing to divert traffic from guest IP subnets to the web controller.
PBR works inbound on the interface that receives traffic. So you may need to apply it on multiple interfaces on central site router.
access-list 101 permit ip 10.100.0 0.0.0.255any
route-map pbrguest permit 10
match ip address 101
set ip next-hop I3-ipaddress
int type x/y
ip policy route-map pbrguest
constraint: the IP3-ipaddress has to be on a connected interface for PBR to work
Hope to help
Giuseppe
01-05-2010 08:08 AM
I agree with Giuseppe, PBR is the way to go. Just a quick addition though. If your IOS supports PBR recursive next-hop then the next-hop does not have to be on a connected interface -
https://www.cisco.com/en/US/docs/ios/12_0s/feature/guide/12s_pbr.html
Jon
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide