Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1071
Views
0
Helpful
9
Replies

Local breakout

frederick.mercado
Spotlight
Spotlight

‎04-27-2022 08:00 AM - edited ‎10-19-2023 12:51 PM

Hi, fairly new to advanced networking. 

 

We have a two 9300 core L3 switches, and a new WLC 9800. We have a MOBILE SSID that we have apple devices connect to, but we do not want them clogging up our MPLS and instead go to a local internet breakout. 

 

Any ideas?

 

Labels:
0 Helpful
9 Replies 9

Flavio Miranda
VIP
VIP

‎04-27-2022 08:08 AM

I may misunderstood the requirement but you can use flexconnect SSID dor Apple device. This way, Apple device´s traffic will be droped on the local network and then you device if you will route it to the internet or only local netwok. 

0 Helpful

frederick.mercado
Spotlight
Spotlight
In response to Flavio Miranda

‎04-27-2022 08:36 AM

Our devices are already connected via flex and SSID. We just need to get them out to a local breakout (internet). While still maintaining internal VLAN communication.

0 Helpful

Flavio Miranda
VIP
VIP
In response to frederick.mercado

‎04-27-2022 09:24 AM

That´s depends how your internet gateway works.

 

 If you L3 switch send traffic to a firewall, you need to create a route on L3 switch sending to firewall using as source the network  10.74.126.x and destination the firewall. On the firewall you need to permit the network  10.74.126.x and create a NAT. 

 The same thing for a router.  

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to frederick.mercado

‎04-27-2022 09:41 AM

In this case site required different subnet for that site, and make a PBR or NAT rule going out to HQ or Know subnet use you MPLS, unknow send them to Internet, is this what you looking to do ?

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

frederick.mercado
Spotlight
Spotlight
In response to balaji.bandi

‎04-27-2022 09:48 AM - edited ‎10-19-2023 12:52 PM

Yes. Currently our setup is as follows:

 

0 Helpful

Georg Pauwen
VIP
VIP
In response to frederick.mercado

‎04-27-2022 12:12 PM

Hello,

 

I am not really clear on what 'MPLS and instead go to a local internet breakout' means in your case. Can you post the configuration of (I assume it has to be the core switch(es) the device(s) that are directly connected to the 'local Internet breakout) ? A topology drawing would even be better.

 

Either way, if the clients you want to route out locally are all in Vlan 126, policy based routing might work.

0 Helpful

Haydn Andrews
VIP Alumni
VIP Alumni

‎04-27-2022 09:32 PM

So if the WLC is not local to the APs and you want to use a local internet break out you would need to use flexconnect for the SSID

*****Help out other by using the rating system and marking answered questions as "Answered"*****
*** Please rate helpful posts ***
0 Helpful

frederick.mercado
Spotlight
Spotlight
In response to Haydn Andrews

‎04-29-2022 06:52 AM

We are trying to just configure a way for a local breakout. We considered PBR for http/https protocol, but it seems that maybe creating a internet VLAN and allowing inter VLAN routing may be best? Unless there is a way to route internet traffic, essentially split tunneling or splitting traffic on the WLC itself?
0 Helpful

JPavonM
VIP
VIP

‎04-29-2022 07:18 AM

If your WLC is local to the site, you can configure differnt VLANs per physical port on the C9800 side and map MOBILE SSID to that VLAN so you can split traffic into a different Internet router. Or you can configure VRF's to enhance security.

If your deployment is with remote Flexconnect APs and central C9800, then follow this guide.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card