Wireless Access

Reply
New Contributor

Help to direct guest traffic to an especific Internet provider

Hello.

 

I've created two SSIDs for guest and mobile access. My controller to provide DHCP for both. Follow the scope below:

 

- DHCP GUEST scope

Network: 172.16.0.0/24

Gateway: 172.16.0.1 (self controller)

 

-DHCP MOBILE scope

Network: 172.16.10.0/23

Gateway:172.16.10.1 (self controller)

 

My employee users get DHCP via Windows DHCP server at the VLAN 1. The scope for employees is:

- DHCP Employee scope

Network: 192.168.0.0/16

Gateway: 192.168.10.70

 

Today, all wirelless clients (Guest, Mobile and Emplyee SSIDs users) are directed to gateway 192.168.10.70.

 

However, I need that Mobile and Guest Traffic users (networks 172.16.0.0/24 and 172.16.10.0/23) be directed to gateway 192.168.15.1 (our ISP dedicated to Mobile and Guest users). There is another important detail, the networks 172.16.0.0/24 and 172.16.10.0/23 can't reach 192.168.0.0/16 directly. In other words, there is need to do NAT for both networks (Guest and Mobile).

 

Both ISPs isn't directly connnected on the controller. They are reachable my switches layer.

 

Summarizing the subject, my problem is who I need the traffic coming from Guest and Mobile Users to Internet must go through gateway 192.168.15.1 with NAT being the Controller IP (192.168.60.1).

 

On the attachment, is a simple topology for clear understanding.

Highlighted

Re: Help to direct guest traffic to an especific Internet provider

Set the default gateway on the controller to be 192.168.15.1.

Disclaimer: Be aware that if you have other networks, that the controller routes to via 192.168.10.70, that you haven't mentioned you would need to add static routes on the controller to enable the controller to route traffic to them.

Cheers
James

-------------------------------------------------------
-------------------@whereisjrw-------------------
------------------------blog-------------------------
ACCX #540 | ACMX #353 | ACDX #216
-----------Mobility First Expert #11----------
-------------------------------------------------------

If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users via search.
New Contributor

Re: Help to direct guest traffic to an especific Internet provider

I appreciate your answer jrwhitehead. But the problem is if I set default gateway to 192.168.15.1, the employee traffic will pass for this Internet link - what can't happen.

 

I need some rule wich do all traffic coming from guest or mobile users receive NAT from source 192.168.60.1 redirecting that traffic to 192.168.15.1.

Re: Help to direct guest traffic to an especific Internet provider

Why would employee traffic go via that gateway? From your previous post the employee client get their IP details from your internal DHCP server.

 

Cheers
James

-------------------------------------------------------
-------------------@whereisjrw-------------------
------------------------blog-------------------------
ACCX #540 | ACMX #353 | ACDX #216
-----------Mobility First Expert #11----------
-------------------------------------------------------

If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users via search.
Guru Elite

Re: Help to direct guest traffic to an especific Internet provider


pauloink wrote:

Hello.

 

I've created two SSIDs for guest and mobile access. My controller to provide DHCP for both. Follow the scope below:

 

- DHCP GUEST scope

Network: 172.16.0.0/24

Gateway: 172.16.0.1 (self controller)

 

-DHCP MOBILE scope

Network: 172.16.10.0/23

Gateway:172.16.10.1 (self controller)

 

My employee users get DHCP via Windows DHCP server at the VLAN 1. The scope for employees is:

- DHCP Employee scope

Network: 192.168.0.0/16

Gateway: 192.168.10.70

 

Today, all wirelless clients (Guest, Mobile and Emplyee SSIDs users) are directed to gateway 192.168.10.70.

 

However, I need that Mobile and Guest Traffic users (networks 172.16.0.0/24 and 172.16.10.0/23) be directed to gateway 192.168.15.1 (our ISP dedicated to Mobile and Guest users). There is another important detail, the networks 172.16.0.0/24 and 172.16.10.0/23 can't reach 192.168.0.0/16 directly. In other words, there is need to do NAT for both networks (Guest and Mobile).

 

Both ISPs isn't directly connnected on the controller. They are reachable my switches layer.

 

Summarizing the subject, my problem is who I need the traffic coming from Guest and Mobile Users to Internet must go through gateway 192.168.15.1 with NAT being the Controller IP (192.168.60.1).

 

On the attachment, is a simple topology for clear understanding.


You would probably need Policy-Based Routing (PBR) for that: http://community.arubanetworks.com/t5/Controller-Based-WLANs/How-to-configure-a-router-ACL-for-PBR/ta-p/234519



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

New Contributor

Re: Help to direct guest traffic to an especific Internet provider

Perfect!!!

 

I did'nt know that ArubaOS work with PBR.

That's exactly what I needed.

 

Thanks cjoseph, excellent.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: