Wireless Access

Reply
Occasional Contributor II
Posts: 21
Registered: ‎08-16-2010

Need help routing internet traffic from our guest and corporate wi-fi out a different interface

I have to route internet traffic for our wi-fi guest and corporate network out a DSL connection.  I have an Aruba3400 controller with 4 physical interfaces with 3 of them open to use to connect to the DSL.  I'm running OS 3.3.2.14.  Right now the internet traffic goes out our main corporate internet connection.  Internal LAN traffic for the corporate network will stay the same.  I'm not sure where to make these changes in the controller and would appreciate any helpful advice.

Aruba Employee
Posts: 509
Registered: ‎07-03-2008

Re: Need help routing internet traffic from our guest and corporate wi-fi out a different interface

Connect one of the spare interfaces to the DSL modem and configure the default gateway of the controller to be the IP address of the DSL modem.  Make sure you have static routes for all your internal networks when you do that.

Occasional Contributor II
Posts: 21
Registered: ‎08-16-2010

Re: Need help routing internet traffic from our guest and corporate wi-fi out a different interface

Thanks Mike, I'll try that.

Regular Contributor I
Posts: 171
Registered: ‎04-13-2009

Re: Need help routing internet traffic from our guest and corporate wi-fi out a different interface

How would you accomplish this if you wanted to route Guest traffic out the DSL connection, and Corporate access would be through the Main internet pipe which corporate wired user use to browse to the internet. Is there a way to do a Policy based route? Would this be something set in the firewall policy?

 

-ELiasz

-------------------
ACDX, ACCP, CISSP, CWNA
Aruba Employee
Posts: 571
Registered: ‎04-17-2009

Re: Need help routing internet traffic from our guest and corporate wi-fi out a different interface


johnpi wrote:

I have to route internet traffic for our wi-fi guest and corporate network out a DSL connection.  I have an Aruba3400 controller with 4 physical interfaces with 3 of them open to use to connect to the DSL.  I'm running OS 3.3.2.14.  Right now the internet traffic goes out our main corporate internet connection.  Internal LAN traffic for the corporate network will stay the same.  I'm not sure where to make these changes in the controller and would appreciate any helpful advice.


It sounds like a simple static route option for anthing not internal. You might need to create a static route for internal with a lower cost, then a static route for everything else (eg. 0.0.0.0) at a higher cost.

 

Take a look at the UG. If you need help beyond that, let me know.

 

Zach

Thanks,

Zach Jennings
MVP
Posts: 992
Registered: ‎04-13-2009

Re: Need help routing internet traffic from our guest and corporate wi-fi out a different interface

How about the following.

Say your guest network is 192.168.0.0/24 and is VLAN 2.

Configure a spare port on your controller as an access port on VLAN 2. 

Configure your DSL router to have an IP in that subnet, say 192.168.0.254

Configure your guest DHCP pool to have a default gateway of 192.168.0.254.

Ensure that inter VLAN routing is not enabled on VLAN 2.

Cheers
James

-------------------------------------------------------
-------------------@whereisjrw-------------------
------------------------blog-------------------------
ACCX #540 | ACMX #353 | ACDX #216
-----------Mobility First Expert #11----------
-------------------------------------------------------

If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users via search.
Aruba Employee
Posts: 77
Registered: ‎04-11-2007

Re: Need help routing internet traffic from our guest and corporate wi-fi out a different interface

You can use the ESI module for policy routing. In the below example it would route subnet 10.10.x.x out the 172.16.99.7 default gateway, all other traffic would go out the controller's default gateway. You make the trusted and untrusted ip address the same in a policy route. 

 

Jenga

 

####

 

!

netdestination student-networks
network 10.10.0.0 255.255.0.0
!

esi ping health-30sec
frequency 30
timeout 1
retry-count 2
!
esi server student-gateway-1
mode route
trusted-ip-addr 172.16.99.7
untrusted-ip-addr 172.16.99.7
!
esi group student-gateway-group
ping health-30sec
server student-gateway-1
!


ip access-list session "redirect-students"
alias student-networks any any redirect esi-group "student-gateway-group" direction forward
!

user-role student
session-acl logon-control
session-acl redirect-students
!

Search Airheads
Showing results for 
Search instead for 
Did you mean: