01-14-2014 12:43 AM
I have a requirement to redirect traffic to an address on the far side of a tunnel between two controllers. My question is regarding the fundamental operation at layer 2. If a client wants to send a frame to a device in another subnet it will ARP for and use the MAC address of the default gateway - in this a case a normal branch site router. If a policy says that the IP traffic must be pushed down a tunnel what will be the destination MAC address of the frame?. Does the the controller rewrite the MAC header to push it down the tunnel?
I have attached a simple diagram explaining what I'm trying to do.
01-14-2014 11:41 AM
I think I understand what you are trying to do. In order for the controller to direct traffic accros a tunnel it would need to be the default gateway for the wireless clients.
During this the packet is encapsulated and redirected across the L3 boundry. On the other side of the tunnel the packet is un-encapsulated and placed on the network.
01-15-2014 12:49 AM
Trouble with this is that the controller is unable to be made the default gateway, so I was hoping that the packet could be redirected to the tunnel as the current DG does not have visibility of the customers Clearpass server located at the core. Hence the need for the tunnel to the controller that has a single physical port connected to the DMZ where the Clearpass is located. Any ideas on a workaround would be greatly appreciated.