Wireless Access

Reply
Regular Contributor I
Posts: 238
Registered: ‎05-04-2011

Redirecting traffic

I have a 620 controller running 6.1.3.0 software.

 

I have it configured on my LAN and have a wpa2 preshare key SSID that will get you on the corporate network as an "Authenticated" user.

 

I also have a second port connected to the 620 that goes to separate dmz not on the corporate network. This is primarily used for guest access. Guest users connect to the guest SSID and dhcp an address from my dmz router and go out our backup internet service.

 

I would like route certain "web traffic" on that Corporate SSID to go out the guest connection and on my backup internet.

 

So that whenever a user on "Corporate" SSID web browses to say facebook.com they will redirect out the guest dmz connection.

 

My thinking is that I would need to create a policy that redirects facebook and then apply it to the Authenticated user role. In the policy I see that I can redirect to tunnel (which sounds right) but I also see an option to route.

 

Just wondering if i'm on the right track here or not. Everything I've seemed to try hasn't worked yet. 

 

Suggestoins welcome :smileyfrustrated:

 

 

MVP
Posts: 978
Registered: ‎04-13-2009

Re: Redirecting traffic

The redirect to tunnel isn't used for something like this. I've used it before after creating a GRE tunnel between 2 controllers then redirecting guest traffic from the controller on the LAN through the tunnel to the controller in the DMZ.

 

I'm going to say that there isn't the functionality to do what you're asking on the controller.

Can you let me know what the requirement is for doing this? There might be a more simple way to do what you're asking.


J

Cheers
James

-------------------------------------------------------
-------------------@whereisjrw-------------------
------------------------blog-------------------------
ACCX #540 | ACMX #353 | ACDX #216
-----------Mobility First Expert #11----------
-------------------------------------------------------

If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users via search.
Regular Contributor I
Posts: 238
Registered: ‎05-04-2011

Re: Redirecting traffic

There is a heavy bandwidth application that the client uses that goes out on the web. We are trying to redirect traffic to this particular website to go out the other internet connection so that it does not load down the corporate primary internet connection.

 

After second look, I think we may have to re-route this traffic via the customers network/firewall instead of having the controller do this. 

 

The reason I was wanting the controller to handle this routing because both internet services touch the controller and a majority of the users connect via the wireless. 

 

As aways... suggestions are welcome.  Thanks for the replies

Aruba Employee
Posts: 509
Registered: ‎07-03-2008

Re: Redirecting traffic

Since you want all traffic bound to some list of websites to go out your "guest" Internet connection, can you just set up static routes on that controller for those websites to go out your "guest" Internet connection?  Maybe your setup isn't what I'm thinking, but that seems pretty straightforward.

 

There's also a way to do a poor-man's PBR with ESI as long as all your SSID's are in tunnel mode.

Guru Elite
Posts: 21,029
Registered: ‎03-29-2007

Re: Redirecting traffic


Jaasperff wrote:

There is a heavy bandwidth application that the client uses that goes out on the web. We are trying to redirect traffic to this particular website to go out the other internet connection so that it does not load down the corporate primary internet connection.

 

After second look, I think we may have to re-route this traffic via the customers network/firewall instead of having the controller do this. 

 

The reason I was wanting the controller to handle this routing because both internet services touch the controller and a majority of the users connect via the wireless. 

 

As aways... suggestions are welcome.  Thanks for the replies


You are probably better off doing this using the customer's network/firewall since it will apply that policy to both wired and wireless traffic consistently.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: