Wireless Access

I have a 620 controller running 6.1.3.0 software.

I have it configured on my LAN and have a wpa2 preshare key SSID that will get you on the corporate network as an "Authenticated" user.

I also have a second port connected to the 620 that goes to separate dmz not on the corporate network. This is primarily used for guest access. Guest users connect to the guest SSID and dhcp an address from my dmz router and go out our backup internet service.

I would like route certain "web traffic" on that Corporate SSID to go out the guest connection and on my backup internet.

So that whenever a user on "Corporate" SSID web browses to say facebook.com they will redirect out the guest dmz connection.

My thinking is that I would need to create a policy that redirects facebook and then apply it to the Authenticated user role. In the policy I see that I can redirect to tunnel (which sounds right) but I also see an option to route.

Just wondering if i'm on the right track here or not. Everything I've seemed to try hasn't worked yet. 

Suggestoins welcome :smileyfrustrated:

Attachment(s)

redirect.pdf   185 KB 1 version

The redirect to tunnel isn't used for something like this. I've used it before after creating a GRE tunnel between 2 controllers then redirecting guest traffic from the controller on the LAN through the tunnel to the controller in the DMZ.

I'm going to say that there isn't the functionality to do what you're asking on the controller.

Can you let me know what the requirement is for doing this? There might be a more simple way to do what you're asking.

J

There is a heavy bandwidth application that the client uses that goes out on the web. We are trying to redirect traffic to this particular website to go out the other internet connection so that it does not load down the corporate primary internet connection.

After second look, I think we may have to re-route this traffic via the customers network/firewall instead of having the controller do this. 

The reason I was wanting the controller to handle this routing because both internet services touch the controller and a majority of the users connect via the wireless. 

As aways... suggestions are welcome.  Thanks for the replies

Since you want all traffic bound to some list of websites to go out your "guest" Internet connection, can you just set up static routes on that controller for those websites to go out your "guest" Internet connection?  Maybe your setup isn't what I'm thinking, but that seems pretty straightforward.

There's also a way to do a poor-man's PBR with ESI as long as all your SSID's are in tunnel mode.

---

@Jaasperff wrote:

There is a heavy bandwidth application that the client uses that goes out on the web. We are trying to redirect traffic to this particular website to go out the other internet connection so that it does not load down the corporate primary internet connection.

 

After second look, I think we may have to re-route this traffic via the customers network/firewall instead of having the controller do this. 

 

The reason I was wanting the controller to handle this routing because both internet services touch the controller and a majority of the users connect via the wireless. 

 

As aways... suggestions are welcome.  Thanks for the replies

---

You are probably better off doing this using the customer's network/firewall since it will apply that policy to both wired and wireless traffic consistently.