Wireless Access

New Contributor

GRE tunnel between 2 masters- user roles and policies

Hi all,

hope you could give me some advice on the problem I have.

I have 2 master controllers placed in 2 different sites. Only one of them is connected to a TMG firewall which handles our guest wifi traffic. After looking for several solutions I've ended up with creating a GRE tunnel between the 2 controllers which is up and running at the moment. I am having some problems though with setting the policies and roles for the guests as they transit between the controllers. The idea is to move all the action to the controller-A which is directly connected to the TMG i.e. DHCP, active portal, dns....The guests users when connecting to controller-A have a guest-logon role with 2 policies applied

logon control 1:

useranyudp 68deny  Low      
anyanysvc-icmppermit  Low      
anyanysvc-dnspermit  Low      
anyanysvc-dhcppermit  Low      
anyanysvc-nattpermit  Low


captive portal policy:

useranysvc-httpdst-nat 8088Yes Low      
useranysvc-httpsdst-nat 8081  Low


 and a guest role after they authenticate- 3 policies applied: 


lock down control:

useranyudp 68deny  Low      
anyanysvc-dhcppermit  Low      
useranysvc-dnspermit  Low


internet only:

useranysvc-httppermitYes Low      
useranysvc-httpspermitYes Low




anyanysvc-icmppermit  Low


What should I do on my controllers-B side for my guests? Which roles and policies do I need to apply?

Any help appreciated.


Thank you

Search Airheads
Showing results for 
Search instead for 
Did you mean: