Wireless Access

Okay we have a client that  got one port  plugged to the L3 router and its sending all the corporate information to it, and also they got a internet  through that L3 router...

Now they want to have a second internet plugged to the Wireless controller.

They just want to route this traffic to the internet to this internet connection plugged to the wireless controller

The other traffic should be send to the L3 switch even the intenet traffic of the corporate...

Now i have no idea how can i do this... because there is no policy routes in which i can say for the traffic with this source send it through this interface and all the other through the other internface....

Anyways how do you handle this situation?

Is the controller routing or switching the guest users in your scenario?

Also is the controller routing or switching the corporate users in your scenario?

I ask this because your question could be read two different ways, and I want to be clear what you're asking.

Thanks.

The internal networks for example the corporate network is being routed by the core switch

The guest network its a vlan and network that just exist on the controller

I managed to make it work but well... that killed my raps... in my laboratory....

Since

Routes on the controller

Codes: C - connected, O - OSPF, R - RIP, S - static
       M - mgmt, U - route usable, * - candidate default

Gateway of last resort is Imported from DHCP to network 0.0.0.0 at cost 10
Gateway of last resort is Imported from PPPOE to network 0.0.0.0 at cost 10
Gateway of last resort is 10.10.50.1 to network 0.0.0.0 at cost 1
S*    0.0.0.0/0  [1/0] via 10.10.50.1*
S    10.25.143.0/24 [1/0] via 172.16.3.1*
S    172.16.2.0/24 [1/0] via 172.16.3.1*
S    172.16.10.0/24 [1/0] via 172.16.3.1*
S    172.16.20.0/24 [1/0] via 172.16.3.1*
S    172.29.0.0/24 [1/0] via 172.16.3.1*
C    172.16.3.0 is directly connected, VLAN10
C    10.10.50.0 is directly connected, VLAN999

The vlan 999 is the vlan that connect to the guest internet which is directly attached to the controller

Now you see a few networks for example 172.16.20.0/24 those are being routed by the core switch

Everything works fine but then... i got these raps in which they will connect to the public ip address of the corporate terminate on the controller and will aim to go out through the guest network internet cause of the default ip route i had to change to make it work...

I though i foudn a way to do it but now my remotes are missing unless i add to the route table pointing to the corporate core switch the public ip address of the rap... which is no good...

Now im thinking another way....

Ill have to trunk the guest vlan to the corporate L3 and make them do the job.... i mean using policy base route that the controller does not support...

Well at th end i have gave the client 3 solutions

1-Plug the internet cable to the core switch and let them do the policy base route there. as they dont ahve firewall in that site.. which i dont recoment

2-Buy a small firewall so they can plug in the Internet there... it will nat and route the guest traffic.

3-Point the default gateway to the guest internet, and point static routes to the core for the internal network.. the iusse here is that the remote aps doesnt work and also i got my wireless controller directly plugged to the internet...

I recommended option 2