IP redirection feature.

Unanswered Question
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
ericgarnel Mon, 09/17/2007 - 11:09
User Badges:
  • Gold, 750 points or more

I think this is what you are asking

similar doc:

http://www.cisco.com/en/US/docs/wireless/technology/ip-redirect/technical/reference/ipredir.html#wp36493

Step 1 Configure an access point with at least two SSIDs and VLANs with any combination of authentication and encryption.


Step 2 Configure at least one wireless client on each SSID and VLAN.


If there is a router between the AP & the internet router, why not just use PBR?


Step 3 Verify that the client on VLAN 20 is able to use Telnet to connect to a host on the wired network for VLAN20.


Step 4 Verify that the client on VLAN 10 is able to use Telnet to connect to a host on the wired network for VLAN10.


Step 5 (Optional) - Verify that the clients on each VLAN can browse to a page on the wired-side hosts for their respective VLANs.


Step 6 Chose the Security > Global SSID Manager screen, scroll to the General Settings section, and enable IP Redirection on one of the SSIDs pointing to the IP address of the host on the other VLAN as shown in Figure 2.

ericgarnel Tue, 09/18/2007 - 05:51
User Badges:
  • Gold, 750 points or more

On the url in my previous post it states:

This feature is specifically applicable to a retail requirement for directing IP data traffic to a specific destination over a shared network. Some customers may be able to accomplish this using policy based routing in the routers. However, there are many instances where the store based routers are managed by service providers or are non Cisco devices. Further, it is not uncommon for a service provider to charge a customer as much as $100 per store location to provide policy based routing.


IP Redirect can also be used to auto redirect traffic to a gateway for guest authentication.


I;m not sure how to better explain it

ericgarnel Tue, 09/18/2007 - 10:34
User Badges:
  • Gold, 750 points or more

Are you planning to separate the guest & user ssids into separate vlans/subnets?


Assuming that is the case, there needs to be a mechanism in the network to separate and/or route multiple subnets


guests------\

router---internet gw

internal-----/

internal svc/


The cheesy diagram above intends to show that that guests get internet access only, while internal get both internet and internal.


There are several ways to do this, but it really depends on your environment, # of users, how much control & access you have to internal client machines, etc.

For example, if the internet gw above can support vlan encapsulation or has a dmz interface as well as an internal interface, you could eliminate the middle router.


here is a small part of the ap config. You will also have to setup trunking on the switch port as well


guest net 192.168.3.0

internal net 192.168.2.0

dmz net 192.168.1.0


access-list 10 permit 192.168.3.0

! anything else hits the implicit deny

#ssid guest_SSID

! name of ssid for guests

ip redirection host 192.168.1.1

! ip address of internet gateway

access-group 10 in

! force traffic from guest ssid to be redirected


There are several options, many of which can be configured on the wired side

ericgarnel Wed, 09/19/2007 - 07:29
User Badges:
  • Gold, 750 points or more

I'm not sure if the redirect command will do that, I've never tried using a redirect to send to an ip on the same subnet. In the example from the url in the earlier post, it shows a redirect to a host in a different subnet. What is the redirected ip address you mention? is it on the same subnet?

ericgarnel Wed, 09/19/2007 - 07:31
User Badges:
  • Gold, 750 points or more

Andrea, perhaps if you give some more info on the wired side of the network it may help us understand better what you are trying to accomplish.


Thanks,

Eric

Actions

This Discussion

 

 

Trending Topics: Other Wireless Mobility

client could not be authenticated
Network Analysis Module (NAM) Products
Cisco 6500 nam
reason 440 driver failure
Cisco password cracker
Cisco Wireless mode