Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1270
Views
0
Helpful
2
Replies

Using Policy-Based routing on a VLAN interface

lynne.meeks
Level 1
Level 1

‎09-12-2008 03:56 AM - edited ‎03-06-2019 01:20 AM

Howdy-

We have an open wireless network which requires use of a VPN in order to authenticate and then connect anywhere.

Many folks are unaware of the VPN requirement, and don't understand that they need to use the VPN.

Therefore, we are trying to redirect all web traffic on our wireless VLAN to a specific web page with information on the VPN and how to get it.

We are using Policy-Based routing on the VLAN interface for the Wireless subnet in order to redirect all web traffic to this web page, which is set up to capture this traffic and display the information.

However it is not working; we see hits on the access-list but the redirect does not work.

Here's the config we are using:

access-list 156 deny tcp any any neq www

access-list 156 permit tcp any any

!

route-map redirect permit 10

match ip address 156

set ip next-hop 132.198.201.25

int vlan 155

description wireless network

ip address 192.168.1.1 255.255.255.0

ip policy route-map redirect

Does PBR not work on VLAN interfaces?

FWIW the Vlan interface is on a 6513 running hybrid mode.

We can connect to the web page at 132.198.201.25 if we enter that URL manually, so we know we've got connectivity.

Thanks for any suggestions!

Lynne

Labels:
0 Helpful
2 Replies 2

Marwan ALshawi
VIP Alumni
VIP Alumni

‎09-12-2008 04:21 AM

i think ur acl should looks like

access-list 156 permit tcp any any eq www

and if u can get a wireless controlar or do this web authentication or instraction through the wireless device will be better

good luck

0 Helpful

lynne.meeks
Level 1
Level 1
In response to Marwan ALshawi

‎09-12-2008 05:03 AM

Thanks for your feedback.

I think the acl is ok, since we first deny any traffic that is NOT web, the only traffic left should be web. But we can give it a try.

We had looked into doing the redirect with the LWAPP controllers. However, we don't want to do web authentication instead of the VPN since it is not a secure connection, and the controller will only let you use a web redirect IF you are doing 802.1x or web authentication...

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card