Isolated Guest network using vrf and GRE

Unanswered Question
Oct 15th, 2008
User Badges:

Hi,


I need to configure a isolated network providing Internet access for visitors.

Since I have a routed backbone, I cannot use a end-to-end vlan, so I decided to use vrf with GRE.


I set up two routers (more spokes will follow) as shown in the picture and configured them like in the config files attached to this post.


Basically the configuration is working:

- 1811 router provides DHCP address to the client

- The client can ping his gateway, the tunnel i/f of the HUB and hosts on the Internet



Now I'm facing two (hopefully minor) problems:


1) If I want to surf the Internet, SOME websites don't work.

The browser hangs while loading the page. I checked if DNS is working and it does.

I also tried to set the MSS ("ip tcp adjust-mss 1360" on both tunnel i/f) and it works better but not perfect.


2) The DHCP server on the 1811 should exclude the IPs 10.9.250.1 - 10.9.250.127 from the DHCP pool.

I used the "ip dhcp excluded-address ..." command but I does not work. My Client always gets 10.9.250.2.



I hope someone can help me!


Thank you in advance,

Chris




  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Marwan ALshawi Tue, 10/21/2008 - 15:09
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, December 2015

hi chris

as long as its working thats mean ur routing is good


but i am wondering about one point


which is the defult route to the internet

ip route vrf GuestNet 0.0.0.0 0.0.0.0


here the is and ip and interface belong to global routing not under any vrf in my understanding it should be like :


ip route vrf GuestNet 0.0.0.0 0.0.0.0 global


good luck

Actions

This Discussion