Cisco Support Community
Community Member

Isolated Guest network using vrf and GRE


I need to configure a isolated network providing Internet access for visitors.

Since I have a routed backbone, I cannot use a end-to-end vlan, so I decided to use vrf with GRE.

I set up two routers (more spokes will follow) as shown in the picture and configured them like in the config files attached to this post.

Basically the configuration is working:

- 1811 router provides DHCP address to the client

- The client can ping his gateway, the tunnel i/f of the HUB and hosts on the Internet

Now I'm facing two (hopefully minor) problems:

1) If I want to surf the Internet, SOME websites don't work.

The browser hangs while loading the page. I checked if DNS is working and it does.

I also tried to set the MSS ("ip tcp adjust-mss 1360" on both tunnel i/f) and it works better but not perfect.

2) The DHCP server on the 1811 should exclude the IPs - from the DHCP pool.

I used the "ip dhcp excluded-address ..." command but I does not work. My Client always gets

I hope someone can help me!

Thank you in advance,



Re: Isolated Guest network using vrf and GRE

hi chris

as long as its working thats mean ur routing is good

but i am wondering about one point

which is the defult route to the internet

ip route vrf GuestNet

here the is and ip and interface belong to global routing not under any vrf in my understanding it should be like :

ip route vrf GuestNet global

good luck

CreatePlease to create content