Solved: Re: BBSM across subnets

miwitte · ‎09-27-2006

Had a hard enough timne finally getting it to work just on the local subnet, now we want to extend the guest network to other buildings across subnets. I guess you need to configure the switches in other buildings in the BBSM Site\access switch? Do I add a new switch, as right now it is set up a null router. I would really like to hear from others whom have done this. Thanks!

dabels · ‎09-28-2006

I have set up BBSM 5.3 using layer 3 connectivity. it is kind of a kludge because this was made as a layer 2 type of box. saying that I have set up each subnet as a separate site. I add the site, the router and then add the switch as a null conects to router. you will have to make sure that the subnet can get back to the inside address of the BBSM and use that address as an ip hleper (to do the dhcp if you are using that). unless you are using the latest patch level xx29 you will have to route the switch address thru from the external bbsm interface. the latest patch eliminates that as you just have to set it up to talk to the router address on the guest vlan subnet.

lets say you set up the subnet 10.10.10.0/24

at the remote site (you would have to span the vlan to all the switches that are to have connectivity) 10.10.10.1 is the interface on the router for that subnet at that site. you will use 10.10.10.1 as the router that you add and use that router as the connection for the switch as well.

you would have to use a separate subnet for each different site.

HTH

View solution in original post

dabels · ‎09-28-2006

I have set up BBSM 5.3 using layer 3 connectivity. it is kind of a kludge because this was made as a layer 2 type of box. saying that I have set up each subnet as a separate site. I add the site, the router and then add the switch as a null conects to router. you will have to make sure that the subnet can get back to the inside address of the BBSM and use that address as an ip hleper (to do the dhcp if you are using that). unless you are using the latest patch level xx29 you will have to route the switch address thru from the external bbsm interface. the latest patch eliminates that as you just have to set it up to talk to the router address on the guest vlan subnet.

lets say you set up the subnet 10.10.10.0/24

at the remote site (you would have to span the vlan to all the switches that are to have connectivity) 10.10.10.1 is the interface on the router for that subnet at that site. you will use 10.10.10.1 as the router that you add and use that router as the connection for the switch as well.

you would have to use a separate subnet for each different site.

HTH

miwitte · ‎09-29-2006

Thanks for the reply. That looks like it will work, however when I try to add the new router it keeps giving me error "Router cannot be on same subnet as BBSM server" Have you had this issue and how did you get around it. There still is router 0 using the loopback, do I need to delete this? I don't wnat to break the existing install as we are using this. Thanks!

miwitte · ‎09-29-2006

Ok I was able to get the new BBSM router configured, the client DHCP pool needed to be cofigured and mask set. I guess it was looking a the 10. address as a /8. So i have configured a second site using this router and a switch connected to null using the router. I have also put the patches on as you suggested. I still am having issues getting it to respond. I have clinet connectivity to the VLAN interface that the BBSM is connected to but it does not respond. Just curious how you are getting your clients to only use the BBSM and not the internal network. My idea is to policy route to the BBSM and use access-lists to block any other access. I am also using the BBSM as the DNS server. I know I am close just missing a small piece now.

miwitte · ‎10-02-2006

Ok things look real good now. The only issue I am having is that I have to use IE in proxy mode to get connectivity. I am using PBR to force the clients next hop to be the BBSM, but that does not work. The only way I am able to get this to work is to use the BBSM interface in the IE proxy settings. Any thoughts out there??

miwitte · ‎10-05-2006

I ended up having to do the PBR on the core swtich that the 4500 feed into. Works like a champ. Thanks for the fix!

andrewlow · ‎10-10-2006

I had to setup a similar thing, but ended up using GRE between cat 4507's and PBR. The incoming guest vlans route-map used the remote gre tunnel int as the next hop and that tunnel interface set the BBSM as the next hop. This helps keep the guest access data total separate from the normal users data.

Sample config should give ideas. These two site were separated by a WAN but the same principles could apply to the any routed network?

In this case the BBSM is 192.168.255.2 (guest vlan 2)

Cat4507 ?A (HO)

ip access-list extended match_remote-site

permit ip 192.168.201.0 0.0.0.255 any

route-map remote-site_guest permit 10

match ip address match_remote-site

set ip next-hop 192.168.255.2 (BBSM)

int tun 0

descrip GRE Tunnel to Remote-site guest wifi

ip add 11.1.1.1 255.255.255.252

tunnel source Loopback0

tunnel destination 192.168.254.129

tunnel mode ipip

ip policy route-map remote-site_guest

Cat4507 ?B (remote)

int tun 0

desc GRE Tunnel to Central Site BBSM

ip add 11.1.1.2 255.255.255.252

tunnel source Loopback0

tunnel destination 192.168.254.1

tunnel mode ipip

ip access-list extended guest_wifi

permit ip 192.168.201.0 0.0.0.255 192.168.255.0 0.0.0.255

route-map guest_wifi permit 10

match ip address guest_wifi

set ip next-hop 11.1.1.1

int vlan 2

ip address 192.168.201.1 255.255.255.0

ip helper-address 192.168.255.2

no ip directed-broadcast

ip policy route-map guest_wifi