Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

How to route Guest VLAN across WAN

I have two sites connected by an MPPLS line.  My main site has a wireless Guest network that uses my ASA as a DHCP server.  I would like to install a Guest network in my second site.  My MPPLS line is a Layer 3 and needs to know the networks to be aware of.  I am not sure how to configure the routing for this to work.  I am attaching the router configs and a basic network drawing.  Any advice would be appreciated.

Everyone's tags (2)
18 REPLIES

How to route Guest VLAN across WAN

It's hard to tell from your diagram, but what subnet is your guest vlan using and where is the internet connection in relation to this?

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***
New Member

How to route Guest VLAN across WAN

The guest vlan is 192.168.99.0 and the Internet connection is at the main location (Bryan).  Sorry for the drawing... I created it for myself just for a reference.   The second location is Madison, where I am trying to get the Guest Vlan to work.  The main switch in the Bryan location has a direct connection to the firewall for the Guest Vlan.

How to route Guest VLAN across WAN

Okay..I'm a little confused about the config that you posted. I see the 192.168.99.0/24 subnet, but are you trying to bridge across the wan? If so, it's not necessary. It looks like you have only static routes, so all you should need to do is get rid of the bridging configuration and treat it like another subnet. You'll have a static route pointing from your Bryan router to 192.168.99.0/24 going to the next hop out of the MLP interface. Then on your firewall, you'd have a route from 192.168.99.0/24 going to the Bryan router. (I'm assuming 10.10.10.251 is the address for your FW).

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***
New Member

How to route Guest VLAN across WAN

I was told by someone on another post that I would need to use IRB.  Yes, all I am trying to do is get the Guest access to work in our second location.  Yes, the 10.10.10.251 and the 192.168.99.1 are both on my firewall.  I already have an Internal wireless network in Madison that uses the 10.10.141.0/24 subnet, but it uses a DHCP server on my 10.10.10.0/24 network.  So you are saying I would need on my Bryan router: ip route 192.168.99.0 255.255.255.0 Multilink1 and the firewall would be: ip route 192.168.99.0 255.255.255.0 10.10.10.100?  If I do this, will this cause any problems with my Guest access in the Bryan location?

How to route Guest VLAN across WAN

Can you provide a much more detailed diagram along with subnets? I'm seeing FR circuits, MLP, bridging, etc. I'd be able to give you a better solution if you could provide that. Do you have a firewall at each location, and are the locations connected via mpls? Are you only concerned about routing over MLP interfaces and I can safely ignore FR?

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***
New Member

Re: How to route Guest VLAN across WAN

Here is a more detailed network drawing.  The FR circuits are no longer in use.  The last tech never removed the config data.  I only have one firewall at the Bryan location, which is where the Internet connection is. Let me know if you have any problems reading the drawing.

Re: How to route Guest VLAN across WAN

From this diagram, it looks like Madison gets internet access from Bryan, is that correct? Also, do you have guest access at the Bryan location that is also using 192.168.99.0/24? If so, that could be the reason you may need to bridge if you wanted both sites to use the same subnet. I'll have to lab that up though. Otherwise, if your 192.168.99.0/24 is only at the Madison side, then you don't need to bridge across....

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***
New Member

Re: How to route Guest VLAN across WAN

Yes, Madison gets Internet access from Bryan and yes, the Bryan location is also using the 192.168.99.0/24. 

Thanks.

Re: How to route Guest VLAN across WAN

Ah, that makes more sense as to why you'd need to bridge it. Let me lab this up today and see what I can come up with for you..

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***

Re: How to route Guest VLAN across WAN

In all honesty, it would be easier if you were able to change the Madison subnet to something else so you wouldn't have to worry about bridging across. The problem that I'm running into is that in order to bridge, your serial interfaces (that lead to your MPLS cloud) and the vlan interface that is associated to this guest network need to be part of the bridge group in order to pass the traffic across the link. In other words, your vlan 99 subinterface and the serial interface need to both be associated to the same bridge group, but from my tests it is going to kill your wan interface.

I'm still playing around with some scenarios, but for now I'd suggest changing your Madison guest subnet to something other than 192.168.99.0/24 and then you can route to it instead.

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***
New Member

Re: How to route Guest VLAN across WAN

Yes, I found that out the other week... luckily I just rebooted the router so the old config came up. 

I thought about using a different vlan but I wasn't sure how to have it get the DHCP address from the firewall... any suggestions with that?

Re: How to route Guest VLAN across WAN

Sure thing...Is your firewall hosting the pool and is it the one at Bryan location?

Here's the Madison "old" config:

interface FastEthernet0/0.99

encapsulation dot1Q 99

ip helper-address 10.10.10.251

ip helper-address 192.168.99.1

no snmp trap link-status

bridge-group 99

If you wanted to create vlan 199, you could change it to:

interface FastEthernet0/0.199

encapsulation dot1Q 199

ip address 192.168.199.1 255.255.255.0

ip helper-address 10.10.10.251

ip helper-address 192.168.99.1

no snmp trap link-status

The addresses can stay the same for your helper address. On the firewall/router/DHCP scope, you'd create another pool that matches 192.168.199.0/24 subnet and set the default-gateway (Madison router/firewall for your Madison users) and dns servers. You should be good to go after that. Then you'd set up all of your routes on the Bryan side for 192.168.199.0/24 to point to MPLS interface.

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***
New Member

Re: How to route Guest VLAN across WAN

Yes.

Thanks.

Re: How to route Guest VLAN across WAN

Sorry..I edited my last reply with some suggestions...

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***
New Member

Re: How to route Guest VLAN across WAN

OK.  I will try it that way.  I will have to have my provider add the subnet first so that may take a couple days. 

Thanks for all your help.

New Member

Re: How to route Guest VLAN across WAN

Hi.  I was reading through some ASA documentation and it said something about the DHCP clients had to be connected to the ASA and could not be across a router.  Do you know if that still applies?  I did go ahead and create a subinteface and configured DHCP on it.  I still need to change my router, switch, and access point for the new Vlan... and waiting on provider.

Re: How to route Guest VLAN across WAN

I haven't labbed that up, and personally have no experience outside of VPN connections that relay dhcp requests to our internal server. Have you thought about having another pool for the guest wireless at the Madison location only? You could create a pool for them and still assign any pertinent information. You can mix helpers and local scopes if needed on your router.

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***
New Member

Re: How to route Guest VLAN across WAN

Hmmm... I will give that some thought and see if I can figure something out.

Thanks again.

579
Views
0
Helpful
18
Replies