[c-nsp] Design question
Eric Helm
helmwork at ruraltel.net
Thu Jul 21 16:22:54 EDT 2005
Hello,
I'm looking at a solution for a rental management company.
They want to offer free internet in all their apartments. We will be
installing Cisco Aironet APs in each apartment complex.
The customer requires all traffic to tunnel back to their main office
location where it can use a single hotspot type gateway that will force
user authentication and add dhcp server functionality. Since the traffic
is internet only, and each apartment complex has no need to talk to each
other, my thoughts are to do a simple GRE tunnel at each remote site. If
GRE is a good idea, how would be the best way to go about forcing
traffic to use the GRE tunnel? I was thinking policy routing with a
configuration something like this:
interface Tunnel0
description Connected to Main Office
ip add 10.69.69.1 255.255.255.252
tunnel destination xxx.xxx.xxx.xxx
interface Ethernet0
description Connected to Apt. Complex WLAN
ip address 10.254.1.1 255.255.255.0
ip helper-address 10.69.69.2
ip policy route-map http
access-list 101 permit tcp any any eq www
route-map http permit 10
match ip address 101
set interface Tunnel1
{or should I use 'set ip next-hop 10.69.69.2' which is the remote end of
the GRE Tunnel?}
If GRE is not a good solution, what would you recommend?
Thanks,
Eric
More information about the cisco-nsp
mailing list