[c-nsp] Design question

Kevin Graham mahargk at gmail.com
Thu Jul 21 16:53:25 EDT 2005


The main concern to me would be separating out the wireless access
from the corporate traffic that the network is (apparently) already
carrying.

First step would be to separate control plane on the Airopoints -- use
.1q on the fastether port and specify a VLAN for the SSID that will be
used for hotspot access (Use the native-vlan for management via BVI1).

>From there, break out a separate interface on the router and stick it
in a VRF for the hotspot access. From there, you can stick whatever
your uplink (ie. GRE) to the service gateway in the VRF as well and
not have to worry about the policy routing or any leaking between the
two.

Depending on the data Rodney asked for, there might be cleaner ways
then GRE (ie. if its traditional PtP T1's, use frame relay encap and
replace the GRE tunnel with a DLCI-mapped sub-interface; if you're
dealing w/ IPSec back to the home site, consider a parallel set of
tunnels).



More information about the cisco-nsp mailing list