[c-nsp] Design question
Eric Helm
helmwork at ruraltel.net
Thu Jul 21 16:58:41 EDT 2005
Every apartment complex will be an ethernet handoff on the WAN and I am
considering the 871 due to cost concerns.
Would my PR config work for forcing Internet traffic through the tunnel
OK? And, what MSS should I use for the GRE tunnel?
/Eric
Rodney Dunn wrote:
> At the apartment what is the WAN interface?
>
> Is it connected directly to the internet?
>
> GRE would surely work you just have to handle the
> MTU issues with it.
>
> ip tcp adjust-mss
>
> Rodney
>
> On Thu, Jul 21, 2005 at 03:22:54PM -0500, Eric Helm wrote:
>
>>Hello,
>>I'm looking at a solution for a rental management company.
>>They want to offer free internet in all their apartments. We will be
>>installing Cisco Aironet APs in each apartment complex.
>>The customer requires all traffic to tunnel back to their main office
>>location where it can use a single hotspot type gateway that will force
>>user authentication and add dhcp server functionality. Since the traffic
>>is internet only, and each apartment complex has no need to talk to each
>>other, my thoughts are to do a simple GRE tunnel at each remote site. If
>>GRE is a good idea, how would be the best way to go about forcing
>>traffic to use the GRE tunnel? I was thinking policy routing with a
>>configuration something like this:
>>
>>interface Tunnel0
>> description Connected to Main Office
>> ip add 10.69.69.1 255.255.255.252
>> tunnel destination xxx.xxx.xxx.xxx
>>
>>interface Ethernet0
>> description Connected to Apt. Complex WLAN
>> ip address 10.254.1.1 255.255.255.0
>> ip helper-address 10.69.69.2
>> ip policy route-map http
>>
>>access-list 101 permit tcp any any eq www
>>
>>route-map http permit 10
>> match ip address 101
>> set interface Tunnel1
>>{or should I use 'set ip next-hop 10.69.69.2' which is the remote end of
>>the GRE Tunnel?}
>>
>>If GRE is not a good solution, what would you recommend?
>>
>>Thanks,
>>Eric
>>_______________________________________________
>>cisco-nsp mailing list cisco-nsp at puck.nether.net
>>https://puck.nether.net/mailman/listinfo/cisco-nsp
>>archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>
More information about the cisco-nsp
mailing list