[c-nsp] Design question

Rodney Dunn rodunn at cisco.com
Fri Jul 22 21:19:16 EDT 2005


On Thu, Jul 21, 2005 at 03:58:41PM -0500, Eric Helm wrote:
> Every apartment complex will be an ethernet handoff on the WAN and I am
> considering the 871 due to cost concerns.
> Would my PR config work for forcing Internet traffic through the tunnel
> OK?

Yes.

 And, what MSS should I use for the GRE tunnel?

Put it on the lan interface.

ip tcp adjust-mss 1400 should do.

But remember, PBR will send the traffic one way.
You still have to handle the return traffic.

> 
> /Eric
> 
> Rodney Dunn wrote:
> > At the apartment what is the WAN interface?
> > 
> > Is it connected directly to the internet?
> > 
> > GRE would surely work you just have to handle the
> > MTU issues with it.
> > 
> > ip tcp adjust-mss 
> > 
> > Rodney
> > 
> > On Thu, Jul 21, 2005 at 03:22:54PM -0500, Eric Helm wrote:
> > 
> >>Hello,
> >>I'm looking at a solution for a rental management company.
> >>They want to offer free internet in all their apartments. We will be
> >>installing Cisco Aironet APs in each apartment complex.
> >>The customer requires all traffic to tunnel back to their main office
> >>location where it can use a single hotspot type gateway that will force
> >>user authentication and add dhcp server functionality. Since the traffic
> >>is internet only, and each apartment complex has no need to talk to each
> >>other, my thoughts are to do a simple GRE tunnel at each remote site. If
> >>GRE is a good idea, how would be the best way to go about forcing
> >>traffic to use the GRE tunnel? I was thinking policy routing with a
> >>configuration something like this:
> >>
> >>interface Tunnel0
> >> description Connected to Main Office
> >> ip add 10.69.69.1 255.255.255.252
> >> tunnel destination xxx.xxx.xxx.xxx
> >>
> >>interface Ethernet0
> >> description Connected to Apt. Complex WLAN
> >> ip address 10.254.1.1 255.255.255.0
> >> ip helper-address 10.69.69.2
> >> ip policy route-map http
> >>
> >>access-list 101 permit tcp any any eq www
> >>
> >>route-map http permit 10
> >> match ip address 101
> >> set interface Tunnel1
> >>{or should I use 'set ip next-hop 10.69.69.2' which is the remote end of
> >>the GRE Tunnel?}
> >>
> >>If GRE is not a good solution, what would you recommend?
> >>
> >>Thanks,
> >>Eric
> >>_______________________________________________
> >>cisco-nsp mailing list  cisco-nsp at puck.nether.net
> >>https://puck.nether.net/mailman/listinfo/cisco-nsp
> >>archive at http://puck.nether.net/pipermail/cisco-nsp/
> > 
> > 


More information about the cisco-nsp mailing list