[c-nsp] Design question
Eric Helm
helmwork at ruraltel.net
Sat Jul 23 10:32:34 EDT 2005
Thanks to everyone who responded...
I've got a lab setup running good with GRE + PBR.
/Eric
Rodney Dunn wrote:
> On Thu, Jul 21, 2005 at 03:58:41PM -0500, Eric Helm wrote:
>
>>Every apartment complex will be an ethernet handoff on the WAN and I am
>>considering the 871 due to cost concerns.
>>Would my PR config work for forcing Internet traffic through the tunnel
>>OK?
>
>
> Yes.
>
> And, what MSS should I use for the GRE tunnel?
>
> Put it on the lan interface.
>
> ip tcp adjust-mss 1400 should do.
>
> But remember, PBR will send the traffic one way.
> You still have to handle the return traffic.
>
>
>>/Eric
>>
>>Rodney Dunn wrote:
>>
>>>At the apartment what is the WAN interface?
>>>
>>>Is it connected directly to the internet?
>>>
>>>GRE would surely work you just have to handle the
>>>MTU issues with it.
>>>
>>>ip tcp adjust-mss
>>>
>>>Rodney
>>>
>>>On Thu, Jul 21, 2005 at 03:22:54PM -0500, Eric Helm wrote:
>>>
>>>
>>>>Hello,
>>>>I'm looking at a solution for a rental management company.
>>>>They want to offer free internet in all their apartments. We will be
>>>>installing Cisco Aironet APs in each apartment complex.
>>>>The customer requires all traffic to tunnel back to their main office
>>>>location where it can use a single hotspot type gateway that will force
>>>>user authentication and add dhcp server functionality. Since the traffic
>>>>is internet only, and each apartment complex has no need to talk to each
>>>>other, my thoughts are to do a simple GRE tunnel at each remote site. If
>>>>GRE is a good idea, how would be the best way to go about forcing
>>>>traffic to use the GRE tunnel? I was thinking policy routing with a
>>>>configuration something like this:
>>>>
>>>>interface Tunnel0
>>>>description Connected to Main Office
>>>>ip add 10.69.69.1 255.255.255.252
>>>>tunnel destination xxx.xxx.xxx.xxx
>>>>
>>>>interface Ethernet0
>>>>description Connected to Apt. Complex WLAN
>>>>ip address 10.254.1.1 255.255.255.0
>>>>ip helper-address 10.69.69.2
>>>>ip policy route-map http
>>>>
>>>>access-list 101 permit tcp any any eq www
>>>>
>>>>route-map http permit 10
>>>>match ip address 101
>>>>set interface Tunnel1
>>>>{or should I use 'set ip next-hop 10.69.69.2' which is the remote end of
>>>>the GRE Tunnel?}
>>>>
>>>>If GRE is not a good solution, what would you recommend?
>>>>
>>>>Thanks,
>>>>Eric
>>>>_______________________________________________
>>>>cisco-nsp mailing list cisco-nsp at puck.nether.net
>>>>https://puck.nether.net/mailman/listinfo/cisco-nsp
>>>>archive at http://puck.nether.net/pipermail/cisco-nsp/
>>>
>>>
>
More information about the cisco-nsp
mailing list