i would that the guest user traffic can then be forwarded over the L2TPV3 tunnel

  • 0
  • 1
  • Question
  • Updated 3 months ago
  • Answered
i would that the guest user traffic can then be forwarded over the L2TPV3 tunnel

Photo of yohan vaisseau

yohan vaisseau

  • 240 Points 100 badge 2x thumb

Posted 3 months ago

  • 0
  • 1
Photo of Andrew Blomley

Andrew Blomley, Employee

  • 1,042 Points 1k badge 2x thumb
Yes this is possible, but not required, as it is easier to use mint to tunnel the traffic, As you are terminating the traffic on the 4K

Example config below

wlan TMELABS-GUEST
ssid TMELABS-GUEST
vlan 25
bridging-mode tunnel
encryption-type none
authentication-type none

nx65xx DATACENTER-NX6500
bridge vlan 25
tunnel-over-level2
ip igmp snooping
ip igmp snooping querier
ip name-server 192.168.10.6
ip domain-name tmelabs.local
!
! Configuration Removed for Brevity
!
interface up1
description UPLINK
switchport mode trunk
switchport trunk native vlan 20
switchport trunk native tagged
switchport trunk allowed vlan 20,23,25
!
! Configuration Removed for Brevity
!
use management-policy CONTROLLERS
use firewall-policy default
use auto-provisioning-policy DATACENTER
ntp server 192.168.10.6
no auto-learn-staging-config
service pm sys-restart
router ospf
service fast-switching
!
!
profile ap6532 STORES-AP6532
bridge vlan 25
tunnel-over-level2
ip igmp snooping
ip igmp snooping querier
ip name-server 192.168.10.6
ip domain-name tmelabs.local
!
! Configuration Removed for Brevity
!
interface radio1
wlan TMELABS-DOT1X bss 1 primary
wlan TMELABS-PSK bss 2 primary
wlan TMELABS-GUEST bss 3 primary
interface radio2
wlan TMELABS-DOT1X bss 1 primary
interface ge1
description UPLINK
switchport mode trunk
switchport trunk native vlan 21
no switchport trunk native tagged
switchport trunk allowed vlan 21-22
interface vlan21
ip address dhcp
ip dhcp client request options all
interface pppoe1
use management-policy ACCESS-POINTS
use firewall-policy default
ntp server 192.168.10.6
service pm sys-restart
router ospf

Please note when using level 2 mint links make sure each site is a separate RF domain ( this includes the controller) also make sure the control vlan is set to the native vlan of the remote aps ( this is set in each RF domain)