Le lundi 31 octobre 2011 à 21:54 -0400, Seth Fogie a écrit :
> 1. Create a Guest SSID and tag it with the external VLAN and then
> tunnel the traffic back over the site-to-site VPN via the broadband
> modem and route this traffic to an external connection over the same
> link that provides internal VLAN traffic.
> 2. Build a separate infrastructure for wireless Guest traffic and
> purchase a dedicated internet connection for all guest traffic per site.
I have no preference for VLAN or dedicated network based infrastructure
as it strongly depends on the situation, so both can be considered.
As for routing traffic to the Internet, why overload a site-to-site VPN
(or worse, dedicated leased lines) link when you have an internet access
available locally? On the other hand, if you want to centrally monitor
and/or log this traffic, and you want to send it on the Internet with
one unique source IP address of yours, you might want to see it go
through a unique, central internet access and then route it back through
site-to-site VPN.
--
http://sid.rstack.org/
PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE
>> Hi! I'm your friendly neighbourhood signature virus.
>> Copy me to your signature file and help me spread!
> 1. Create a Guest SSID and tag it with the external VLAN and then
> tunnel the traffic back over the site-to-site VPN via the broadband
> modem and route this traffic to an external connection over the same
> link that provides internal VLAN traffic.
> 2. Build a separate infrastructure for wireless Guest traffic and
> purchase a dedicated internet connection for all guest traffic per site.
I have no preference for VLAN or dedicated network based infrastructure
as it strongly depends on the situation, so both can be considered.
As for routing traffic to the Internet, why overload a site-to-site VPN
(or worse, dedicated leased lines) link when you have an internet access
available locally? On the other hand, if you want to centrally monitor
and/or log this traffic, and you want to send it on the Internet with
one unique source IP address of yours, you might want to see it go
through a unique, central internet access and then route it back through
site-to-site VPN.
--
http://sid.rstack.org/
PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE
>> Hi! I'm your friendly neighbourhood signature virus.
>> Copy me to your signature file and help me spread!
[ reply ]