cancel
Showing results for 
Search instead for 
Did you mean: 

Separate subnets for clients than the uplink interface

tgl3_
New Contributor

Separate subnets for clients than the uplink interface

I am trying to get different subnets working for dhcp clients than I have interfaces. (in other words I have (for example) one connection to the network from the mag it is address 192.168.1.2, the client subnet is 192.168.200.x, 192.168.300.x) Do I have to setup a route for them on the mag? I have them routed to the mag interface ip from the connected router. 

5 REPLIES 5
mattspierce_
Frequent Contributor

Re: Separate subnets for clients than the uplink interface

It can be done.  On your swtich you have to set the interface that you connect your MAG/SA to as a trunk with the native vlan as the network you have assigned the applicances managment interfaces to and provide a tagged vlan that host the network you want to assign to the clients.

 

Under Network/VLANs you define the tagged vlan and assign an IP for the appliance in the IP range of the tagged vlan.

 

Under User Roles, you then edit the role you use to assign the NC/Pulse settings and check the box for VLAN Source IP.  from there you select the vlan you defined under network and you should be in good shape. 

 

tgl3_
New Contributor

Re: Separate subnets for clients than the uplink interface

That is how I configured it to begin with and it did not work. Tac had me set it up completely different and that did not work (nor did it make any sense).  But when it is configured the way you described I cannot ping the sslvpn interface of the vlan for the clients. Thank you for responding, I am certain this is something simple I am not doing right.

mattspierce_
Frequent Contributor

Re: Separate subnets for clients than the uplink interface

Here are a few hopefull hints.  Verify the defined vlan is on every trunk in your switch stack.  Verify that your router has an interface on the client vlan you plan to use.  Check that there are routes defined to let the traffic go both ways. Depending on your network equipment you may have to have a defined native vlan on the trunk port. 

SteveClymer
Not applicable

Re: Separate subnets for clients than the uplink interface

Did this solution work? I can't find any authoritative doc describing how to trunk vlans to the MAG cluster.
zanyterp
Moderator

Re: Separate subnets for clients than the uplink interface

As long as your switch accepts untagged traffic for the internal interface (which is used for auth traffic) and then accepts tagged traffic for additional VLANs, it should work
The admin guide outlines what is needed for VLAN traffic to work
What are you seeing failing?