Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Separate subnets for clients than the uplink interface

tgl3_
New Contributor
‎04-29-2013 03:53:AM
‎04-29-2013 03:53:AM

Separate subnets for clients than the uplink interface

I am trying to get different subnets working for dhcp clients than I have interfaces. (in other words I have (for example) one connection to the network from the mag it is address 192.168.1.2, the client subnet is 192.168.200.x, 192.168.300.x) Do I have to setup a route for them on the mag? I have them routed to the mag interface ip from the connected router. 

0 Kudos
Reply
5 REPLIES 5
mattspierce_
Frequent Contributor
‎04-29-2013 06:52:AM
‎04-29-2013 06:52:AM

Re: Separate subnets for clients than the uplink interface

It can be done.  On your swtich you have to set the interface that you connect your MAG/SA to as a trunk with the native vlan as the network you have assigned the applicances managment interfaces to and provide a tagged vlan that host the network you want to assign to the clients.

 

Under Network/VLANs you define the tagged vlan and assign an IP for the appliance in the IP range of the tagged vlan.

 

Under User Roles, you then edit the role you use to assign the NC/Pulse settings and check the box for VLAN Source IP.  from there you select the vlan you defined under network and you should be in good shape. 

 

0 Kudos
Reply
tgl3_
New Contributor
‎04-29-2013 07:40:AM
‎04-29-2013 07:40:AM

Re: Separate subnets for clients than the uplink interface

That is how I configured it to begin with and it did not work. Tac had me set it up completely different and that did not work (nor did it make any sense).  But when it is configured the way you described I cannot ping the sslvpn interface of the vlan for the clients. Thank you for responding, I am certain this is something simple I am not doing right.

0 Kudos
Reply
mattspierce_
Frequent Contributor
‎04-29-2013 07:49:AM
‎04-29-2013 07:49:AM

Re: Separate subnets for clients than the uplink interface

Here are a few hopefull hints.  Verify the defined vlan is on every trunk in your switch stack.  Verify that your router has an interface on the client vlan you plan to use.  Check that there are routes defined to let the traffic go both ways. Depending on your network equipment you may have to have a defined native vlan on the trunk port. 

0 Kudos
Reply
SteveClymer
Not applicable
‎01-30-2017 04:18:PM
‎01-30-2017 04:18:PM

Re: Separate subnets for clients than the uplink interface

Did this solution work? I can't find any authoritative doc describing how to trunk vlans to the MAG cluster.
0 Kudos
Reply
zanyterp
Moderator
Moderator
‎02-02-2017 12:08:AM
‎02-02-2017 12:08:AM

Re: Separate subnets for clients than the uplink interface

As long as your switch accepts untagged traffic for the internal interface (which is used for auth traffic) and then accepts tagged traffic for additional VLANs, it should work
The admin guide outlines what is needed for VLAN traffic to work
What are you seeing failing?
0 Kudos
Reply
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.