Extend guest VLAN to remote offices

  • 1
  • Question
  • Updated 3 years ago
  • Answered
I have several sites set up with MPLS connections back to our corporate office.  I have deployed aerohive 230's with two SSIDs (employee and guest).  All sites come back to corp for internet access. I have different VLANs and subnets at each site.  I have the employee SSID working fine at each site, and now would like to setup guest access at the remote sites.

I would like some guidance.  can I extend the guest VLAN to the other sites, or should I create a new VLAN at each location?  And from reading other questions here I read that I can set up a layer 2 or 3 VPN connection for this.  can I use that over the MPLS to extend the guest or route the new VLANs for each site back to the corporate office for internet access.
Photo of Paul Specht

Paul Specht

  • 2 Posts
  • 0 Reply Likes

Posted 3 years ago

  • 1
Photo of BJ

BJ, Champ

  • 373 Posts
  • 45 Reply Likes
We're using GRE tunneling, using the same guest vlan, and WPA2. The client authenticates, is placed on the guest vlan, then traverses the tunnel into a dmz.   
I have run into an issue when attempting to use a self registration CWP. Once the client is placed in the DMZ, it can't get back to the mgt interface of the CWP AP for the remaining authentication unless I open ports on a firewall.