Aruba Instant & Cloud Wi-Fi

Reply
Occasional Contributor II
Posts: 30
Registered: ‎08-01-2013

GRE Tunnel between InstantAP and Mobility Controller

Hello,

 

I am trying to create a GRE tunnel to send guest traffic to a VLAN which exists on my mobility controller, but for some reason, it is not working. Below is a diagram outlining the basic network layout:

GRE.jpg

Is a GRE tunnel supposed to work between the InstantAP and the Mobility controller? I can provide further details on the configuration by request.

 

Many thanks,

 

Giuseppe Damiano

Guru Elite
Posts: 21,031
Registered: ‎03-29-2007

Re: GRE Tunnel between InstantAP and Mobility Controller

Giuseppe,

 

That configuration is supported..

 

Did you use any of the instructions here?  http://community.arubanetworks.com/t5/forums/searchpage/tab/tkb?location=category%3ASupport-Documentation-Downloads&q=iap-vpn



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 30
Registered: ‎08-01-2013

Re: GRE Tunnel between InstantAP and Mobility Controller

cjoseph,

 

Thanks for your answer. So far tried the following articles:

 

- Guest only solution using IAP-GRE tunnel with Controller [http://community.arubanetworks.com/t5/Unified-Wired-Wireless-Access/Tutorial-Guest-only-solution-using-IAP-GRE-tunnel-with/m-p/147880/highlight/true#M31464]

- IAP - Guest Access and GRE Tunnel [http://community.arubanetworks.com/t5/Aruba-Instant-Cloud-Wi-Fi/IAP-Guest-Access-and-GRE-Tunnel/m-p/59156/highlight/true#M1193]

 

without much success. Do I have to create a VPN tunnel as opposed to a GRE?

The Instant APs are running InstantOS 6.4 while the controller is running ArubaOS 6.3.

 

I have tried to create an ArubaGRE (both with the per-AP tunnel option enabled and disabled) on the InstantVC from the VPN menu, but nothing comes up on the controller side (verified with #show datapath tunnel command).

 

I have tried the Manual GRE option with a GRE tunnel configured on the controller side and a new GRE tunnel comes up, yet I see an increasing number of decapsulation, but no encapsulation at all.

Occasional Contributor II
Posts: 30
Registered: ‎08-01-2013

Re: GRE Tunnel between InstantAP and Mobility Controller

A little more details:

GRE2.jpg

 

Configuration on the IAP side:

VLAN.jpgSecurity.jpg

Access.jpg

Tunnel1.jpg

Tunnel2.jpg

 

while on the Mobility Controller, I have:

ctrl-tunnel.jpg

 

Any ideas?

 

Kind regards,

 

Giuseppe Damiano

MVP
Posts: 707
Registered: ‎12-01-2010

Re: GRE Tunnel between InstantAP and Mobility Controller

Glancing at your settings, they look right, except I use GRE 0 (rather than 1) on the VPN settings in the iAP GUI.

--Matthew

if I've helped, please give kudos
if I've provided a solution, please mark the solution so others can find it
Occasional Contributor II
Posts: 30
Registered: ‎08-01-2013

Re: GRE Tunnel between InstantAP and Mobility Controller

Changed that setting to 0 on the Instant (the controller isues an error message if I do the same), but nothing changed on the behaviour.

 

The GRE tunnel comes up, but no encaps or decaps :-(

Contributor I
Posts: 31
Registered: ‎12-12-2012

Re: GRE Tunnel between InstantAP and Mobility Controller

Hi Giuseppe, Did you read the entire thread at: http://community.arubanetworks.com/t5/Aruba-Instant-Cloud-Wi-Fi/IAP-Guest-Access-and-GRE-Tunnel/m-p/59156/highlight/true#M1193] I was able to get this to work only after I configured the L2 Centralised DHCP scope for the VLAN that I wanted to tunnel. I didn't see any mention of your DHCP scope configurations in your previous posts. Cheers Chris
Occasional Contributor II
Posts: 30
Registered: ‎08-01-2013

Re: GRE Tunnel between InstantAP and Mobility Controller

Hi Chris,

 

And thanks for your reply. I have followed the article to the letter and here are the steps I followed, documented in details.

 

GRE Tunnels

IAP configuration

1.png

2.png

3.png

Controller configuration

5.png

6.png

I tried with both Protocol number 48 and 1, but not 0. If I set the protocol type to 0, I get the following error message:

4.png

DHCP settings (Instant)

7.png

SSID settings (Instant)

8.png

If I set, the client IP assignment to Network assigned and Static VLAN 11, I lose the DHCP settings.

9.png

10.png

DHCP Server settings (Controller)

11.png

VLAN settings (Controller)

12.png

 

The solution still does not work. For some reason, the Instant AP delivers a default IP address (172.31.99.X), the GRE tunnels are up on the controller (#show datapath tunnel) but no data is passing through them.

 

To be hoonest, I feel like I spent enough time on this and since it's not working, I am thinking about an alternate solution as configuring such a straightforward setup should not be so hard.

 

Many thanks to all who have contributed to this.

 

Giuseppe Damiano/

Contributor I
Posts: 31
Registered: ‎12-12-2012

Re: GRE Tunnel between InstantAP and Mobility Controller

[ Edited ]
I understand your pain, it took me a while to get this going. I think I see an issue with your config.

First of all, on the Instant AP side change the "GRE Type" to 48. The controller side "protocol number" should also be 48.

Now most importantly. The reason you are getting a 172.31.99.X address is because you need to change the Instant SSID setting from "virtual controller managed" to "network assigned". Having that setting on virtual controller assigned means that the client will always receive an IP from the local DHCP server on the Instant AP, and if I recall correctly it will also source NAT traffic. Make sure this is set to Network Assigned

Regards
Chris
Search Airheads
Showing results for 
Search instead for 
Did you mean: