ArubaOS and Controllers

Reply
Occasional Contributor I
Posts: 7
Registered: ‎03-27-2008

Guest tunnel to Cisco 2800

Hello all,
I'm trying to establish a GRE tunnel from an Aruba 2400 OS 3.3.1.8 to a Cisco 2800 ver 12.4.

Here;'s what I have so far.
The tunnel is showing as Up/UP on both sides.
Keepalives are disabled, (the tunnel goes down when keepalives are enabled)
the user assocaites to the SSID and authenticates via PSK-TKIP and should get an IP form the Aruba DHCP server.
That much works. But I can't ping or get a response from anything on the other side of the tunnel.

Aruba config:
user-role GUEST
vlan 1111
session-acl guest-tunnel

ip access-list session guest-tunnel
any any svc-dhcp permit
any any any redirect tunnel 1
interface vlan 161
ip address 10.80.61.249 255.255.255.0
interface vlan 1111
ip address 192.168.1.254 255.255.255.0

interface tunnel 1
description "Tunnel Interface"
ip address 1.1.1.2 255.255.255.0
tunnel source vlan 161
tunnel destination 206.200.144.240
trusted


How can I troubleshoot this further?
Here is the Cisco side config:

interface Tunnel0
ip address 1.1.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
tunnel source GigabitEthernet0/0.944
tunnel destination 10.80.61.249

ip route 192.168.1.0 255.255.255.0 Tunnel0

Thanks for any assitance with this.

Regards,
Bob Y.

What can I do to troubleshoot this further?
I can provide more configuraiton info if needed.
Guru Elite
Posts: 21,259
Registered: ‎03-29-2007

Re: Guest tunnel to Cisco 2800

You SHOULD be able to ping from Aruba Controller to Cisco router. You should NOT be able to ping from Cisco router to Aruba Controller.

On the Aruba side, you need:

interface tunnel1
tunnel vlan 1111


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor I
Posts: 7
Registered: ‎03-27-2008

Re: Guest tunnel to Cisco 2800

Thanks CJ.
I found part of the problem.
There was a firewall in the path.
The firewall rule for the GRE tunnel was written in one direction.
the reverse rule was added now the tunnel is up with Keepalives on.

Your suggestion would not work.
I tried to add tunnel vlan 1111 and recieved this error:
ctrl1) (config-tunnel)#tunnel vlan 1111
Error: Tunnel is an IP GRE Tunnel, Change the Mode before adding this.

At this point.
I can ping the 1.1.1.1 tunnel IP of the Cisco but not the 1.1.1.2 IP of the Aruba.

I can see DNS queries etc, going across the tunnel using the tunnel source/destination IP addresses.

However, I am not seeing and responses from Cisco side.

I belive there maybe a NAT issue at this point since the Cisco NAT stas show no IP addresses being allocated.
Search Airheads
Showing results for 
Search instead for 
Did you mean: