03-03-2015 05:51 AM
I am trying to create a GRE tunnel to send guest traffic to a VLAN which exists on my mobility controller, but for some reason, it is not working. Below is a diagram outlining the basic network layout:
Is a GRE tunnel supposed to work between the InstantAP and the Mobility controller? I can provide further details on the configuration by request.
Solved! Go to Solution.
03-03-2015 05:55 AM
That configuration is supported..
Did you use any of the instructions here? http://community.arubanetworks.com/t5/forums/searchpage/tab/tkb?location=category%3ASupport-Documentation-Downloads&q=iap-vpn
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base
03-03-2015 06:36 AM
Thanks for your answer. So far tried the following articles:
- Guest only solution using IAP-GRE tunnel with Controller [http://community.arubanetworks.com/t5/Unified-Wired-Wireless-Access/Tutorial-Guest-only-solution-using-IAP-GRE-tunnel-with/m-p/147880/highlight/true#M31464]
without much success. Do I have to create a VPN tunnel as opposed to a GRE?
The Instant APs are running InstantOS 6.4 while the controller is running ArubaOS 6.3.
I have tried to create an ArubaGRE (both with the per-AP tunnel option enabled and disabled) on the InstantVC from the VPN menu, but nothing comes up on the controller side (verified with #show datapath tunnel command).
I have tried the Manual GRE option with a GRE tunnel configured on the controller side and a new GRE tunnel comes up, yet I see an increasing number of decapsulation, but no encapsulation at all.
03-03-2015 10:26 AM
Glancing at your settings, they look right, except I use GRE 0 (rather than 1) on the VPN settings in the iAP GUI.
if I've helped, please give kudos
if I've provided a solution, please mark the solution so others can find it
03-11-2015 02:39 AM
Changed that setting to 0 on the Instant (the controller isues an error message if I do the same), but nothing changed on the behaviour.
The GRE tunnel comes up, but no encaps or decaps :-(
03-14-2015 06:31 PM
03-17-2015 04:23 AM
And thanks for your reply. I have followed the article to the letter and here are the steps I followed, documented in details.
I tried with both Protocol number 48 and 1, but not 0. If I set the protocol type to 0, I get the following error message:
DHCP settings (Instant)
SSID settings (Instant)
If I set, the client IP assignment to Network assigned and Static VLAN 11, I lose the DHCP settings.
DHCP Server settings (Controller)
VLAN settings (Controller)
The solution still does not work. For some reason, the Instant AP delivers a default IP address (172.31.99.X), the GRE tunnels are up on the controller (#show datapath tunnel) but no data is passing through them.
To be hoonest, I feel like I spent enough time on this and since it's not working, I am thinking about an alternate solution as configuring such a straightforward setup should not be so hard.
Many thanks to all who have contributed to this.
03-17-2015 02:07 PM - edited 03-17-2015 02:09 PM
First of all, on the Instant AP side change the "GRE Type" to 48. The controller side "protocol number" should also be 48.
Now most importantly. The reason you are getting a 172.31.99.X address is because you need to change the Instant SSID setting from "virtual controller managed" to "network assigned". Having that setting on virtual controller assigned means that the client will always receive an IP from the local DHCP server on the Instant AP, and if I recall correctly it will also source NAT traffic. Make sure this is set to Network Assigned