Wireless Access

Reply
New Contributor

GRE IAP to Controller works. How to add Controller to Controller with the same GRE?

We are transitioning from Controller / CAP based networks to IAP / Controller based networks.

 

This works as designed and expected:

We have 205s in IAP mode with 6.5.3.1.

We have 314s in IAP mode with 6.5.3.1.

We are tunneling our employee network to a 7010.

 

Now we have additional controllers running 6.4.4.11.

I need to have the older controllers use the same GRE if possible so the user experience is consistent across the campus.

 

7010

IPSEC SA (V2) Active Session Information
-----------------------------------
Initiator IP     Responder IP     SPI(IN/OUT)        Flags Start Time        Inner IP
------------     ------------     ----------------   ----- ---------------   --------
10.120.30.51     10.110.30.1      71d11200/e724fc00  UT2   Aug 11 07:11:00   192.168.110.6
10.160.30.199    10.110.30.1      db09b400/e2256700  UT2   Aug 11 07:50:12   192.168.110.5

Flags: T = Tunnel Mode; E = Transport Mode; U = UDP Encap
       L = L2TP Tunnel; N = Nortel Client; C = Client; 2 = IKEv2

Total IPSEC SAs: 2

IAP

a8:bd:27:c0:62:5a# show vpn config

Concentrator
------------
Type                        Value
----                        -----
VPN Primary Server          10.110.30.1
VPN Backup Server
VPN Preemption              disable
VPN Fast Failover           disable
VPN Hold Time               600
VPN Monitor Pkt Send Freq   5
VPN Monitor Pkt Lost Cnt    6
VPN Ikepsk                  fa0973ddfa43e00cf4ea7d2fb695485c
VPN Username
VPN Password                e5daa2a8fb17d0d1f94e5e82a87f87c1
GRE outside vpn             enable
GRE Server
GRE IP Address              0.0.0.0
GRE Type                    1
GRE Per AP Tunnel           enable
Reconnect User On Failover  disable
Reconnect Time On Failover  60
Routing Table
-------------
Destination  Netmask  Gateway  Metric  Type  Flag
-----------  -------  -------  ------  ----  ----
Number of Route Entries   :0
a8:bd:27:c0:62:5a# show vpn status


profile name:default
--------------------------------------------------
current using tunnel                            :primary tunnel
current tunnel using time                       :7 days 22 hours 21 minutes 19 seconds
ipsec is preempt status                         :disable
ipsec is fast failover status                   :disable
ipsec hold on period                            :600s
ipsec tunnel monitor frequency (seconds/packet) :5
ipsec tunnel monitor timeout by lost packet cnt :6

ipsec     primary tunnel crypto type            :Cert
ipsec     primary tunnel peer address           :10.110.30.1
ipsec     primary tunnel peer tunnel ip         :10.110.30.1
ipsec     primary tunnel ap tunnel ip           :192.168.110.6
ipsec     primary tunnel using interface        :tun0
ipsec     primary tunnel using MTU              :1230
ipsec     primary tunnel current sm status      :Up
ipsec     primary tunnel tunnel status          :Up
ipsec     primary tunnel tunnel retry times     :5
ipsec     primary tunnel tunnel uptime          :7 days 22 hours 21 minutes 19 seconds

ipsec      backup tunnel crypto type            :Cert
ipsec      backup tunnel peer address           :N/A
ipsec      backup tunnel peer tunnel ip         :N/A
ipsec      backup tunnel ap tunnel ip           :N/A
ipsec      backup tunnel using interface        :N/A
ipsec      backup tunnel using MTU              :N/A
ipsec      backup tunnel current sm status      :Init
ipsec      backup tunnel tunnel status          :Down
ipsec      backup tunnel tunnel retry times     :0
ipsec      backup tunnel tunnel uptime          :0
a8:bd:27:c0:62:5a# show vpn tunnels

Tunnel Flags: M = Master IAP; S = Slave IAP; Primary = Primary Tunnel
              B = Backup Tunnel; R = Registered

Tunnel Info for peer address  10.110.30.1
------------------------------------------
Type                               Value
----                               -----
Source IP                          192.168.110.6
Destination IP                     10.110.30.1
End IP                             10.110.30.1
Default GW                         0.0.0.0
Use count                          0
Ifindex                            22
Ifname                             tun0
Flags                              MPR
Retry count for Register Request   0
For DHCP Profile                   OSD-User
 Retry count for Vlan Add Request  0
 Old Subnet Status                 Normal
 Existing Subnet Status            Registered
a8:bd:27:c0:62:5a#

This was configured using the simple GUI on the IAPs.  Now how can I get the other controllers to work the same way?  I have tried various GRE tunnel combinations but have not found one that works.

 

Thanks for pointing me in the right direction,

   David.

MVP

Re: GRE IAP to Controller works. How to add Controller to Controller with the same GRE?

I've used something like the following to set up controller  to controller gre tunnels.

 

interface tunnel 1
        description "my tunnel"
        tunnel source <source ip>
        tunnel mode gre 0
		no shutdown
        tunnel destination <destination ip>
        tunnel vlan <vlan id's you want tunneled>
		no tunnel keepalive
		mtu 1400
!

Set that on both controllers (with the source and destination switched around offcourse) and you should be set.

Koen (ACMX #351 | ACDX #547 | ACCP)

-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: