Wireless Access

Reply
Contributor I

GRE Tunnel is down

Dear All,

 

We are trying to build the GRE tunnel between our Master controller 7240 (version 6.4.2.0) and Guest controller 7010 (6.4.1.0). both controllers are in different vlans.

Tunnel is not coming up and showing as below

 

Tunnel 1 is up line protocol is down
Description: Tunnel Interface
Internet address is X.X.X.X 255.255.255.255
Source Y.Y.Y.Y
Destination X.X.X.X
Tunnel mtu is set to 1100
Tunnel is an IP GRE TUNNEL
Tunnel is Trusted
Inter Tunnel Flooding is enabled
Tunnel keepalive is enabled
Tunnel keepalive interval is 10 seconds, retries 3
Heartbeats sent 177, Heartbeats lost 177
Tunnel is down 0 times

 

We have allowed the IP 47, IPsec (UDP ports 500 and 4500) and ESP (protocol 50) in firewall.

 

show datapath session table

 

x.x.x.x y.y.y.y  10.107.100.227  47   0     0      0/0  0    0   1   local       7    0          0          FC   

 

Please let me know how to trouble shoot further. Any debug option is available.

Valued Contributor II

Re: GRE Tunnel is down

Hi,

 

It seems, configuration correct,

 

Try to ping each other, tunnel will come up when there is some traffic go through the tunnel.

 

Try this,

 

Please feel free for any further help on this.

Cheers,
Venu Puduchery,
[Is my post helped you ? Give Kudos :) ]
Contributor I

Re: GRE Tunnel is down

We tried this but no luck.

 

Master controllers are in VRRP. 

 

I configured like this.

 

Source:Master VIP --- Tunnel 1 (L3 GRE) ----- Destination: Guest Actual IP

Source: Guest Actual IP--- Tunnel 1 (L3 GRE)----Destination: Master VIP

 

Whether it is correct..?

Valued Contributor II

Re: GRE Tunnel is down

Hi,

 

We can not bring up GRE terminating on a Virtual IP. you have to terminate on the literal IP address.

 

For your ref :

 

http://community.arubanetworks.com/t5/Unified-Wired-Wireless-Access/VRRP-IP-cannot-be-L2-GRE-tunnel-endpoint/td-p/33572

 

Please feel free for any furhter help on this.

Cheers,
Venu Puduchery,
[Is my post helped you ? Give Kudos :) ]
Contributor I

Re: GRE Tunnel is down

Then should i have to create two tunnels seperately for VRRP members of masters?

 

If a Master vrrp controller is down  & respective tunnel is down, how redundancy will be achieved?

 

Moreover i am creating L3 tunnel since both are in diff segments. In the link which you have given talks about L2 tunnel only.

Valued Contributor II

Re: GRE Tunnel is down

Yes My friend,

 

You have to establish two separate GRE tunnels with both the controllers ( Master- Standby).

 

Here is how it works,

 

As there is  VRRP running between controllers, only VRRP master will send the GRE HB hence guest traffic will go through the GRE terminated on the Master.

 

To provide failover capabilities between the tunnels and to ensure guest user traffic is directed down only one tunnel (primary),

 

The guest users will be pointed to the VRRP IP as their default gateway by the DHCP server.

 

In a failure scenario, VRRP hello’s will timeout due to the loss of the tunnel and the backup Controller ( Standby) will take over the VRRP session/IP, thereby restoring user connectivity.

 

Therefore Idle deployment solution is, bring up two separate GREs terminating on Master and Standby.

 

Hope , got clarity on this,

 

Please feel free for any further help on this.

Cheers,
Venu Puduchery,
[Is my post helped you ? Give Kudos :) ]
Contributor I

Re: GRE Tunnel is down

Thanks for the information.

 

Here's what i found 

 

If we enable tunnel keepslive the tunnels go down, if  tunnel keepalive is not congfigured the tunnel will be UP.

 

 

 

 

Contributor I

Re: GRE Tunnel is down

if we have not enable tunnel keepalive, then we could eastablish tunnel between Master and DMZ with VIP address.

 

 

Valued Contributor II

Re: GRE Tunnel is down

Interesting :)

 

Let me know if everything works as expected.

 

Thanks

Cheers,
Venu Puduchery,
[Is my post helped you ? Give Kudos :) ]
Contributor I

Re: GRE Tunnel is down

Finally we followed standard procedure as you mentioned. 

 

Disabled keepalives and created two tunnels.

 

Tunnel 1 on VRRP Master---> Master Phy_ip1 ---- GRE L3---- Guest Phy_ip

 

Tunnel 2 on VRRP Backup----> Master Phy_ip2---- GRE L3----Guest Phy_ip

 

Now tunnel is Up.

 

We have also created tunnel group on Guest controller for redundancy (Not sure... Just did)

 

Thanks

 

Another Query: What ports need to be allowed on firewall for GUI access of Aruba controller? I allowed 443 but not working.

do i need to allow 4343 also?

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: