Wireless Access

last person joined: yesterday 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

GRE Tunnel logistics

This thread has been viewed 4 times

  • 1.  GRE Tunnel logistics

    Posted Aug 27, 2014 04:52 PM

    I currently have 2 remote sites, connected with a IPSEC tunnel to Aruba650s. I would like to create a similar connection to what I have with my RAPs where a user can join a remote vlan and be dumped directly on that vlan.  I think I would need to use GRE tunnels to accomplish this, however,  I am still not certian after reading some of the other forum posts.   It would seem if for example I wanted a wired user on the remote 650 to be placed on VLAN10 of the mainsite 650,  I would create the GRE Tunnel but then if I assign VLAN 10 to that Tunnel, it would send all VLAN10 traffic through that tunnel, which is fine for the remote site, but bad for the MainSite..  Am I misunderstanding the results or is there a different way to recreate that RAP experience?

     

    For reference I read this:

    http://community.arubanetworks.com/t5/ArubaOS-and-Controllers/Using-GRE-Tunnels-to-centralize-L3-access/td-p/2831/page/2

     



  • 2.  RE: GRE Tunnel logistics

    Posted Aug 28, 2014 04:49 AM

    I believe you can have the VLAN traffic associated to a port on the controllers at both sites. This would create a layer 2 subnet as if your controllers were acting as switches and the GRE a cable between the two. That way your wired user at the branch site could see devices logically connected on the other side of the controller port at the main site.



  • 3.  RE: GRE Tunnel logistics

    Posted Aug 28, 2014 01:42 PM

    I gave an example below,  any help on how to configure this like you recommended would be great.

     

    Campus 650

    Controller IP: 10.0.0.1

    Vlan: 100

    Vlan 100 IP: 192.168.0.1

     

     

    Remote 650

    Controller IP: 10.0.100.1

    Needs Vlan 100



  • 4.  RE: GRE Tunnel logistics
    Best Answer

    Posted Aug 28, 2014 01:59 PM

    The config for th GRE link would be -

    Remote 650 -
    interface tunnel 100
            description "remote-to-campus"
            tunnel source 10.0.100.1
            tunnel mode gre 0
            tunnel destination 10.0.0.1
            trusted
            tunnel vlan 100
    !

    campus 650 -
    interface tunnel 100
            description "campus-to-remote"
            tunnel source 10.0.0.1
            tunnel mode gre 0
            tunnel destination 10.0.100.1
            trusted
            tunnel vlan 100
    !

     

    Then you just configure the physical ports at either end, access in VLAN 100 if you want to keep the VLAN separate, or as a trunk with VLAN 100 allowed.