Wireless Access

Reply
Frequent Contributor II
Posts: 120
Registered: ‎10-31-2012

GRE Tunnel logistics

I currently have 2 remote sites, connected with a IPSEC tunnel to Aruba650s. I would like to create a similar connection to what I have with my RAPs where a user can join a remote vlan and be dumped directly on that vlan.  I think I would need to use GRE tunnels to accomplish this, however,  I am still not certian after reading some of the other forum posts.   It would seem if for example I wanted a wired user on the remote 650 to be placed on VLAN10 of the mainsite 650,  I would create the GRE Tunnel but then if I assign VLAN 10 to that Tunnel, it would send all VLAN10 traffic through that tunnel, which is fine for the remote site, but bad for the MainSite..  Am I misunderstanding the results or is there a different way to recreate that RAP experience?

 

For reference I read this:

http://community.arubanetworks.com/t5/ArubaOS-and-Controllers/Using-GRE-Tunnels-to-centralize-L3-access/td-p/2831/page/2

 

Super Contributor II
Posts: 429
Registered: ‎01-19-2011

Re: GRE Tunnel logistics

I believe you can have the VLAN traffic associated to a port on the controllers at both sites. This would create a layer 2 subnet as if your controllers were acting as switches and the GRE a cable between the two. That way your wired user at the branch site could see devices logically connected on the other side of the controller port at the main site.

Frequent Contributor II
Posts: 120
Registered: ‎10-31-2012

Re: GRE Tunnel logistics

I gave an example below,  any help on how to configure this like you recommended would be great.

 

Campus 650

Controller IP: 10.0.0.1

Vlan: 100

Vlan 100 IP: 192.168.0.1

 

 

Remote 650

Controller IP: 10.0.100.1

Needs Vlan 100

Super Contributor II
Posts: 429
Registered: ‎01-19-2011

Re: GRE Tunnel logistics

The config for th GRE link would be -

Remote 650 -
interface tunnel 100
        description "remote-to-campus"
        tunnel source 10.0.100.1
        tunnel mode gre 0
        tunnel destination 10.0.0.1
        trusted
        tunnel vlan 100
!

campus 650 -
interface tunnel 100
        description "campus-to-remote"
        tunnel source 10.0.0.1
        tunnel mode gre 0
        tunnel destination 10.0.100.1
        trusted
        tunnel vlan 100
!

 

Then you just configure the physical ports at either end, access in VLAN 100 if you want to keep the VLAN separate, or as a trunk with VLAN 100 allowed.

Search Airheads
Showing results for 
Search instead for 
Did you mean: