Wireless Access

Hello,

is it possible to have a l2 gre tunnel between two controllers (AOS 6.3.0.0) with different tunnel vlans on each side (within the meaning of a access vlan).

I found this thread and it sounds that it should work but I'm unable to get that up and running.

We have two locations A (HQ) and B (remote) and in each location a controller is installed (ctrl-a, ctrl-b). There is a l2 gre tunnel and vlan 1000 at ctrl-b should be 'mapped' to vlan 10 at ctrl-a.

Configuration of ctrl-a:

interface tunnel 100
        description "Tunnel Interface"
        tunnel source 10.0.0.10
        tunnel mode gre 0
        tunnel destination 11.1.1.11
        trusted
        tunnel vlan 10

show interface tunnel 100 of ctrl-a

Tunnel 100 is up line protocol is up
Description: Tunnel Interface
Source  10.0.0.10
Destination 11.1.1.11
Tunnel mtu is set to 1100
Tunnel is a Layer2 GRE TUNNEL
Tunnel is Trusted
Inter Tunnel Flooding is enabled
Tunnel keepalive is disabled
tunnel vlan 10

 
Configuration of ctrl-b:

interface tunnel 100
        description "Tunnel Interface"
        tunnel source 11.1.1.11
        tunnel mode gre 0
        tunnel destination 10.0.0.10
        trusted
        tunnel vlan 1000

show interface tunnel 100 of ctrl-b

Tunnel 100 is up line protocol is up
Description: Tunnel Interface
Source  11.1.1.11
Destination 10.0.0.10
Tunnel mtu is set to 1100
Tunnel is a Layer2 GRE TUNNEL
Tunnel is Trusted
Inter Tunnel Flooding is enabled
Tunnel keepalive is disabled
tunnel vlan 1000

Everthing is fine when using the same vlan everywhere:
client: vlan 1000 ---- ctrl-b: tunnel vlan 1000 ---- cltr-a: tunnel vlan 1000 and g1/0 trunk including vlan 1000 ---- switch: trunk including vlan 1000
                       
Everthing is fine when vlan 'mapping' will be done between ctrl-a and the switch:
client: vlan 1000 ---- ctrl-b: tunnel vlan 1000 ---- cltr-a: tunnel vlan 1000 and g1/0 access vlan 1000 ---- switch: access vlan 10

Client can't work if different tunnel vlans are used:
client: vlan 1000 ---- ctrl-b: tunnel vlan 1000 ---- cltr-a: tunnel vlan 10 and g1/0 trunk including vlan 10 ---- switch: trunk including vlan 10

Is there a trick or any other suggestions?

Thanks. Frank

Hi Frank,

We can see that the tunnel is up from what you've posted so something else isn't quite right.

Can you let us know what the IP/subnet is for ctrl-a VLAN 10 and ctrl-b VLAN 1000 on the controllers?

Also how are you using VLAN 10 on ctrl-a? 

Can you ping from ctrl-a to the IP assigned to VLAN 1000 on ctrl-b? (assuming there is one)

Cheers

James

Hello James,

controllers are in l2 mode, so no ip addresses are configured for vlan 10 and 1000 so far.

We are using external DHCP server and router for vlan 10.

I have added ip addresses from the same subnet (ctrl-a/vlan10 = 10.1.1.1/24, ctrl-b/vlan1000 = 10.1.1.2/24) but I can't ping each other.

I will strip down our configuration to a minimum in our lab and I will keep you posted.

Frank

Hello,

I have build up two controller in our lab from scratch ('write erase all') with only a small (loopback, vlan and tunnel) configuration.
You can see the lab setup in the chart lab-tunnel-vlan-setup.pdf (I have changed vlan and tunnel numbers, sorry for that).

I'm unable to ping from ctrl-a vlan 3 to ctrl-b vlan2.
I'm able to ping from ctrl-a vlan 2 to ctrl-b vlan2.

You can find some more informations in the pdf (lab-tunnel-vlan-log.pdf).

I have tested it with AOS 6.2.1.2, too, with the same results.

If I assume that this configuration is supported, it looks like a bug.

Do you agree or do you have any other suggestions?

Frank

Attachment(s)

lab-tunnel-vlan-setup.pdf   177 KB 1 version

lab-tunnel-vlan-log.pdf   231 KB 1 version

Hello Dears,

Just wondering if someone could configure it successfully, with 2 different Access VLANs at both ends?

Thanks.

I don't believe this is possible as even when you only have 1 VLAN through a tunnel the VLAN tag is used. There is no concept of untagged (access) traffic through a GRE tunnel.

This means both ends must match VLAN numbers.