Wireless Access

Could anyone please tell how to configure L3 gre tunnel between controllers and what scenaria do we need this?

Hi friend,

You need to create GRE between 2 controllers when you want to redirect the guest traffic to another device ( DMZ ) to get authenticated or to map the policy.

here is the mothod to configure the GRE tunnel.

#interface tunnel 1
#tunnel source 192.168.1.1
#tunnel destination 192.168.1.2
#tunnel vlan 2
#no trust
#no shut

Once we untrust the port, all the traffic on this port will undergo authentication depending upon the profile configured as following:



Workaround:

We can put different Vlans in different tunnels and untrust the Vlan where we want the authentication.

#interface tunnel 1
#tunnel source 192.168.1.1
#tunnel destination 192.168.1.2
#tunnel vlan 2
#no trust
#no shut

#interface tunnel 2
#tunnel source 192.168.1.1
#tunnel destination 192.168.1.2
#tunnel vlan 3
#trust
#no shut

Now vlan 2 traffic will undergo authentication and fall in the user role. However, vlan 3 traffic will not undergo any authentication because it is trusted.

we have to execute the same commands on the other controller as well by changing the tunnel source and the destination ip address.

here we can define L2 GRE or L3 GRE by choosing the tunnel protocol. as follow,

tunnel mode gre ip

Hi Venu ,

Thanks a lot for the reply .

Can u plz let me know whether tunnel groups will be supported in the L2 GRE tunnel?

we are having two redunadnat controllers and creating tunnels towards DMZ controller , and we are creating tunnel group. When we are having L2 GRE tunnel , keepalives are not working and it is not providing tunnel redundancy.