Wireless Access

Reply
Frequent Contributor II

LAN to LAN routing over IPsec/GRE? from (remote) local to master

Hey all,

 

I have a remote location with a 7010 local controller.  The local controller syncs up with the Master back at our colo in Pittsburgh.  DHCP/VLAN/Role resposibilities are handled by the local controller but clients connecting to the network on the local controller will need access to resourses on our corp net where the Master lives as well use our NPS (Radius) servers for authentication.  How do I tell traffic destined for the corp network to router over the IPSec tunnel from local to master?  Do I need to create a GRE tunnel as well, etc???

 

Thanks,

 

rif

Guru Elite

Re: LAN to LAN routing over IPsec/GRE? from (remote) local to master

The master to local only has host routes for the individual controllers in each controller's routing tables.  To tunnel actualy traffic that is not destined for each controller you would be required to manually setup your own routing statements in your infrastructure and on the controllers to pass traffic.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor II

Re: LAN to LAN routing over IPsec/GRE? from (remote) local to master

Right, but how is that done in the controller.  It sounds like a split-tunnel type of thing.  How do you direct traffic down the tunnel?

 

rif

Guru Elite

Re: LAN to LAN routing over IPsec/GRE? from (remote) local to master

You would use an ip route statement:  http://www.arubanetworks.com/techdocs/ArubaOS_64x_WebHelp/Web_Help_Index.htm#ArubaFrameStyles/1CommandList/ip_route.htm



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor II

Re: LAN to LAN routing over IPsec/GRE? from (remote) local to master

Cool, thanks, I'll check it out and test and repost my results.

 

rif

Frequent Contributor II

Re: LAN to LAN routing over IPsec/GRE? from (remote) local to master

Ok, this is looking promising.  I can ping our Radius server on our corp LAN from the remote local controller.  That ping is success from vlan xxx which is the vlan that the WAP's get their dhcp addresses from (as they are plugged into ports on the local which are in vlan access xxx mode).  I also have a VLAN xxy and a matching dhcp server pool set up on the local to provide address for wireless clients however as of now that vlan interface is "up/down" as no physical interfaces are assigned to that vlan.  What is the proper config (which interface can I assign to be in VLAN xxy) in order to bring vlan xxy to "up/up" status?  

I do not think I want to put the WAPs VLAN (xxx) ports into trunk mode and include vlan xxy there, right?  Do I place the port that hosts the WAN IP/VLAN into trunk mode and include vlan xxy there?

 

rif

Frequent Contributor II

Re: LAN to LAN routing over IPsec/GRE? from (remote) local to master

Ok so for now I just put a wired port into vlan xxy as it is going to be a printer that needs to be on the same vlan as wireless users anyway and the vlan interface is "up/up" and routable.

 

rif

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: