Wireless Access

Reply
Occasional Contributor I
Posts: 7
Registered: ‎03-23-2012

operation of tunnel redirection with an ACL and layer 3 tunnels

Hi there,

can anyone help me with the following?

When I create a layer 3 tunnel I cannot ping across that tunnel. From one controller do the other controller.

Yet I can greet an OSPF adjacency across it.

Yet I can forward traffic over it.

When I configure a redirect tunnel in my ACL I put this at the bottom of the ACL. Does the redirect policy still get applied? Even though the packet may hit a previous rule above it?

When I configure the redirect tunnel in the ACL it seems to automatically enter numerous entries (all using tunnel 1 - and not tunnel 11 as I desire). Is this a per tunnel setting of each flow as represented by the above ACL?

What does the redirect tunnel actually do? I mean no where do I state a next hop address to say where exactly the other end if the tunnel is? Does if force an ARP, similar to when other products are configured to route out of an interface?

Everything is functional, just a bit of a mystery!

Thanks all in advance. Sorry, new to Aruba, but not new to networking if you know what I mean.
Guru Elite
Posts: 21,493
Registered: ‎03-29-2007

Re: operation of tunnel redirection with an ACL and layer 3 tunnels

What is at both ends of the tunnel?  Two Aruba controllers, or an Aruba controller and another device?

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor I
Posts: 7
Registered: ‎03-23-2012

Re: operation of tunnel redirection with an ACL and layer 3 tunnels

Yes I have a 6000 and a 3000. I am from the Cisco world where when you configure a layer 3 tunnel you can ping across it just like a regular circuit. I have sort of assumed that this would be the same case. I am routing ok over it too. I am just a little reserved about how the switch deals with this if I came to troubleshoot it. Any help would be grateful received. I have checked the user guides, it tells me how to configure it but i cannot seem to find info on how exactly it works.
Occasional Contributor I
Posts: 7
Registered: ‎03-23-2012

Re: operation of tunnel redirection with an ACL and layer 3 tunnels

Sorry. Specifically, yes I have two Aruba controllers on both ends of the tunnel. We specifically did this to keep this to a single vendor. Thanks in advance!
Guru Elite
Posts: 21,493
Registered: ‎03-29-2007

Re: operation of tunnel redirection with an ACL and layer 3 tunnels

Try a layer-2 tunnel first to bridge two subnets together:  http://community.arubanetworks.com/t5/ArubaOS-and-Controllers/Using-GRE-Tunnels-to-centralize-L3-access/td-p/2831

 

It is more straightforward than a layer 3 tunnel.  See if that works.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor I
Posts: 7
Registered: ‎03-23-2012

Re: operation of tunnel redirection with an ACL and layer 3 tunnels

Thanks for the advice, but I went to layer 3 tunnels as I have a requirement to forward multiple guest subsets up the gre tunnel and I found that (and please correct me if I am wrong) I could only bridge one vlan at a time up the gre tunnel to the anchor controller. I guess ideally I would like to bridge the guest network up to the anchor controllers in the DMZ so the clients are routing through this as a default gateway, enforce dhcp and at would be nice and clean. Routing to the amigo pod might be a headache but I can roll with that. Thanks a million for the help
Occasional Contributor I
Posts: 7
Registered: ‎03-23-2012

Re: operation of tunnel redirection with an ACL and layer 3 tunnels

Yes sorry, my configuration is working ok, I am just a little confused about the way the controller handles the packets. Do you know if you can bridge multiple vlans over the same tunnel? Our firewall people, quite understandably hate tunnels. ;)) What about if a common vlan was created that all controllers connected to. Maybe I will this as a distribution network between controllers and bridge this. This will be a great way of verifying connectivity between controller when troubleshooting. Thanks.
Search Airheads
Showing results for 
Search instead for 
Did you mean: