Wireless Access

last person joined: 2 hours ago 

Access network design for branch, remote, outdoor and campus locations with Aruba access points, and mobility controllers.
Expand all | Collapse all

operation of tunnel redirection with an ACL and layer 3 tunnels

  • 1.  operation of tunnel redirection with an ACL and layer 3 tunnels

    Posted Mar 24, 2012 02:19 AM
    Hi there,

    can anyone help me with the following?

    When I create a layer 3 tunnel I cannot ping across that tunnel. From one controller do the other controller.

    Yet I can greet an OSPF adjacency across it.

    Yet I can forward traffic over it.

    When I configure a redirect tunnel in my ACL I put this at the bottom of the ACL. Does the redirect policy still get applied? Even though the packet may hit a previous rule above it?

    When I configure the redirect tunnel in the ACL it seems to automatically enter numerous entries (all using tunnel 1 - and not tunnel 11 as I desire). Is this a per tunnel setting of each flow as represented by the above ACL?

    What does the redirect tunnel actually do? I mean no where do I state a next hop address to say where exactly the other end if the tunnel is? Does if force an ARP, similar to when other products are configured to route out of an interface?

    Everything is functional, just a bit of a mystery!

    Thanks all in advance. Sorry, new to Aruba, but not new to networking if you know what I mean.


  • 2.  RE: operation of tunnel redirection with an ACL and layer 3 tunnels

    Posted Mar 24, 2012 07:50 AM

    What is at both ends of the tunnel?  Two Aruba controllers, or an Aruba controller and another device?

     



  • 3.  RE: operation of tunnel redirection with an ACL and layer 3 tunnels

    Posted Mar 24, 2012 08:26 AM
    Yes I have a 6000 and a 3000. I am from the Cisco world where when you configure a layer 3 tunnel you can ping across it just like a regular circuit. I have sort of assumed that this would be the same case. I am routing ok over it too. I am just a little reserved about how the switch deals with this if I came to troubleshoot it. Any help would be grateful received. I have checked the user guides, it tells me how to configure it but i cannot seem to find info on how exactly it works.


  • 4.  RE: operation of tunnel redirection with an ACL and layer 3 tunnels

    Posted Mar 24, 2012 08:28 AM
    Sorry. Specifically, yes I have two Aruba controllers on both ends of the tunnel. We specifically did this to keep this to a single vendor. Thanks in advance!


  • 5.  RE: operation of tunnel redirection with an ACL and layer 3 tunnels

    Posted Mar 24, 2012 08:30 AM

    Try a layer-2 tunnel first to bridge two subnets together:  http://community.arubanetworks.com/t5/ArubaOS-and-Controllers/Using-GRE-Tunnels-to-centralize-L3-access/td-p/2831

     

    It is more straightforward than a layer 3 tunnel.  See if that works.



  • 6.  RE: operation of tunnel redirection with an ACL and layer 3 tunnels

    Posted Mar 24, 2012 08:49 AM
    Thanks for the advice, but I went to layer 3 tunnels as I have a requirement to forward multiple guest subsets up the gre tunnel and I found that (and please correct me if I am wrong) I could only bridge one vlan at a time up the gre tunnel to the anchor controller. I guess ideally I would like to bridge the guest network up to the anchor controllers in the DMZ so the clients are routing through this as a default gateway, enforce dhcp and at would be nice and clean. Routing to the amigo pod might be a headache but I can roll with that. Thanks a million for the help


  • 7.  RE: operation of tunnel redirection with an ACL and layer 3 tunnels

    Posted Mar 24, 2012 09:03 AM
    Yes sorry, my configuration is working ok, I am just a little confused about the way the controller handles the packets. Do you know if you can bridge multiple vlans over the same tunnel? Our firewall people, quite understandably hate tunnels. ;)) What about if a common vlan was created that all controllers connected to. Maybe I will this as a distribution network between controllers and bridge this. This will be a great way of verifying connectivity between controller when troubleshooting. Thanks.