aos8 and l3 gre not working

View Only

last person joined: yesterday

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.

Back to discussions

Expand all | Collapse all

aos8 and l3 gre not working

This thread has been viewed 5 times

1. aos8 and l3 gre not working

Kudos

nvadekar

Posted Nov 24, 2022 09:44 AM

i have the following setup on 8.6, but the l3 gre tunnel is not working.

(vpnc1) #show configuration diff /md/myVPNC/20:4c:03:03:bf:80 /md

- ip route 192.168.63.0 255.255.255.0 1.1.2.2

- country US

- masterip 10.1.69.201 ipsec aruba123 interface vlan 60

- clock timezone America/Detroit

- hostname vpnc1

- interface vlan 60

- ip address 10.1.60.100 255.255.255.0

- ip nat outside

- interface vlan 63

- ip address 192.168.6.1 255.255.255.0

- operstate up

- interface vlan 99

- ip address 1.1.1.1 255.255.255.252

- ip name-server 10.254.1.21

- interface tunnel 1

- ip address 1.1.2.1 255.255.255.255

- tunnel source vlan 99

- trusted

- tunnel destination 1.1.1.2

- tunnel mode gre ip

- tunnel keepalive 5 2

- controller-ip vlan 60

- interface gigabitethernet 0/0/0

- description GE0/0/0

- switchport access vlan 60

- switchport mode trunk

- switchport trunk allowed vlan 60-61,99

- switchport trunk native vlan 60

- trusted

- trusted vlan 1-4094

- ip default-gateway 10.1.60.1 1

- vlan 60

- vlan 99

- vlan 63

- vlan 61

(MC2) #show configuration diff /mm/mynode /mm

- ip route 10.0.0.0 255.0.0.0 1.1.2.1

- country US

- clock timezone America/Detroit

- hostname MC2

- interface vlan 60

- interface vlan 73

- ip address 192.168.63.1 255.255.255.0

- operstate up

- interface vlan 99

- ip address 1.1.1.2 255.255.255.252

- interface tunnel 1

- ip address 1.1.2.2 255.255.255.255

- tunnel source vlan 99

- trusted

- tunnel destination 1.1.1.1

- tunnel mode gre ip

- tunnel keepalive

- tunnel keepalive 5 2

- controller-ip vlan 73

- interface gigabitethernet 0/0/0

- description GE0/0/0

- switchport access vlan 60

- switchport mode trunk

- switchport trunk allowed vlan 60,73,99

- switchport trunk native vlan 60

- trusted

- trusted vlan 1-4094

- vlan 60

- vlan 99

- vlan 73

(vpnc1) *#show ip interface br

Interface IP Address / IP Netmask Admin Protocol VRRP-IP
vlan 60 10.1.60.100 / 255.255.255.0 up up
vlan 1 unassigned / unassigned up down
vlan 63 192.168.6.1 / 255.255.255.0 up up
vlan 99 1.1.1.1 / 255.255.255.252 up up
loopback unassigned / unassigned up up
tunnel 1 1.1.2.1 / 255.255.255.255 up up

(vpnc1) *#show datapath tunnel table

Datapath Tunnel Table Entries
-----------------------------

# Source Destination Prt Type MTU VLAN Acls BSSID Decaps Encaps Heartbeats Flags EncapKBytes DecapKBytes
------ -------------- -------------- --- ---- ---- ---- ----------------------- ----------------- ---------- ---------- ---------- --------------- ------------- -----------
14 SPIE2501400 in 10.1.60.100 50 IPSE 1500 0 routeDest 003C 0 1141 0 T 0 0
13 SPI79B6D000out 10.1.69.201 50 IPSE 1500 0 routeDest 003C 0 0 2773 T 0 0
10 1.1.1.1 1.1.1.2 47 800 1100 0 0 0 0 0 0 00:00:00:00:00:00 424 0 424 TFPf

i cannot ping 1.1.2.1
i cannot ping through the tunnel.

I am not sure why the l3 gre tunnel is not working, some advise would be greatly appreciated. Thanks

2. RE: aos8 and l3 gre not working

Kudos

nvadekar

Posted Nov 24, 2022 10:27 PM

i got it working...

so a few points.
a: you cannot ping the tunnel interface when it is up up, that appears to be normal. other platforms seem to allow this, so that was confusing to me.
b: the mm would not allow me to push keep-alive parameters to the vpnc1 host, but the standalone would, they did not seem to show up as expected in encap decap counters, so that also set me back a bit, i ignore that now
c. just setup a static route on each side of the tunnel with the next hop being the unpingable local tunnel ip... and it does work.

Original Message

Wireless Access

aos8 and l3 gre not working

1. aos8 and l3 gre not working

2. RE: aos8 and l3 gre not working