Wireless Access

 View Only
last person joined: 2 days ago 

Access network design for branch, remote, outdoor and campus locations with Aruba access points, and mobility controllers.
Expand all | Collapse all

aos8 and l3 gre not working

This thread has been viewed 4 times
  • 1.  aos8 and l3 gre not working

    Posted 10 days ago
    i have the following setup on 8.6, but the l3 gre tunnel is not working.



    (vpnc1) #show configuration diff /md/myVPNC/20:4c:03:03:bf:80 /md

    - ip route 192.168.63.0 255.255.255.0 1.1.2.2

    - country US

    - masterip 10.1.69.201 ipsec aruba123 interface vlan 60

    - clock timezone America/Detroit

    - hostname vpnc1

    - interface vlan 60

    -     ip address 10.1.60.100 255.255.255.0

    -     ip nat outside

    - interface vlan 63

    -     ip address 192.168.6.1 255.255.255.0

    -     operstate up

    - interface vlan 99

    -     ip address 1.1.1.1 255.255.255.252

    - ip name-server 10.254.1.21

    - interface tunnel 1

    -     ip address 1.1.2.1 255.255.255.255

    -     tunnel source vlan 99

    -     trusted

    -     tunnel destination 1.1.1.2

    -     tunnel mode gre ip

    -     tunnel keepalive 5 2

    - controller-ip vlan 60

    - interface gigabitethernet 0/0/0

    -     description GE0/0/0

    -     switchport access vlan 60

    -     switchport mode trunk

    -     switchport trunk allowed vlan 60-61,99

    -     switchport trunk native vlan 60

    -     trusted

    -     trusted vlan 1-4094

    - ip default-gateway 10.1.60.1 1

    - vlan 60

    - vlan 99

    - vlan 63

    - vlan 61

    (MC2) #show configuration diff /mm/mynode /mm

    - ip route 10.0.0.0 255.0.0.0 1.1.2.1

    - country US

    - clock timezone America/Detroit

    - hostname MC2

    - interface vlan 60

    - interface vlan 73

    -     ip address 192.168.63.1 255.255.255.0

    -     operstate up

    - interface vlan 99

    -     ip address 1.1.1.2 255.255.255.252

    - interface tunnel 1

    -     ip address 1.1.2.2 255.255.255.255

    -     tunnel source vlan 99

    -     trusted

    -     tunnel destination 1.1.1.1

    -     tunnel mode gre ip

    -     tunnel keepalive

    -     tunnel keepalive 5 2

    - controller-ip vlan 73

    - interface gigabitethernet 0/0/0

    -     description GE0/0/0

    -     switchport access vlan 60

    -     switchport mode trunk

    -     switchport trunk allowed vlan 60,73,99

    -     switchport trunk native vlan 60

    -     trusted

    -     trusted vlan 1-4094

    - vlan 60

    - vlan 99

    - vlan 73


    (vpnc1) *#show ip interface br

    Interface IP Address / IP Netmask Admin Protocol VRRP-IP
    vlan 60 10.1.60.100 / 255.255.255.0 up up
    vlan 1 unassigned / unassigned up down
    vlan 63 192.168.6.1 / 255.255.255.0 up up
    vlan 99 1.1.1.1 / 255.255.255.252 up up
    loopback unassigned / unassigned up up
    tunnel 1 1.1.2.1 / 255.255.255.255 up up

    (vpnc1) *#show datapath tunnel table


    Datapath Tunnel Table Entries
    -----------------------------

    # Source Destination Prt Type MTU VLAN Acls BSSID Decaps Encaps Heartbeats Flags EncapKBytes DecapKBytes
    ------ -------------- -------------- --- ---- ---- ---- ----------------------- ----------------- ---------- ---------- ---------- --------------- ------------- -----------
    14 SPIE2501400 in 10.1.60.100 50 IPSE 1500 0 routeDest 003C 0 1141 0 T 0 0
    13 SPI79B6D000out 10.1.69.201 50 IPSE 1500 0 routeDest 003C 0 0 2773 T 0 0
    10 1.1.1.1 1.1.1.2 47 800 1100 0 0 0 0 0 0 00:00:00:00:00:00 424 0 424 TFPf

    i cannot ping 1.1.2.1
    i cannot ping through the tunnel.

    I am not sure why the l3 gre tunnel is not working, some advise would be greatly appreciated.  Thanks


  • 2.  RE: aos8 and l3 gre not working

    Posted 9 days ago
    i got it working...

    so a few points.
    a: you cannot ping the tunnel interface when it is up up, that appears to be normal.  other platforms seem to allow this, so that was confusing to me.
    b: the mm would not allow me to push keep-alive parameters to the vpnc1 host, but the standalone would, they did not seem to show up as expected in encap decap counters, so that also set me back a bit, i ignore that now
    c. just setup a static route on each side of the tunnel with the next hop being the unpingable local tunnel ip... and it does work.