ArubaOS and Controllers

Occasional Contributor I

Guest tunnel to Cisco 2800

Hello all,
I'm trying to establish a GRE tunnel from an Aruba 2400 OS to a Cisco 2800 ver 12.4.

Here;'s what I have so far.
The tunnel is showing as Up/UP on both sides.
Keepalives are disabled, (the tunnel goes down when keepalives are enabled)
the user assocaites to the SSID and authenticates via PSK-TKIP and should get an IP form the Aruba DHCP server.
That much works. But I can't ping or get a response from anything on the other side of the tunnel.

Aruba config:
user-role GUEST
vlan 1111
session-acl guest-tunnel

ip access-list session guest-tunnel
any any svc-dhcp permit
any any any redirect tunnel 1
interface vlan 161
ip address
interface vlan 1111
ip address

interface tunnel 1
description "Tunnel Interface"
ip address
tunnel source vlan 161
tunnel destination

How can I troubleshoot this further?
Here is the Cisco side config:

interface Tunnel0
ip address
ip nat inside
ip virtual-reassembly
tunnel source GigabitEthernet0/0.944
tunnel destination

ip route Tunnel0

Thanks for any assitance with this.

Bob Y.

What can I do to troubleshoot this further?
I can provide more configuraiton info if needed.
Guru Elite

Re: Guest tunnel to Cisco 2800

You SHOULD be able to ping from Aruba Controller to Cisco router. You should NOT be able to ping from Cisco router to Aruba Controller.

On the Aruba side, you need:

interface tunnel1
tunnel vlan 1111

*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars
Occasional Contributor I

Re: Guest tunnel to Cisco 2800

Thanks CJ.
I found part of the problem.
There was a firewall in the path.
The firewall rule for the GRE tunnel was written in one direction.
the reverse rule was added now the tunnel is up with Keepalives on.

Your suggestion would not work.
I tried to add tunnel vlan 1111 and recieved this error:
ctrl1) (config-tunnel)#tunnel vlan 1111
Error: Tunnel is an IP GRE Tunnel, Change the Mode before adding this.

At this point.
I can ping the tunnel IP of the Cisco but not the IP of the Aruba.

I can see DNS queries etc, going across the tunnel using the tunnel source/destination IP addresses.

However, I am not seeing and responses from Cisco side.

I belive there maybe a NAT issue at this point since the Cisco NAT stas show no IP addresses being allocated.
Search Airheads
Showing results for 
Search instead for 
Did you mean: