Question: How do I configure Layer 2 GRE?
Product and Software: This article applies to all Aruba controllers and ArubaOS versions.
Look at this sample configuration. Look at "show datapath tunnel table" and make sure that the tunnel is there. Connect a laptop to the controller on one end and try to ping across from the laptop. Monitor "show datapath tunnel table" and see if anything is getting transmitted.Local controller:interface AAip address <ip1>!aaa derivation-rules userset role condition essid equals "guest" set-value guest!user-role guestsession-acl redirect!ip access-list session redirectany any any redirect tunnel BB!interface tunnel BBdescription "tunnel source <ip1>tunnel destination <ip2>tunnel mode gre 2trustedtunnel vlan CC!DMZ Aruba Controller: (Note that this tunnel is NOT trusted to force captive portal.)interface tunnel DDdescription "tunnel source <ip2>tunnel destination <ip1>tunnel mode gre 2no inter-tunnel-floodingtunnel vlan CC!interface EEip address <ip2>!Points to remember:1) The "show datapath tunnel table" command is what you really want to see. Look for encaps and decaps incrementing.2) GRE is the only thing that needs to be passed through the firewall.3) If you have many remote controllers that all terminate their tunnels on a central controller, then enable "no inter-tunnel-flooding". This prevents traffic that comes from tunnelAA from getting flooded out any other tunnel.4) You might want to force the captive portal through the GRE tunnel (users who connect to local controller get the captive-portal page from the master controller). On local controller side, make the tunnel trusted. On the master controller side, make the tunnel untrusted. With this configuration, the users fall into the logon role of the master controller.
© Copyright 2024 Hewlett Packard Enterprise Development LPAll Rights Reserved.