This community is currently in a read-only state due to a maintenance window. For more info click here

How do I configure Layer 2 GRE?

Aruba Employee
Aruba Employee

Question:  How do I configure Layer 2 GRE?



Product and Software: This article applies to all Aruba controllers and ArubaOS versions.

Look at this sample configuration. Look at "show datapath tunnel table" and make sure that the tunnel is there. Connect a laptop to the controller on one end and try to ping across from the laptop. Monitor "show datapath tunnel table" and see if anything is getting transmitted.

Local controller:
interface AA
ip address <ip1>
aaa derivation-rules user
set role condition essid equals "guest" set-value guest
user-role guest
session-acl redirect
ip access-list session redirect
any any any redirect tunnel BB
interface tunnel BB
description "
tunnel source <ip1>
tunnel destination <ip2>
tunnel mode gre 2
tunnel vlan CC

DMZ Aruba Controller: (Note that this tunnel is NOT trusted to force captive portal.)
interface tunnel DD
description "
tunnel source <ip2>
tunnel destination <ip1>
tunnel mode gre 2
no inter-tunnel-flooding
tunnel vlan CC
interface EE
ip address <ip2>
Points to remember:
1) The "show datapath tunnel table" command is what you really want to see. Look for encaps and decaps incrementing.
2) GRE is the only thing that needs to be passed through the firewall.
3) If you have many remote controllers that all terminate their tunnels on a central controller, then enable "no inter-tunnel-flooding". This prevents traffic that comes from tunnelAA from getting flooded out any other tunnel.
4) You might want to force the captive portal through the GRE tunnel (users who connect to local controller get the captive-portal page from the master controller). On local controller side, make the tunnel trusted. On the master controller side, make the tunnel untrusted. With this configuration, the users fall into the logon role of the master controller.

Version history
Revision #:
1 of 1
Last update:
‎07-07-2014 12:20 PM
Labels (1)