Introduction : Aruba supports L-2 and L-3 GRE tunnels. L-2 GRE tunnel has a special property that it can extend a vlan across a L-3 boundary. This allows us to have authentication at a HUB controller by untrusting the tunnel at the central Controller.
Configuration Steps:
We can configure L-2 GRE tunnel in Aruba to Join same vlans across a network. To configure L-2 GRE, we execute the following commands:#interface tunnel 1#tunnel source 192.168.1.1#tunnel destination 192.168.1.2#tunnel vlan 2#no trust#no shutOnce we untrust the port, all the traffic on this port will undergo authentication depending upon the profile configured as following:#aaa authentication wired#profile <name of the profile>If we want to bridge two vlans using GRE, we can do the following:#interface tunnel 1#tunnel source 192.168.1.1#tunnel destination 192.168.1.2#tunnel vlan 2,3#no trust#no shutHowever, this will untrust both the vlans and traffic from both the vlans will have to undergo authentication.Workaround:We can put different Vlans in different tunnels and untrust the Vlan where we want the authentication.#interface tunnel 1#tunnel source 192.168.1.1#tunnel destination 192.168.1.2#tunnel vlan 2#no trust#no shut#interface tunnel 2#tunnel source 192.168.1.1#tunnel destination 192.168.1.2#tunnel vlan 3#trust#no shutNow vlan 2 traffic will undergo authentication and fall in the user role. However, vlan 3 traffic will not undergo any authentication.
Answer:
To have the authentication for one vlan traffic while bridging other vlans, create multiple tunnels for different vlans and untrust the vlan which needs to undergo authentication.
© Copyright 2024 Hewlett Packard Enterprise Development LPAll Rights Reserved.