Controllerless Networks

last person joined: yesterday 

Instant Mode - the controllerless Wi-Fi solution that's easy to set up, is loaded with security and smarts, and won't break your budget
Back to discussions
Expand all | Collapse all

GRE Tunnel between InstantAP and Mobility Controller

This thread has been viewed 7 times

  • 1.  GRE Tunnel between InstantAP and Mobility Controller

    Posted Mar 03, 2015 08:52 AM

    Hello,

     

    I am trying to create a GRE tunnel to send guest traffic to a VLAN which exists on my mobility controller, but for some reason, it is not working. Below is a diagram outlining the basic network layout:

    GRE.jpg

    Is a GRE tunnel supposed to work between the InstantAP and the Mobility controller? I can provide further details on the configuration by request.

     

    Many thanks,

     

    Giuseppe Damiano



  • 2.  RE: GRE Tunnel between InstantAP and Mobility Controller

    EMPLOYEE
    Posted Mar 03, 2015 08:56 AM

    Giuseppe,

     

    That configuration is supported..

     

    Did you use any of the instructions here?  http://community.arubanetworks.com/t5/forums/searchpage/tab/tkb?location=category%3ASupport-Documentation-Downloads&q=iap-vpn



  • 3.  RE: GRE Tunnel between InstantAP and Mobility Controller

    Posted Mar 03, 2015 09:37 AM

    cjoseph,

     

    Thanks for your answer. So far tried the following articles:

     

    - Guest only solution using IAP-GRE tunnel with Controller [http://community.arubanetworks.com/t5/Unified-Wired-Wireless-Access/Tutorial-Guest-only-solution-using-IAP-GRE-tunnel-with/m-p/147880/highlight/true#M31464]

    - IAP - Guest Access and GRE Tunnel [http://community.arubanetworks.com/t5/Aruba-Instant-Cloud-Wi-Fi/IAP-Guest-Access-and-GRE-Tunnel/m-p/59156/highlight/true#M1193]

     

    without much success. Do I have to create a VPN tunnel as opposed to a GRE?

    The Instant APs are running InstantOS 6.4 while the controller is running ArubaOS 6.3.

     

    I have tried to create an ArubaGRE (both with the per-AP tunnel option enabled and disabled) on the InstantVC from the VPN menu, but nothing comes up on the controller side (verified with #show datapath tunnel command).

     

    I have tried the Manual GRE option with a GRE tunnel configured on the controller side and a new GRE tunnel comes up, yet I see an increasing number of decapsulation, but no encapsulation at all.



  • 4.  RE: GRE Tunnel between InstantAP and Mobility Controller

    Posted Mar 03, 2015 09:52 AM

    A little more details:

    GRE2.jpg

     

    Configuration on the IAP side:

    VLAN.jpgSecurity.jpg

    Access.jpg

    Tunnel1.jpg

    Tunnel2.jpg

     

    while on the Mobility Controller, I have:

    ctrl-tunnel.jpg

     

    Any ideas?

     

    Kind regards,

     

    Giuseppe Damiano



  • 5.  RE: GRE Tunnel between InstantAP and Mobility Controller

    Posted Mar 03, 2015 01:26 PM

    Glancing at your settings, they look right, except I use GRE 0 (rather than 1) on the VPN settings in the iAP GUI.



  • 6.  RE: GRE Tunnel between InstantAP and Mobility Controller

    Posted Mar 11, 2015 05:39 AM

    Changed that setting to 0 on the Instant (the controller isues an error message if I do the same), but nothing changed on the behaviour.

     

    The GRE tunnel comes up, but no encaps or decaps :-(



  • 7.  RE: GRE Tunnel between InstantAP and Mobility Controller

    Posted Mar 14, 2015 09:32 PM
    Hi Giuseppe, Did you read the entire thread at: http://community.arubanetworks.com/t5/Aruba-Instant-Cloud-Wi-Fi/IAP-Guest-Access-and-GRE-Tunnel/m-p/59156/highlight/true#M1193] I was able to get this to work only after I configured the L2 Centralised DHCP scope for the VLAN that I wanted to tunnel. I didn't see any mention of your DHCP scope configurations in your previous posts. Cheers Chris


  • 8.  RE: GRE Tunnel between InstantAP and Mobility Controller

    Posted Mar 17, 2015 07:23 AM

    Hi Chris,

     

    And thanks for your reply. I have followed the article to the letter and here are the steps I followed, documented in details.

     

    GRE Tunnels

    IAP configuration

    1.png

    2.png

    3.png

    Controller configuration

    5.png

    6.png

    I tried with both Protocol number 48 and 1, but not 0. If I set the protocol type to 0, I get the following error message:

    4.png

    DHCP settings (Instant)

    7.png

    SSID settings (Instant)

    8.png

    If I set, the client IP assignment to Network assigned and Static VLAN 11, I lose the DHCP settings.

    9.png

    10.png

    DHCP Server settings (Controller)

    11.png

    VLAN settings (Controller)

    12.png

     

    The solution still does not work. For some reason, the Instant AP delivers a default IP address (172.31.99.X), the GRE tunnels are up on the controller (#show datapath tunnel) but no data is passing through them.

     

    To be hoonest, I feel like I spent enough time on this and since it's not working, I am thinking about an alternate solution as configuring such a straightforward setup should not be so hard.

     

    Many thanks to all who have contributed to this.

     

    Giuseppe Damiano/



  • 9.  RE: GRE Tunnel between InstantAP and Mobility Controller
    Best Answer

    Posted Mar 17, 2015 05:08 PM
    I understand your pain, it took me a while to get this going. I think I see an issue with your config.

    First of all, on the Instant AP side change the "GRE Type" to 48. The controller side "protocol number" should also be 48.

    Now most importantly. The reason you are getting a 172.31.99.X address is because you need to change the Instant SSID setting from "virtual controller managed" to "network assigned". Having that setting on virtual controller assigned means that the client will always receive an IP from the local DHCP server on the Instant AP, and if I recall correctly it will also source NAT traffic. Make sure this is set to Network Assigned

    Regards
    Chris