Controllerless Networks

Morning all,

I'm fairly new to configurating Aruba OS so on a learning curve.

I'm trying to setup a pair of WLAN networks on a cluster of IAP-305s the corporate side works fine, but for guest I'm trying to GRE tunnel the traffic down to a DMZ controller in the data centre. I have tried to put together a diagram of what im trying to setup.

But I cannot seem to get the IAP to esitmablish a GRE tunnel to the Controller. 

Thankyou in advance

Luke

I see your diagram.  Is there something not working?

Thankyou for your message, sorry just relised I didnt put my issue in the text.

Its the GRE tunnel I'm having issues with from the IAP towards the controller.

IAP VC# show vpn config

Concentrator
------------
Type                        Value
----                        -----
VPN Primary Server
VPN Backup Server
VPN Preemption              disable
VPN Fast Failover           disable
VPN Hold Time               600
VPN Monitor Pkt Send Freq   5
VPN Monitor Pkt Lost Cnt    6
VPN Ikepsk                  a7fb0e875c78851dcf3fc3c56c400cc0
VPN Username
VPN Password                1981c8660036e07909444708225f7d60
GRE outside vpn             disable
GRE Server                  10.182.95.146
GRE IP Address              10.182.95.146
GRE Type                    1
GRE Per AP Tunnel           disable
Reconnect User On Failover  disable
Reconnect Time On Failover  60
Routing Table
-------------
Destination  Netmask  Gateway  Metric  Type  Flag
-----------  -------  -------  ------  ----  ----
Number of Route Entries   :0
VPN Tunnel Profiles
-------------------
Profile  Primary  Backup  Preemption  Fast Failover  Hold Time  Monitor Pkt Send Freq  Monitor Pkt Lost Cnt  PSK  Username  Password  Group ID  Aggressive Mode
-------  -------  ------  ----------  -------------  ---------  ---------------------  --------------------  ---  --------  --------  --------  ---------------

On the DMZ controller, can you type "show datapath session table <ip address of instant VC>" to see if any traffic is coming from the Virtual Controller to the DMZ controller?

(DMZ Controller) #show datapath session table 10.185.121.4

Datapath Session Table Entries
------------------------------

Flags: F - fast age, S - src NAT, N - dest NAT
       D - deny, R - redirect, Y - no syn
       H - high prio, P - set prio, T - set ToS
       C - client, M - mirror, V - VOIP
       Q - Real-Time Quality analysis
       I - Deep inspect, U - Locally destined
       E - Media Deep Inspect, G - media signal

  Source IP     Destination IP  Prot SPort DPort  Cntr Prio ToS Age Destination TAge Packets   Bytes      Flags
--------------  --------------  ---- ----- -----  ---- ---- --- --- ----------- ---- --------- ---------  -----

(DMZ Controller) #

That seems to suggest that none of the GRE traffic is getting through.  You might want to find out in your network what would be blocking that traffic.

Why don't use IAP-VPN (-with IPSec), there is less network issue...

Networks used GRE with the physciall controllers and wanted to do the same, ill propse it thankyou

I am working on same kind of topology into our network, Is that any way I can get whole configuration of GRE tunnels on IAP and Controller. For testing purpose, I'm using IAP 325 and Controller 7205. 

What do you need ?

I'm working with topology in which Aruba AP C325 connected with HP 2920 PoE+ switch on same LAN. We have a Aruba Controller 7205 in data center connected with FW. I want to create a GRE tunnel that contains traffic from AP to Controller. We need configuration of controller and AP.

Why don't use IAP-VPN ? it is more easy like GRE for this

Only need to specify the address IP of controller inside IAP-VPN Cluster.