Wireless Access

Hi everyone;

We have configured a GRE L2 tunnel from local to master controller for guest traffic,  on the GRE L2 configuration we have used on the local controller source the loopback and destination the VRRP IP address at the master controller, but with this configuration the guest user can't open the captive portal. We have changed the IP address destination to other at the same network of the loopback master controller and the guest user's traffic have worked well.  

With this configuration if the master controller go down the standby controller can't manage the guest traffic from local controllers using the GRE L2 tunnel.

Do you have any idea about how to solve this issue??

Thank you for your help

Wilmon

The first thing I would check is if the local controller knows how to get to the master's VRRP subnet.  If everything works when you use the master's loopback as the tunnel destination, it kind of sounds like a routing problem with whatever subnet the masters are using for VRRP in that case.

Hi;

At this moment the local controller is getting the master controller by the VRRP IP address.

Thank you for your help

Wmontilla

---

@wmontilla wrote:

Hi;

 

At this moment the local controller is getting the master controller by the VRRP IP address.

 

 

Thank you for your help

 

 

 

Wmontilla

---

In that layer2 tunnel, who provides ip addresses for the guest clients?  What is their default gateway?  Does the master and backup master each have an ip address on the "guest" vlan?

Hi cjoseph;

Answer your questions:

1. The master controller to give the ip address for guest users.

2. The default gateway for guest users is the firewall

3. Yes both equipments have an IP address on Guest VLAN

Thank you for your help

Wmontilla

---

@wmontilla wrote:

Hi cjoseph;

 

Answer your questions:

 

1. The master controller to give the ip address for guest users.

2. The default gateway for guest users is the firewall

3. Yes both equipments have an IP address on Guest VLAN

 

 

Thank you for your help

 

 

Wmontilla

---

I think we will need a diagram to see how the devices are connected logically.

Hi cjoseph;

this is the network that we are configuring to our customer:

1. We have two local controllers one on each branch offices

2. We two master controller (master - standby) on main office

3. We have configured the same VLANs on master - standby and local controller

4. We have configured a guest SSID for internet access. this internet service for guest users is at the main office

5. We have configured a GRE L2 tunnel from local controller to master controller on vlan 999 for traffic for guest users and It working fine

6. This GRE L2 tunnel on local controller have as IP address destination an IP interface on the master controller but if the master controller to go down we loss the guest traffic over the GRE L2 tunnel because it has other IP address.

7. I have configured a VRRP IP on guest VLAN (999) on master - standby controller and heve configured the local controller GRE L2 tunnel as destination IP address this VRRP IP but it doesn't work.

Do you know if the GRE L2 tunnel to work using a VRRP Ip address at the master-standby controller?

Thank you

Wmontilla

Last relevant question:

How does VLAN 999 find it's way to the internet?  Does it have ip nat inside on the Controller's IP interface or it it physically plugged into a separate internet connection?

Hi cjoseph;

The guest users receive IP address from master controller and the default gateway for this users is a Firewall who has the connection to Internet.

Thank you for your help

Wmontilla

Using the VRRP address as the destination IP (and source IP) definitely works, I do it for my guest setup.

Can you do a "show vrrp" from both master and standby and post the results?