Wireless Access

last person joined: 15 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

LAN to LAN routing over IPsec/GRE? from (remote) local to master

This thread has been viewed 0 times

  • 1.  LAN to LAN routing over IPsec/GRE? from (remote) local to master

    Posted Nov 05, 2016 10:03 PM

    Hey all,

     

    I have a remote location with a 7010 local controller.  The local controller syncs up with the Master back at our colo in Pittsburgh.  DHCP/VLAN/Role resposibilities are handled by the local controller but clients connecting to the network on the local controller will need access to resourses on our corp net where the Master lives as well use our NPS (Radius) servers for authentication.  How do I tell traffic destined for the corp network to router over the IPSec tunnel from local to master?  Do I need to create a GRE tunnel as well, etc???

     

    Thanks,

     

    rif



  • 2.  RE: LAN to LAN routing over IPsec/GRE? from (remote) local to master

    EMPLOYEE
    Posted Nov 06, 2016 06:45 AM

    The master to local only has host routes for the individual controllers in each controller's routing tables.  To tunnel actualy traffic that is not destined for each controller you would be required to manually setup your own routing statements in your infrastructure and on the controllers to pass traffic.



  • 3.  RE: LAN to LAN routing over IPsec/GRE? from (remote) local to master

    Posted Nov 06, 2016 10:32 AM

    Right, but how is that done in the controller.  It sounds like a split-tunnel type of thing.  How do you direct traffic down the tunnel?

     

    rif



  • 4.  RE: LAN to LAN routing over IPsec/GRE? from (remote) local to master
    Best Answer

    EMPLOYEE


  • 5.  RE: LAN to LAN routing over IPsec/GRE? from (remote) local to master

    Posted Nov 06, 2016 11:07 AM

    Cool, thanks, I'll check it out and test and repost my results.

     

    rif



  • 6.  RE: LAN to LAN routing over IPsec/GRE? from (remote) local to master

    Posted Nov 07, 2016 11:07 AM

    Ok, this is looking promising.  I can ping our Radius server on our corp LAN from the remote local controller.  That ping is success from vlan xxx which is the vlan that the WAP's get their dhcp addresses from (as they are plugged into ports on the local which are in vlan access xxx mode).  I also have a VLAN xxy and a matching dhcp server pool set up on the local to provide address for wireless clients however as of now that vlan interface is "up/down" as no physical interfaces are assigned to that vlan.  What is the proper config (which interface can I assign to be in VLAN xxy) in order to bring vlan xxy to "up/up" status?  

    I do not think I want to put the WAPs VLAN (xxx) ports into trunk mode and include vlan xxy there, right?  Do I place the port that hosts the WAN IP/VLAN into trunk mode and include vlan xxy there?

     

    rif



  • 7.  RE: LAN to LAN routing over IPsec/GRE? from (remote) local to master

    Posted Nov 07, 2016 02:54 PM

    Ok so for now I just put a wired port into vlan xxy as it is going to be a printer that needs to be on the same vlan as wireless users anyway and the vlan interface is "up/up" and routable.

     

    rif



  • 8.  RE: LAN to LAN routing over IPsec/GRE? from (remote) local to master

    Posted Nov 21, 2017 05:36 AM

    I have a general question.

    Master and local comntrollers are connected via ipsec tunnel.

    If i create an additional GRE Tunnel for tunneling a specific L2 VLAN form master to local, is this GRE tunnel put inside the IPsec Tunnel from Master and local connection?