Configuring a GRE VPN Tunnel

You can also manually configure a GREGeneric Routing Encapsulation. GRE is an IP encapsulation protocol that is used to transport packets over a network. tunnel by configuring the GRE tunnel parameters on the Instant AP and controller. This procedure describes the steps involved in the manual configuration of a GRE tunnel from virtual controller by using Aruba Central.

During the manual GRE setup, you can either use the virtual controller IP or the Instant AP IP to create the GRE tunnel at the controller side depending upon the following Instant AP settings:

If a virtual controller IP is configured and if Per-AP tunnel is disabled, the virtual controller IP is used to create the GRE tunnel.

If a virtual controller IP is not configured or if Per-AP tunnel is enabled, the Instant AP IP is used to create the GRE tunnel.

To configure the GRE tunnel manually, complete the following steps:

1. In the Network Operations app, set the filter to a group that contains at least one AP.

The dashboard context for the group is displayed.

2. Under Manage, click Devices > Access Points.

A list of access points is displayed in the List view.

3. Click the Config icon.

The tabs to configure the access points are displayed.

4. Click Show Advanced, and click the VPN tab.

The VPNVirtual Private Network. VPN enables secure access to a corporate network when located remotely. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security, and management policies of the private network. This is done by establishing a virtual point-to-point connection through the use of dedicated connections, encryption, or a combination of the two. details page is displayed.

5. Click the Controller accordion.

6. In the Protocol drop-down list, select Manual GRE.

7. Specify the following parameters:

a. Host—Enter the IPv4 or IPv6 address or FQDNFully Qualified Domain Name. FQDN is a complete domain name that identifies a computer or host on the Internet. for the main VPN/GRE tunnel.

b. Backup Host—(Optional) Enter the IPv4 or IPv6 address or FQDN for the backup VPN/GRE tunnel. You can edit this field only after you enter the IP address or FQDN in the Host field.

c. Reconnect User On Failover—When you enter the host IP address and backup host IP address, this field appears. Select this check box to disconnect all wired and wireless users when the system switches during VPN tunnel transition from primary to backup and backup to primary.

d. Reconnect Time On Failover—If you select the Reconnect User On Failover check box, this field appears. To configure an interval for which wired and wireless users must be disconnected during a VPN tunnel switch, specify a value within a range of 30-90 seconds. By default, the reconnection duration is set to 60 seconds.

e. GRE Type—Enter a value for the parameter.

f. GRE MTU—Specify a size for the GRE MTU within the range of 1024–1500. After GRE encapsulation, if packet length exceeds the configured MTUMaximum Transmission Unit. MTU is the largest size packet or frame specified in octets (eight-bit bytes) that can be sent in networks such as the Internet., IP fragmentation occurs. The default MTU size is 1300.

g. Per-AP-Tunnel—The administrator can enable this option to create a GRE tunnel from each Instant AP to the VPN/GRE endpoint rather than the tunnels created just from the master Instant AP. When enabled, the traffic to the corporate network is sent through a Layer-2 GRE tunnel from the Instant AP itself and need not be forwarded through the master Instant AP.

h. To disconnect all wired and wireless users when the system switches during VPN tunnel transition from primary to backup and backup to primary, select the Reconnect User On Failover.

8. When the GRE tunnel configuration is completed on both the Instant AP and Controller, the packets sent from and received by an Instant AP are encapsulated, but not encrypted.