• All Files
Aruba Central Online Help
You are here: Home > Managing Access Points > Configuring Access Points > Configuring a GRE VPN Tunnel

Configuring a GRE VPN Tunnel

You can also manually configure a GREGeneric Routing Encapsulation. GRE is an IP encapsulation protocol that is used to transport packets over a network. tunnel by configuring the GRE tunnel parameters on the Instant Access Point (IAP) and controller. This procedure describes the steps involved in the manual configuration of a GRE tunnel from virtual controller by using Aruba Central (on-premises).

During the manual GRE setup, you can either use the virtual controller IP or the IAP IP to create the GRE tunnel at the controller side depending upon the following IAP settings:

  • If a virtual controller IP is configured and if Per-AP tunnel is disabled, the virtual controller IP is used to create the GRE tunnel.
  • If a virtual controller IP is not configured or if Per-AP tunnel is enabled, the IAP IP is used to create the GRE tunnel.

To configure the GRE tunnel manually, complete the following steps:

  1. In the Network Operations app, set the filter to a group containing at least one AP.

    The dashboard context for the group is displayed.

  2. Under Manage, click Devices > Access Points.

    A list of APs is displayed in the List view.

  3. Click the Config icon.

    The tabs to configure the APs are displayed.

  4. Click Show Advanced.
  5. Click the VPN tab.

    The VPNVirtual Private Network. VPN enables secure access to a corporate network when located remotely. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security, and management policies of the private network. This is done by establishing a virtual point-to-point connection through the use of dedicated connections, encryption, or a combination of the two. page is displayed.

  6. Click the Controller accordion.

  7. In the Protocol drop-down list, select Manual GRE.

  8. Specify the following parameters:

    1. Host—Enter the IPv4 or IPv6 address or FQDNFully Qualified Domain Name. FQDN is a complete domain name that identifies a computer or host on the Internet. for the main VPN/GRE tunnel.
    2. Backup Host—(Optional) Enter the IPv4 or IPv6 address or FQDN for the backup VPN/GRE tunnel. You can edit this field only after you enter the IP address or FQDN in the Host field.
    3. Reconnect User On Failover—When you enter the host IP address and backup host IP address, this field appears. Select this check-box to disconnect all wired and wireless users when the system switches during VPN tunnel transition from primary to backup and backup to primary. To disconnect all wired and wireless users when the system switches during VPN tunnel transition from primary to backup and backup to primary, select the Reconnect User On Failover.
    4. Reconnect Time On Failover—If you select the Reconnect User On Failover check-box, this field appears. To configure an interval for which wired and wireless users must be disconnected during a VPN tunnel switch, specify a value within a range of 30-90 seconds. By default, the reconnection duration is set to 60 seconds.
    5. GRE Type—Enter a value for the parameter.
    6. GRE Mtu—Specify a size for the GRE MTU within the range of 1024–1500. After GRE encapsulation, if packet length exceeds the configured MTUMaximum Transmission Unit. MTU is the largest size packet or frame specified in octets (eight-bit bytes) that can be sent in networks such as the Internet., IP fragmentation occurs. The default MTU size is 1300.
    7. Per-AP-Tunnel—The administrator can enable this option to create a GRE tunnel from each IAP to the VPN/GRE endpoint rather than the tunnels created just from the conductor IAP. When enabled, the traffic to the corporate network is sent through a Layer-2 GRE tunnel from the IAP itself and need not be forwarded through the conductor IAP.

      By default, the Per-AP tunnel option is disabled.

    8. Branch Name—Select the branch name from the Branch Name drop-down list.
  9. When the GRE tunnel configuration is completed on both the IAP and Controller, the packets sent from and received by an IAP are encapsulated, but not encrypted.