Aruba GRE tunnels for tunnel mode

While in tunnel mode, each vendor will send the traffic to the wireless controller, which will act as a portal to translate wireless frame to the wired frame and send it to the LAN.

In this example we have 3 SSIDs: corporate, guest, mobile. For each SSID for each band the AP will create a GRE tunnel with the Mobility Controller (MC) on AOS  8.2.

First command in CLI for gathering information about BSSIDs on each radio:

show ap bss-table

Example for the lab AP:

(testWLC) *#show ap bss-table | include 10.76.120.33

fm (forward mode): T-Tunnel, S-Split, D-Decrypt Tunnel, B-Bridge (s-standard, p-persistent, b-backup, a-always), n-anyspot

cluster (cluster role): U-UAC, A-AAC, sU-Standby UAC, sA-Standby AAC

Aruba AP BSS Table
------------------
bss                ess         port  ip               phy    type  ch/EIRP/max-EIRP  cur-cl  ap name  in-t(s)  tot-t            mtu   acl-state  acl  fm  cluster  datazone
---                ---         ----  --               ---    ----  ----------------  ------  -------  -------  -----            ---   ---------  ---  --  -------  --------
84:d4:7e:cf:53:50  corporate   N/A   10.76.120.33     a-VHT  ap    36+/13.0/23.0     0       testAP   0        12d:4h:58m:42s   1500  -          2    T   A        no
84:d4:7e:cf:53:51  guest       N/A   10.76.120.33     a-VHT  ap    36+/13.0/23.0     0       testAP   0        12d:4h:58m:44s   1500  -          82   T   A        no
84:d4:7e:cf:53:52  mobile      N/A   10.76.120.33     a-VHT  ap    36+/13.0/23.0     0       testAP   0        12d:4h:58m:49s   1500  -          2    T   A        no
84:d4:7e:cf:53:40  corporate   N/A   10.76.120.33     g-HT   ap    6/9.0/18.5        0       testAP   0        12d:4h:58m:53s   1500  -          2    T   A        no
84:d4:7e:cf:53:41  guest       N/A   10.76.120.33     g-HT   ap    6/9.0/18.5        0       testAP   0        12d:4h:58m:54s   1500  -          82   T   A        no
84:d4:7e:cf:53:42  mobile      N/A   10.76.120.33     g-HT   ap    6/9.0/18.5        0       testAP   0        12d:4h:58m:59s   1500  -          2    T   A        no

 

Next command will display tunnel information on MC established from the test AP:

show datapath tunnel table

Example:

(testWLC) *#show datapath tunnel table | include 10.76.120.33


Datapath Tunnel Table Entries
-----------------------------
Flags: E - Ether encap,  I - Wi-Fi encap,  R - Wired tunnel,  F - IP fragment OK
       W - WEP,  K - TKIP,  A - AESCCM,  G - AESGCM,  M - no mcast src filtering
       S - Single encrypt,  U - Untagged,  X - Tunneled node,  1(cert-id) - 802.1X Term-PEAP
       2(cert-id) - 802.1X Term-TLS,  T - Trusted,  L - No looping, d - Drop Bcast/Unknown Mcast,
       D - Decrypt tunnel,  a - Reduce ARP packets in the air, e - EAPOL only
       C - Prohibit new calls, P - Permanent, m - Convert multicast
       n - Convert RAs to unicast(VLAN Pooling/L3 Mobility enabled), s - Split tunnel
       V - enforce user vlan(open clients only), x - Striping IP, z - Datazone
       H - Standby (HA-Lite), u - Cluster UAC tunnel, b - Active AAC tunnel, t - Cluster s-AAC tunnel
       c - IP Compression, g - PAN GlobalProtect Tunnel, w - Tunneled Node Heartbeat
       B - Cluster A-SAC Mcast, G - Cluster S-SAC Mcast, l - Tunneled Node user tunnel
       f - Static GRE Tunnels, k- keepalive enabled

 #          Source       Destination    Prt  Type  MTU   VLAN       Acls                    BSSID          Decaps     Encaps   Heartbeats Flags            EncapKBytes  DecapKBytes
------  --------------  --------------  ---  ----  ----  ---- -----------------------  ----------------- ---------- ---------- ---------- --------------- ------------- -----------
802     10.10.10.5      10.76.120.33    47   8200  1500  100  0   0    2    0    0     84:D4:7E:CF:53:50          6         50          0 IMASPab
6148    10.10.10.5      10.76.120.33    47   8210  1500  140  0   0    82   0    0     84:D4:7E:CF:53:51      68371      90935          0 IMSPanb
3757    10.10.10.5      10.76.120.33    47   8220  1500  120  0   0    2    0    0     84:D4:7E:CF:53:52        125        220          0 IMASPab
6466    10.10.10.5      10.76.120.33    47   8300  1500  100  0   0    2    0    0     84:D4:7E:CF:53:40    4670892   18782156          0 IMASPab
3848    10.10.10.5      10.76.120.33    47   8310  1500  140  0   0    82   0    0     84:D4:7E:CF:53:41        489        912          0 IMSPanb
3474    10.10.10.5      10.76.120.33    47   8320  1500  120  0   0    2    0    0     84:D4:7E:CF:53:42        268        497          0 IMASPab
6531    10.10.10.5      10.76.120.33    47   9000  1500  0    0   0    0    0    0     20:A8:B9:C0:28:54    1061492          0    1043946 TES

 

Aruba MC distinguishes by the tunnel type, described below:

SSID corporate 5GHz    - type 8200
SSID corporate 2.4 GHz - type 8300

SSID guest 5GHz        - type 8210
SSID guest 2.4 GHz     - type 8310

SSID mobile 5GHz       - type 8220
SSID mobile 2.4 GHz    - type 8320

keepalive AP-MC        - type 9000

 

Summary for the lab scenario:

3 SSIDs enabled on both radios (3 x 2) = 6 tunnels for data traffic
1 keepalive tunnel between AP-MC

In total 7 different GRE tunnels between AP and MC.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s