Tunneling provides a mechanism to transport packets of one protocol within another protocol. Generic Routing Encapsulation (GRE) is a tunneling mechanism that uses IP as the transport protocol and can be used to encapsulate many different protocols. The tunnel behaves as a virtual point-to-point link that has two endpoints identified by the tunnel source and tunnel destination addresses at each endpoint. The diagram below shows the encapsulation process of a GRE packet as it traverses the Arista AP and enters the GRE tunnel interface:
Arista APs support two types of GRE tunneling.
- EoGRE (Ethernet-over-Generic Routing Encapsulation) in bridge mode SSID.
- GRE with NAT SSID mode.
At the end of this article, an example is given to configure EoGRE on Cisco ASR router.
Note: GRE with NAT SSID only supports uni-directional traffic, where the tunnel is used to transmit data from AP to other end of the tunnel; however, traffic from the other end to the AP will not travel through the GRE tunnel.
- SSID profile should be configured in Bridged mode.
- Remote Endpoint should be reachable from the tunnel interface of the AP.
- On an AP, the Tunnel IP address configured in GRE mode should be unique across all VLANs and SSIDs.
- The “Local Endpoint VLAN” ID entered in the tunnel settings must be available on the Trunk Port where the AP is connected. If this matches the VLAN ID mapped to the SSID profile, the same VLAN ID must be available at the other side of the tunnel.
- On the same AP, if there are two or more SSIDs configured for GRE, they should have a unique remote end point or unique key or different SSID VLAN.
Wireless Manager implements the EoGRE functionality with a network interface profile configuration. A network interface profile represents the tunnel interface on the AP through which network traffic from the configured SSIDs can be routed to a remote endpoint which in turn re-routes this traffic to the intended path or destination. When you configure a network interface profile, you can specify a primary endpoint and a secondary endpoint. The wireless traffic is bridged to the secondary endpoint if the primary endpoint fails.
To configure EoGRE tunnel interface on Wireless Manager, navigate to Configuration > Device configuration > Network Interfaces > Add network Interface profile. Enter values for the network interface profile fields.
- Remote Endpoint (IP address/Hostname)
- GRE Primary Key: This key needs to be the same on both sides of tunnel.
- Local Endpoint VLAN: VLAN ID of the source interface on the AP.
- Once the tunnel interface has been created, navigate to Configuration > Device Configuration > SSID Profile and select the required SSID.
- In the network section, enable Remote Bridging and select the newly created Network Interface Profile.
- For the tunnel to be established, the administrator needs to ensure that the Remote Endpoint is configured properly to accept the tunnel request from the Arista AP.
Example: Configuration of Cisco ASR router with EoGRE
In this example, we have used Cisco ASR router as a remote end point. The configuration of Cisco ASR router is given below:
- Create a tunnel interface.
- Assign MAC address.
- Assign IP address same as the gateway of DHCP pool.
- Declare Gigabit interface, which has AP connected, as tunnel source.
- Declare tunnel mode (Ethernet over GRE for IPv4).
- Configure a tunnel key (optional) which should match with that of Arista AP
ASR(config)# interface Tunnel68 ASR(config-if)# mac-address 0000.5e00.0068 ASR(config-if)# ip address 192.168.68.252 255.255.255.0 ASR(config-if)# no ip redirects ASR(config-if)# tunnel source GigabitEthernet0/0/0 ASR(config-if)# tunnel mode ethernet gre ipv4 ASR(config-if)# tunnel key 2000 ASR(config-if)# tunnel vlan 2000 ASR(config-if)#exit
- DHCP pool configuration:
- Decide a DHCP pool subnet for tunneling. For example, 192.168.68.0 /24. Clients will get an IP address from this pool.
- Decide a gateway IP from this subnet. For example, 192.168.68.252.
- Exclude this gateway IP address from DHCP assignment (to avoid allotting this IP to any client) by using DHCP exclude command.
ASR(config)# ip dhcp pool DHCP_TUNNEL_68 ASR(dhcp-config)# network 192.168.68.0 255.255.255.0 ASR(dhcp-config)# default-router 192.168.68.252 ASR(dhcp-config)# ip dhcp excluded-address 192.168.68.252 ASR(dhcp-config)# dns-server 188.8.131.52 ASR(dhcp-config)# exit
Note: Cisco ASR router supports GRE with Advanced Enterprise Service License (SLASR1-AES).