Tunnel Concentrator lets you configure point-to-point tunneling between wireless access points and the Tunnel Concentrator application, which runs on the Universal Compute Platform. Tunnel Concentrator serves as the tunnel termination point and forwards the received traffic on to the data center, where the traffic can be aggregated.
To provision tunneling, administrators configure tunneling settings for a given VLAN and map the VLAN across the WLAN network.
The transport method, whether GRE or IPSec, depends on the management solution. For deployments managed by ExtremeCloud IQ, only GRE encapsulation is supported. For wireless deployments managed by ExtremeCloud IQ Controller, IPSec is the default encapsulation, but GRE is also supported.
All tunneling sessions get initiated by the access point. If the traffic matches a GRE-based user policy that terminates at a Tunnel Concentrator, the access point adds the GRE headers automatically before forwarding the traffic. After receiving the traffic, Tunnel Concentrator removes the GRE header, and forwards the traffic to the appropriate location in the traffic data center. For any response traffic, the process flow occurs in the reverse order.
Note
IPSec is supported only when you deploy Tunnel Concentrator with ExtremeCloud IQ Controller as the management application. With this option, the AP also encrypts the GRE header.
Note
Tunneling is supported only between the access point and Tunnel Concentrator. It is not supported to deploy a NAT router in the middle of the tunnel.