Generic Routing Encapsulation (GRE) offers direct, point-to-point communication between network nodes with support for one to three termination points. GRE tunneling is configured to bridge Ethernet packets between WLANs and a remote WLAN gateway over an IPv4 GRE tunnel. The tunneling of 802.3 packets using GRE is an alternative to MiNT or L2TPv3. Related features like ACLs for extended VLANs are still available using layer 2 tunneling over GRE.
Using GRE, access points (APs) map one or more VLANs to a tunnel. The remote endpoint is a user configured WLAN gateway IP address, with an optional secondary IP address should connectivity to the primary GRE peer be lost. VLAN traffic is expected in both directions in the GRE tunnel. A WLAN mapped to these VLANs can be either open or secure. Secure WLANs require authentication to a remote RADIUS server available within your deployment using standard RADIUS protocols. The APs can reach both the GRE peer as well as the RADIUS server using IPv4.
Use this procedure to create a GRE tunnel profile for APs.
Note
You can override GRE profile settings for an individual AP. Go to Devices <select an AP> , and configure the parameters as described in this procedure.
.
associated with the target profile.
associated with the target profile.| Parameter | Description |
|---|---|
| Basic | |
| Name | Enter a GRE tunnel name. The name cannot be edited. |
| Native VLAN | Set a numerical VLAN ID in the range 1 – 4,094 for the native VLAN. The native VLAN allows an Ethernet device to associate untagged frames to a VLAN when no 802.1Q frame is included in the frame. Additionally, the native VLAN is the VLAN untagged traffic is directed over when using a port in trunk mode |
| Tunneled VLANs |
Identify the VLAN(s) that connected clients use to route GRE tunneled traffic within their respective WLANs. Enter a VLAN ID, then select Add. Select |
| IPv4 MTU |
Set an IPv4 tunnel‘s maximum transmission unit (MTU) in the range 900 – 1,476. The MTU is the largest physical packet size (in bytes) transmittable within the tunnel. Any messages larger than the MTU are divided into smaller packets before being sent. A larger MTU provides greater efficiency because each packet carries more user data while protocol overheads, such as headers or underlying per-packet delays, remain fixed; the resulting higher efficiency means a slight improvement in bulk protocol throughput. A larger MTU results in the processing of fewer packets for the same amount of data. For IPv4, the overhead is 24 bytes (20 bytes IPv4 header + 4 bytes GRE Header), thus the default setting for an IPv4 MTU is 1,476 |
| IPv6 MTU |
Set an IPv6 tunnel‘s MTU in the range 1,236 – 1,456. The MTU is the largest physical packet size (in bytes) transmit able within the tunnel. Any messages larger than the MTU are divided into smaller packets before being sent. A larger MTU provides greater efficiency because each packet carries more user data while protocol overheads, such as headers or underlying per-packet delays, remain fixed; the resulting higher efficiency means a slight improvement in bulk protocol throughput. A larger MTU results in the processing of fewer packets for the same amount of data. For IPv6, the overhead is 44 bytes (40 bytes IPv6 header + 4 bytes GRE header), thus the default setting for an IPv6 MTU is 1,456 |
| Native VLAN Tagged |
Select this option to tag the native VLAN. The IEEE 802.1Q specification is supported for tagging frames and coordinating VLANs between devices. IEEE 802.1Q adds four bytes to each frame identifying the VLAN ID for upstream devices that the frame belongs. If the upstream Ethernet device does not support IEEE 802.1Q tagging, it does not interpret the tagged frames. When VLAN tagging is required between devices, both devices must support tagging and be configured to accept tagged VLANs. When a frame is tagged, the 12 bit frame VLAN ID is added to the 802.1Q header so upstream Ethernet devices know which VLAN ID the frame belongs to. The device reads the 12 bit VLAN ID and forwards the frame to the appropriate VLAN. When a frame is received with no 802.1Q header, the upstream device classifies the frame using the default or native VLAN assigned to the Trunk port. The native VLAN allows an Ethernet device to associate untagged frames to a VLAN when no 802.1Q frame is included in the frame. This feature is not available by default |
| DSCP Options | |
| DSCP Options |
Use the slider to enable or disable Differentiated Services Code Point (DSCP) options. Select Reflect, or select the spinner control field and set the tunnel DSCP/802.1q priority value (1 – 63) from encapsulated packets to the outer packet IPv4 header. |
| Peer | |
| Add |
Select Add to identify a new GRE peer. Select |
| Peer Index | Assign a numeric index to each peer to help differentiate tunnel end points. |
| Peer IP Address | Identify the IP address of the added GRE peer to serve as a network address identifier. |
| Establishment Criteria | |
| Criteria | Select an establishment criteria from the criteria drop-down |
| VRRP Group |
Virtual Router Redundancy Protocol (VRRP) provides IP abstraction to key functionality in support of load balancing and high-availability functions. Pick a group between 1 to 255. |
| Failover | |
| Failover (enable/disable) | Use the slider to enable or disable the failover option to periodically ping the primary gateway to assess its availability for failover support. |
| Ping interval | Set the duration between two successive pings to the gateway. Define this value in seconds in the range 1 – 250 seconds. |
| Retries | Set the number of retry ping opportunities before the session is terminated in the range 1 – 10. |