GRE Network Configuration

About this task

GRE tunneling is configured to bridge Ethernet packets between WLANs and a remote WLAN gateway over an IPv4 GRE tunnel. The tunneling of 802.3 packets using GRE is an alternative to MiNT or L2TPv3. Related features like ACLs for extended VLANs are still available using layer 2 tunneling over GRE.

Using GRE, access points map one or more VLANs to a tunnel. The remote endpoint is a user configured WLAN gateway IP address, with an optional secondary IP address should connectivity to the primary GRE peer be lost. VLAN traffic is expected in both directions in the GRE tunnel. A WLAN mapped to these VLANs can be either open or secure. Secure WLANs require authentication to a remote RADIUS server available within your deployment using standard RADIUS protocols. The access points can reach both the GRE peer as well as the RADIUS server using IPv4.

The maximum limits on GRE tunnel configuration for each platform are as follows:

Platform Maximum GRE Tunnels Supported
NX5500 512
NX7500 1000
NX9610 1024
CX9000 Not suppported
VX9000 Not suppported

Procedure

  1. Select an access point from the profile or device name list.
  2. Navigate to Network > GRE.
  3. The GRE dashboard opens.
  4. Select Add to configure GRE settings:
    1. Configure GRE Basic Configuration parameters:
      Field Description
      Name Define a GRE tunnel name for new configurations
      Tunneled VLANs Define the VLAN connected clients use to route GRE tunneled traffic within their respective WLANs
      Native VLAN Set a numerical VLAN ID (1 to 4,094) for the native VLAN. The native VLAN allows an Ethernet device to associate untagged frames to a VLAN when no 802.1Q frame is included in the frame. Additionally, the native VLAN is the VLAN untagged traffic is directed over when using a port in trunk mode
      Native VLAN tagged Select this option to tag the native VLAN. The IEEE 802.1Q specification is supported for tagging frames and coordinating VLANs between devices. IEEE 802.1Q adds four bytes to each frame identifying the VLAN ID for upstream devices that the frame belongs. If the upstream Ethernet device does not support IEEE 802.1Q tagging, it does not interpret the tagged frames. When VLAN tagging is required between devices, both devices must support tagging and be configured to accept tagged VLANs. When a frame is tagged, the 12 bit frame VLAN ID is added to the 802.1Q header so upstream Ethernet devices know which VLAN ID the frame belongs to. The device reads the 12 bit VLAN ID and forwards the frame to the appropriate VLAN. When a frame is received with no 802.1Q header, the upstream device classifies the frame using the default or native VLAN assigned to the Trunk port. The native VLAN allows an Ethernet device to associate untagged frames to a VLAN when no 802.1Q frame is included in the frame. This feature is not available by default
      IPv4 MTU Set an IPv4 tunnel‘s maximum transmission unit (MTU) from 900 to 1,476. The MTU is the largest physical packet size (in bytes) transmittable within the tunnel. Any messages larger than the MTU are divided into smaller packets before being sent. A larger MTU provides greater efficiency because each packet carries more user data while protocol overheads, such as headers or underlying per-packet delays, remain fixed; the resulting higher efficiency means a slight improvement in bulk protocol throughput. A larger MTU results in the processing of fewer packets for the same amount of data. For IPv4, the overhead is 24 bytes (20 bytes IPv4 header + 4 bytes GRE Header), thus the default setting for an IPv4 MTU is 1,476
      IPv6 MTU Set an IPv6 tunnel‘s MTU from 1,236 to 1,456. The MTU is the largest physical packet size (in bytes) transmit able within the tunnel. Any messages larger than the MTU are divided into smaller packets before being sent. A larger MTU provides greater efficiency because each packet carries more user data while protocol overheads, such as headers or underlying per-packet delays, remain fixed; the resulting higher efficiency means a slight improvement in bulk protocol throughput. A larger MTU results in the processing of fewer packets for the same amount of data. For IPv6, the overhead is 44 bytes (40 bytes IPv6 header + 4 bytes GRE header), thus the default setting for an IPv6 MTU is 1,456
    2. Configure DSCP options. Use the slider to enable or clear the DSCP options. Set the tunnel DSCP / 802.1q priority value from encapsulated packets to the outer packet IPv4 header.
    3. Configure Peer settings:
      Field Description
      Peer Index Assign a numeric index to each peer to help differentiate tunnel end points
      Peer IP Address Define the IP address of the added GRE peer to serve as a network address identifier
    4. Configure Establishment Criteria parameters:
      Field Description
      Criteria Select an establishment criteria from the criteria drop-down
      VRRP group Pick a group between 1 to 255
    5. Define Failover parameters. Use the Failover slider to configure failover settings. Select the failover option to periodically ping the primary gateway to assess its availability for failover support.
      Field Description
      Ping interval Set the duration between two successive pings to the gateway. Define this value in seconds from 1 to 250 seconds
      Retries Set the number of retry ping opportunities before the session is terminated between 1 to 10
    6. Select Add to save GRE basic configuration settings.
  5. Select Save to apply GRE configuration parameters.