Configure Tunnel Policies

A tunnel policy sets parameters for Layer 3 roaming, identity-based tunnels, standard GRE tunnels, or Layer 2 roaming using Tunnel Concentrator. Extreme Networks devices use dynamic tunnels to support client roaming between subnets and identity-based tunnels to transport user traffic from one part of the network to another. You can add new tunnel policies and view, modify, and remove previously defined policies.

You can enable the following types of GRE traffic tunneling:

Layer 3 Roaming
Adjusts roaming thresholds so that a device disassociates with a wireless client that has roamed to it from another subnet and has either been idle for a period of time, or for which traffic is below a specified threshold.
Identity-Based Traffic Tunneling
Tunnels guest traffic directly to the network.
Standard GRE Tunneling
Tunnels traffic to non-Extreme Networks tunnel endpoints.
Tunnel Concentrator
Tunnels traffic to Extreme Networks Tunnel Concentrator.

Use the following steps to add a new tunnel policy.

  1. Go to Configure > Common Objects > Network > Tunnel Policies.
  2. Select the plus sign.
  3. Enter a name for this policy.
  4. Enter an optional description for the policy.
    Although optional, descriptions can be helpful when you are troubleshooting your network.
  5. Select Layer 3 Roaming to adjust Layer 3 roaming thresholds.
    1. Specify a time period between 10 and 600 seconds.
    2. Specify a threshold number between 0 and 2147483647 packets per minute.
  6. Select Identity-based Traffic Tunneling to configure the tunnel source and destination, and to create a password or tunnel authentication.
    1. For the Tunnel Source, select a subnet from the drop-down list, or add a new subnet.
      To add a new IP address or host name, see Add IP Objects and Host Names.
    2. For Tunnel Destination, choose an IP address or host name from the drop-down list or add a new address or host name.
      To add a new IP Address or Host Name, see Add IP Objects and Host Names.
    3. For Tunnel Authentication, type the password the AP uses to authenticate to the GRE termination point.
  7. Select Standard GRE Tunneling to configure non-Extreme Networks tunnel endpoints.
    1. For Tunnel Destination, choose an IP address or host name from the drop-down list or add a new address or host name.
      To add a new IP address or host name, see Add IP Objects and Host Names.
    2. If you select Tunnel Mode dot1q, type, select, edit, or add the 802.1Q native VLAN ID.
      To add a VLAN ID, see Configure VLAN Settings.
    3. If you select Tunnel Mode Access Mode, type, select, edit, or add the VLAN ID.
      To add a VLAN ID, see Configure VLAN Settings.
  8. Select Tunnel Concentrator and then select the Tunnel Destination from the drop-down list.
    You can add a new Tunnel Concentrator service by selecting Add, or select Edit for an existing instance. For more information, see Configure Tunnel Concentrator Services.
  9. Select Save.

    The Tunnel Policies table displays the following information for the configured tunnel policies in your network:

    • Name: The name of the tunnel policy.
    • Description: An optional description of the policy.
    • Used by: The number of network policies to which the tunnel policy is applied. Hover over a number in this column to see the names of the network policies.
9039018-00 Rev AA