Configure VPN Concentrators

The Tunnel Concentrator is effectively the IPv4 address of the tunnel termination point. Tunnel Concentrators are used with Generic Routing Encapsulation (GRE) tunnels to offer direct point-to-point traffic flow without involving the controller. The VPN Concentrator must first be configured as a device type in ExtremeCloud IQ Controller before it can be used to define a GRE tunneled topology.

Take the following steps to configure a Tunnel Concentrator:

  1. Log in to ExtremeCloud IQ Controller.
  2. Go to Configure > Devices > Tunnel Concentrators and select Add.
  3. Select one of the following:
    Managed
    For Extreme managed VPN Concentrators, the IKEv2 pre-shared key is generated automatically and cannot be edited when Secure connection (IPSec) is checked.
    Generic
    The IKEv2 pre-shared key can be configured (provided Secure connection (IPSec) is checked).
  4. Configure the following parameters:
    Serial Number
    The Tunnel Concentrator serial number cannot be updated after the concentrator is created.
    Name
    The Tunnel Concentrator name
    Description
    Optional description of the Tunnel Concentrator
    IP Address
    The IPv4 address of the tunnel termination point. Although each AP can support many GRE topologies, a single assigned topology supports three concentrators. IPv6 is not supported.
    Secure Connection (IPSec)
    Select IPSEC to add additional security. If you selected Generic configuration (above), when this option is selected, you have the option to provide a pre-shared key.
    IKEv2 pre-shared key
    If you selected Generic configuration (above), you can enter the password to access this wireless network. Select Mask to prevent the password characters from displaying.
  5. If you selected Managed configuration (above), enter the following GRE / IPSec tunnel termination point configuration details:
    Port
    The selection of port for listening and bridged interfaces is limited to 50 Gbps Mellanox cards:
    • Port1
    • Port2
    • Port3
    • Port4
    VLAN ID
    Specify the VLAN ID, or untagged.
    IP Address
    Enter the IP address. For CIDR, indicate the of number of network address prefix prefix bits.
    Gateway
    [Optional] Enter the gateway address.
  6. If you selected Managed configuration (above): Under GRE / IPSec bridge interface, for Port enter the bridged port number.
    The selection of port for listening and bridged interfaces is limited to 50 Gbps Mellanox cards:
    • Port3
    • Port4
9038918-00 Rev. AA