Layer-2 Generic Routing Encapsulation (L2GRE/softGRE) support on cnPilot E-series Devices

Cnpilot E-series Access Points supports Layer-2 generic routing encapsulation protocol  (L2GRE, aka EoGRE or softGRE). As a tunnel peer, the AP encapsulates a packet payload for transport through the tunnel to a destination network. The layer-2 packets are first encapsulated in a GRE packet, and then the GRE packet is encapsulated in an IP protocol. The remote tunnel peer extracts the tunnelled packet and forwards the packet to its destination. This allows the source and destination peers to operate as if they have a virtual point-to-point connection with each other.

Supported SW release

3.1.1.r16 or Later

 

General L2GRE deployment topology

 

 

L2GRE tunnel is stateless, and the tunnel peer cannot track any information about the state or availability of the remote tunnel end point. Hence the AP operating as a tunnel source peer, cannot reflect the state of the tunnel end point

  

Configure from GUI

 

Navigate to the Configuration > Networks tab -> Tunnel.

 

Select L2GRE option from the Tunnel Encapsulation drop-down list.

Under L2GRE, enter the IP address or domain name of the remote host in the ‘Remote Host’ textbox.

 

Click Save

 

Tunnel WLAN traffic through the L2GRE tunnel

Naviagate to configure  -> WLAN .

Select the WLAN interface from the list of WLANs 

 

 Enable the 'tunnel mode' from the advanced section.

 

Configure from CLI

 

 

Tunnel Status from GUI

 

Tunnel Status From CLI

 

 

Advanced configuration of L2GRE tunnel

 

Path MTU Discovery

AP supports path MTU discovery feature to request the wireless clients to send smaller packets, so that the extra headers addition (GRE and IP header added by the AP) may not lead to fragmentation on AP. Which improves the throughput. The path MTU discovery is disabled by default.

 

 

TCP mss clamping

The AP supports tcp mss clamping feature to avoid fragmenting the TCP packets after the  extra header addition. This feature is enabled by default. The TCP MSS field is a configurable parameter. This feature boosts the TCP throughput over the GRE tunnel.

 

 

Differentiated Services Codepoint (DSCP)

AP supports DSCP configuration. When a network experiences congestion and delay, some packets might get dropped and while the rest are allowed. This is decided by the DSCP value of the packet. DSCP configuration provides flexibility to prioritize the tunnel traffic between the L2GRE peers.

 

 

 

 

Notes

1. L2GRE tunnel does not tunnel the traffic from the ethernet interface

2. Captive portal service is supported on tunneled WLAN

3. For a tunneled WLAN, the DHCP server, DNS server and the Default GW should be available over the tunnel.

GRE Tunnel configuration cnMaestro 

While installing cnMaestro on esxi , map two Nic cards to the ova instance. Eth0 will be used to GRE tunnel termination and Eth1 will be used to bridge the traffic to the backend switch after removing GRE header.

GRE tunnel configuration page on cnMaestro. 

  

Click save after completing the configuration. 

NOTE: Eth1 should be configured in data mode.

Steps to configure the eth1 in data mode.  SSH to cnMaestro ip. Login with the default username/password.

Click on Network and select eth1 interface.

Now select the mode and click ok 

Select yes. 

select ok

Ensure Interface mode is Data. and select Back.

This complete the cnMaestro configuration for GRE tunnel termination.

13 Likes