Cnpilot E-series Access Points supports Layer-2 generic routing encapsulation protocol (L2GRE, aka EoGRE or softGRE). As a tunnel peer, the AP encapsulates a packet payload for transport through the tunnel to a destination network. The layer-2 packets are first encapsulated in a GRE packet, and then the GRE packet is encapsulated in an IP protocol. The remote tunnel peer extracts the tunnelled packet and forwards the packet to its destination. This allows the source and destination peers to operate as if they have a virtual point-to-point connection with each other.
Supported SW release
3.1.1.r16 or Later
General L2GRE deployment topology
L2GRE tunnel is stateless, and the tunnel peer cannot track any information about the state or availability of the remote tunnel end point. Hence the AP operating as a tunnel source peer, cannot reflect the state of the tunnel end point
Configure from GUI
Navigate to the Configuration > Networks tab -> Tunnel.
Select L2GRE option from the Tunnel Encapsulation drop-down list.
Under L2GRE, enter the IP address or domain name of the remote host in the ‘Remote Host’ textbox.
Click Save
Tunnel WLAN traffic through the L2GRE tunnel
Naviagate to configure -> WLAN .
Select the WLAN interface from the list of WLANs
Enable the 'tunnel mode' from the advanced section.
Configure from CLI
Tunnel Status from GUI
Tunnel Status From CLI
Advanced configuration of L2GRE tunnel
Path MTU Discovery
AP supports path MTU discovery feature to request the wireless clients to send smaller packets, so that the extra headers addition (GRE and IP header added by the AP) may not lead to fragmentation on AP. Which improves the throughput. The path MTU discovery is disabled by default.
TCP mss clamping
The AP supports tcp mss clamping feature to avoid fragmenting the TCP packets after the extra header addition. This feature is enabled by default. The TCP MSS field is a configurable parameter. This feature boosts the TCP throughput over the GRE tunnel.
Differentiated Services Codepoint (DSCP)
AP supports DSCP configuration. When a network experiences congestion and delay, some packets might get dropped and while the rest are allowed. This is decided by the DSCP value of the packet. DSCP configuration provides flexibility to prioritize the tunnel traffic between the L2GRE peers.
Notes
1. L2GRE tunnel does not tunnel the traffic from the ethernet interface
2. Captive portal service is supported on tunneled WLAN
3. For a tunneled WLAN, the DHCP server, DNS server and the Default GW should be available over the tunnel.
GRE Tunnel configuration cnMaestro
While installing cnMaestro on esxi , map two Nic cards to the ova instance. Eth0 will be used to GRE tunnel termination and Eth1 will be used to bridge the traffic to the backend switch after removing GRE header.
GRE tunnel configuration page on cnMaestro.
Click save after completing the configuration.
NOTE: Eth1 should be configured in data mode.
Steps to configure the eth1 in data mode. SSH to cnMaestro ip. Login with the default username/password.
Click on Network and select eth1 interface.
Now select the mode and click ok
Select yes.
select ok
Ensure Interface mode is Data. and select Back.
This complete the cnMaestro configuration for GRE tunnel termination.
- ssh_to_cnMaestro_png.png (10.9 KB)