This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ
- Extreme Networks
- Community List
- Legacy
- Aerohive Migrated Content
- Re: Hello! How does tunneling within aerohive wor...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Hello! How does tunneling within aerohive work? I want to tunnel our "guest-VLAN" (which is in our DMZ) to another location which has no internet breakout.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
ā07-04-2018 07:54 AM
Hello!
How does tunneling within aerohive work? I want to tunnel our "guest-VLAN" (which is in our DMZ) to another location which has no internet breakout.
Solved! Go to Solution.
1 ACCEPTED SOLUTION
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
ā07-06-2018 07:07 PM
I did this in Classic quite a while ago. Some things may have changed, but here is how we configured the tunneling:
- Assign static IP addressing on the APs that will be performing the tunneling.
- Make sure all participating APs are using the same Network Policy
- Setup a guest SSID
- Setup authentication
- Create a User Profile;
- Assign the VLAN (we matched the DMZ VLAN);
- Under "Optional Settings," drop "GRE Tunnels" menu and select "GRE tunnel for roaming or station isolation" and create a tunnel policy
- Name the Tunnel Policy
- Under "Tunnel Settings" select "Enable Static Identity-Based Tunnels" and
- Under "Tunnel Destination" enter the IP address of the AP that has access to the DMZ
- Under "Tunnel Source IPs or Subnets," Select the IP addresses of the APs in your remote facilities
- Generate a password under "Tunnel Authentication"
This will create the tunnels between the APs. You may still encounter issues when connecting, , e.g. DHCP, particularly if any firewalling is being performed. Additionally, you may want to place a firewall policy on the remote APs to prevent the DMZ addresses from accessing your private LANs int the remote facilities.
Let me know if you run into any issues.
Best,
BJ
8 REPLIES 8
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
ā07-05-2018 08:50 PM
You will perform Identity-based traffic tunneling between devices in the same network policy. Here are the basic steps:
- Create a user profile; http://docs.aerohive.com/330000/docs/help/english/ng/Content/gui/configuration/viewing-user-profile-list.htm
- Click the Traffic Tunneling tab
- Toggle the Traffic Tunneling (GRE) switch to On and select Identity-Based Traffic Tunneling
- Select the Tunnel Source, Destination, and the Authentication.
If you need greater detail, let me know which version of HM you're running & whether it's cloud or on-prem.
Best,
BJ
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
ā07-05-2018 07:22 PM
Hi Florian,
Please see this article on NAT DHCP:
https://thehivecommunity.aerohive.com/s/article/NAT-DHCP
Let me know if I can help,
Happy to assist,
David Souri
HiveCommunity Moderator
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
ā07-04-2018 08:26 AM
And we are using 330s and 250 at our main facility, 250 and 1130s at the other facilities.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
ā07-04-2018 07:54 AM
Thanks for any help! š
