cancel
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 

Hello! How does tunneling within aerohive work? I want to tunnel our "guest-VLAN" (which is in our DMZ) to another location which has no internet breakout.

Hello! How does tunneling within aerohive work? I want to tunnel our "guest-VLAN" (which is in our DMZ) to another location which has no internet breakout.

AnonymousM
Valued Contributor II
Hello! How does tunneling within aerohive work? I want to tunnel our "guest-VLAN" (which is in our DMZ) to another location which has no internet breakout.
1 ACCEPTED SOLUTION

bruce_stahlin
Contributor III

I did this in Classic quite a while ago. Some things may have changed, but here is how we configured the tunneling:

  1. Assign static IP addressing on the APs that will be performing the tunneling.
  2. Make sure all participating APs are using the same Network Policy
  3. Setup a guest SSID
  4. Setup authentication
  5. Create a User Profile;
    1. Assign the VLAN (we matched the DMZ VLAN);
    2. Under "Optional Settings," drop "GRE Tunnels" menu and select "GRE tunnel for roaming or station isolation" and create a tunnel policy
      1. Name the Tunnel Policy
      2. Under "Tunnel Settings" select "Enable Static Identity-Based Tunnels" and
      3. Under "Tunnel Destination" enter the IP address of the AP that has access to the DMZ
      4. Under "Tunnel Source IPs or Subnets," Select the IP addresses of the APs in your remote facilities
      5. Generate a password under "Tunnel Authentication"

 

This will create the tunnels between the APs. You may still encounter issues when connecting, , e.g. DHCP, particularly if any firewalling is being performed. Additionally, you may want to place a firewall policy on the remote APs to prevent the DMZ addresses from accessing your private LANs int the remote facilities.

 

Let me know if you run into any issues.

 

Best,

BJ

View solution in original post

8 REPLIES 8

bruce_stahlin
Contributor III

You will perform Identity-based traffic tunneling between devices in the same network policy. Here are the basic steps:

  • Create a user profile; http://docs.aerohive.com/330000/docs/help/english/ng/Content/gui/configuration/viewing-user-profile-list.htm
  • Click the Traffic Tunneling tab
  • Toggle the Traffic Tunneling (GRE) switch to On and select Identity-Based Traffic Tunneling
  • Select the Tunnel Source, Destination, and the Authentication.

If you need greater detail, let me know which version of HM you're running & whether it's cloud or on-prem.

 

Best,

BJ

 

dsouri
Contributor III

Hi Florian,

 

Please see this article on NAT DHCP:

https://thehivecommunity.aerohive.com/s/article/NAT-DHCP

 

Let me know if I can help,

 

Happy to assist, 

David Souri

HiveCommunity Moderator

AnonymousM
Valued Contributor II

And we are using 330s and 250 at our main facility, 250 and 1130s at the other facilities.

AnonymousM
Valued Contributor II

Thanks for any help! šŸ™‚

 

GTM-P2G8KFN