- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎07-04-2018 07:54 AM
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎07-06-2018 07:07 PM
I did this in Classic quite a while ago. Some things may have changed, but here is how we configured the tunneling:
- Assign static IP addressing on the APs that will be performing the tunneling.
- Make sure all participating APs are using the same Network Policy
- Setup a guest SSID
- Setup authentication
- Create a User Profile;
- Assign the VLAN (we matched the DMZ VLAN);
- Under "Optional Settings," drop "GRE Tunnels" menu and select "GRE tunnel for roaming or station isolation" and create a tunnel policy
- Name the Tunnel Policy
- Under "Tunnel Settings" select "Enable Static Identity-Based Tunnels" and
- Under "Tunnel Destination" enter the IP address of the AP that has access to the DMZ
- Under "Tunnel Source IPs or Subnets," Select the IP addresses of the APs in your remote facilities
- Generate a password under "Tunnel Authentication"
This will create the tunnels between the APs. You may still encounter issues when connecting, , e.g. DHCP, particularly if any firewalling is being performed. Additionally, you may want to place a firewall policy on the remote APs to prevent the DMZ addresses from accessing your private LANs int the remote facilities.
Let me know if you run into any issues.
Best,
BJ
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎07-06-2018 07:07 PM
I did this in Classic quite a while ago. Some things may have changed, but here is how we configured the tunneling:
- Assign static IP addressing on the APs that will be performing the tunneling.
- Make sure all participating APs are using the same Network Policy
- Setup a guest SSID
- Setup authentication
- Create a User Profile;
- Assign the VLAN (we matched the DMZ VLAN);
- Under "Optional Settings," drop "GRE Tunnels" menu and select "GRE tunnel for roaming or station isolation" and create a tunnel policy
- Name the Tunnel Policy
- Under "Tunnel Settings" select "Enable Static Identity-Based Tunnels" and
- Under "Tunnel Destination" enter the IP address of the AP that has access to the DMZ
- Under "Tunnel Source IPs or Subnets," Select the IP addresses of the APs in your remote facilities
- Generate a password under "Tunnel Authentication"
This will create the tunnels between the APs. You may still encounter issues when connecting, , e.g. DHCP, particularly if any firewalling is being performed. Additionally, you may want to place a firewall policy on the remote APs to prevent the DMZ addresses from accessing your private LANs int the remote facilities.
Let me know if you run into any issues.
Best,
BJ
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎07-06-2018 09:35 AM
8.2r1
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎07-06-2018 08:24 AM
Understood, please send HM version for more specific details.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎07-06-2018 07:07 AM
Hello!
Thanks for your answers.
I think i have to explain more of my "Setup". So we have Network policies for each of our locations and our internetbreakout out is at our main Location. In the DMZ of our main Location we have created our guest-vlan which is used for our guest-wlan only. Now we want to establish a tunnel between the main Location and other Locations to use our guest-wlan at other locations too.
I read about the possibility of aerohive doing this, but can't seem to find where and how.
Thanks for your answers.
