Extreme Networks

AnonymousM · ‎07-04-2018

Hello! How does tunneling within aerohive work? I want to tunnel our "guest-VLAN" (which is in our DMZ) to another location which has no internet breakout.

bruce_stahlin · ‎07-06-2018

I did this in Classic quite a while ago. Some things may have changed, but here is how we configured the tunneling:

Assign static IP addressing on the APs that will be performing the tunneling.
Make sure all participating APs are using the same Network Policy
Setup a guest SSID
Setup authentication
Create a User Profile;
1. Assign the VLAN (we matched the DMZ VLAN);
2. Under "Optional Settings," drop "GRE Tunnels" menu and select "GRE tunnel for roaming or station isolation" and create a tunnel policy
  1. Name the Tunnel Policy
  2. Under "Tunnel Settings" select "Enable Static Identity-Based Tunnels" and
  3. Under "Tunnel Destination" enter the IP address of the AP that has access to the DMZ
  4. Under "Tunnel Source IPs or Subnets," Select the IP addresses of the APs in your remote facilities
  5. Generate a password under "Tunnel Authentication"

This will create the tunnels between the APs. You may still encounter issues when connecting, , e.g. DHCP, particularly if any firewalling is being performed. Additionally, you may want to place a firewall policy on the remote APs to prevent the DMZ addresses from accessing your private LANs int the remote facilities.

Let me know if you run into any issues.

Best,

BJ

View solution in original post

bruce_stahlin · ‎07-06-2018

I did this in Classic quite a while ago. Some things may have changed, but here is how we configured the tunneling:

Assign static IP addressing on the APs that will be performing the tunneling.
Make sure all participating APs are using the same Network Policy
Setup a guest SSID
Setup authentication
Create a User Profile;
1. Assign the VLAN (we matched the DMZ VLAN);
2. Under "Optional Settings," drop "GRE Tunnels" menu and select "GRE tunnel for roaming or station isolation" and create a tunnel policy
  1. Name the Tunnel Policy
  2. Under "Tunnel Settings" select "Enable Static Identity-Based Tunnels" and
  3. Under "Tunnel Destination" enter the IP address of the AP that has access to the DMZ
  4. Under "Tunnel Source IPs or Subnets," Select the IP addresses of the APs in your remote facilities
  5. Generate a password under "Tunnel Authentication"

This will create the tunnels between the APs. You may still encounter issues when connecting, , e.g. DHCP, particularly if any firewalling is being performed. Additionally, you may want to place a firewall policy on the remote APs to prevent the DMZ addresses from accessing your private LANs int the remote facilities.

Let me know if you run into any issues.

Best,

BJ

AnonymousM · ‎07-06-2018

8.2r1

bruce_stahlin · ‎07-06-2018

Understood, please send HM version for more specific details.

AnonymousM · ‎07-06-2018

Hello!

Thanks for your answers.

I think i have to explain more of my "Setup". So we have Network policies for each of our locations and our internetbreakout out is at our main Location. In the DMZ of our main Location we have created our guest-vlan which is used for our guest-wlan only. Now we want to establish a tunnel between the main Location and other Locations to use our guest-wlan at other locations too.

I read about the possibility of aerohive doing this, but can't seem to find where and how.

Thanks for your answers.