05-29-2022 05:56 AM
4 weeks ago - last edited 4 weeks ago
Let me know the solution please!
4 weeks ago - last edited 2 weeks ago
Configuring network controllers and access points reminds me of the importance of system optimization, similar to how Pyth staking ensures data accuracy in decentralized finance. Pyth allows users to contribute to reliable market data while earning rewards for their participation. The process of staking parallels network maintenance—both require precision and dependability. Just as reliable networks are vital for seamless connectivity, staking provides a robust foundation for financial systems. It's fascinating to see how these technical processes can mirror one another in different fields!
08-31-2022 04:38 PM
First of all what is the reason to tunnel via GRE when you can tunnel via MINT natively. Just use "bridging-mode tunnel" on SSID. On the controller you need just add respective vlan to ethernet interface on controller side.
Please be aware that with VX9000 tunneling is unsupported.
The only reason to tunnel via GRE is to use different than controller "tunnels concentrator".
The nice things about L2GRE tunnels in Wing are:
- You can have redundant GRE peers (concentrators)
- You can tunnel the traffic from whole RF domain via RF domain manager as well (use: "establishment-criteria rf-domain-manager")
I highly suggest to use AP profile to configure gre tunnels. It's easier
I did once configuration between Wing AP and Ubiquiti Edge Router Pro, catch the example for one AP with single UBNT Edge Router Pro:
wlan L2TUN
ssid L2TUN
vlan 10
bridging-mode local
encryption-type ccmp
authentication-type none
wpa-wpa2 psk 0 yourverysecretpass
relay-agent dhcp-option82
profile ap7632 ap7632-default
no autoinstall configuration
no autoinstall firmware
crypto ikev1 policy ikev1-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ikev2 policy ikev2-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ipsec transform-set default esp-aes-256 esp-sha-hmac
crypto ikev1 remote-vpn
crypto ikev2 remote-vpn
crypto auto-ipsec-secure
crypto load-management
crypto remote-vpn-client
interface radio1
wlan L2TUN bss 1 primary
interface radio2
wlan L2TUN bss 1 primary
interface bluetooth1
shutdown
mode le-sensor
interface ge1
interface vlan1
ip address dhcp
ip address zeroconf secondary
ip dhcp client request options all
interface pppoe1
use management-policy AP
use firewall-policy default
logging on
logging buffered debugging
controller vlan 1
service pm sys-restart
router ospf
gre tunnel VLAN10-Tun
peer 1 ip 192.168.9.1
tunneled-vlan 10,200
native vlan 200
no native tagged
dscp reflect
establishment-criteria always
adoption-mode controller
By default native vlan is "1". In my caee I had all my lab on on vlan1 so just in order
to not encapsulate untagged packets from vlan1 into gre i used vlan200 as a dummy placeholder (unused).
My target vlan is 10.
Of course to make all work you need to have a router which supports L2 GRE tunneling!
It's not Layer3 GRE, so be aware.
Ubiquiti config (VyOS):
set interfaces bridge br0 aging 300
set interfaces bridge br0 bridged-conntrack disable
set interfaces bridge br0 hello-time 5
set interfaces bridge br0 max-age 20
set interfaces bridge br0 multicast disable
set interfaces bridge br0 priority 32768
set interfaces bridge br0 promiscuous disable
set interfaces bridge br0 stp false
set interfaces ethernet eth1 address 192.168.9.1/24
set interfaces ethernet eth1 duplex auto
set interfaces ethernet eth1 speed auto
set interfaces ethernet eth2 bridge-group bridge br0
set interfaces ethernet eth2 duplex auto
set interfaces tunnel tun100 bridge-group bridge br0
set interfaces tunnel tun100 encapsulation gre-bridge
set interfaces tunnel tun100 local-ip 192.168.9.1
set interfaces tunnel tun100 multicast enable
set interfaces tunnel tun100 remote-ip 192.168.9.137
set interfaces tunnel tun100 ttl 255
In the example AP has address 192.168.9.137, and router has 192.168.9.1.
Also please bear in mind that GRE tunneling will have an impact on overall wireless performance as it is done in the software. I encountered 50% drop of real throughput.