User's Manual

169 | Network Configuration Parameters Dell Networking W-Series ArubaOS 6.4.x| User Guide
Directing Traffic into the Tunnel
You can direct traffic into the tunnel by configuring one of the following:
l Static route, which redirects traffic to the IP address of the tunnel
While redirecting traffic through L3 GRETunnel the controller's tunnel IPaddress should be used as the next-
hop,instead of providing the destination IP address.
l Firewall policy (session-based ACL), which redirects traffic to the specified tunnel ID
Static Routes
You can configure a static route that specifies the IP address of a tunnel as the next-hop for traffic for a specific
destination. See Configuring Static Routes on page 165 for descriptions of how to configure a static route.
Firewall Policy
You can configure a firewall policy rule to redirect selected traffic into a tunnel.
Traffic redirected by a firewall policy rule is not forwarded to a tunnel that is down” (see Tunnel Keepalives on
page 169 for more information on how GRE tunnel status is determined).
In the WebUI
1. Navigate to the Configuration > Security > Access Control > Policies page.
2. Click Add to create a new firewall policy, or click Edit to edit a specific policy.
3. Click Add to create a new policy rule.
4. Configure the Source, Destination, and Service for the rule.
5. For Action, select redirect to tunnel. Enter the tunnel ID.
6. Configure any additional options, and click Add.
7. Click Apply.
In the CLI
Use the following commands:
(host)(config) #ip access-list session <name>
<source> <destination> <service> redirect tunnel <id>
Tunnel Keepalives
The controller can determine the status of a GRE tunnel by sending periodic keepalive frames on the L2 or L3
GRE tunnel. If you enable tunnel keepalives, the tunnel is considered “down” if there is repeated failure of the
keepalives. If you configured a firewall policy rule to redirect traffic to the tunnel, traffic is not forwarded to the
tunnel until it is up. When the tunnel comes up or goes down, an SNMP trap and logging message is
generated. The remote endpoint of the tunnel does not need to support the keepalive mechanism.
The controller sends keepalive frames at 60-second intervals by default and retries keepalives up to three times
before the tunnel is considered down. You can reconfigure the intervals from the default. For the interval,
specify a value between 1 and 86400 seconds. For the retries, specify a value between 0 and 1024.
In the WebUI
1. Navigate to the Configuration > Network > IP > GRE Tunnels page.
2. Click Edit for the tunnel for which you are enabling tunnel keepalives.
3. Select Enable Heartbeats to enable tunnel keepalives and display the Heartbeat Interval and Heartbeat
Retries fields.
4. Enter values for Heartbeat Interval and Heartbeat Retries.