GRE tunnels between APs that can't see each other.

  • 2
  • Question
  • Updated 4 years ago
  • Answered
I've started watching traffic flows between buildings and I'm seeing AH AP330 access points communicating via GRE tunnels that are on completely opposite sides of the campus from each other.  I don't have any identity based tunnels created and I only have one dynamic layer 3 tunnel created.  I thought dynamic layer 3 tunnels were only created when the access points could hear each other over their radios.
Photo of Van Jones

Van Jones

  • 75 Posts
  • 4 Reply Likes

Posted 4 years ago

  • 2
Photo of Deven Ducommun

Deven Ducommun, Beta Program Manager

  • 53 Posts
  • 5 Reply Likes
Hi Van,

The APs also use their backhaul network to discover APs to form tunnels with.  So if they are in the same management VLAN they will be able to discover each other.  

Here is a link to a description of our Cooperative control protocols

http://www.aerohive.com/resource-library#529

HiveAP Auto Discovery & Self OrganizationCooperative control simplifies the deployment of HiveAPs by enabling them to 
automatically discover one another and by proactively synchronizing network state. 
HiveAPs have the ability to discover each other, whether they see each other over a 
wired network or a wireless network. When HiveAPs are powered on, they start to search 
for both wired and wireless HiveAP neighbors, and if neighbors are found with the same 
hive name and shared secret, they can build AES-secured connections to each other. 
Once the neighbor relationships have been established between HiveAPs in a Hive, they 
will run cooperative control protocols across wired and wireless links to provide 
fast/secure roaming, radio resource management, and resiliency. If HiveAPs discover 
neighboring HiveAPs that are in a different subnet, as long as the HiveAPs are configured 
with same hive name and hive shared secret settings, they will exchange IP information 
with each other and establish communications over the routed network infrastructure to 
provide cooperative control functionality across layer 3 boundaries. The beauty of 
cooperative control protocols is that they do not need to be configured, greatly 
decreasing the operational cost and complexity of deploying a modern wireless solution.
Photo of Van Jones

Van Jones

  • 75 Posts
  • 4 Reply Likes
So if I don't want access points creating tunnels with each other (access points that have no physical relation to each other), do I only need to make sure their management networks are in separate vlans?
Photo of Deven Ducommun

Deven Ducommun, Beta Program Manager

  • 53 Posts
  • 5 Reply Likes
Hi Van,

There are a number of ways to prevent them from forming tunnels.  Moving them out of the MGT network is one.  Another would be to separate them into different Hives.  This way the DA(designated AP) will not select them as part of the AMRP routing process.  

Hope that clears it up for you,

Deven