Users Guide
Figure 32 Specifying Firewall Rules
a. Specify the IP Version.
b. Configure the Source, Destination, and Service/Application for the rule.
c. For Action, select redirect to tunnel.
d. Enter the Tunnel ID.
e. Configure any additional options.
6. When satisfied with the settings, click Add, then click Apply.
In the CLI
To direct traffic into a GRE tunnel via a firewall policy (session-based ACL) via the CLI, use the following
command:
(Controller-1)(config) #ip access-list session <name>
<source> <destination> <service> redirect tunnel <id>
Configuring Tunnel Keepalives
The controller determines the status of a GRE tunnel by sending periodic keepalive frames on the Layer-2 or
Layer-3 GRE tunnel. When you enable tunnel keepalives, the tunnel is considered ādownā when the keepalives
fail repeatedly.
If you configure a firewall policy rule to redirect traffic to the tunnel, traffic is not forwarded to the tunnel until
it is "up." When the tunnel comes up or goes down, an SNMP trap and logging message is generated. The
remote endpoint of the tunnel does not need to support the keepalive mechanism.
The controller sends keepalive frames at 60-second intervals by default and retries keepalives up to three times
before the tunnel is considered down. You can change the default values of the intervals:
l For the interval, specify a value between 1 and 86400 seconds.
l For the retries, specify a value between 0 and 1024.
l To interoperate with Cisco network devices, use the cisco option.
In the WebUI
To configure keepalives (Heartbeats) via the WebUI:
1. On the controller, navigate to the Configuration > Network > IP > GRE Tunnels page.
2. Locate the tunnel ID for which you are enabling keepalives, then click Edit.
The Edit GRE Tunnel screen appears.
Dell Networking W-Series ArubaOS 6.4.x | User Guide Network Configuration Parameters | 192