Configuring Tunnel Node Server on AOS-Switches

Aruba Central (on-premises) allows you to configure tunneled node on switches. The tunneled node connects to one or more client devices at the edge of the network and then establishes a secure Generic Routing Encapsulation (GREGeneric Routing Encapsulation. GRE is an IP encapsulation protocol that is used to transport packets over a network.) tunnel to the controlling concentrator server. You can configure either Port-Based Tunnel or User-Based Tunnel using UI groups.

To modify the reserved VLANVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN., change the mode to No Tunnel and click Save Settings, then change the mode back to User-Based Tunnel.

The Tunnel Node Server configuration cannot be modified when tunneled clients are active.

To configure a tunneled node on the switch, complete the following steps:

  1. In the Network Operations app, select one of the following options:
    • To select a switch group in the filter:
      1. Set the filter to a group containing at least one switch.

        The dashboard context for the group is displayed.

      2. Under Manage, click Devices > Switches.
      3. Click the AOS-S or Config icon to view the switch configuration dashboard.
    • To select a switch in the filter:
      1. Set the filter to Global or a group containing at least one switch.
      2. Under Manage, click Devices > Switches.

        A list of switches is displayed in the List view.

      3. Click a switch under Device Name.

        The dashboard context for the switch is displayed.

      4. Under Manage, click Device.

        The tabs to configure the switch is displayed.

  2. Click Security > Tunnel Node Server. The Tunnel Node Server page is displayed.
  3. Configure the following parameters.
Name Description Value

Mode

The mode of tunneling from the drop-down:

  • No Tunnel—switch does not tunnel traffic.
  • Port Based Tunnel—Allows the switch to tunnel traffic to an Aruba controller on a per-port basis.
  • User-Based Tunnel—Allows the switch to tunnel traffic to an Aruba controller on an assigned user role basis.

Port- Based Tunnel , User- Based Tunnel, or No Tunnel

Primary Gateway IP

The IP address of the primary gateway.

A valid IPv4 address

Backup Gateway IP

The IP address of the backup gateway. This field is optional.

A valid IPv4 address

Reserved VLAN

The reserved VLAN ID to tunnel traffic to an Aruba controller. This field is available only for User-Based tunnel.

The default VLAN or a VLAN that is already configured cannot be used as a reserved VLAN. To view the list of configured VLANs, navigate to Interface > VLANs.

Numeric value
  1. Click Save Settings.

For more detailed information, refer to Dynamic Segmentation white paper at https://www.arubanetworks.com/assets/so/SO_Dynamic-Segmentation.pdf