ASE Link: Go to the solution
This solution will configure the tunneled node feature on an ArubaOS-Switch device, allowing traffic on a switch port to be handled by an associated Aruba Mobility Controller.
Minimum Software Version Required
This feature requires ArubaOS-Switch 16.02 or later, running on a 2920, 2930F, 3800, 3810, or 5400R switch.
This solution first enables the global tunneled-node-server feature. Next, it configures the global tunneled node server IP address where the Aruba Mobility Controller resides (and, optionally, a backup controller IP address) as well as an optional keep-alive timer. Finally, the tunneled node feature is enabled on the specified interfaces.
Here are some things to keep in mind when configuring this feature:
- It is recommended to use a dedicated VLAN for tunneled node ports
- The ports' VLAN ID must exist on the Aruba Mobility Controller
- The VLAN must not have an IP address configured on the switch
- Jumbo frames should be enabled on the tunneled node VLAN on every device in the tunnel path with a minimum supported MTU of 1584 bytes
- Devices in the same VLAN in non-tunneled node ports cannot reach devices on tunneled node ports, even on the same local switch
- MAC addresses of devices on the tunneled node ports will not be listed in switch MAC tables
There are a number of features that cannot be enabled when the tunneled node feature is in use, listed below:
- Distributed trunk
- IPv4 multicast routing
VLAN used for tunneled-node ports:
- IP addressing (manual & DHCP)
- DHCP Snooping (IPv4 & IPv6)
- ARP Protect
Tunneled node ports:
- Dynamic IP lockdown (IPv4 and IPv6)
- IPv6 RA Guard
- Link aggregation
- AAA (802.1X/MAC Auth/Web Auth/Local MAC Auth/Port Sec)
For switches, none required. For mobility controllers, standard license requirements apply.