Campus Switching and Routing

Reply
MVP
Posts: 2,954
Registered: ‎10-25-2011

ArubaSwtich Tunnel mode question

[ Edited ]

Hello

 

1-If i got a swithc on tunnel mode so i can admin it from the controller

What happens if the controller dies? what would happen to the equipments connected to that switch? it would be work like a stand alone switch? or what would happen?

 

As far i know you can make the switch be controlled by the aruba controller like if it was one more AP so you can send rules and everything from the arubacontroller to the switches.

 

2-The other question is regarding the firmware, does it autoupdate the firmware? when it connect to the controller?

 

 

3-Is the minimum to have the swithc managed by the controller is the 6.1.2.4?

 

4-What would be the recommended mode of configuring this switch? Tunneled or not?

 

Im still trying my boss get me an arubaswitch to answer my own quetions, but he still dont aprove me the money for it

*sigh*

 

Cheers

Carlos

----------------------------------------------------
Product Manager - Aruba Networks
Alternetworks Corp
Aruba
Posts: 429
Registered: ‎05-30-2012

Re: ArubaSwtich Tunnel mode question

Carlos,

With respect to question 1:

  • When a port is in Tunneled Node, you are able to administer the security policies of that port from the Mobility Controller (MC). Things like IP connectivity between the Mobility Access Switch (MAS) and the Mobility Controller (MC) still have to be administered on each device individually. If the MC dies, then the Tunneled Node port assigned to it also goes with it. It does not fallback to local switching which is why we recommend either pointing Tunneled Node ports at two MCs using VRRP or configure a backup MC if it is on a different L3 segment from the primary.

With respect to question 2:

  • Firmware is not controlled by the MC for the MAS. You need to manage the firmware of the MAS directly or via Airwave.

With respect to question 3:

  • Again, the MAS is not managed per say by the MC. Only security policies for Tunneled Node ports are maintained/managed at the MC. The minimum software version to support Tunneled Node on the MC is 6.1.2.4.

With respect to question 4:

  • It depends on the application. Since the MAS supports captive portal natively as of 7.2, it is able to handle the same authentication methods as the MC. Prior to that, Tunneled Node was required for Wired Captive portal amongst other things. The benefits of Tunneled Node is flexibility to deploy specific L2 networks down to the edge that is not natively present on the MAS via it's uplink, support for stateful polices versus stateless and centralizing your polices in one place. The benefits of the native AAA features are that you aren't tunneling traffic back to the MC meaning the switch can natively handle the forwarding without increasing load on the MC, no licenses required and forwarding independence in the event of an MC failure.

I hope that helps.

 

Madani

MVP
Posts: 2,954
Registered: ‎10-25-2011

Re: ArubaSwtich Tunnel mode question

So the only thing that i can configure centrally is the AAA profiles

I cannot configure the ports remotely? on the wireless controller? like i do it with an AP93H?

 

Cheers

Carlos

----------------------------------------------------
Product Manager - Aruba Networks
Alternetworks Corp
Guru Elite
Posts: 8,330
Registered: ‎09-08-2010

Re: ArubaSwtich Tunnel mode question

No, you cannot. You could use AMP however.


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
MVP
Posts: 2,954
Registered: ‎10-25-2011

Re: ArubaSwtich Tunnel mode question

Then how do i set the profiles on the Aruba sWtich for each port?

 

Cheers

Carlos

----------------------------------------------------
Product Manager - Aruba Networks
Alternetworks Corp
Aruba
Posts: 429
Registered: ‎05-30-2012

Re: ArubaSwtich Tunnel mode question

Carlos,

Could you be more specific what you mean by "set the profiles" for each port? What are you trying to setup/accomplish?

 

Best regards,

 

Madani

Guru Elite
Posts: 8,330
Registered: ‎09-08-2010

Re: ArubaSwtich Tunnel mode question

Take a look at this solution from the Aruba Solution Exchange.



https://ase.arubanetworks.com/solution/name/tunnel_node/

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
MVP
Posts: 2,954
Registered: ‎10-25-2011

Re: ArubaSwtich Tunnel mode question

Okay

Let say i got  a 24 switch aruba one

I want to set 802.1x to the 12 first port but not to the next 12 ports

 

OR another example

Let say i want to set a different initial roles to the first 12 ports and another initial role to the 12 lastest ports

 

Cheers

Carlos

----------------------------------------------------
Product Manager - Aruba Networks
Alternetworks Corp
MVP
Posts: 2,954
Registered: ‎10-25-2011

Re: ArubaSwtich Tunnel mode question

Whats is the  main page of this solution exchange????

Is it somewhere in the partner site??

----------------------------------------------------
Product Manager - Aruba Networks
Alternetworks Corp
Guru Elite
Posts: 8,330
Registered: ‎09-08-2010

Re: ArubaSwtich Tunnel mode question

https://ase.arubanetworks.com

 

 

You can apply different configurations to groups of ports by using the interface-group command and applying profiles to it. Then add the ports to the interface-group (apply-to add gigabitEthernet 0/0/0 , etc)

 

 


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Search Airheads
Showing results for 
Search instead for 
Did you mean: