Campus Switching and Routing

Reply

MAS: Tunneled node or L2 GRE

Scenario:

Contractors/Guests are connecting to several layer3 MAS across a campus.  Their traffic needs to physically flow from the MAS to the data center controllers and out an unrouted VLAN with an ISP connection dedicated to guests.  Since the guests are sharing the same infrastructure as the company, logical separation of traffic is necessary.  To accomplish this, encapsulation will be used.  Which is appropriate in this case?  Tunneled node or L2 GRE to controller?

 

I've setup L2 GRE tunnels between controllers before to span a wireless network, but haven't tried this with a MAS yet.  I assume it would work just the same, but I also know I have tunneled mode available on the MAS.  As far as I can tell, it's very similar since GRE tunnels are used, but there is the benefit of having all of the policy enforcement done in one place - the controller.  That may not even factor in, so then what is the benefit in choose tunneled mode, as opposed to just setting up an L2 GRE?

=======================================
If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users.
Guru Elite

Re: MAS: Tunneled node or L2 GRE

Tunneled node handles authentication at the controller level instead of the switch. 


Thanks, 
Tim

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480

Re: MAS: Tunneled node or L2 GRE

If the devices aren't authenticating, do you see any benefit over one solution?

=======================================
If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users.

Re: MAS: Tunneled node or L2 GRE

For instance, the tunneled node option allows a backup controller to be specified.  L2 GRE doesn't.  Would VRRP between the controllers be the solution?

=======================================
If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users.
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: