Product and Software: This article applies to all Aruba controllers and ArubaOS 6.0 and later.
The GRE tunnels that are between APs and controllers are as follows:
- one GRE tunnel for each tunnel, D-tunnel VAP, or secure jack
- one GRE tunnel shared by all split VAPs and secure jacks for client traffic
- one GRE tunnel (0x9000) just for heartbeat exchange
- no GRE tunnel for bridge VAP and secure jack
- If a split VAP has dot1x configured, there is also one GRE tunnel for each split VAP in dot1x mode (same as for tunnel mode VAP and secure jack). This tunnel is used only for dot1x exchange.
- For split-tunnel secure jack, there is always one GRE tunnel (dot1x or no dot1x). This tunnel is used only for dot1x exchange if dot1x is configured.
- No client data is sent over this tunnel.
- This tunnel comes up as soon as the AP starts talking to controller. This tunnel is there even if the AP shows up as inactive on controller.
- Unlike earlier ArubaOS releases, starting with ArubaOS 6.0, no other GRE tunnel will do heartbeats.
- However, if the bridge VAP has dot1x configured, there is also one GRE tunnel for each bridge VAP in dot1x mode (same as tunnel mode VAP). This tunnel is used only for dot1x exchange.
- Aruba does not support dot1x on bridge mode secure jack.