Controller Based WLANs

How to enable the feature VIA-Published Subnets on Aruba Mobility Master Controller?
Requirement:

The Setup must me running minimum ArubaOS 8.0.1 ro above.



Solution:

Starting from ArubaOS 8.0.1, a new feature is introduced in Mobility Master to support IKEv2 configuration (CFG_SET) payload for VIA clients.

When this feature is enabled, managed devices can accept CFG_SET message with the INTERNAL_IP4_SUBNET attribute type. When a managed device receives this message, which consists of an IP address and netmask, it adds an entry to the datapath route table that points to the VIA’s inner IP address as the next-hop. The datapath route-cache for the VIA’s inner IP will point to the tunnel endpoint associated with the VIA.

Note: This feature is disabled by default. 

Limitations:

The following limitations are applicable to the CFG_SET support feature for Mobility Master:

This feature supports only on IPv4
This feature is only applicable with IKEv2



Configuration:

From CLI:

To Enable:

(ArubaMM)[mynode] (config) #crypto-local isakmp allow-via-subnet-routes

 

To Disable: 

(ArubaMM)[mynode] (config) #no crypto-local isakmp allow-via-subnet-routes

 

From WebUI:

At the moment this option is available only from CLI and not available from WebUI.
 



Verification

When the feature is Disabled:

(ArubaMM) [mynode] #show crypto-local isakmp allow-via-subnet-routes

Controller will not accept subnet routes from via client

(ArubaMM) [mynode] #

When the feature is Enabled:

(ArubaMM) [mynode] #show crypto-local isakmp allow-via-subnet-routes

Controller will accept subnet routes from via client

(ArubaMM) [mynode] #
Version history
Revision #:
1 of 1
Last update:
‎03-21-2017 01:00 PM
Updated by:
 
Search Airheads
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.