What is Tunneled Node?
Tunneled Node is the one of the key differentiators of Mobility Access Switch in the Enterprise access switch market. Previously known as MUX in earlier Aruba platforms and releases, the feature had been re-named as Tunneled Node. The Tunneled Node encapsulates incoming packets from end-hosts in GRE packets and forwards them to the Mobility Controller to be processed further.
The Mobility Controller, upon receiving the GRE packets, strips the GRE header and further processes the packet for additional purposes such as authentication, stateful firewall, and so on. This is how the Tunneled Node feature enables centralized security policy, authentication and access control.
To allow additional flexibility, the Tunneled Node feature is enabled per-port basis. Any traffic coming from non-Tunneled Node interfaces will be forwarded “normally” without being tunneled to a Mobility Controller.
- The minimum Mobility Access Switch AOS version is 7.1
- The minimum Mobility Controller AOS version is 184.108.40.206.
- The following Mobility Controllers support Tunneled Nodes:
- 7000 Series
- 3000 Series
- 600 Series
|# of Ports Tunneled||16,384||12,288||8,192||4,096||1,024||512||256||96||48|
|Firewall Throughput||40 Gbps||40 Gbps||20 Gbps||20 Gbps||4 Gbps||4 Gbps||3 Gbps||2 Gbps||800 Mbps|
|# of AP Licenses||2,048||1,024||512||512||128||64||32||16||8|
To support Tunneled-Node controller redundancy, two Mobility Controllers can be configured under tunneled-node profile as shown below:
(ArubaS2500-48P-US) # show running-config | begin TUNNEL-TO-CTRL Building Configuration... interface-profile tunneled-node-profile "TUNNEL-TO-CTRL" controller-ip 172.16.50.60 backup-controller-ip 172.16.180.10 mtu 1300 ! <snipped for clarity>
You can also verify this configuration with the following command:
(ArubaS2500-48P-US) #show interface-profile tunneled-node-profile TUNNEL-TO-CTRL Tunneled Node Server profile "TUNNEL-TO-CTRL" --------------------------------- Parameter Value --------- ----- Controller IP Address 172.16.50.60 Backup Controller IP Address 172.16.180.10 Keepalive timeout in seconds 10 MTU on path to controller 1300 (ArubaS2500-48P-US) #