Wireless Access

Regular Contributor I

RAP-Split tunnel

I have a RAP that I have setup to do split tunnel. When user plugs into wired port on RAP they get a split-tunnel user role and it works great. All corporate traffic to 192.168.200.X goes down the tunnel and everything else (Internet) gets placed right on their home comcast.


The problem...


I also have an SSID being broadcasted from the RAP. When user connects to SSID they get the same split-tunnel user role. However, ALL of the traffic gets sent down the tunnel back to corporate and it does not split tunnel. I have confirmed that the wifi user gets the same role as what you get on the wire.


See attached policy that I am referencing. This should send private IP addresses down the tunnel and everything else (Internet) on the home connection.


Thanks for any advice...... bit stumped at the moment as to why it only works on wire.



Guru Elite

Re: RAP-Split tunnel

Do you have the VAP set to split-tunnel?


Tim Cappalli | Aruba Security
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Guru Elite

Re: RAP-Split tunnel

Do you have the WiFi SSID virtual AP forwarding mode configured as split tunnel?

*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Regular Contributor I

Re: RAP-Split tunnel

Well then......... don't I feel silly.


Is today Friday? Must have been a long week.


Thanks for the quick reply Tim and Colin. 


Search Airheads
Showing results for 
Search instead for 
Did you mean: