Wireless Access

Reply
Contributor I
Posts: 25
Registered: ‎01-23-2015

RAP split tunnel - internet traffic still goes via tunnel

I setup RAP split tunnel but on controller I still can see IP of 192.168.201.16 which is my RAP

 

(Aruba-7210) #show datapath session table 8.8.8.8

Source IP Destination IP Prot SPort DPort Cntr Prio ToS Age Destination TAge Packets Bytes Flags
--------------- --------------- ---- ----- ----- ----- ---- --- --- ----------- ---- --------- --------- ---------------
192.168.201.16 8.8.8.8 1 1051 2048 0/0 0 0 0 tunnel 32 1 1 60 FCI
192.168.201.16 8.8.8.8 1 1050 2048 0/0 0 0 0 tunnel 32 6 1 60 FCI
192.168.201.16 8.8.8.8 1 1049 2048 0/0 0 0 1 tunnel 32 b 0 0 FCI
192.168.201.16 8.8.8.8 1 1048 2048 0/0 0 0 1 tunnel 32 11 0 0 FCI
8.8.8.8 192.168.201.16 1 1049 0 0/0 0 0 1 tunnel 32 b 0 0 FYI
8.8.8.8 192.168.201.16 1 1048 0 0/0 0 0 1 tunnel 32 11 0 0 FYI
8.8.8.8 192.168.201.16 1 1051 0 0/0 0 0 0 tunnel 32 1 0 0 FYI
8.8.8.8 192.168.201.16 1 1050 0 0/0 0 0 1 tunnel 32 6 0 0 FYI

 

My 'show rights split-usr' shows below. All is fine for destination Net_10.29.0.0-16 (getting DHCP via tunnel), but not 8.8.8.8. Why internet traffic still goes via tunnel ?

 

1 any any svc-dhcp permit Low 4
2 user Net_10.29.0.0-16 any permit Low 4
3 user any any src-nat Low 4

 

 

 

MVP
Posts: 4,301
Registered: ‎07-20-2011

Re: RAP split tunnel - internet traffic still goes via tunnel

is your VAP in split tunnel forwarding mode ?

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Contributor I
Posts: 25
Registered: ‎01-23-2015

Re: RAP split tunnel - internet traffic still goes via tunnel

Yes,

 

wlan virtual-ap "Netlab-CFN-WLC-Radius-vap_prof"
aaa-profile "Netlab-CFN-Radius-split-aaa_prof"
ssid-profile "Netlab-CFN-151"
vlan 151
forward-mode split-tunnel

MVP
Posts: 4,301
Registered: ‎07-20-2011

Re: RAP split tunnel - internet traffic still goes via tunnel

What versión of AOS your controller is using ?
Also make sure the user is getting that user-role you created
Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Aruba
Posts: 1,644
Registered: ‎04-13-2009

Re: RAP split tunnel - internet traffic still goes via tunnel

[ Edited ]

niuk wrote:


3 user any any src-nat Low 4

 


Your ACL above should read the following (missing the route src-nat; rather than just src-nat):

 

user any any route src-nat

 

 

------------------------------------------------
Systems Engineer, Northeast USA
ACCX | ACDX | ACMX

Contributor I
Posts: 25
Registered: ‎01-23-2015

Re: RAP split tunnel - internet traffic still goes via tunnel

wow, 'route src-nat' did it..Thnx !

btw, I have ArubaOS (MODEL: Aruba7210-US), Version 6.4.1.0

Search Airheads
Showing results for 
Search instead for 
Did you mean: