Wireless Access

last person joined: 14 hours ago 

Access network design for branch, remote, outdoor and campus locations with Aruba access points, and mobility controllers.
Expand all | Collapse all

tunnel Authentication traffic, bridge the other traffics : split-tunnel or bridge mode?

Jump to Best Answer
  • 1.  tunnel Authentication traffic, bridge the other traffics : split-tunnel or bridge mode?

    Posted Mar 14, 2013 06:00 AM

    Hi guys,

     

    I have a deployment of 3 RAP in a branch office to do and I just want to tunneled only the authentication process to the controller (SSID in WPA2-PSK + MAC authentication), the other traffics (corp. and internet) will be bridge on the local network. How can I do that?

    I want to use th bridge mode but I don't know if the MAC authentication is supported (because I saw that the authentication happened between the client and the RAP, so how can it validate the MAC address ?)

     

    If I have to switch in split-tunnel to make it run, how can I do that ? I guess I have to define particular firewall rules but I don't know how...

     

    Thanks for you helps.

     



  • 2.  RE: tunnel Authentication traffic, bridge the other traffics : split-tunnel or bridge mode?

    Posted Mar 14, 2013 05:00 PM

    Hello,

     

    The mac-authentication is not done on the AP.  -> is sent to the controller. The controller wil use the authentication server or its local

    internal database to check the mac-adres.

     

    You can use Split-tunnel mode.

    In the policy you have to create some rules.

     

    the trafffic who match the rules with action=" permit" wil use the tunnel

    the traffic who macht the rules with action = "route src-nat" wil bridge the traffic localy

     

    I hopte this makes it a little bit clear.

     

    Greets,

     

    Peter



  • 3.  RE: tunnel Authentication traffic, bridge the other traffics : split-tunnel or bridge mode?
    Best Answer

    Posted Mar 15, 2013 06:26 AM

    Thanks. But, I think you're wrong because I've just had a test and it's working well for the bridge mode. Maybe the RAP relays the authentication request, I don't really know how...

    But it's OK then ! :)

     

     

     



  • 4.  RE: tunnel Authentication traffic, bridge the other traffics : split-tunnel or bridge mode?

    Posted Mar 18, 2013 05:35 AM

    In bridge mode, there is a tunnel from the AP for 802.1x traffic.  This is the only traffic that is sent to the controller when the ssid is in bridge mode.  No special rules are needed.  The AP automagically does that.

     

    :-)