Wired Intelligent Edge

 View Only
last person joined: yesterday 

Bring performance and reliability to your network with the HPE Aruba Networking Core, Aggregation, and Access layer switches. Discuss the latest features and functionality of your switching devices, and find ways to improve security across your network to bring together a mobile-first solution
Expand all | Collapse all

User Based Tunnels and subnet sizes

This thread has been viewed 12 times
  • 1.  User Based Tunnels and subnet sizes

    Posted Mar 17, 2023 01:46 PM

    Hi everyone.  I need some help.  I am working with my local SE but I also want to ask here.  Hopefully I can summarize my issue clearly.

    I have a 6300M CX switch and I am doing dACLs and DURs (downloadable user roles) from Clearpass.  Some of my roles have secondary roles to tunnel them to the controller, my guest traffic for instance.    On my controller I currently have VLAN pools configured so my "WIRELESS" guest users can be placed in a vlan with sixteen /24 individual subnets in the named vlan pool.  Aruba has told be that named vlan pools and individual /24 subnets is a thing of the past and I should make it all one large subnet because on "WIRELESS" it does not matter.

    My issue is I use the same vlan name/pool for my "WIRED" user based tunnels.   So my question is can the wired users be on such a large subnet?  I know normally we do not want this on a switch because of broadcast traffic but my SE who is looking into this "thinks" that because it is tunneld traffic to the controller that the broadcast will be treated like the wireless traffic and it will be OK.

    Hope this makes sense?   Anybody know the right answer or do I need to have dedicated wired subnets on my controller?



  • 2.  RE: User Based Tunnels and subnet sizes

    Posted Mar 18, 2023 02:21 PM

    Hi, from my point of view I'd suggest the following:

    1.- Use a large vlan for Wireless instead of a pool (like was suggested already)

    2.- Always use a different vlan for Wireless and Wired (even if it's tunneled since the rules for accesing the media are different) and keep the wired vlan small.

    I hope this helps




  • 3.  RE: User Based Tunnels and subnet sizes

    Posted Mar 18, 2023 11:26 PM
    I feel that small wired subnets for an office of say 5000 people would create issues with managing the download able user roles of the wired users.    For employee switch role the vlan is called trusted.  In the download able role you specify the vlan name.  You would need a role and vlan per floor.   Seems off, am I missing something?

    Sent from my Verizon, Samsung Galaxy smartphone
    Get Outlook for Android


    The information transmitted is intended only for the person or entity to which it is addressed and may contain proprietary, business-confidential and/or privileged material. If you are not the intended recipient of this message you are hereby notified that any use, review, retransmission, dissemination, distribution, reproduction or any action taken in reliance upon this message is prohibited. If you received this in error, please contact the sender and delete the material from any and all computers and other devices.

    Any views expressed in this message are those of the individual sender and may not necessarily reflect the views of the company.