Access Points

Occasional Contributor II

Split tunnel on Wired port


I'm trying to setup split tunnel on the wired port on a AP121.
But I cannot get it right. All wired traffic is going through the tunnel.
Also Wired-ap-profile is set in the ap group not inn a Virtual ap profile.

ap-group "RAP_USA"
virtual-ap "corpUS"
virtual-ap "guestUS"
wired-ap-profile "WAP_US"
ap wired-ap-profile "WAP_US"
switchport access vlan 500

When i'm using this above setup the the wired traffic becomes tunneled (default behavior)

But when I insert forward mode split-tunnel. It will not work. (below)

ap wired-ap-profile "WAP_US"
forward-mode split-tunnel
switchport access vlan 500

Also where do I put a role/policy for the wired ap port?

Split tunnel is working fine on the wireless side:

wlan virtual-ap "corpUS"
ssid-profile "corp"
vlan 500
forward-mode split-tunnel
aaa-profile "RAPempoyeeAAA"


Ole M.
Aruba Employee
Aruba Employee

look for "aaa authentication wired"

see cli "aaa authentication wired" which sets aaa profile for wired ports. That is where you should also setup role for wired users. That role should have ACLs to split the traffic.
Search Airheads
Showing results for 
Search instead for 
Did you mean: