How to enable the feature VIA-Published Subnets on Aruba Mobility Master Controller?


The Setup must me running minimum ArubaOS 8.0.1 ro above.


Starting from ArubaOS 8.0.1, a new feature is introduced in Mobility Master to support IKEv2 configuration (CFG_SET) payload for VIA clients.

When this feature is enabled, managed devices can accept CFG_SET message with the INTERNAL_IP4_SUBNET attribute type. When a managed device receives this message, which consists of an IP address and netmask, it adds an entry to the datapath route table that points to the VIA’s inner IP address as the next-hop. The datapath route-cache for the VIA’s inner IP will point to the tunnel endpoint associated with the VIA.

Note: This feature is disabled by default. 


The following limitations are applicable to the CFG_SET support feature for Mobility Master:

This feature supports only on IPv4
This feature is only applicable with IKEv2


From CLI:

To Enable:

(ArubaMM)[mynode] (config) #crypto-local isakmp allow-via-subnet-routes


To Disable: 

(ArubaMM)[mynode] (config) #no crypto-local isakmp allow-via-subnet-routes


From WebUI:

At the moment this option is available only from CLI and not available from WebUI.


When the feature is Disabled:

(ArubaMM) [mynode] #show crypto-local isakmp allow-via-subnet-routes

Controller will not accept subnet routes from via client

(ArubaMM) [mynode] #

When the feature is Enabled:

(ArubaMM) [mynode] #show crypto-local isakmp allow-via-subnet-routes

Controller will accept subnet routes from via client

(ArubaMM) [mynode] #
Version history
Revision #:
1 of 1
Last update:
‎03-21-2017 01:00 PM
Updated by:
Search Airheads
Showing results for 
Search instead for 
Did you mean: