Remote Networking

Occasional Contributor II

split tunneling questions...

Tried to lab this up, couldn't seem to get it to work.

What I need is a remote AP in bridged mode that drops off users locally who are members of AD group X. When group Y visits the site, they are tunneled back to the controller to be dropped off on a specific vlan.

Any ideas?

split tunneling questions...

Should be able to set up two user roles to accommodate. Not sure what
you have tried...maybe post some more details to progress this.

In general:

User group X should be "Role X" which would have rules to 'route
src-nat' for the traffic you want to be dropped off locally.

User group Y should be "Role Y" which would have a more simplistic set
of rules saying simply something like 'user any permit' to send all
traffic through the tunnel back to the controller.

VLAN wise, that can be assigned per user-role, so the 'magic' in all of
this is to ensure
a) you have two roles created, with different policies, and
b) you are feeding back the group information to the controller in order
to 'derive' the appropriate role "X" or "Y"
Aruba Employee
Aruba Employee

Re: split tunneling questions...

The VRD has a complete configuration on how to get this working, you can download it at:, it will walk you through configuring the policy and roles.

Hope that helps,
Andy Logan, ACDX
Director, Strategic Account Solutions
Aruba Networks
Search Airheads
Showing results for 
Search instead for 
Did you mean: