Wired Intelligent Edge

hello i was wondering that when you connect the MAS to the Wireless controller

I will see it like an AP

Meaning for example

in my RAP3 i can see myselft

1-Which ip i got

2-Which AP im connected to( which would be which Switch im connected with)(is this correct????)

3-Which Port im connected to of the mobility switch (is this correct????)

4.Which Mac address i got

5-Type of authentication

 

Will i get all that information when i click clients when i put my mobinity switch on it?

 

I ask this basic thing becasue i cant really try.... i dont have any of demo... im waiting for the S1500 to get myselft a demo of it so i can try these things but i was really curious of what you get..

 

I know you get centraliced policies  which let you deploy with role work for both wired and wireless no matter what the client is connecting with...

 

Zero Touch config

 

Any other thing i can highligh of mobility access switch?

If you were using tunneled node ports (wired AP) then you would see that information in the controller. If you are using the user roles and AAA on the switch itself, you would not. You would either need to look at the user-table on the switch or in AirWave.

When you mean tunnel does this send all the information to the switch like the AP?

 

IF so can you configure it on bridge mode  so i can get all the informtion of the user but not tunneling all the traffic to the controller?

Tunneled-node uses centralized authentication and VLANs from the controller. By default the switch operates in what would be the equivalent of bridge mode. As far as I know, you can not get the information you are asking for in the controller for standard switched ports.

WEll if that true then i wouldnt bother using tunnel mode... the thing is that i would need a good controller to tunnel my switches.... :)

 

 

Hope the s1500 get out really soon at the beggining of june

Nightshade1,

just to confirm for you, If you use the native AAA functions of the switch (dot1x, mac-auth, captive-portal, udr) than you get visibility at the switch level and nothing at the controller since they don't need to be connected to one another. If you have airwave, we also send the user visiblilty there.

 

If you use tunnel node from the switch, all the user visibility as well as the AAA functions are handled by the controller. This is what you would see as an example.

 

(host) #show user-table verbose

Users
-----
    IP           MAC            Name     Role      Age(d:h:m)  Auth  VPN link  AP name    Roaming  Essid/Bssid/Phy                                      Profile  Forward mode  Type  Host Name  Server  Vlan       Bwm
----------  ------------       ------    ----      ----------  ----  --------  -------    -------  ---------------                                      -------  ------------  ----  ---------  ------  ----       ---
22.1.1.1    00:00:00:00:00:01            aa        00:00:00                    tunnel 10  Wired    172.16.10.11:gigabitethernet0/0/0/00:0b:86:6a:24:00  aa       tunnel                                 200 (200)
22.1.1.2    00:00:00:00:00:02            bb        00:00:00                    tunnel 10  Wired    172.16.10.11:gigabitethernet0/0/0/00:0b:86:6a:24:00  aa       tunnel                                 200 (400)
22.1.1.3    00:00:00:00:00:03            cc        00:00:00                    tunnel 10  Wired    172.16.10.11:gigabitethernet0/0/0/00:0b:86:6a:24:00  aa       tunnel                                 200 (500)

User Entries: 3/3

 

Tunnel-Node is purely a data plane function as opposed to a control plane function. Said another way, while the switch can tunnel traffic back to a controller, the switch is not managed by the controller. You have to manage it independently or via Airwave.

 

Best regards,

 

Madani

Hello Madjali

Can you confirm me if the traffic is bridged or tunneled?

What i mean that if all the data is tunneled to the controller or my data will be bridged and just the information or visibility is tunneled to the controller, and the penfg policies are downloaded to the swithc like it will do with an AP.

 

Cheers

Carlos

Carlos,
If you use tunneled node which is on a per port basis, all traffic from that port is tunneled to the controller. All policies are on the controller, nothing is downloaded to the switch.

Madani

Think of a tunneled-node port as a RAP in tunnel mode.

 

Here's a use case:

 

Our dorms are wireless only so we don't have any public wired IP space in the dorms. We've had some students need to use cell carrier microcells because of spotty coverage. We use tunneled ports to give those devices a public IP from the controller without having to bring up a public subnet in the dorm.