Wired Intelligent Edge

I'm trying to configure UBT and the switch sends packets to the controller IP (loopback IP) but the controller responds back using source IP of the interface connected towards the switch. I believe this is why UBT tunnel doesn't form.

Anyone seen this? It's 7220 with 8.5.0.7 + 6300F 

Hi,

Did you try to configure it connect to the physical IP address? In the below guide, it mentions on page 17 that the controller IP needs to be a physical IP address (I know this is for a cluster controller setup but I suspect the same issue) https://community.arubanetworks.com/t5/Video/Aruba-User-Based-Tunneling-with-Dynamic-User-Roles/ta-p/550623

Yes like I wrote I used loopback IP address of the controller.

Also tried with second controller and connected to an IP address on a VLAN, which is a different VLAN though from where the AP connects.

In both cases, the source IP of the PAPI packet is incorrectly changed to the IP address of the interface connected towards the switch

Seems this is a bug with ArubaOS. You can only use the IP address that is on the interface where the sitch traffic comes in. And as that also needs to be controller IP address, it is not possible to use two switch networks that are behind different interfaces/VLANs. Also using loopback address is not supported with dynamic segmentation.

I would've thought that someone else also has multiple interfaces on the controller or would've tried to use dynamic segmentation with loopback IP.

This should be fixed in 8.5.0.10 but that'll take few more weeks to be released...