What is Tunneled Node?
Tunneled Node is the one of the key differentiators of Mobility Access Switch in the Enterprise access switch market. Previously known as MUX in earlier Aruba platforms and releases, the feature had been re-named as Tunneled Node. The Tunneled Node encapsulates incoming packets from end-hosts in GRE packets and forwards them to the Mobility Controller to be processed further.
The Mobility Controller, upon receiving the GRE packets, strips the GRE header and further processes the packet for additional purposes such as authentication, stateful firewall, and so on. This is how the Tunneled Node feature enables centralized security policy, authentication and access control.
To allow additional flexibility, the Tunneled Node feature is enabled per-port basis. Any traffic coming from non-Tunneled Node interfaces will be forwarded “normally” without being tunneled to a Mobility Controller.
Software Support
- The minimum Mobility Access Switch AOS version is 7.1
- The minimum Mobility Controller AOS version is 6.1.2.4.
- The following Mobility Controllers support Tunneled Nodes:
- 7000 Series
- 3000 Series
- M3
- 600 Series
|
7240 |
7220 |
7210 |
M3 |
3600 |
3400 |
3200 |
650 |
620 |
Concurrent Users |
32,768 |
24,576 |
16,384 |
8,192 |
8,192 |
4,096 |
2,048 |
512 |
256 |
# of Ports Tunneled |
16,384 |
12,288 |
8,192 |
4,096 |
1,024 |
512 |
256 |
96 |
48 |
Firewall Throughput |
40 Gbps |
40 Gbps |
20 Gbps |
20 Gbps |
4 Gbps |
4 Gbps |
3 Gbps |
2 Gbps |
800 Mbps |
# of AP Licenses |
2,048 |
1,024 |
512 |
512 |
128 |
64 |
32 |
16 |
8 |
Redundancy
To support Tunneled-Node controller redundancy, two Mobility Controllers can be configured under tunneled-node profile as shown below:
(ArubaS2500-48P-US) # show running-config | begin TUNNEL-TO-CTRL
Building Configuration...
interface-profile tunneled-node-profile "TUNNEL-TO-CTRL"
controller-ip 172.16.50.60
backup-controller-ip 172.16.180.10
mtu 1300
!
<snipped for clarity>
You can also verify this configuration with the following command:
(ArubaS2500-48P-US) #show interface-profile tunneled-node-profile TUNNEL-TO-CTRL
Tunneled Node Server profile "TUNNEL-TO-CTRL"
---------------------------------
Parameter Value
--------- -----
Controller IP Address 172.16.50.60
Backup Controller IP Address 172.16.180.10
Keepalive timeout in seconds 10
MTU on path to controller 1300
(ArubaS2500-48P-US) #