Wired Intelligent Edge

Hello, I have a question about the necessity to have the secondary role vlan configured in the switch for the user.

 

As I don't need to configure in any interface this vlan, and as the traffic is tunneled to the controller. Why I need to have the user vlan(that will be used in the controller) created in the switch?

 

In the guide of dyn seg config:

"Please note that the VLAN ID specified here must exist on the switch, but you cannot apply it to any physical or virtual port either tagged or untagged"

“The reserved VLAN is where all tunneled traffic will traverse to and from the switch. This VLAN is automatically created once defined here and connectivity between switch and controller is established.”

https://community.arubanetworks.com/aruba/attachments/aruba/CampusSwitching/4032/2/ArubaOS-Switch%20User-Based%20Tunneling%20Technical%20Whitepaper.pdf


Sent from Mail for Windows 10

Hi Victor, but in this case I'm not talking about the tunnel VLAN.

I'm talking about the User VLAN that will be assigned in the controller.

 

When I create the user-role in the switch, I must set the vlan-id (user VLAN) for that role. 

Hi, 

 

The user VLAN does not have to exist in the switch user role if using the reserved VLAN mode (UBT 2.0).  You merely need to indicate in the switch user role that the traffic will be tunneled.  VLAN assignment and policy will occur with the secondary or gateway role.

The user VLAN only needs to exist on the controller side



Thank you

Victor Fabian

Pardon typos sent from Mobile