Wireless Access

last person joined: yesterday 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Bridge and tunnel Mode

This thread has been viewed 141 times

  • 1.  Bridge and tunnel Mode

    Posted Jul 16, 2019 02:35 AM

    Hello Team,

     

    Would like to understand the difference between bridge and tunnel mode with examples in which scenario will use bridge mode



  • 2.  RE: Bridge and tunnel Mode

    MVP EXPERT
    Posted Jul 16, 2019 03:58 AM

    In short this determines the forwarding mode of the clients traffic. Tunnel mode would tunnel the client traffic back to the controller, bridge mode would break the traffic out locally at the AP. 

     

    There is different use cases and caveats regarding bridge and tunnel mode. Certain options such as a Captive Portal hosted on the controller would not work in Bridge Mode (since the controller does not see the client traffic).

     

    forward mode.PNG

    Take a look at the below doc, this details each mode in more depth along with topologies as well.

     

    https://community.arubanetworks.com/t5/Controller-Based-WLANs/ArubaOS-8-Fundamentals-Guide/ta-p/428914

     

     



  • 3.  RE: Bridge and tunnel Mode

    EMPLOYEE
    Posted Jul 16, 2019 07:34 AM

    "Tunnel Mode" (the default) is where all client traffic from the access points is tunneled back to the controller and the controller would in turn put the client traffic onto the network.  The advantage is that access points can be on any VLAN, and as long as they can reach the controller, the client traffic can be extended anywhere you can place an access point.  In the distant past, access points were configured individually and you had to configure a "trunk" on the switch for each individual access point so that each could send multiple different types of client traffic.  In tunnel mode, the only trunk is configured on the controller, saving quite a bit of administrative work.

     

    "Bridge Mode" is synonymous with configuring access points in the past, by configuring a trunk for each access point to be able to send multiple types of different traffic.  You would typically do this if you have a wan link separating the access point on the controller, and tunneling client traffic would introduce too much latency.  The current recommendation when a WAN link separates a controller and access point(s) is to use Aruba Instant, instead and NOT bridge mode.

     

    You lose quite a few features using bridge mode and it is not recommended in practice. 

     



  • 4.  RE: Bridge and tunnel Mode

    Posted Jul 17, 2019 02:07 AM

    To give a real world example, our AP estate is all configured for tunnel mode so all traffic ends up at the mobility controllers. We have a robotics research group who run their own local network that's firewalled from the rest of our campus. They need WiFi on this network, so we have the AP in their lab configured with an SSID that bridges. 

     

    The benefit of this is all the network services provided by WiFi across the rest of campus are available to them. Their own network is also accessible over WiFi, not tunnelled via the controller, all from the same AP.



  • 5.  RE: Bridge and tunnel Mode

    EMPLOYEE
    Posted Jul 17, 2019 11:04 AM

    So long as none of the lost features that occurs in bridge mode is required, and load/scale are accounted for, Matt's listed use case is fine and I'm sure works for their needs. 



  • 6.  RE: Bridge and tunnel Mode

    Posted Mar 15, 2021 01:08 PM
    CJoseph and Jhoward, does anyone have a list of the features that are lost by not using tunneled mode. ​​

    ------------------------------
    Casey Rhoads
    ------------------------------

    Original Message


  • 7.  RE: Bridge and tunnel Mode

    EMPLOYEE
    Posted Mar 16, 2021 04:19 AM
    Some posts in the thread here:  https://community.arubanetworks.com/community-home/digestviewer/viewthread?MID=37651 show the majority of the features. Mobility Controllers are designed around tunnel mode.  Bridge mode should be the exception in a mobility controller deployment.  If you are considering bridge mode for larger deployments like the distributed enterpise, Instant APs are a better option.  You should contact your Aruba Salesperson to determine the best up to date path for what you are trying to accomplish, because a list of unsupported features does not equal a design.

    ------------------------------
    Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
    ------------------------------

    Original Message