Wireless Access

Occasional Contributor II

Bridge and tunnel Mode

Hello Team,


Would like to understand the difference between bridge and tunnel mode with examples in which scenario will use bridge mode

MVP Guru

Re: Bridge and tunnel Mode

In short this determines the forwarding mode of the clients traffic. Tunnel mode would tunnel the client traffic back to the controller, bridge mode would break the traffic out locally at the AP. 


There is different use cases and caveats regarding bridge and tunnel mode. Certain options such as a Captive Portal hosted on the controller would not work in Bridge Mode (since the controller does not see the client traffic).


forward mode.PNG

Take a look at the below doc, this details each mode in more depth along with topologies as well.





If my post addresses your query, give kudos:)
Guru Elite

Re: Bridge and tunnel Mode

"Tunnel Mode" (the default) is where all client traffic from the access points is tunneled back to the controller and the controller would in turn put the client traffic onto the network.  The advantage is that access points can be on any VLAN, and as long as they can reach the controller, the client traffic can be extended anywhere you can place an access point.  In the distant past, access points were configured individually and you had to configure a "trunk" on the switch for each individual access point so that each could send multiple different types of client traffic.  In tunnel mode, the only trunk is configured on the controller, saving quite a bit of administrative work.


"Bridge Mode" is synonymous with configuring access points in the past, by configuring a trunk for each access point to be able to send multiple types of different traffic.  You would typically do this if you have a wan link separating the access point on the controller, and tunneling client traffic would introduce too much latency.  The current recommendation when a WAN link separates a controller and access point(s) is to use Aruba Instant, instead and NOT bridge mode.


You lose quite a few features using bridge mode and it is not recommended in practice. 


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
ArubaOS Consolidated Release Notes
Aruba Technical Webinars
Regular Contributor I

Re: Bridge and tunnel Mode

To give a real world example, our AP estate is all configured for tunnel mode so all traffic ends up at the mobility controllers. We have a robotics research group who run their own local network that's firewalled from the rest of our campus. They need WiFi on this network, so we have the AP in their lab configured with an SSID that bridges. 


The benefit of this is all the network services provided by WiFi across the rest of campus are available to them. Their own network is also accessible over WiFi, not tunnelled via the controller, all from the same AP.

Re: Bridge and tunnel Mode

So long as none of the lost features that occurs in bridge mode is required, and load/scale are accounted for, Matt's listed use case is fine and I'm sure works for their needs. 

Jerrod Howard
Distinguished Technologist, TME
Search Airheads
Showing results for 
Search instead for 
Did you mean: