Wireless Access

New Contributor

Bridge mode features vs tunnel mode



I am a beginner on Aruba, but I well know others manufacturer Wifi products.

I am testing Aruba products in Aruba OS V6.1 (A620 + AP105 + AP93) with SSID in "bridge" mode.

it appears that "bridge" mode have less features than "tunnel" mode (user derivationrule for example).

Does someone have a document or can explain me the features differences between the two modes ?





Retired Employee

Re: Bridge mode features vs tunnel mode

I believe the RAP VRD available at http://www.arubanetworks.com/wp-content/uploads/RAPVRD_version_8.pdf will be a good source to look at the difference between the 3 forwarding modes.

Look at Chapter 11 Forwarding Modes

Re: Bridge mode features vs tunnel mode

Hello here you will see more information about that topic of Bridge mode in campus mode in which i think you are referring to



Page 41 and 42


Also this is what it says on the user guide


User guides does point you a list of features you loose on bridge mode page 803


Most ArubaOS features are supported in all forwarding modes. However, there are a some features that are
not supported in one or more forwarding modes. Campus APs do not support split-tunnel forwarding mode
and the decrypt-tunnel forwarding mode does not support TKIP Counter measure management on campus
APs or remote APs.

Bridge mode

Firewall—SIP/SCCP/RTP/RTSP Voice Support
Firewall—Alcatel NOE Support
Voice over Mesh
Video over Mesh
Named VLAN
Captive portal
Rate Limiting for broadcast/multicast
Power save: Wireless battery boost
Power save: Drop wireless multicast traffic
Power save: Proxy ARP (global)
Power save: Proxy ARP (per-SSID)
Automatic Voice Flow Classification

SIP: SIP authentication tracking
SIP: CAC enforcement enhancements
SIP: Phone number awareness
SIP: R-Value computation
SIP: Delay measurement
Management: Voice-specific views
Management: Voice client statistics
Management: Voice client troubleshooting
Voice protocol monitoring/reporting
H.323 ALG
Vocera ALG
Layer 3 Mobility
IGMP Proxy Mobility
Mobile IP
TKIP countermeasure mgmt
Bandwidth based CAC
Dynamic Multicast Optimization


Product Manager - Aruba Networks
Alternetworks Corp
New Contributor

Re: Bridge mode features vs tunnel mode


thanks for your reply.

the list is not complete, you can add:

- User derivated rules

- firewall rules logging to syslog server


I am disapointed, it will be difficult to deploy 802.11n architecture with hight throutputs (video), or optimized data management (VLAN RADIUS attribut) because if I want these features I must use the "tunnel" mode and concentrated all the data flows to the wireless controller. The controller could be the bottleneck of my Wifi network.




Occasional Contributor II

Re: Bridge mode features vs tunnel mode

Just curious, but have you done any throughput testing that shows that the controller is the bottle neck?

Re: Bridge mode features vs tunnel mode

Are yousure derived roles does not work?

Because they are working just fine on bridge mode on my lab...


I also got many deployment in which they want to put the controller on IDC.... which is located obiosly not in their central or remote branches

The thing is that to not saturate their link to the IDC i explain them how does the solution work and i give them the option of putting the APS on bridge mode.

Some of them tell me no there is no issue put them on tunnel mode... or other clients just tell me well i got slow links ill need you to put it on bridge mode...

The thing is that on the VRD this scenario does not exist so i dont have any aruba recommendation fo rhtis specfic scenario....

I do point them the list of features they loss.

Product Manager - Aruba Networks
Alternetworks Corp

Re: Bridge mode features vs tunnel mode

It does not appear on that list but you can add DHCP fingerprint.... it doesnt work on AP Campus bridge mode... at least that what is says the documentation of fingerprint

Product Manager - Aruba Networks
Alternetworks Corp
Occasional Contributor II

Re: Bridge mode features vs tunnel mode

I was concerned about the controller being a bottleneck in my environment too... but when I looked at the interface on the controller I found that it was only averaging about a 25% load - with occasional peaks.


This is on a site with about 100 APs and 1000 clients doing everything from Facebook to Netflix.

New Contributor

Re: Bridge mode features vs tunnel mode

In the case of vm version controller. I think the bottleneck would be on the physical interface of the server. Then bridge mode would be the recommended.

Any comment please.
New Contributor

Re: Bridge mode features vs tunnel mode

Link doesnt work


Search Airheads
Showing results for 
Search instead for 
Did you mean: