Wireless Access

I setup RAP split tunnel but on controller I still can see IP of 192.168.201.16 which is my RAP

(Aruba-7210) #show datapath session table 8.8.8.8

Source IP Destination IP Prot SPort DPort Cntr Prio ToS Age Destination TAge Packets Bytes Flags
--------------- --------------- ---- ----- ----- ----- ---- --- --- ----------- ---- --------- --------- ---------------
192.168.201.16 8.8.8.8 1 1051 2048 0/0 0 0 0 tunnel 32 1 1 60 FCI
192.168.201.16 8.8.8.8 1 1050 2048 0/0 0 0 0 tunnel 32 6 1 60 FCI
192.168.201.16 8.8.8.8 1 1049 2048 0/0 0 0 1 tunnel 32 b 0 0 FCI
192.168.201.16 8.8.8.8 1 1048 2048 0/0 0 0 1 tunnel 32 11 0 0 FCI
8.8.8.8 192.168.201.16 1 1049 0 0/0 0 0 1 tunnel 32 b 0 0 FYI
8.8.8.8 192.168.201.16 1 1048 0 0/0 0 0 1 tunnel 32 11 0 0 FYI
8.8.8.8 192.168.201.16 1 1051 0 0/0 0 0 0 tunnel 32 1 0 0 FYI
8.8.8.8 192.168.201.16 1 1050 0 0/0 0 0 1 tunnel 32 6 0 0 FYI

My 'show rights split-usr' shows below. All is fine for destination Net_10.29.0.0-16 (getting DHCP via tunnel), but not 8.8.8.8. Why internet traffic still goes via tunnel ?

1 any any svc-dhcp permit Low 4
2 user Net_10.29.0.0-16 any permit Low 4
3 user any any src-nat Low 4

is your VAP in split tunnel forwarding mode ?

Yes,

wlan virtual-ap "Netlab-CFN-WLC-Radius-vap_prof"
aaa-profile "Netlab-CFN-Radius-split-aaa_prof"
ssid-profile "Netlab-CFN-151"
vlan 151
forward-mode split-tunnel

---

@niuk wrote:

3 user any any src-nat Low 4

 

---

Your ACL above should read the following (missing the route src-nat; rather than just src-nat):

user any any route src-nat

wow, 'route src-nat' did it..Thnx !

btw, I have ArubaOS (MODEL: Aruba7210-US), Version 6.4.1.0