Wireless Access

Aruba Employee

Tunnel traffic to controller or not

Hi Guys, please note that i am not a wireless expert and have never done any wireless deployment in real (didnt had a chance to observe ne real either :( ).


Lets say i have a network with 10 Vlans. Sales (vlan 2), finance (vlan 3), marketing (vlan 4), account (vlan 5) etc. All these Vlans have their own subnet (which is obvious). Now the question that i have in mind is, when the AP gets packet from a client, it checks which Vlan it will belong to for example Sales (vlan 2), it will tunnel it back to controller (i read it in VRD). Isnt it possible to simply forward the packet received to Vlan without sending it to controller. If this is possible, please also help me understand, if controller is deployed in layer 2 and we have default gateway already placed, why AP ever needs to send all the packets back to controller ?


But first please help me understand my initial question pls. 

Guru Elite

Re: Tunnel traffic to controller or not

You might not want to do that because you would have to configure every port that an access point is on as a trunk, which increases administrative overhead.  If all traffic is tunneled back to the controller, you would only have to configure the uplink port on the controller with those VLANs, instead of configure a port every time you deploy an access point.


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars
Aruba Employee

Re: Tunnel traffic to controller or not

Thanks Colin, but right now, need some understanding to move on :)

Trusted Contributor I

Re: Tunnel traffic to controller or not

Ovais it might sound not 100% logical af first, but why do you believe it might be an issue, or why do you want it so badly not go through the controller? i believe most deployments are done as such and work fine for many many (did i say many) customers.


what you want sounds like bridge mode, there the traffic stays in the local network and doesn't tunnel back to the controller.


but again don't worry to much about this, tunnel mode is quite fine in a lot of situations.



Search Airheads
Showing results for 
Search instead for 
Did you mean: