Wireless Access

Reply
Highlighted
Regular Contributor II

Tunnelled node into 7008 controller

Hi all,

 

Just wanted to check my logic as it’s the first time I’ve played with tunnelled node. 

I will use a 5400 switch and 7008 controller. 

On the 5400 switch; I will:

 

- Enabled tunnelled node at global level and point to management IP of the controller 

- At interface level, set to tunnelled node port and assign a VLAN (2000)

 

On the 7008 controller; I will:

 

- Make VLAN 2000 And assign whatever security I need around this VLAN

 

Questions:

1. Do I need to tick an option on the controller to make this work? Feels like I should enable this feature on the controller like I’m doing on the switch?

2. Will telling the interface on the switch transpose into the controller? So users will just present on the same VLAN as the switch when they land in the controller?

3. I have a firewall between the switch and controller. Does tunnelled node use the management IP of the switch as it’s source? Is it just GRE traffic?

4. I feel like I’m missing some fundamentals above or is it this easy?

 

I’m manually configuring certain ports for tunnelled node; trying to avoid getting Clearpass involved etc

 

many thanks 


Accepted Solutions
Highlighted
Super Contributor II

Re: Tunnelled node into 7008 controller

And here is a great guide for AOSv8. Even has the same controller as you  

 

https://www.youtube.com/watch?v=gVLVuiiGmRE

 

 

Dustin Burns
Senior Mobility and Access Engineer @WEI
ACMX #509 | ACCX #1272 | ACSP | ACDA | ACEP | CCNP | CCDP | CCNA Wireless

If my post address your queries, give kudos and accept as solution!

View solution in original post


All Replies
Highlighted
Regular Contributor II

Re: Tunnelled node into 7008 controller

Can anyone comment on this one?

Highlighted
Super Contributor II

Re: Tunnelled node into 7008 controller

Please take a look at this:

 

https://community.arubanetworks.com/t5/Wired-Intelligent-Edge-Campus/How-to-do-Tunneled-Node-Configuration-on-Aruba-Switches/ta-p/511342

 

 

Dustin Burns
Senior Mobility and Access Engineer @WEI
ACMX #509 | ACCX #1272 | ACSP | ACDA | ACEP | CCNP | CCDP | CCNA Wireless

If my post address your queries, give kudos and accept as solution!
Highlighted
Super Contributor II

Re: Tunnelled node into 7008 controller

And here is a great guide for AOSv8. Even has the same controller as you  

 

https://www.youtube.com/watch?v=gVLVuiiGmRE

 

 

Dustin Burns
Senior Mobility and Access Engineer @WEI
ACMX #509 | ACCX #1272 | ACSP | ACDA | ACEP | CCNP | CCDP | CCNA Wireless

If my post address your queries, give kudos and accept as solution!

View solution in original post

Highlighted
Regular Contributor II

Re: Tunnelled node into 7008 controller

Great video talk through - thanks very much 

Highlighted
Regular Contributor II

Re: Tunnelled node into 7008 controller

The only unknown part for me now is having a firewall in between this switch and controller. 

Do you know what source IP the tunnelled node will pick to route this traffic? The only layer 3 address on this switch is the OOBM interface at present. 

thanks 

Highlighted
Regular Contributor II

Re: Tunnelled node into 7008 controller

The only unknown part for me now is having a firewall in between this switch and controller. 

Do you know what source IP the tunnelled node will pick to route this traffic? The only layer 3 address on this switch is the OOBM interface at present. 

Highlighted
Super Contributor II

Re: Tunnelled node into 7008 controller

It will be sourced from the switch IP as a tunnel is created between the switch and the controller. You can see what IP on the switch is being used in the "show user-table" output on the controller under Essid/Bssid/Phy. Should be the first part of the address.

 

 

Dustin Burns
Senior Mobility and Access Engineer @WEI
ACMX #509 | ACCX #1272 | ACSP | ACDA | ACEP | CCNP | CCDP | CCNA Wireless

If my post address your queries, give kudos and accept as solution!
Highlighted
Regular Contributor II

Re: Tunnelled node into 7008 controller

Just to clarify - switch IP; is this the OOBM address? So the management address? This is the only layer 3 address on the switch basically ... all other traffic goes through a layer 2 trunk to a core switch 

Highlighted
Super Contributor II

Re: Tunnelled node into 7008 controller

Someone would have to chime in here as far as the source IP of the GRE tunnel, and if and how you can change that. That particular video had just one L3 address on it. If I had to guess, it would be the Highest IP with reachability. But I would be guessing at the moment.

 

 

Dustin Burns
Senior Mobility and Access Engineer @WEI
ACMX #509 | ACCX #1272 | ACSP | ACDA | ACEP | CCNP | CCDP | CCNA Wireless

If my post address your queries, give kudos and accept as solution!
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: