Wireless Access

Hello, I am new to Aruba. I am wondering how split tunnel with VIA works.

I get ip address from the pool - but I struggle to reach the local interfaces ?

1. Do I need an interface or vlan on the controller mapped to the ip subnet. I do not rally see any option to map VLAN number to the POOL

2. Are all other ip interfaces on the controller " directly connected" with VIA IP SUBNET-POOL ?

Thanks for the help,

Piotr

If the via pool is not part of one of the controller's ip interfaces, you will have to have an "any any any src-nat" ACL at the end of the user role for your via user.  You cannot map a VLAN.  If the pool is part of a subnet that the controller has an ip interface on, just permitting the traffic should work.

Thank you for the answer. I have changed int vlan 999 to be part of VPN_POOL for via users but the interface protocol i down. Normally a vlan would be down if there are no active ports for this vlan. And in this case there is no ports but I was hoping that connecting a VIA client would triger change of the state of the port but that did not happen.Any ideas ?

I have attached a picture

Br

Piotr

Is VLAN 999 tied to a physical interface?  If not, you need to config t, interface vlan 999, operstate up.  And then of course, you will need a route from your infrastructure to the controller for whatever subnet vlan 999 is on..

You have right :) I had to allow it on the trunk and it working now