Configuration Example, Wireless
Aruba MAS – Tunneled node
Today I played a bit with an Aruba Mobility Access Switch with Tunneled Node configuration to a Aruba Mobility Controller. More information on Tunneled Node can be found here.
The configuration is straight forward. You need to configured a tunneled-node profile on the MAS and associate the access ports on the MAS to a VLAN, which is also present on the controller. I already have a controller in place and I would like to use some access ports for guest users with captive portal capabilities. I already setup a SSID with captive portal capabilities, so I use the same AAA profile on the controller for the tunneled-node clients.
I created the following configuration on the Aruba MAS.
controller-ip vlan 75
interface-profile tunneled-node-profile “tunnel-prof”
interface-profile switching-profile “vl150-prof”
interface-group gigabitethernet “vl150-group”
The IP-profile defines the controller-ip of the MAS and the default-gateway configuration to access the Aruba controller (10.10.50.150). A switching profile is configured with access vlan 150 and the tunneled-node and switching-profile are bound to switch ports 0/0/1 to 0/0/22.
On the controller you only need to enable wired access and assign the AAA profile, which you also use for the guest SSID.
aaa authentication wired
A guest devices gets an IP address assigned from VLAN 150, located behind the corporate Aruba Mobility Controller when I connect a device to switch port 0/0/1. The guest-aaa_prof is assigned to the device/user. This redirects the user to the captive portal to enter login credentials. You can also configure user derivation to assign different VLANs to the connected devices behind the Aruba MAS.
Latest posts by René Jorissen (see all)
- MacOS Big Sur and SSLKEYFILELOG - November 23, 2021
- ClearPass, Azure AD, SSO and Object ID - August 12, 2021
- ClearPass – custom MPSK - July 20, 2021