Today I played a bit with an Aruba Mobility Access Switch with Tunneled Node configuration to a Aruba Mobility Controller. More information on Tunneled Node can be found here.

The configuration is straight forward. You need to configured a tunneled-node profile on the MAS and associate the access ports on the MAS to a VLAN, which is also present on the controller. I already have a controller in place and I would like to use some access ports for guest users with captive portal capabilities. I already setup a SSID with captive portal capabilities, so I use the same AAA profile on the controller for the tunneled-node clients.

I created the following configuration on the Aruba MAS.

ip-profile
default-gateway 10.10.75.254
controller-ip vlan 75
!
interface-profile tunneled-node-profile “tunnel-prof”
controller-ip 10.10.50.150
mtu 1300
!
interface-profile switching-profile “vl150-prof”
access-vlan 150
!
interface-group gigabitethernet “vl150-group”
apply-to 0/0/1-0/0/22
tunneled-node-profile “tunnel-prof”
switching-profile “vl150-prof”

The IP-profile defines the controller-ip of the MAS and the default-gateway configuration to access the Aruba controller (10.10.50.150). A switching profile is configured with access vlan 150 and the tunneled-node and switching-profile are bound to switch ports 0/0/1 to 0/0/22.

On the controller you only need to enable wired access and assign the AAA profile, which you also use for the guest SSID.

aaa authentication wired
profile “guest-aaa_prof”

A guest devices gets an IP address assigned from VLAN 150, located behind the corporate Aruba Mobility Controller when I connect a device to switch port 0/0/1. The guest-aaa_prof is assigned to the device/user. This redirects the user to the captive portal to enter login credentials. You can also configure user derivation to assign different VLANs to the connected devices behind the Aruba MAS.

The following two tabs change content below.

• Bio
• Latest Posts

René Jorissen

Co-owner and Solution Specialist at 4IP Solutions

René Jorissen works as Solution Specialist for 4IP in the Netherlands. Network Infrastructures are the primary focus. René works with equipment of multiple vendors, like Cisco, Aruba Networks, FortiNet, HP Networking, Juniper Networks, RSA SecurID, AeroHive, Microsoft and many more. René is Aruba Certified Edge Expert (ACEX #26), Aruba Certified Mobility Expert (ACMX #438), Aruba Certified ClearPass Expert (ACCX #725), Aruba Certified Design Expert (ACDX #760), CCNP R&S, FCNSP and Certified Ethical Hacker (CEF) certified. You can follow René on Twitter and LinkedIn.

Latest posts by René Jorissen (see all)

• MacOS Big Sur and SSLKEYFILELOG - November 23, 2021
• ClearPass, Azure AD, SSO and Object ID - August 12, 2021
• ClearPass – custom MPSK - July 20, 2021