Connecting the world…

User tunnel not operational

HPE Aruba switches have the concept of user-based tunnelling. In short, the wired connections behave like a wireless connection. All traffic from the wired client is tunnelled to the central controller. This provides functions like central firewalling and micro-segmentation by blocking inter-user traffic.

Yesterday I had a customer complaining that multiple clients weren’t able to communicate. After investigation the problem focused on one HPE 2930F stack. The stack had been working without problems, but now I found the following error message in the logging.

I 01/17/20 10:16:01 05563 dca: ST1-CMDR: Failed to apply user role
THIN_CLIENT_UBT-3007-3_7Z4q with tunnel redirect to 8021X
client F44D306E2DB9 on port 3/21 as user tunnel is not operational.

I couldn’t find a lot on the internet concerning this issue. I only found something on EventID 5563 in the Aruba Event Log Reference Message Guide for ArubaOS-Switch 16.08.

The EventID description is This log event informs the user that Tunneled-node-server-redirect is enabled in the user role but per user tunnel feature is disabled.

I checked the switch “show tunneled-node-server”, and the feature is enabled. I deleted the “tunneled-node-server” configuration and reapplied the configuration to the switch, but still the same error message.

To solve the problem: CHECK THE LICENSES ON THE MOBILITY MASTER

Jan 17 07:39:10  stm[4064]: <304109> <5640> <WARN> |stm|  No available license type PEFNG for Tunneled Node 54:80:28:cf:4a:4b

A switch consumes a license for user-based tunnelling.

The following two tabs change content below.

René Jorissen

Co-owner and Solution Specialist at 4IP Solutions
René Jorissen works as Solution Specialist for 4IP in the Netherlands. Network Infrastructures are the primary focus. René works with equipment of multiple vendors, like Cisco, Aruba Networks, FortiNet, HP Networking, Juniper Networks, RSA SecurID, AeroHive, Microsoft and many more. René is Aruba Mobility First Expert (AMFX #26), Aruba Certified Mobility Expert (ACMX #438), Aruba Certified ClearPass Expert (ACCX #725), Aruba Certified Design Expert (ACDX #760), CCNP R&S, FCNSP and Certified Ethical Hacker (CEF) certified. You can follow René on Twitter and LinkedIn.

Latest posts by René Jorissen (see all)

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.