HPE Aruba switches have the concept of user-based tunnelling. In short, the wired connections behave like a wireless connection. All traffic from the wired client is tunnelled to the central controller. This provides functions like central firewalling and micro-segmentation by blocking inter-user traffic.
Yesterday I had a customer complaining that multiple clients weren’t able to communicate. After investigation the problem focused on one HPE 2930F stack. The stack had been working without problems, but now I found the following error message in the logging.
I 01/17/20 10:16:01 05563 dca: ST1-CMDR: Failed to apply user role
THIN_CLIENT_UBT-3007-3_7Z4q with tunnel redirect to 8021X
client F44D306E2DB9 on port 3/21 as user tunnel is not operational.
I couldn’t find a lot on the internet concerning this issue. I only found something on EventID 5563 in the Aruba Event Log Reference Message Guide for ArubaOS-Switch 16.08.
The EventID description is This log event informs the user that Tunneled-node-server-redirect is enabled in the user role but per user tunnel feature is disabled.
I checked the switch “show tunneled-node-server”, and the feature is enabled. I deleted the “tunneled-node-server” configuration and reapplied the configuration to the switch, but still the same error message.
To solve the problem: CHECK THE LICENSES ON THE MOBILITY MASTER
Jan 17 07:39:10 stm: <304109> <5640> <WARN> |stm| No available license type PEFNG for Tunneled Node 54:80:28:cf:4a:4b
A switch consumes a license for user-based tunnelling.