Configuring Tunnel Node Server on AOS-S Switches

Aruba Central allows you to configure tunneled node on switches. The tunneled node connects to one or more client devices at the edge of the network and then establishes a secure Generic Routing Encapsulation (GRE Generic Routing Encapsulation. GRE is an IP encapsulation protocol that is used to transport packets over a network.) tunnel to the controlling concentrator server. You can configure either Port-Based Tunnel or User-Based Tunnel using UI groups.

To configure a tunneled node on the switch, complete the following steps:

  1. In the Aruba Central app, select one of the following options:
    • To select a switch group in the filter:
      1. Set the filter to a group containing at least one switch.

        The dashboard context for the group is displayed.

      2. Under Manage, click Devices > Switches.
      3. Click the AOS-S or Config icon to view the switch configuration dashboard.
    • To select a switch in the filter:
      1. Set the filter to Global or a group containing at least one switch.
      2. Under Manage, click Devices > Switches.

        A list of switches is displayed in the List view.

      3. Click a switch under Device Name.

        The dashboard context for the switch is displayed.

      4. Under Manage, click Device.

        The tabs to configure the switch is displayed.

  2. Click Security > Tunnel Node Server. The Tunnel Node Server page is displayed.
  3. Configure the following parameters.

    Name

    Description

    Value

    Mode

    The mode of tunneling from the drop-down:

    • No Tunnel—Switch does not tunnel traffic.
    • Port-Based Tunnel—Allows the switch to tunnel traffic to an Aruba controller on a per-port basis.
    • User-Based Tunnel—Allows the switch to tunnel traffic to an Aruba controller on an assigned user role basis.

    Port- Based Tunnel, User- Based Tunnel, or No Tunnel

    Primary Gateway IP

    The IP address of the primary gateway.

    A valid IPv4 address

    Backup Gateway IP

    The IP address of the backup gateway. This field is optional.

    A valid IPv4 address

    Reserved VLAN

    The reserved VLAN ID to tunnel traffic to an Aruba controller. This field is available only for User-Based tunnel.

    The default VLAN or a VLAN that is already configured cannot be used as a reserved VLAN. To view the list of configured VLANs, navigate to Interface > VLANs.

    Numeric value

  4. Click Save Settings.

For more detailed information, refer to Dynamic Segmentation The Dynamic Segmentation feature is Aruba’s security architecture that provides the ability to dynamically assign roles to a wired port based on the access method of a client and enforce application-aware policies to all devices connecting to the infrastructure. white paper at https://www.arubanetworks.com/assets/so/SO_Dynamic-Segmentation.pdf