tunneled-node-server-redirect
Syntax
tunneled-node-server-redirect [secondary-role <ROLE-NAME>]
no tunneled-node-server-redirect [secondary-role <ROLE-NAME>]
Description
This command is used to instruct the switch to redirect traffic for a particular user to the user-based tunnel.
The
no
form of this command configures traffic redirect to the user-based tunnel. Secondary role is the new user role that will be applied to the tunneled traffic by the controller.
Command context
user-role
Parameters
secondary-role <ROLE-NAME>
Specifies the secondary role applied on the user traffic by the controller.
Example
User role configuration example on TN switch. The tunneled-node-server-redirect attribute instructs the switch to redirect all traffic with user-role “testrole” to the controller. The secondary-role “authenticated” specified with the redirect attribute should be configured and present on the controller. The switch sent VLAN (client VLAN) has to be present on the controller.
class ipv4 "testclass" 10 match ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 20 match tcp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 exit policy user "testpolicy" 10 class ipv4 "testclass" action permit exit aaa authorization user-role name "testrole" policy "testpolicy" vlan-id 100 tunneled-node-server-redirect secondary-role "authenticated" exit
Show the tunneled-node-server status for all users.
switch-PoEP# show tunneled-node-users all PORT MAC-ADDRESS TUNNEL-STATUS SECONDARY-USERROLE FAILURE-REASON 1 000ffe-c8ce92 UP authenticated 5 082e5f-263518 UP authenticated