Configuring Port-Based Tunneling

Jumbo frames must be enabled on all devices between the access switch and the controller to support the L2 GRE tunnels.

Follow the steps below to configure port-based tunneling:

Prerequisites
It is recommended to create a specific VLAN for tunneled node operation. The VLAN:

  • Must be configured as the only VLAN for tunneled node access ports (untagged)

  • Cannot be assigned an IP address – No layer 3 interface

  • Must exist on the controller

Procedure
  1. Execute the following command to setup the IP address of the Aruba Mobility Controller:

    switch(config)# tunneled-node-server controller-ip 10.2.10.11

    Optional steps:

    1. Set up backup controller IP by issuing the following command:

      switch(config)# tunneled-node-server backup-controller-ip 10.2.10.12

    2. Set tunneling keepalive timer by issuing the following command. Ensure the time interval between keepalive messages is set to the default value (8): 

      switch(config)# tunneled-node-server keepalive interval
<1-8> Configure the time interval between two successive keepalive messages sent to the
controller
  2. Execute the following commands to enable port-based tunneling on an interface or a range of interfaces: 
    switch(config)# vlan 200 untagged 1/21-1/24
exit
switch(config)#interface 1/21-1/24 tunneled-node-server
  3. Execute the following commands to verify the state of the port-based tunnel(s): 
    switch(config)# show tunneled-node server state
Tunneled Node Port State
Active Controller IP Address : 10.2.10.11
Port State
------ -------------------------
2/23 Complete
    View the tunnel statistics by issuing the following command: 
    View tunnel statistics
switch(config)# show tunneled-node-server statistics
Tunneled Node Statistics
Port : 2/23
Control Plane Statistics
Bootstrap packets sent : 1
Bootstrap packets received : 1
Bootstrap packets invalid : 0
Tunnel Statistics
Rx Packets : 302
Tx Packets : 0
Rx 5 Minute Weighted Average Rate (Pkts/sec)
: 0 Tx 5 Minute Weighted Average Rate
(Pkts/sec) : 0
Aggregate Statistics
Heartbeat packets sent : 56607
Heartbeat packets received : 56607
Heartbeat packets invalid : 0
Fragmented Packets Dropped (Rx) : 0
Packets to Non-Existent Tunnel : 0
MTU Violation Drop : 0

NOTE: If the tunneled-node profile change is applied on any interface or having any on-board users on the interface, the profile change is not allowed.

To change the tunneled-node profile, follow the below steps:

  1. Remove the tunneled-node-profile from the interface.

  2. Change the profile using cfg-restore command and apply the tunneled-node-profile on the interface.