Understanding Tunneled Node Configuration
The tunneled node connects to one or more client devices at the edge of the network and then establishes a secureGREGeneric Routing Encapsulation. GRE is an IP encapsulation protocol that is used to transport packets over a network.tunnel to the controlling concentrator server. This approach allows themanaged deviceto support all the centralized security features, like802.1X802.1X is an IEEE standard for port-based network access control designed to enhance 802.11 WLAN security. 802.1X provides an authentication framework that allows a user to be authenticated by a central authority.authentication,captive portalA captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users.authentication, and statefulfirewallFirewall is a network security system used for preventing unauthorized access to or from a private network.。A tunneled node is required to handle only the physical connection to clients.
To support the wired concentrator, themanaged devicemust have a license to terminate APs, no other configuration is required. To configure the tunneled node, specify the IP address of themanaged device和鉴别ify the ports that should be used as active tunneled node ports. Tunnels are established between themanaged deviceand each active tunneled node port on the tunneled node. All tunneled node units must run the same version ofArubaOS。The tunneled node port can also be configured as a trunk port. This allows customers to have multiple clients on differentVLANsVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN.that come through the trunk port instead of having clients on a singleVLANVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN.。
Figure 1shows how the tunneled node fits into network operations. Traffic moves throughGREGeneric Routing Encapsulation. GRE is an IP encapsulation protocol that is used to transport packets over a network.tunnels between the active tunneled node ports and themanaged device。政策上的配置managed deviceand can be enforced on the samemanaged deviceor on different systems.
On themanaged device, you can assign the same policy to tunneled node user traffic as you would to any untrusted wired traffic. The profile specified by thecommand determines the initial role, which contains the policy. TheVLANVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN.setting on the concentrator port must match theVLANVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN.that will be used for users at themanaged device。
Figure 1Tunneled Node Configuration Operation
