A rebootstrap is initiated for users applied within that role containing updated role attributes in the bootstrap
packet. These users move to registering state. Once an acknowledgment is received from the controller, users
then move to registering state. This applies only to VLAN and secondary role changes.
What happens on a client “MAC address move”?
A rebootstrap is initiated for the client. Only after an acknowledgment from the controller is received, the client
traffic begins to be tunneled.
What is the recommendation for Per User Tunnel Node client VLAN configuration?
• Tunneled user client VLAN has to be present at the per user tunneled node switch.
• There is no need to specifically add tunneled user ports to this VLAN. Switch AAA takes care of this through
MAC-Based VLANs.
• The uplink to the controller port should NOT be part of this VLAN.
• The uplink to the controller VLAN and the tunneled users VLAN cannot be same.
A user is registered at the switch but does not respond to a ping. How do I debug?
• Check that the user roles and VLANs are correctly configured at the switch as well as the controller.
• Check that the IP MTU is set to >= (1500+46) at all the switches in the path from User-Based Tunneling switch
to the controller.
There are two parts to the solution, and the part that is failing should be identified.
• To check if the switch is tunneling the traffic, run the
show tunneled-node-server statistics
command to check if the user traffic is being received and transmitted. If the counters do not increment, then
the switch configuration needs to be investigated.
• To check if the Mobility Controller is tunneling traffic, run the
show datapath tunnel
to see if the Encaps
and Decaps counters increase.
A packet trace of traffic sent from and received at the switch uplink to the controller can also be useful, GRE
encapsulated packets are what will be of interest.
642
Aruba 2930F / 2930M Management and Configuration Guide
for ArubaOS-Switch 16.08