Wireless Access

Hi,

I am new to Aruba, setting up split tunnel in my simple lab to understand how it works.

The topology :



With VLAN 200 interface ip as default router of dhcp pool, client pc able to get authenticated, ping both servers and browse internet.

I did some ping test to HQ server (192.168.30.100) and local network. 

Datapath Session Table Entries :


Questions :

1. Refer to table entries, is the setup working (internal network to tunnel and local traffic src-natted)?

2. When i change the default router ip to non reachable ip, it does not work. Is this normal? What if the client ip is provided by HQ DHCP server with a different gateway IP ? 


Much appreciated for your help.













------------------------------
Jason_L
------------------------------

1.  Yes
2.  You should be creating the network_vlan200 alias with a subnet you want traffic to be tunneled, to.  It should NOT be a default gateway.

------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

HPE Design and Deploy Guides: https://community.arubanetworks.com/support/migrated-knowledge-base?attachments=&communitykey=dcc83c62-1a3a-4dd8-94dc-92968ea6fff1&pageindex=0&pagesize=12&search=&sort=most_recent&viewtype=card
------------------------------

Original Message:
Sent: Oct 10, 2022 10:28 AM
From: Lau TS
Subject: Split Tunnel Questions

Hi,

I am new to Aruba, setting up split tunnel in my simple lab to understand how it works.

The topology :



With VLAN 200 interface ip as default router of dhcp pool, client pc able to get authenticated, ping both servers and browse internet.

I did some ping test to HQ server (192.168.30.100) and local network.

Datapath Session Table Entries :


Questions :

1. Refer to table entries, is the setup working (internal network to tunnel and local traffic src-natted)?

2. When i change the default router ip to non reachable ip, it does not work. Is this normal? What if the client ip is provided by HQ DHCP server with a different gateway IP ?


Much appreciated for your help.













------------------------------
Jason_L
------------------------------

Thank you for the anwsers.
I have other question regarding route source NAT. When client's traffic is src-natted to local network, does it use the AP's default gateway and dns to reach other network ? (example : ping to local server resides at another subnet)


------------------------------
Jason_L
------------------------------

Original Message:
Sent: Oct 11, 2022 12:10 PM
From: Colin Joseph
Subject: Split Tunnel Questions

1.  Yes
2.  You should be creating the network_vlan200 alias with a subnet you want traffic to be tunneled, to.  It should NOT be a default gateway.

------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

HPE Design and Deploy Guides: https://community.arubanetworks.com/support/migrated-knowledge-base?attachments=&communitykey=dcc83c62-1a3a-4dd8-94dc-92968ea6fff1&pageindex=0&pagesize=12&search=&sort=most_recent&viewtype=card

Original Message:
Sent: Oct 10, 2022 10:28 AM
From: Lau TS
Subject: Split Tunnel Questions

Hi,

I am new to Aruba, setting up split tunnel in my simple lab to understand how it works.

The topology :



With VLAN 200 interface ip as default router of dhcp pool, client pc able to get authenticated, ping both servers and browse internet.

I did some ping test to HQ server (192.168.30.100) and local network.

Datapath Session Table Entries :


Questions :

1. Refer to table entries, is the setup working (internal network to tunnel and local traffic src-natted)?

2. When i change the default router ip to non reachable ip, it does not work. Is this normal? What if the client ip is provided by HQ DHCP server with a different gateway IP ?


Much appreciated for your help.













------------------------------
Jason_L
------------------------------

The client uses the DNS ip address of the tunneled network for name resolution.  After name resolution, the client  uses src-nat of the access point's ip address to reach any destination that is not tunneled.

------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

HPE Design and Deploy Guides: https://community.arubanetworks.com/support/migrated-knowledge-base?attachments=&communitykey=dcc83c62-1a3a-4dd8-94dc-92968ea6fff1&pageindex=0&pagesize=12&search=&sort=most_recent&viewtype=card
------------------------------

Original Message:
Sent: Oct 11, 2022 12:39 PM
From: Lau TS
Subject: Split Tunnel Questions

Thank you for the anwsers.
I have other question regarding route source NAT. When client's traffic is src-natted to local network, does it use the AP's default gateway and dns to reach other network ? (example : ping to local server resides at another subnet)


------------------------------
Jason_L

Original Message:
Sent: Oct 11, 2022 12:10 PM
From: Colin Joseph
Subject: Split Tunnel Questions

1.  Yes
2.  You should be creating the network_vlan200 alias with a subnet you want traffic to be tunneled, to.  It should NOT be a default gateway.

------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

HPE Design and Deploy Guides: https://community.arubanetworks.com/support/migrated-knowledge-base?attachments=&communitykey=dcc83c62-1a3a-4dd8-94dc-92968ea6fff1&pageindex=0&pagesize=12&search=&sort=most_recent&viewtype=card

Original Message:
Sent: Oct 10, 2022 10:28 AM
From: Lau TS
Subject: Split Tunnel Questions

Hi,

I am new to Aruba, setting up split tunnel in my simple lab to understand how it works.

The topology :



With VLAN 200 interface ip as default router of dhcp pool, client pc able to get authenticated, ping both servers and browse internet.

I did some ping test to HQ server (192.168.30.100) and local network.

Datapath Session Table Entries :


Questions :

1. Refer to table entries, is the setup working (internal network to tunnel and local traffic src-natted)?

2. When i change the default router ip to non reachable ip, it does not work. Is this normal? What if the client ip is provided by HQ DHCP server with a different gateway IP ?


Much appreciated for your help.













------------------------------
Jason_L
------------------------------