Using Aruba’s Tunneled-Node to Extend Wireless AAA Policies to the Wire

I recently recorded a 10 minute video demonstration of how you can use an Aruba Networks Mobility Access Switch to extend your existing wireless AAA and QoS policies out to the wired access layer.

Now that you’ve watched the video, here is a quick recap of some of the benefits and use cases for tunneled-node.

Benefits (In no specific order):

  • Management – AAA profiles for wired and wireless users are created in a single location.
  • Efficiency – Ideally, you already have strong AAA and QoS policies on the WLAN. Tunneled-Node means you don’t have to recreate the wheel. Instead just reuse the same policies and apply them to wired ports.
  • Security – This is the main driver now isn’t it? Clearly, having users/devices authenticate to receive derived roles matching their requirements is a much better way to go compared to wide open wired access for all.


  • Tunnels – The name kind of spells out the first limitation. Given that all traffic is tunneled to you mobility controller from the switch, you will need to make sure your controller is sized to handle the increased load.
  • Closed Architecture – Currently, this solution requires you to have both an Aruba mobility controller and mobility access switch. Both products function just fine without each other, but tunneled-node functionality requires both.

When is this solution a good fit?

In my opinion, the solution fits well in the following scenarios:

  • Board rooms and public spaces – A single switch could easily increase security in areas that host both employees and guests/contractors/students. Employees get internal access in boardrooms while guests get internet-only access even when plugging into the same port.
  • New WLAN deployments – If your organization is just deploying a new Aruba WLAN, then a mobility access switch could be of great benefit. You’ll need something to provide PoE power to the access points anyway.

I really don’t want this to come across as an Aruba advertisement. There are certainly other solutions on the market today but I think tunneled-node should be given serious consideration for any organization with an already deployed Aruba WLAN.


Please feel free to contact us, or leave a comment, if you have questions about how this solution works. Also, the lab I used in the demo was built completely self-contained and portable. So, if you’d like to have a live demo, in-person, we can arrange that as well.




Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.