tunneled-node-server-redirect

Syntax

tunneled-node-server-redirect [secondary-role <ROLE-NAME>]

no tunneled-node-server-redirect [secondary-role <ROLE-NAME>]

Description

This command is used to instruct the switch to redirect traffic for a particular user to the user-based tunnel.

The no form of this command configures traffic redirect to the user-based tunnel. Secondary role is the new user role that will be applied to the tunneled traffic by the controller.

Command context

user-role

Parameters

secondary-role <ROLE-NAME>

Specifies the secondary role applied on the user traffic by the controller.

Example

User role configuration example on TN switch. The tunneled-node-server-redirect attribute instructs the switch to redirect all traffic with user-role “testrole” to the controller. The secondary-role “authenticated” specified with the redirect attribute should be configured and present on the controller. The switch sent VLAN (client VLAN) has to be present on the controller.

 
class ipv4 "testclass"
     10 match ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255
     20 match tcp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255
   exit
policy user "testpolicy"
     10 class ipv4 "testclass" action permit
   exit
aaa authorization user-role name "testrole"
   policy "testpolicy"
   vlan-id 100
   tunneled-node-server-redirect secondary-role "authenticated"
   exit

Show the tunneled-node-server status for all users.

switch-PoEP# show tunneled-node-users all

PORT    MAC-ADDRESS     TUNNEL-STATUS   SECONDARY-USERROLE      FAILURE-REASON
1       000ffe-c8ce92   UP              authenticated
5       082e5f-263518   UP              authenticated