User-Based Tunneling

User-Based Tunneling provides Aruba switches the ability to tunnel specific client traffic to an Aruba controller.

Once User-Based Tunneling is enabled, the Aruba controller provides a centralized security policy, authentication, and access control. The decision to tunnel client traffic is based on the user role. User roles redirect traffic to an Aruba controller when the tunnel status is up. A secondary role, provided by the authentication subsystem, when present in the user role authorizations, notifies the User-Based Tunnel and provides a secondary role. The communication between a User-Based Tunneling switch and the ClearPass is supported only over IPv4.

User-Based Tunneling, combined with ClearPass/LMA policies, is used to indicate if a client's traffic should be tunneled to the controller.