ArubaOS and Controllers

Reply
Frequent Contributor II

Upgrade from 3.1 to 3.4

Hi all, me again! Reading the upgrade guide, re: the remote aps. We use a large number of them, I believe the installers setup a role for them to bootstrap. Do i need to create this roll again or should they boot and attach as normal?

I am reading the Userguide but its not making much sense and wondered if its really something I need to do? Looking at the AAA profile, they are set to pickup initial role as logon. Checking the "logon" showes no firewall policy against it. Any ideas? Ideally I'd like to do a mock up with our little A200 test unit first.

Cheers.
Guru Elite

Logon Role

Do you have the Policy Enforcement Firewall license installed?


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor II

Re: Upgrade from 3.1 to 3.4

Hi, no.
Guru Elite

Welll...




That is why... There are no roles unless you have the policy enforcement license.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor II

Re: Upgrade from 3.1 to 3.4

But we're using Remote APs at the moment. :confused:
Guru Elite

Policy Enforcement License with Remote AP




Remote APs do not REQUIRE the Policy Enforcement license---you just cannot configure roles if you don't have it---everything is just "allowall".

You also cannot do split-tunneling, because you need to be able to configure roles and firewall policies to decide what is tunneled, as opposed to what is bridged. You gain a great deal of functionality with the Policy Enforcement license, but it is not required for remote AP.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor II

Re: Upgrade from 3.1 to 3.4

Cheers for the info. I'm ok on the PEF and the split tunneling, I know this is useful esp with VOIP and other stuff, we do full local breakout. So all I really need to know is, do I need to tweak the config on the allowall role after the upgrade? Will the remotes just associate as normal? The LMS IPs are reachable, we hard code the APs to push them to either the local or master anyway, never found the Master to push them correctly.

Thanks again.
Guru Elite

Do not

You should not have to tweak anything.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor II

Re: Upgrade from 3.1 to 3.4

Thanks for that, will let you know how I get on. ;)
Occasional Contributor II

Re: Upgrade from 3.1 to 3.4

Hi Colin,



Are you sure about that or should it not be the following way:
"Remote APs do not require the PEF licence..."

Thanks,
Stefan

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: