ArubaOS and Controllers

Reply
Occasional Contributor II
Posts: 67
Registered: ‎06-04-2009

questions regarding Aruba OS licenses and other feature

Hi all,

i have some issues that get me confused and wants to know the answer
and sorry to those will find my questions are silly


1- when using master local design which controller will send the authentications request to the RADIUS server?
2- Is there any way to configure which controller do the communication with the RADIUS server ?

3- when master local used what are the licenses that should be installed
in both of them(regardless of the fact that the master will not terminate any AP)?
Guru Elite
Posts: 20,002
Registered: ‎03-29-2007

Answers


Hi all,

i have some issues that get me confused and wants to know the answer
and sorry to those will find my questions are silly


1- when using master local design which controller will send the authentications request to the RADIUS server?
2- Is there any way to configure which controller do the communication with the RADIUS server ?

3- when master local used what are the licenses that should be installed
in both of them(regardless of the fact that the master will not terminate any AP)?




1. The Whatever the AP is terminated on, that is the controller that sends the radius requests.
2. No way to do this besides the way it is done in #1
3. The minimum licenses for each feature need to be installed on the master so that the configuration elements are available. You cannot configure features for which a license does not exist on a master controller.
Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
Aruba Employee
Posts: 509
Registered: ‎07-03-2008

Re: questions regarding Aruba OS licenses and other feature

Just expanding on #3. If you fail local APs back to a master, the master has to have enough licenses to accommodate all the APs and their users that fail onto it. AP, WIP, PEF, etc. We have enough to accommodate two good size sites simultaneously failing to the master.
Occasional Contributor II
Posts: 67
Registered: ‎06-04-2009

Re: questions regarding Aruba OS licenses and other feature

Hi,

thanks for the quick reply

i have three more questions:

1- i read that the master controller is the responsible for IDS/IDP so i thought that the IDS license should be installed on it but i understood from the answers above that the local controller which terminates the AM will do the IDS/IDP processing not the master am i right?

2- if i want to have the RADIUS server at the data center and i have local controllers at sites far from the data center is there any way to make the local controller authenticate through the RADIUS server at the data center?

3- the capacity of the controllers shows how manu campus AP's that it could terminate and how many RAP's it could terminate, does tha mean i can use the full capacity of the controller at the same time ie; make the controller terminates the max. supported campus AP and also terminates the max. supported RAP's at the same time?


thnx in advance
Guru Elite
Posts: 20,002
Registered: ‎03-29-2007

Licensing


Hi,

thanks for the quick reply

i have three more questions:

1- i read that the master controller is the responsible for IDS/IDP so i thought that the IDS license should be installed on it but i understood from the answers above that the local controller which terminates the AM will do the IDS/IDP processing not the master am i right?

2- if i want to have the RADIUS server at the data center and i have local controllers at sites far from the data center is there any way to make the local controller authenticate through the RADIUS server at the data center?

3- the capacity of the controllers shows how manu campus AP's that it could terminate and how many RAP's it could terminate, does tha mean i can use the full capacity of the controller at the same time ie; make the controller terminates the max. supported campus AP and also terminates the max. supported RAP's at the same time?


thnx in advance




1. IDS/IPS must be configured on the master, so the master controller must have a license for any configuration you want to push to the local controller.
2. The local controller can send Radius traffic anywhere you want.
3. You cannot have both max at one time. The RAP capacity of the M3 and 3000 series controller is 4 times the campus AP capacity. This is based on the hardware limitation, and NOT the licensing. The 3200 has a Campus AP capacity of 32 APs and 128 (4 * 32) RAPs. If you load it up with 32 campus APs, you cannot deploy any RAPs. If you put 31 Campus APs, you can add 4 RAPs to the controller.

I hope this makes sense.
Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
Occasional Contributor II
Posts: 67
Registered: ‎06-04-2009

Re: questions regarding Aruba OS licenses and other feature

Hi again,

regarding question 1

in the ACMA material and the Aruba OS Manual it is stated that the master controller is the responsible for the IDS processing so i got confused how could the master didn't terminate any AM nor AP and it is still the responsible for the IDS processing
so i wanted to emphasis that the previous info is totally wrong am i right?

regarding question 2

could you please tell me how to configure the local controller to send the RADIUS traffic to the master controller (when the local and master are separated by L3 network)?


regarding question 3

i got it man :D thnx alot

sorry for the long thread
Guru Elite
Posts: 20,002
Registered: ‎03-29-2007

Master


Hi again,

regarding question 1

in the ACMA material and the Aruba OS Manual it is stated that the master controller is the responsible for the IDS processing so i got confused how could the master didn't terminate any AM nor AP and it is still the responsible for the IDS processing
so i wanted to emphasis that the previous info is totally wrong am i right?

regarding question 2

could you please tell me how to configure the local controller to send the RADIUS traffic to the master controller (when the local and master are separated by L3 network)?


regarding question 3

i got it man :D thnx alot

sorry for the long thread




1. All the IDS processing is sent back to the master for correlation/collection by the local controlers and the APs connected to them. IDS parameters are configured on the master controller and are pushed to the local controllers

2. Radius traffic is always sent directly from the controller that the AP is on to the radius server. Radius traffic is never sent from a local controller to the master. The local controller is ALWAYS the source of the radius traffic. There is no relationship where radius traffic is sent from a local to a master. It is always sent directly from the controller that the AP is on.
Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
Occasional Contributor II
Posts: 23
Registered: ‎01-23-2009

Re: questions regarding Aruba OS licenses and other feature




My own 2 cents is that this is a non-customer friendly practice. It's already enough that one has to purchase the hardware for failover/upgrading, but the customer shouldn't have to buy licenses again. From the vendor perspective this may have the short-term benefit of greater profit margins, but it discourages customers from buying the spare hardware to get the better uptime and resentful when it comes time to cut the P.O.

Frank

Search Airheads
Showing results for 
Search instead for 
Did you mean: