ArubaOS and Controllers

Reply
Contributor I

remote mesh, mesh private VLAN and virtual AP profile

We are on Aruba OS 5.0.2.1. After successfully setting up a local mesh, I now need to take the next step and convert this into a remote mesh.

There is one thing in the Aruba user guide (OS 5.0, page 244) which confuses me.

a) Do I need to change the VLAN for my virtual AP from the user VLAN to the mesh private VLAN? or
b) Do I need to add the MPV to the list of VLANs? or
c) Do I need to add a second VAP (MPV, split-tunnel) for the mesh to the profile?

I know there is an AP wizard. However, for the sake of a clear documentation I don't want to use it.
JYL
Occasional Contributor II

Re: remote mesh, mesh private VLAN and virtual AP profile

Config Summary
The following example sets up a RMP and a MP using:
• RMP = AP-125 (ap-name = ap125-rmp)
• MP = AP-65 (ap65)
• AP Group = 'rmp'

Controller Set Up
IP addresses allocated to the MPV must be routable to the master controller for AP classification (reachable to WMS DB).
vlan 998
interface vlan 998
ip address 172.16.99.1 255.255.255.0
exit
ip dhcp pool vlan998-rmp
default-router 172.16.99.1
network 172.16.99.0 255.255.255.0
service dhcp

Set Up the Mesh
ap mesh-radio-profile "mesh"
mpv 998
ap mesh-cluster-profile "mesh"
cluster "mesh"
wpa-passphrase "arubarocksarubarocks"
opmode wpa2-psk-aes

Set Up the Dummy VAP. Note that the Dummy SSID must use opensystem (Bug 38602). No real wireless client will ever associate to this VAP. For security purpose, use max-clients = 0, hide-ssid, deny-bcase.
user-role denyall
aaa profile "denyall"
initial-role "denyall"
wlan ssid-profile "rmp"
essid "..."
opmode opensystem
max-clients 0
hide-ssid
deny-bcast
wlan virtual-ap "rmp"
aaa-profile "denyall"
ssid-profile "rmp"
allowed-band g # Note that this band must be active. Be careful with single-radio AP.
vlan 998
forward-mode split-tunnel

On the MP, only tunnel mode wired port is supported.
ap wired-ap-profile "tunnel-trusted"
wired-ap-enable
forward-mode tunnel
switchport mode access
switchport access vlan 18
trusted
ap wired-port-profile tunnel-trusted
wired-ap-profile tunnel-trusted

The Dummy VAP is only needed on the RMP, not the MP. Use an AP-specific configuration.
ap-name "ap125-rmp"
virtual-ap "rmp"
ap-group "mesh"
virtual-ap "Tunnel" # The definition of this SSID is up to the reader.
enet0-port-profile "tunnel-trusted"
ap-system-profile "rmp"
mesh-radio-profile "mesh"
mesh-cluster-profile "mesh" priority 1
Contributor I

Re: remote mesh, mesh private VLAN and virtual AP profile

Thank you very much. This is KB 1052. I am struggling with this document as well. It seems as if a second VAP is needed on the remote mesh portal.

Is there anyone out there who has a working remote mesh? To me, the user guide as well as the knowledge base are not detailed enough.
Aruba Employee

Re: remote mesh, mesh private VLAN and virtual AP profile


We are on Aruba OS 5.0.2.1. After successfully setting up a local mesh, I now need to take the next step and convert this into a remote mesh.

There is one thing in the Aruba user guide (OS 5.0, page 244) which confuses me.

a) Do I need to change the VLAN for my virtual AP from the user VLAN to the mesh private VLAN? or
b) Do I need to add the MPV to the list of VLANs? or
c) Do I need to add a second VAP (MPV, split-tunnel) for the mesh to the profile?

I know there is an AP wizard. However, for the sake of a clear documentation I don't want to use it.




Hi,

a) The access virtual APs that you will connect your clients to should have a VLAN that is different from the MPV.
b) The MPV needs to be visible on the controller. There needs to be a DHCP pool configured for this VLAN on the controller.
c) Yes you need to add an additional "split-tunnel" virtual AP to the RMP. The VLAN that you need to assign to this virtual AP will have to be the MPV.

Warm regards,
Anupam
Contributor I

Re: remote mesh, mesh private VLAN and virtual AP profile

Dear Anupam,

Thanks for pointing this out. I think I've done all that. Did you actually configure a remote mesh?

Dirk
Contributor I

Re: remote mesh, mesh private VLAN and virtual AP profile

The remote mesh is still not working here. :(

Meanwhile, I was told by our dealer, that only AP-124/125 and RAP-5 are supported for being a remote mesh portal. The knowledge base article "How do I set up a remote mesh portal? (Answer ID 1052)" is telling something different:

Supported APs
As a remote mesh portal (RMP):
AP-60/61, AP-65, AP-70, AP-85, AP-105, AP-12x, RAP-5WN
Not supported: RAP-2WG

As a remote mesh point or mesh point (MP):
AP-60/61, AP-65, AP-70, AP-85, AP-105, AP-12x
Not supported: RAP-2WG, RAP-5WN


However, the example uses an AP-125 as remote mesh portal. So once again my question to all of you - Who is running a remote mesh and what AP are you using for the remote mesh portal?
Guru Elite

Remote Mesh Portal

Viregg,

The knowledgebase Article is correct and those access points are supported, as described. Your dealer might not have included all the APs in his note.

We have configured Remote Mesh Portal and it works. There are a number of variables that exist with Remote Mesh Portal that need to be configured properly. Please open up a case with support so that they can look into the particulars of your deployment.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Contributor I

Re: remote mesh, mesh private VLAN and virtual AP profile

Finaly, I was able to configure the Remote Mesh. Colin was right and our dealer was wrong - the AP-65 can be used for that.

I wrote a step by step guide on how to set up an Aruba Remote Mesh. It can be found here:

http://airheads.arubanetworks.com/vBulletin/showthread.php?t=2824

Regards
Dirk
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: