Controller Based WLANs

How to use "arm-rf-domain-profile" and it's significance?

by on ‎07-04-2014 12:03 AM

Introduction : Aruba "arm-rf-domain-profile" is used for OTA (Over the Air) updates.

ARM OTA updates are designed to work under a master controller and not for multi master controller environments. All APs under same master will use the same master generated OTA key to sign the OTA update.

ARM neighbors will have all the discovered BSS (using scanning as well active OTA updates) This will include Aruba APs on same master, Aruba APs on another master and non-Aruba APs.

 

Feature Notes : Product and Software: This article applies to all Aruba controller and Aruba OS version above 6.2.

 

Environment : Master and Local controllers in same Domain

 

Configuration Steps : User-added image

 

Above as we can see two things.
1. There is no profile name needed
2. It's Read-Only profile and Key is autogenerated

This profile is only for the APs that sends Over-the-Air arm stats update and would be trusted by APs on different controller but the same domain.
NOTE: If we disable OTA ARM updates, this is not applicable.

User-added image

NOTE: OTA is default enable and under ARM profile "Arm Over the Air Updates"

 

Answer :

 

IMP NOTE: ARM neighbor is not limited to Aruba AP. In busy wireless network, it gives every BSSID details it can see.

User-added image

A. Above we can see we have two controllers in this Cluster/Domain.
B. All we have is just one AP on this Cluster/Domain.

 

Now with above in this Cluster/Domain this AP cannot exchange it's OTA with any other AP because it's a only AP in this cluster/domain. Also as mentioned above keys are autogenerated and every controller has different key.

 

Now below we see lot of details under AP neighbors which flags as Active and Passive:

User-added image

C. Above with "Show ap arm neighbors" is showing all the BSSID's which can be seen by this AP.

Now there are two Flags Active and Passive.
ARM neighbor is not limited to Aruba AP and it gives every BSSID it can see. Active means it sees OTA packets from that BSSID only and it doesn't means/refer to any kind of trust factor
.

Aruba has use the profile based mechanism to deliver the OTA key all the way to the APs instead of creating a new messaging type to deliver the OTA key to all the APs from the Master controller.

Search Airheads
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.