Controller Based WLANs

Product and Software: This article applies to all Aruba controllers that support the USB Evolution Data Optimized (EVDO) interface.

If the cellular interface is active and an IP address was assigned to the controller interface on EVDO, then you should be able to access the controller remotely if SSH, Telnet, and web is not blocked by the ISP.

Different ISPs have different policies on whether or not to allow incoming SSH and Telnet traffic. For example, if you use a Sprint-EVDO card, you may have SSH, Telnet, and web access using your A-651. However, with Verizon, you may not.

Use these commands to check the cellular status:

show ip interface brief

show ip route

show uplink

(vab-A651) #show uplink

Uplink Manager: Enabled

Uplink Management Table
-----------------------
Id Uplink Type Properties Priorty State Status
-- ----------- ---------- ------- ----- ------
1 Cellular Novatel_U720 100 Connecting Dialing evdo_us

(vab-A651) #show uplink

Uplink Manager: Enabled

Uplink Management Table
-----------------------
Id Uplink Type Properties Priorty State Status
-- ----------- ---------- ------- ----- ------
1 Cellular Novatel_U720 100 Connected * Active *

(vab-A651) #show ip route

Codes: C - connected, O - OSPF, R - RIP, S - static
M - mgmt, U - route usable, * - candidate default

Gateway of last resort is Imported from DHCP to network 0.0.0.0 at cost 1
Gateway of last resort is Imported from CELL to network 0.0.0.0 at cost 1
Gateway of last resort is Imported from PPPOE to network 0.0.0.0 at cost 1
Gateway of last resort is 77.77.77.2 to network 0.0.0.0 at cost 1
S* 0.0.0.0/0 [1/0] via 75.208.225.173*
C 66.66.66.0 is directly connected, VLAN66

(vab-A651) #show ip interface b

Interface IP Address / IP Netmask Admin Protocol
vlan 1 unassigned / unassigned up down
CELL 75.208.225.174 / 255.255.255.0 up up
vlan 66 66.66.66.3 / 255.255.255.0 up up
vlan 77 77.77.77.3 / 255.255.255.0 up down
loopback unassigned / unassigned up up
mgmt unassigned / unassigned down down


In the following example, the service provider allows ICMP to the dynamic IP assigned on the EVDO interface, but SSH or Telnet is blocked. The service provider allows access on port 4343, so you can access the controller using the web.

(vab-A651) #show datapath session

Datapath Session Table Entries
------------------------------

Flags: F - fast age, S - src NAT, N - dest NAT
D - deny, R - redirect, Y - no syn
H - high prio, P - set prio, T - set ToS
C - client, M - mirror, V - VOIP
I - Deep inspect, U - Locally destined

Source IP Destination IP Prot SPort DPort Cntr Prio ToS Age Destination TAge Flags
-------------- -------------- ---- ----- ----- ---- ---- --- --- ----------- ---- -----
216.31.249.246 75.208.225.174 1 4098 2048 0 0 0 0 2/0 2 FYCI
75.208.225.174 216.31.249.246 1 4098 0 0 0 0 1 2/0 2 FI
66.66.66.3 127.1.0.1 47 0 0 0 0 0 0 local 243 FC
216.31.249.246 75.208.225.174 1 23272 2048 0 0 0 0 2/0 0 FYCI
216.31.249.246 75.208.225.174 1 22880 2048 0 0 0 0 2/0 2 FYCI
75.208.225.174 216.31.249.246 1 23272 0 0 0 0 0 2/0 0 FI
75.208.225.174 216.31.249.246 1 22880 0 0 0 0 0 2/0 2 FI
75.208.225.174 216.31.249.246 1 25631 0 0 0 0 0 2/0 1 FI
216.31.249.246 75.208.225.174 1 25631 2048 0 0 0 0 2/0 1 FYCI
127.1.0.1 66.66.66.3 47 0 0 0 0 0 1 local 243 F
216.31.249.246 75.208.225.174 6 12539 4343 0 0 0 0 2/0 15 C
75.208.225.174 216.31.249.246 6 4343 1082 0 0 0 1 2/0 10