How to configure an IAP as a Wifi client though both CLI and GUI?

Aruba Employee

Instant AP supports Ethernet, 3G/4G USB and Wi-Fi as the uplinks. USB modems and the Wi-Fi uplink can be used to extend the connectivity to places where an Ethernet uplink cannot be configured. It also provides a reliable backup link for the Ethernet based Instant networks.

Wi-Fi uplink lets user configure any accessible wireless network as uplink for IAPs. Users can now build self contained IAP VPN networks in a hotel room to connect all their personal devices and use the existing hotel WiFi connection for uplink.

 

  • Wi-Fi uplink is supported only by the master/ virtual controller (VC).
     
  • Uplink priority can be configured between Ethernet, Wi-Fi and 3G/4G.
     
  • Allows the master IAP to establish WPA2, WPA and Open Wi-Fi uplinks.
     
  • For single radio IAPs, the radio serves wireless clients and the Wi-Fi uplink.
     
  • For dual radio IAPs, both radios can be used to serve, clients but only one of them can be used for the Wi-Fi uplink, either 2.4Ghz or 5GHz.

Environment : This article applies to all Aruba Instant Access Points running Aruba InstantOS.


(Support for an IAP associating to an other IAP as Wi-Fi uplink is introduced from 6.2.1.0-3.3.0.0)

 

 

Wi-Fi uplink can be configured on the virtual controller in a few easy steps:

 

  1. Open Instant GUI and login with admin credentials.
  2. Click on "System" from the Main Menu at the top right.
  3. At the bottom of the "System" window click on "Show Advance Options". As shown below:
  4. Click on the "Uplink" tab
  5. Under Wi-Fi Section, configure the settings:

rtaImage.jpg

 

Name(SSID): Name of the wireless network that the IAP would be connecting to.

Key Management: Select the type of encryption. WPA-2 Personal, WPA Personal or Open

Passphrase Format: Characters or Hexadecimal.

Passphrase: Password for wireless network that the IAP is connecting to. Password should be minimum of 8 characters.

Band: Wi-Fi radio.  2.4GHz or 5.0GHz



6. Click OK.

 



Below screenshot would help to configure it via CLI:
 
rtaImage (1).jpg
 
Below are the command formats:

essid <Name of the wireless network>

cipher-suite <key management>
  • For Open:  clear
  • For WPA-2: wpa2-ccmp-psk
  • For WPA: wpa-tkip-psk
uplink-band  <wireless band>
  • For 2.4GHz:  dot11g
  • For 5GHz: dot11a
wpa-passphrase  <password for wireless network>
 
 
Configuration can be verified from GUI and CLI. Below screenshots help us to verify:

From GUI:
  1. Open Instant GUI and login with admin credentials.
  2. From the top right-menu, point to "More" and then click on "Support".

rtaImage (2).jpg

From CLI:

SSH into Master IAP and execute the below command:

#show wifi-uplink config
 
rtaImage (3).jpg
 
Below command is also useful to know if the Wi-Fi Uplink is configured and active:

# show wifi-uplink status
 
rtaImage (4).jpg
 
Below command helps to troubleshoot if any issues with Wi-Fi uplink:
  • "Show wifi-uplink status" command would help to check the status of the W-Fi uplink. As we see in the below image, the connection is enabled and in running state.

rtaImage (5).jpg

 

This can verified from GUI as well. Open Instant GUI and login with admin credentials.

 

 

rtaImage (6).jpg

 

"show wifi-uplink auth"  shows the auth log of IAP's association to Wi-Fi uplink.

 

IAP-MASTER# show wifi-uplink auth
 
----------------------------------------------------------------------
wifi uplink auth configuration:
----------------------------------------------------------------------
ctrl_interface=/tmp/sta_supplicant_ctrl
ctrl_interface_group=0
eapol_version=1
ap_scan=1
fast_reauth=1
network={
ssid="AndroidAP"
scan_ssid=1
proto=WPA RSN
key_mgmt=WPA-PSK
pairwise=CCMP TKIP
group=CCMP TKIP
psk="twjc1652"
priority=9
}
----------------------------------------------------------------------
wifi uplink auth log:
----------------------------------------------------------------------
[1096]2000-01-01 00:00:47.192: Global control interface '/tmp/supp_gbl'
[1096]2000-01-01 04:09:49.022: CTRL_IFACE GLOBAL INTERFACE_REMOVE 'aruba101'
[1096]2000-01-01 04:09:49.022: CTRL_IFACE GLOBAL INTERFACE_ADD 'aruba101        /aruba/bin/wpa_sta_supplicant.conf      madwifi "Androi
[1096]2000-01-01 04:09:49.224: wpa_supplicant_add_iface   2626  wifi-uplink
[1096]2000-01-01 04:09:49.225: wpa_sapd_socket_init  2889
 
[1096]2000-01-01 04:09:49.225: wpa_sapd_socket_tx_radio_used  2948
 
[1096]2000-01-01 04:09:50.026: RX ctrl_iface - hexdump_ascii(len=11):
     52 45 43 4f 4e 46 49 47 55 52 45                  RECONFIGURE
[1096]2000-01-01 04:09:50.219: State: DISCONNECTED -> SCANNING
[1096]2000-01-01 04:09:50.219: Scan results: 0
[1096]2000-01-01 04:09:53.442: Scan results: 1
[1096]2000-01-01 04:09:53.443: Trying to associate with 38:aa:3c:39:8e:8b (SSID='AndroidAP' freq=2437 MHz)
[1096]2000-01-01 04:09:53.443: keys cleared. Forcing clear again
[1096]2000-01-01 04:09:53.443: State: SCANNING -> ASSOCIATING
[1096]2000-01-01 04:09:53.467: Calling w_s_initiate_eapol
[1096]2000-01-01 04:09:53.477: wpa_supplicant_event_assoc: 00:00:00:00:00:00
[1096]2000-01-01 04:09:53.477: State: ASSOCIATING -> ASSOCIATED
[1096]2000-01-01 04:09:53.477: wpa_sapd_socket_tx_radio_channel  2986
 
[1096]2000-01-01 04:09:53.477: Associated to a new BSS: BSSID=38:aa:3c:39:8e:8b
[1096]2000-01-01 04:09:53.477: keys cleared. Forcing clear again
[1096]2000-01-01 04:09:53.477: Associated with 38:aa:3c:39:8e:8b
[1096]2000-01-01 04:09:53.478: WPA: Association event - clear replay counter
[1096]2000-01-01 04:09:53.519: IEEE 802.1X RX: version=2 type=3 length=95
[1096]2000-01-01 04:09:53.519:   EAPOL-Key type=2
[1096]2000-01-01 04:09:53.519:   key_info 0x8a (ver=2 keyidx=0 rsvd=0 Pairwise A
[1096]2000-01-01 04:09:53.519:   replay_counter - hexdump(len=8): 00 00 00 00 00
[1096]2000-01-01 04:09:53.519:   key_nonce - hexdump(len=32): 34 24 42 77 b4 25
[1096]2000-01-01 04:09:53.519:   key_iv - hexdump(len=16): 00 00 00 00 00 00 00
[1096]2000-01-01 04:09:53.520: State: ASSOCIATED -> 4WAY_HANDSHAKE
[1096]2000-01-01 04:09:53.520: WPA: RX message 1 of 4-Way Handshake from 38:aa:3
[1096]2000-01-01 04:09:53.520: l2_packet_send:l=121 p=0x888e
[1096]2000-01-01 04:09:53.520: Sending fd=7 L=153
[1096]2000-01-01 04:09:53.526: IEEE 802.1X RX: version=2 type=3 length=151
[1096]2000-01-01 04:09:53.526:   EAPOL-Key type=2
[1096]2000-01-01 04:09:53.526:   key_info 0x13ca (ver=2 keyidx=0 rsvd=0 Pairwise
[1096]2000-01-01 04:09:53.526:   replay_counter - hexdump(len=8): 00 00 00 00 00
[1096]2000-01-01 04:09:53.526:   key_nonce - hexdump(len=32): 34 24 42 77 b4 25
[1096]2000-01-01 04:09:53.527:   key_iv - hexdump(len=16): 00 00 00 00 00 00 00
[1096]2000-01-01 04:09:53.527: State: 4WAY_HANDSHAKE -> 4WAY_HANDSHAKE
[1096]2000-01-01 04:09:53.527: WPA: RX message 3 of 4-Way Handshake from 38:aa:3
[1096]2000-01-01 04:09:53.527: l2_packet_send:l=99 p=0x888e
[1096]2000-01-01 04:09:53.528: Sending fd=7 L=131
[1096]2000-01-01 04:09:53.528: State: 4WAY_HANDSHAKE -> GROUP_HANDSHAKE
[1096]2000-01-01 04:09:53.528: WPA: Key negotiation completed with 38:aa:3c:39:8
[1096]2000-01-01 04:09:53.528: State: GROUP_HANDSHAKE -> COMPLETED
[1096]2000-01-01 04:09:53.529: CTRL-EVENT-CONNECTED - Connection to 38:aa:3c:39:
[1096]2000-01-01 04:09:53.529: inform_wifi_uplink_status  632  informing wifi-up

 

Therefore based on the stages, we can identify where the connection is stuck and  resolve the problem.
 
 

 

 

 

Version history
Revision #:
1 of 1
Last update:
‎07-03-2014 07:12 PM
Updated by:
 
Labels (1)
Contributors
Comments
metalgalle

Thanx for the guide.

 

I need to configure an iAP 92 for use as client bridge in order to connect some wired equipment to the wifi network.

 

Following your guide (as shown also in the manual) I can make the AP connect to the WiFi network (just once, is seems that rebooting will break something), but I can't get access to the network connecting through the wired port...

 

I also need to not broadcast any SSID, because I need to use the iAP as a simple client/bridge.

 

 

What I may miss?

 

Thanx a lot in advance!

If I understand it correctly, you wanted to connect the IAP as a wifi network being broadcasting by an other AP (a thirdparty AP) and connect wired clients (which are not wifi capable)  to IAP ethernet-port.

 

 

Wired clients  - - -  wired to IAP ethernet  IAP ))))))))    (((((((   AP-Broadcasting SSID.

 

There are two steps involved here, 1. Configuring the IAP about the wireless SSID that it needs to connect.  2.  Configuring the Eth0 in bridging mode, so it do not consider the Eth0 as uplink anymore.

 

But there is a trick here, we need to enable bridging on ethernet port, before you enable configure prioritize the wifi-uplink on top of ethernet.

 

As a first step:

 

Login to IAP, select the AP listed and click on Edit.  Click on "uplink" tab and select "Ethernet Bridging" as Enabled.

IAP would prompt you to restart. Click OK to acknowledge. This would restart the IAP.

 

Now, configure the settings for wifi-uplink.

 

Once done, Go to maintenance -> reboot tab and restart the IAP.

 

When the IAP boots in, it knows that ethernet is bridged and sense the wifi uplink being configured. Connect a laptop to the ethernet port and it should get an IP address from the other AP to which IAP is getting connected as wifi-uplink

 

Thank You

 

 

Were you able to configure as mentioned above ? Let me know if you have any questons.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: