Controller-less WLANs

What are the domain names used by IAP to communicate with central

Aruba Employee
Q:

 

What are the domain names used by IAP  to communicate with Aruba Central?



A:

 

Firewall needs to allow access to the below domain names for an Aruba cloud solution to work-

 

  1. pool.ntp.org - To update internal clock in IAPs
  2. device.arubanetworks.com - To get provisioning rule from Activate
  3. activate.arubanetworks.com - To Configure Proviosning rules in Activate.
  4. portal.arubanetworks.com  and sso.arubanetworks.com - Central login portal and followed up authentication portal.
  5. app1.central.arubanetworks.com - CDP for all customer From May 15th. 
  6. images.arubanetworks.com - Firmware image server1
  7. d2vxf1j0rhr3p0.cloudfront.net - Firmware image server2
  8. rcs-m.central.arubanetworks.com - SSH-Access-to-AP (Console Tab in AP detail Page.

 

Note:

IP address of app1.central.arubanetworks.com will change dynamically. We will no longer be able to provide a whitelist of IP addresses for firewall rules. There is dynamic DNS-based load-balancing in play, and the IP addresses cannot be assumed to be static.

Version history
Revision #:
2 of 2
Last update:
‎05-20-2016 10:08 AM
Updated by:
 
Labels (1)
Contributors
Comments
Gary Hahn

From which IP does the VC contact Central?  Local DHCP IP or the configured virtual controller IP?

 

Also, another article states that only the VC needs to contact Central and Activate.  Is that true even when a new AP is being added to a cluster with Activate?

 

Thanks!

 

Gary

Hi Gary,

 

The master IAP is the one which contacts Central & downloads the configuration.

 

it also reports the status of slave IAP's to Central.

 

 

Gary Hahn
Thanks Nitesh. Do you know which is the source IP of the master used to communicate with Central, the virtual IP or the master AP (DHCP) IP? -Gary

Hi Gary,

 

IAP communicates using its DHCP IP with Aruba Central.

Gary Hahn
Thanks! Bummer. Feature request.... Use the far more predictable virtual address when available. This will help when trying to create hardware firewall rules to constrain guest traffic when guest is NAT'ing against the IAP IP. -Gary
Gary Hahn

Oh, and use of the virtual IP also keeps the IP specific, independent of a failure of the current master.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.