Controllerless Networks

Reply
Frequent Contributor II
Posts: 193
Registered: ‎11-18-2011

Aruba Instant & Aruba Activate

>For Aruba Activate , is it for free to privde zero touch provisining ?

>As i understood , i will define my APs @ Aruba activate  Mnually by Myself ?

>Then when APs powers up with Factory default it will contact Aruba Activate to get the IP  of Configuration Server ( AirWave ) , right ?

>if i have setup of 6 Instant APs but want to tunnel all traffic to Centralized Controller  at remote location , is this doable ?

Aruba
Posts: 1,644
Registered: ‎04-13-2009

Re: Aruba Instant & Aruba Activate

Activate is a free service to any customer.

You can assign your devices to folders within Activate and then apply provisioning rules to the folder.....including assigning AirWave or Aruba Central server or converting to campus or remote AP.

If you want to setup a VPN from the IAPs (IAP-VPN/RAP-NG) you'll need to provision against AirWave or Central to provide the configuration for that. Activate cannot do that alone.
------------------------------------------------
Systems Engineer, Northeast USA
ACCX | ACDX | ACMX

Aruba Employee
Posts: 11
Registered: ‎12-31-2010

Re: Aruba Instant & Aruba Activate

Hi Telnet-1,

 

Sometimes your devices might already be seen on the Activate dashboard off of the purchase, if the same account is maintained since purchase.  Else, you can manually add.  To ensure you see the devices on the dashboard;

a) Verify that your IAP can reach out to the Internet;
b) Verify that your IAP firmware version is 6.2.0.0-3.3.0.0_37688
c) If your IAP has ever communicated with an Airwave or Activate instance in the past, please perform a factory_reset or "write erase all" and reboot the device.
d) Login to the IAP Web UI and verify that the Airwave Server IP under System>Admin is blank

 

With regards to creating a VPN tunnel from IAP to Controller, You can refer to the knowledge base article:  https://arubanetworkskb.secure.force.com/pkb/articles/FAQ/How-to-configure-basic-IAP-VPN-Controller-Configuration for quick details of IAP-VPN configuration.

 

For a client to connect to a RAPNG network, an SSID or wired ports on an IAP should be configured for the appropriate RAPNG mode of operation. The VLAN configuration in an SSID or wired port determines whether an SSID/wired port is configured for the RAPNG. 

 

Airwave could be used to apply a sample configuration as follows:

 

  • Find the the VC that you like for the "Golden Config" and click on the edit wrench and click "Import Settings".
  • Navigate to Groups>List>Add and create a new group
  • Click on the Group to Edit, Add a New Template
  • Enter the VC that you imported settings and click fetch.  This now serves as the golden template for all IAP's in this group.

Some screenshots for the above config as attached here.

 

[Please hit Kudos if my reply helps]

Frequent Contributor II
Posts: 193
Registered: ‎11-18-2011

Re: Aruba Instant & Aruba Activate

Thx , from the below KB , IAP traffic will be sent to Controller through VPN

Thsi means that i will be able to do all Processing on Controller ( Authentication , Firewalls , ... )

https://arubanetworkskb.secure.force.com/pkb/articles/FAQ/How-to-configure-basic-IAP-VPN-Controller-Configuration

 

 

Aruba Employee
Posts: 11
Registered: ‎12-31-2010

Re: Aruba Instant & Aruba Activate

[ Edited ]

Yes, we can pass all traffic including authentication to the Controller for a Single Data Center (one Controller) or Multiple Data Centers with one Controller in each, that can be used for redundancy of the IAP VPN tunnel.  You may select Distributed L3 or Centralized L2 mode of operation on the IAP.  For a deployment with Master-Standby Controller setup, we need to perform local authentication (at IAP end).

 

Also, note that the RADIUS and Airwave traffic from the IAP will carry the VPN-pool IP address that was assigned by the Controller to the IAP.  To understand the different IAP modes of operation, this might be useful read:  https://arubanetworkskb.secure.force.com/pkb/articles/FAQ/What-are-the-IAP-VPN-modes

 

To tunnel all traffic from IAP to the Controller, the routing profile on the IAP should look like:

routing-profile

route 0.0.0.0 0.0.0.0 <Controller-IP>

 

For the Master-Standby deployment, we need to add a routing profile exception for radius server and Airwave IPs, since the design requirement for this solution requires local radius authentication at IAP:

routing-profile
route <radius server ip> 255.255.255.255 0.0.0.0
route <Airwave IP> 255.255.255.255 0.0.0.0

 

Also, we now have an option on the IAP to configure enterprise domain to tunnel all DNS queries matching that domain, to the client’s original DNS server without proxying on IAP. 

 

Example1: Tunnell all DNS queries to the Controller:

internal-domains
domain-name *

 

Example2: To configure an enterprise domain to tunnel only DNS queries matching that domain Controller. 

 

internal-domains
domain-name corpdomain.com

 

Hope this helps.

 

Regards,

Riyaz

 

[Hit Kudos if you find the info useful]

Regular Contributor I
Posts: 185
Registered: ‎12-17-2008

Re: Aruba Instant & Aruba Activate

Can Activate be used in a non-Instant RAP-only environment?


--
ACMA ACMP
Guru Elite
Posts: 8,794
Registered: ‎09-08-2010

Re: Aruba Instant & Aruba Activate

RAPs that are Instant compatible are supported in Activate.  (pretty much anything after the RAP-2, RAP-5)


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Regular Contributor I
Posts: 185
Registered: ‎12-17-2008

Re: Aruba Instant & Aruba Activate

Ah so no good for a customer with all RAP-5WNs.

cheers


--
ACMA ACMP
Search Airheads
Showing results for 
Search instead for 
Did you mean: