Controllerless Networks

last person joined: 13 hours ago 

Instant Mode - the controllerless Wi-Fi solution that's easy to set up, is loaded with security and smarts, and won't break your budget
Back to discussions
Expand all | Collapse all

Using a single Instant AP as a wireless to wired bridge and as a wireless "repeater"?

This thread has been viewed 17 times

  • 1.  Using a single Instant AP as a wireless to wired bridge and as a wireless "repeater"?

    Posted May 31, 2014 11:16 AM

    HI Guys!

     

    I've got a Single IAP-135, and want to bridge it into my existing non-Aruba wireless system.

    In my environment (residential), I want the Aruba's uplink to be wireless to my existing wireless system, and bridge this uplink connection to it's ethernet port, and to an SSID with the same name as my main wireless system.

     

    Well - the uplink works. It joins my wireless network, I can ping it - I set a static IP with setenv, etc.

    The IAP is in standalone mode.

     

    If I plug in an ethernet cable to the Aruba, I can ping the IAP 135, but nothing else on the network - bridging isn't working.

    Same deal if I join the SSID I created on the Aruba.  I can connect, ping the IAP-135, but traffic isn't being bridge.

     

    Help?

     

    My config is attached.

     

     

    version 6.3.1.0-4.0.0
    virtual-controller-country US
    virtual-controller-key REDACTED
    name REDACTED
    virtual-controller-ip 192.168.1.6
    virtual-controller-vlan 1 255.255.255.0 192.168.1.1
    terminal-access
    telnet-server
    ntp-server time.nist.gov
    clock timezone Indiana(East) -05 00
    clock summer-time EDT recurring second sunday march 02:00 first sunday november 02:00
    rf-band 5.0

    allowed-ap REDACTED

    arm
    wide-bands 5ghz
    80mhz-support
    g-channels 1,6,11
    min-tx-power 127
    max-tx-power 127
    band-steering-mode prefer-5ghz
    air-time-fairness-mode preferred-access
    client-aware
    scanning


    syslog-level warn ap-debug
    syslog-level warn network
    syslog-level warn security
    syslog-level warn system
    syslog-level warn user
    syslog-level warn user-debug
    syslog-level warn wireless

     

     


    mgmt-user admin REDACTED

    wlan access-rule default_wired_port_profile
    index 0
    rule any any match any any any permit

    wlan access-rule wired-instant
    index 1
    rule 192.168.1.6 255.255.255.255 match tcp 80 80 permit
    rule 192.168.1.6 255.255.255.255 match tcp 4343 4343 permit
    rule any any match udp 67 68 permit
    rule any any match udp 53 53 permit

    wlan access-rule REDACTED
    index 2
    rule any any match any any any permit

    wlan ssid-profile REDACTED
    enable
    work-without-uplink
    index 0
    type employee
    essid REDACTED
    wpa-passphrase REDACTED
    opmode wpa2-psk-aes
    max-authentication-failures 0
    vlan 1
    auth-server InternalServer
    rf-band all
    captive-portal disable
    dtim-period 3
    inactivity-timeout 1000
    broadcast-filter none
    multicast-rate-optimization
    dmo-channel-utilization-threshold 90
    local-probe-req-thresh 0
    max-clients-threshold 64
    dot11r

    auth-survivability cache-time-out 24

     

    wlan external-captive-portal
    server localhost
    port 80
    url "/"
    auth-text "Authenticated"
    auto-whitelist-disable
    https


    blacklist-time 3600
    auth-failure-blacklist-time 3600

    ids classification

    ids
    wireless-containment none


    wired-port-profile wired-instant
    switchport-mode access
    allowed-vlan all
    native-vlan guest
    no shutdown
    access-rule-name wired-instant
    speed auto
    duplex auto
    no poe
    type guest
    captive-portal disable
    no dot1x

    wired-port-profile default_wired_port_profile
    switchport-mode access
    allowed-vlan all
    native-vlan 1
    no shutdown
    access-rule-name default_wired_port_profile
    speed auto
    duplex full
    no poe
    type employee
    auth-server InternalServer
    captive-portal disable
    no dot1x


    enet0-port-profile default_wired_port_profile
    enet1-port-profile default_wired_port_profile
    enet2-port-profile default_wired_port_profile
    enet3-port-profile default_wired_port_profile
    enet4-port-profile default_wired_port_profile

    wlan sta-profile
    essid REDACTED
    cipher-suite wpa2-ccmp-psk
    wpa-passphrase REDACTED
    uplink-band dot11a

    uplink
    no preemption
    enforce none
    failover-internet-pkt-lost-cnt 10
    failover-internet-pkt-send-freq 30
    failover-vpn-timeout 180
    uplink-priority ethernet 99
    uplink-priority wifi 1
    uplink-priority cellular 3


    airgroup
    disable

    airgroupservice airplay
    disable
    description AirPlay

    airgroupservice airprint
    disable
    description AirPrint

     

     

     


    #AP135
    #3600


  • 2.  RE: Using a single Instant AP as a wireless to wired bridge and as a wireless "repeater"?

    Posted Jun 02, 2014 01:03 AM
    **Please be aware** if using as "repater" - it cant use Wi-Fi as uplink in 2.4Ghz and also give access in 2.4Ghz
    (As far as i aware)
     
    How to configure Wi-Fi uplink:
     
     
    Regarding Bridge mode:
     
    (Be sure that u running the lastest InstantAP OS 6.3.1.4-4.0.0.5_43022
    a. Select AP, click edit for per-AP-setting.
    b. Edit->uplink->Eth0 Bridging. Select Enabled.

     

    Reboot that AP to make it work.

    Capture2.PNG



  • 3.  RE: Using a single Instant AP as a wireless to wired bridge and as a wireless "repeater"?

    Posted Jun 02, 2014 11:41 AM

    Thanks for the thoughtful response - however, I've already done what was suggested and it's just not working.

     

    Something I should ask Aruba TAC about then?

     

    I did try changing the uplink VLAN to "0" as shown in the attached image, without any additional success.

     

    When I connect to the enet0 or to a SSID created on the IAP, I can ping 192.168.1.6 (the IP of the IAP-135), but I'm not being bridged onto it's wifi-uplink to the rest of my network, even though enet0 bridging is enabled.

     

    Here's output from the CLI verifying my setup

     

    REDACTED# show ap-env

    Antenna Type:Internal
    ipaddr:192.168.1.6
    netmask:255.255.255.0
    gatewayip:192.168.1.1
    dnsip:192.168.1.1
    domainname:local
    standalone_mode:1
    uplink_vlan:0
    enet0_bridging:1
    iap_master:1


    REDACTED# show wifi-uplink config

    ESSID :REDACTED
    Cipher Suite :wpa2-ccmp-psk
    Passphrase :REDACTED
    Band :dot11a
    REDACTED# show wifi-uplink auth log

    ----------------------------------------------------------------------
    wifi uplink auth configuration:
    ----------------------------------------------------------------------
    ctrl_interface=/tmp/sta_supplicant_ctrl
    ctrl_interface_group=0
    eapol_version=1
    ap_scan=1
    fast_reauth=1
    network={
    ssid="REDACTED"
    scan_ssid=1
    proto=WPA RSN
    key_mgmt=WPA-PSK
    pairwise=CCMP TKIP
    group=CCMP TKIP
    psk="REDACTED"
    priority=9
    }
    ----------------------------------------------------------------------
    wifi uplink auth log:
    ----------------------------------------------------------------------
    [1923]1999-12-31 19:00:24.279: Global control interface '/tmp/supp_gbl'
    [1923]1999-12-31 19:00:47.439: CTRL_IFACE GLOBAL INTERFACE_REMOVE 'aruba001'
    [1923]1999-12-31 19:00:47.440: CTRL_IFACE GLOBAL INTERFACE_ADD 'aruba001 /aruba/bin/wpa_sta_supplicant.conf madwifi "REDACTED" - ***'
    [1923]1999-12-31 19:00:47.530: wpa_supplicant_add_iface 2626 wifi-uplink
    [1923]1999-12-31 19:00:47.530: wpa_sapd_socket_init 2889

    [1923]1999-12-31 19:00:47.530: wpa_sapd_socket_tx_radio_used 2948

    [1923]1999-12-31 19:00:48.457: RX ctrl_iface - hexdump_ascii(len=11):
    52 45 43 4f 4e 46 49 47 55 52 45 RECONFIGURE
    [1923]1999-12-31 19:00:48.547: State: DISCONNECTED -> SCANNING
    [1923]1999-12-31 19:00:48.547: Scan results: 0
    [1923]1999-12-31 19:00:53.241: Scan results: 1
    [1923]1999-12-31 19:00:53.242: Trying to associate with REDACTED (SSID='REDACTED' freq=5745 MHz)
    [1923]1999-12-31 19:00:53.242: keys cleared. Forcing clear again
    [1923]1999-12-31 19:00:53.242: State: SCANNING -> ASSOCIATING
    [1923]1999-12-31 19:00:53.246: Calling w_s_initiate_eapol
    [1923]1999-12-31 19:00:53.249: wpa_supplicant_event_assoc: 00:00:00:00:00:00
    [1923]1999-12-31 19:00:53.249: State: ASSOCIATING -> ASSOCIATED
    [1923]1999-12-31 19:00:53.249: wpa_sapd_socket_tx_radio_channel 2986

    [1923]1999-12-31 19:00:53.250: Associated to a new BSS: BSSID=REDACTED
    [1923]1999-12-31 19:00:53.250: keys cleared. Forcing clear again
    [1923]1999-12-31 19:00:53.250: Associated with REDACTED
    [1923]1999-12-31 19:00:53.250: WPA: Association event - clear replay counter
    [1923]1999-12-31 19:00:53.335: IEEE 802.1X RX: version=1 type=3 length=95
    [1923]1999-12-31 19:00:53.335: EAPOL-Key type=254
    [1923]1999-12-31 19:00:53.336: key_info 0x8a (ver=2 keyidx=0 rsvd=0 Pairwise Ack)
    [1923]1999-12-31 19:00:53.336: replay_counter - hexdump(len=8): 00 00 00 00 00 00 00 00
    [1923]1999-12-31 19:00:53.336: key_nonce - hexdump(len=32): REDACTED
    [1923]1999-12-31 19:00:53.336: key_iv - hexdump(len=16): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    [1923]1999-12-31 19:00:53.336: State: ASSOCIATED -> 4WAY_HANDSHAKE
    [1923]1999-12-31 19:00:53.336: WPA: RX message 1 of 4-Way Handshake from REDACTED (ver=2)
    [1923]1999-12-31 19:00:53.337: l2_packet_send:l=123 p=0x888e
    [1923]1999-12-31 19:00:53.337: Sending fd=9 L=155
    [1923]1999-12-31 19:00:53.339: IEEE 802.1X RX: version=1 type=3 length=125
    [1923]1999-12-31 19:00:53.339: EAPOL-Key type=254
    [1923]1999-12-31 19:00:53.339: key_info 0x1ca (ver=2 keyidx=0 rsvd=0 Pairwise Install Ack MIC)
    [1923]1999-12-31 19:00:53.340: replay_counter - hexdump(len=8): 00 00 00 00 00 00 00 01
    [1923]1999-12-31 19:00:53.340: key_nonce - hexdump(len=32): REDACTED
    [1923]1999-12-31 19:00:53.340: key_iv - hexdump(len=16): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    [1923]1999-12-31 19:00:53.340: State: 4WAY_HANDSHAKE -> 4WAY_HANDSHAKE
    [1923]1999-12-31 19:00:53.340: WPA: RX message 3 of 4-Way Handshake from REDACTED (ver=2)
    [1923]1999-12-31 19:00:53.340: l2_packet_send:l=99 p=0x888e
    [1923]1999-12-31 19:00:53.340: Sending fd=9 L=131
    [1923]1999-12-31 19:00:53.341: State: 4WAY_HANDSHAKE -> GROUP_HANDSHAKE
    [1923]1999-12-31 19:00:53.343: IEEE 802.1X RX: version=1 type=3 length=135
    [1923]1999-12-31 19:00:53.343: EAPOL-Key type=254
    [1923]1999-12-31 19:00:53.344: key_info 0x392 (ver=2 keyidx=1 rsvd=0 Group Ack MIC Secure)
    [1923]1999-12-31 19:00:53.344: replay_counter - hexdump(len=8): 00 00 00 00 00 00 00 02
    [1923]1999-12-31 19:00:53.344: key_nonce - hexdump(len=32): REDACTED
    [1923]1999-12-31 19:00:53.344: key_iv - hexdump(len=16): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    [1923]1999-12-31 19:00:53.344: State: GROUP_HANDSHAKE -> GROUP_HANDSHAKE
    [1923]1999-12-31 19:00:53.344: l2_packet_send:l=99 p=0x888e
    [1923]1999-12-31 19:00:53.345: Sending fd=9 L=131
    [1923]1999-12-31 19:00:53.345: WPA: Key negotiation completed with REDACTED [PTK=CCMP GTK=TKIP]
    [1923]1999-12-31 19:00:53.345: State: GROUP_HANDSHAKE -> COMPLETED
    [1923]1999-12-31 19:00:53.345: CTRL-EVENT-CONNECTED - Connection to REDACTED completed (auth) [id=0 id_str=]
    [1923]1999-12-31 19:00:53.345: inform_wifi_uplink_status 632 informing wifi-uplink of result: 2



  • 4.  RE: Using a single Instant AP as a wireless to wired bridge and as a wireless "repeater"?

    Posted Jun 05, 2014 04:55 AM

    1. Estanlish mesh connectiviety between two units - u did it

    http://www.arubanetworks.com/techdocs/InstantMobile/Advanced/Content/Instant%20User%20Guide%20-%20vo...

     

    2. configure as bridge the ethernet port of the unit with no lan on it (the far unit) - u did it.

    A.In the Access Points tab, click the IAP.
     B.Click the edit link. An Edit AP window appears.
     C.In the Edit AP window, select the Uplink tab.
     D.Select Enable from the Eth0 Bridging drop box.

     

     

     

    3. if you want to bridge wireless and wired interfaces on the remote AP make sure that you configure wired port as an access port. The default state is trunk (802.1q tagged).

     

    http://www.arubanetworks.com/techdocs/InstantMobile/Advanced/Content/Chapter10%20EthernetDownlink/Co...

     

     

     

    That's it :smileyhappy:



  • 5.  RE: Using a single Instant AP as a wireless to wired bridge and as a wireless "repeater"?

    Posted Jun 09, 2014 04:14 PM

    Thanks for the suggestion & replies - I've been working with Aruba TAC.

    They will see if they can replicate my situation in the lab.

     

    So far, I still can't get things to work any better, even after having read the docs, worked with TAC, and had you guys' very kind support.

     

    Thank you again - I'll update with what finally resolves the issue.



  • 6.  RE: Using a single Instant AP as a wireless to wired bridge and as a wireless "repeater"?

    Posted Jun 09, 2014 04:38 PM

    By the way - here's another knowledge-base article that Aruba TAC provided -

    https://arubanetworkskb.secure.force.com/pkb/articles/HowTo/How-to-configure-an-IAP-as-a-Wifi-client-though-both-CLI-and-GUI

     

    Attached are my example configs that I setup w/ Aruba today, that they are going to lab up & see what's going on.



  • 7.  RE: Using a single Instant AP as a wireless to wired bridge and as a wireless "repeater"?

    Posted Feb 13, 2015 07:52 PM

    Hi,

     

    Was there ever a resolution to this? I'm havin ghte exact same issue