Controllerless Networks

Reply
Occasional Contributor I

Using a single Instant AP as a wireless to wired bridge and as a wireless "repeater"?

HI Guys!

 

I've got a Single IAP-135, and want to bridge it into my existing non-Aruba wireless system.

In my environment (residential), I want the Aruba's uplink to be wireless to my existing wireless system, and bridge this uplink connection to it's ethernet port, and to an SSID with the same name as my main wireless system.

 

Well - the uplink works. It joins my wireless network, I can ping it - I set a static IP with setenv, etc.

The IAP is in standalone mode.

 

If I plug in an ethernet cable to the Aruba, I can ping the IAP 135, but nothing else on the network - bridging isn't working.

Same deal if I join the SSID I created on the Aruba.  I can connect, ping the IAP-135, but traffic isn't being bridge.

 

Help?

 

My config is attached.

 

 

version 6.3.1.0-4.0.0
virtual-controller-country US
virtual-controller-key REDACTED
name REDACTED
virtual-controller-ip 192.168.1.6
virtual-controller-vlan 1 255.255.255.0 192.168.1.1
terminal-access
telnet-server
ntp-server time.nist.gov
clock timezone Indiana(East) -05 00
clock summer-time EDT recurring second sunday march 02:00 first sunday november 02:00
rf-band 5.0

allowed-ap REDACTED

arm
wide-bands 5ghz
80mhz-support
g-channels 1,6,11
min-tx-power 127
max-tx-power 127
band-steering-mode prefer-5ghz
air-time-fairness-mode preferred-access
client-aware
scanning


syslog-level warn ap-debug
syslog-level warn network
syslog-level warn security
syslog-level warn system
syslog-level warn user
syslog-level warn user-debug
syslog-level warn wireless

 

 


mgmt-user admin REDACTED

wlan access-rule default_wired_port_profile
index 0
rule any any match any any any permit

wlan access-rule wired-instant
index 1
rule 192.168.1.6 255.255.255.255 match tcp 80 80 permit
rule 192.168.1.6 255.255.255.255 match tcp 4343 4343 permit
rule any any match udp 67 68 permit
rule any any match udp 53 53 permit

wlan access-rule REDACTED
index 2
rule any any match any any any permit

wlan ssid-profile REDACTED
enable
work-without-uplink
index 0
type employee
essid REDACTED
wpa-passphrase REDACTED
opmode wpa2-psk-aes
max-authentication-failures 0
vlan 1
auth-server InternalServer
rf-band all
captive-portal disable
dtim-period 3
inactivity-timeout 1000
broadcast-filter none
multicast-rate-optimization
dmo-channel-utilization-threshold 90
local-probe-req-thresh 0
max-clients-threshold 64
dot11r

auth-survivability cache-time-out 24

 

wlan external-captive-portal
server localhost
port 80
url "/"
auth-text "Authenticated"
auto-whitelist-disable
https


blacklist-time 3600
auth-failure-blacklist-time 3600

ids classification

ids
wireless-containment none


wired-port-profile wired-instant
switchport-mode access
allowed-vlan all
native-vlan guest
no shutdown
access-rule-name wired-instant
speed auto
duplex auto
no poe
type guest
captive-portal disable
no dot1x

wired-port-profile default_wired_port_profile
switchport-mode access
allowed-vlan all
native-vlan 1
no shutdown
access-rule-name default_wired_port_profile
speed auto
duplex full
no poe
type employee
auth-server InternalServer
captive-portal disable
no dot1x


enet0-port-profile default_wired_port_profile
enet1-port-profile default_wired_port_profile
enet2-port-profile default_wired_port_profile
enet3-port-profile default_wired_port_profile
enet4-port-profile default_wired_port_profile

wlan sta-profile
essid REDACTED
cipher-suite wpa2-ccmp-psk
wpa-passphrase REDACTED
uplink-band dot11a

uplink
no preemption
enforce none
failover-internet-pkt-lost-cnt 10
failover-internet-pkt-send-freq 30
failover-vpn-timeout 180
uplink-priority ethernet 99
uplink-priority wifi 1
uplink-priority cellular 3


airgroup
disable

airgroupservice airplay
disable
description AirPlay

airgroupservice airprint
disable
description AirPrint

 

 

 

Re: Using a single Instant AP as a wireless to wired bridge and as a wireless "repeater"?

**Please be aware** if using as "repater" - it cant use Wi-Fi as uplink in 2.4Ghz and also give access in 2.4Ghz
(As far as i aware)
 
How to configure Wi-Fi uplink:
 
 
Regarding Bridge mode:
 
(Be sure that u running the lastest InstantAP OS 6.3.1.4-4.0.0.5_43022
a. Select AP, click edit for per-AP-setting.
b. Edit->uplink->Eth0 Bridging. Select Enabled.

 

Reboot that AP to make it work.

Capture2.PNG

*****************2Plus Wireless Solutions****************************
Aruba Airheads - Powered By community for empower the community
************ Don't Forget to Kudos + me,If i helped you******************
Occasional Contributor I

Re: Using a single Instant AP as a wireless to wired bridge and as a wireless "repeater"?

Thanks for the thoughtful response - however, I've already done what was suggested and it's just not working.

 

Something I should ask Aruba TAC about then?

 

I did try changing the uplink VLAN to "0" as shown in the attached image, without any additional success.

 

When I connect to the enet0 or to a SSID created on the IAP, I can ping 192.168.1.6 (the IP of the IAP-135), but I'm not being bridged onto it's wifi-uplink to the rest of my network, even though enet0 bridging is enabled.

 

Here's output from the CLI verifying my setup

 

REDACTED# show ap-env

Antenna Type:Internal
ipaddr:192.168.1.6
netmask:255.255.255.0
gatewayip:192.168.1.1
dnsip:192.168.1.1
domainname:local
standalone_mode:1
uplink_vlan:0
enet0_bridging:1
iap_master:1


REDACTED# show wifi-uplink config

ESSID :REDACTED
Cipher Suite :wpa2-ccmp-psk
Passphrase :REDACTED
Band :dot11a
REDACTED# show wifi-uplink auth log

----------------------------------------------------------------------
wifi uplink auth configuration:
----------------------------------------------------------------------
ctrl_interface=/tmp/sta_supplicant_ctrl
ctrl_interface_group=0
eapol_version=1
ap_scan=1
fast_reauth=1
network={
ssid="REDACTED"
scan_ssid=1
proto=WPA RSN
key_mgmt=WPA-PSK
pairwise=CCMP TKIP
group=CCMP TKIP
psk="REDACTED"
priority=9
}
----------------------------------------------------------------------
wifi uplink auth log:
----------------------------------------------------------------------
[1923]1999-12-31 19:00:24.279: Global control interface '/tmp/supp_gbl'
[1923]1999-12-31 19:00:47.439: CTRL_IFACE GLOBAL INTERFACE_REMOVE 'aruba001'
[1923]1999-12-31 19:00:47.440: CTRL_IFACE GLOBAL INTERFACE_ADD 'aruba001 /aruba/bin/wpa_sta_supplicant.conf madwifi "REDACTED" - ***'
[1923]1999-12-31 19:00:47.530: wpa_supplicant_add_iface 2626 wifi-uplink
[1923]1999-12-31 19:00:47.530: wpa_sapd_socket_init 2889

[1923]1999-12-31 19:00:47.530: wpa_sapd_socket_tx_radio_used 2948

[1923]1999-12-31 19:00:48.457: RX ctrl_iface - hexdump_ascii(len=11):
52 45 43 4f 4e 46 49 47 55 52 45 RECONFIGURE
[1923]1999-12-31 19:00:48.547: State: DISCONNECTED -> SCANNING
[1923]1999-12-31 19:00:48.547: Scan results: 0
[1923]1999-12-31 19:00:53.241: Scan results: 1
[1923]1999-12-31 19:00:53.242: Trying to associate with REDACTED (SSID='REDACTED' freq=5745 MHz)
[1923]1999-12-31 19:00:53.242: keys cleared. Forcing clear again
[1923]1999-12-31 19:00:53.242: State: SCANNING -> ASSOCIATING
[1923]1999-12-31 19:00:53.246: Calling w_s_initiate_eapol
[1923]1999-12-31 19:00:53.249: wpa_supplicant_event_assoc: 00:00:00:00:00:00
[1923]1999-12-31 19:00:53.249: State: ASSOCIATING -> ASSOCIATED
[1923]1999-12-31 19:00:53.249: wpa_sapd_socket_tx_radio_channel 2986

[1923]1999-12-31 19:00:53.250: Associated to a new BSS: BSSID=REDACTED
[1923]1999-12-31 19:00:53.250: keys cleared. Forcing clear again
[1923]1999-12-31 19:00:53.250: Associated with REDACTED
[1923]1999-12-31 19:00:53.250: WPA: Association event - clear replay counter
[1923]1999-12-31 19:00:53.335: IEEE 802.1X RX: version=1 type=3 length=95
[1923]1999-12-31 19:00:53.335: EAPOL-Key type=254
[1923]1999-12-31 19:00:53.336: key_info 0x8a (ver=2 keyidx=0 rsvd=0 Pairwise Ack)
[1923]1999-12-31 19:00:53.336: replay_counter - hexdump(len=8): 00 00 00 00 00 00 00 00
[1923]1999-12-31 19:00:53.336: key_nonce - hexdump(len=32): REDACTED
[1923]1999-12-31 19:00:53.336: key_iv - hexdump(len=16): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[1923]1999-12-31 19:00:53.336: State: ASSOCIATED -> 4WAY_HANDSHAKE
[1923]1999-12-31 19:00:53.336: WPA: RX message 1 of 4-Way Handshake from REDACTED (ver=2)
[1923]1999-12-31 19:00:53.337: l2_packet_send:l=123 p=0x888e
[1923]1999-12-31 19:00:53.337: Sending fd=9 L=155
[1923]1999-12-31 19:00:53.339: IEEE 802.1X RX: version=1 type=3 length=125
[1923]1999-12-31 19:00:53.339: EAPOL-Key type=254
[1923]1999-12-31 19:00:53.339: key_info 0x1ca (ver=2 keyidx=0 rsvd=0 Pairwise Install Ack MIC)
[1923]1999-12-31 19:00:53.340: replay_counter - hexdump(len=8): 00 00 00 00 00 00 00 01
[1923]1999-12-31 19:00:53.340: key_nonce - hexdump(len=32): REDACTED
[1923]1999-12-31 19:00:53.340: key_iv - hexdump(len=16): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[1923]1999-12-31 19:00:53.340: State: 4WAY_HANDSHAKE -> 4WAY_HANDSHAKE
[1923]1999-12-31 19:00:53.340: WPA: RX message 3 of 4-Way Handshake from REDACTED (ver=2)
[1923]1999-12-31 19:00:53.340: l2_packet_send:l=99 p=0x888e
[1923]1999-12-31 19:00:53.340: Sending fd=9 L=131
[1923]1999-12-31 19:00:53.341: State: 4WAY_HANDSHAKE -> GROUP_HANDSHAKE
[1923]1999-12-31 19:00:53.343: IEEE 802.1X RX: version=1 type=3 length=135
[1923]1999-12-31 19:00:53.343: EAPOL-Key type=254
[1923]1999-12-31 19:00:53.344: key_info 0x392 (ver=2 keyidx=1 rsvd=0 Group Ack MIC Secure)
[1923]1999-12-31 19:00:53.344: replay_counter - hexdump(len=8): 00 00 00 00 00 00 00 02
[1923]1999-12-31 19:00:53.344: key_nonce - hexdump(len=32): REDACTED
[1923]1999-12-31 19:00:53.344: key_iv - hexdump(len=16): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[1923]1999-12-31 19:00:53.344: State: GROUP_HANDSHAKE -> GROUP_HANDSHAKE
[1923]1999-12-31 19:00:53.344: l2_packet_send:l=99 p=0x888e
[1923]1999-12-31 19:00:53.345: Sending fd=9 L=131
[1923]1999-12-31 19:00:53.345: WPA: Key negotiation completed with REDACTED [PTK=CCMP GTK=TKIP]
[1923]1999-12-31 19:00:53.345: State: GROUP_HANDSHAKE -> COMPLETED
[1923]1999-12-31 19:00:53.345: CTRL-EVENT-CONNECTED - Connection to REDACTED completed (auth) [id=0 id_str=]
[1923]1999-12-31 19:00:53.345: inform_wifi_uplink_status 632 informing wifi-uplink of result: 2

Re: Using a single Instant AP as a wireless to wired bridge and as a wireless "repeater"?

1. Estanlish mesh connectiviety between two units - u did it

http://www.arubanetworks.com/techdocs/InstantMobile/Advanced/Content/Instant%20User%20Guide%20-%20vo...

 

2. configure as bridge the ethernet port of the unit with no lan on it (the far unit) - u did it.

A.In the Access Points tab, click the IAP.
 B.Click the edit link. An Edit AP window appears.
 C.In the Edit AP window, select the Uplink tab.
 D.Select Enable from the Eth0 Bridging drop box.

 

 

 

3. if you want to bridge wireless and wired interfaces on the remote AP make sure that you configure wired port as an access port. The default state is trunk (802.1q tagged).

 

http://www.arubanetworks.com/techdocs/InstantMobile/Advanced/Content/Chapter10%20EthernetDownlink/Co...

 

 

 

That's it :smileyhappy:

*****************2Plus Wireless Solutions****************************
Aruba Airheads - Powered By community for empower the community
************ Don't Forget to Kudos + me,If i helped you******************
Occasional Contributor I

Re: Using a single Instant AP as a wireless to wired bridge and as a wireless "repeater"?

Thanks for the suggestion & replies - I've been working with Aruba TAC.

They will see if they can replicate my situation in the lab.

 

So far, I still can't get things to work any better, even after having read the docs, worked with TAC, and had you guys' very kind support.

 

Thank you again - I'll update with what finally resolves the issue.

Occasional Contributor I

Re: Using a single Instant AP as a wireless to wired bridge and as a wireless "repeater"?

By the way - here's another knowledge-base article that Aruba TAC provided -

https://arubanetworkskb.secure.force.com/pkb/articles/HowTo/How-to-configure-an-IAP-as-a-Wifi-client-though-both-CLI-and-GUI

 

Attached are my example configs that I setup w/ Aruba today, that they are going to lab up & see what's going on.

New Contributor

Re: Using a single Instant AP as a wireless to wired bridge and as a wireless "repeater"?

Hi,

 

Was there ever a resolution to this? I'm havin ghte exact same issue

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: