Aruba's Instant Access Point (IAP) and Mobility Access Switch (MAS) work well together to save administrators time in configuration and troubleshooting.
With an Aruba's Instant and Cloud access points, it's easy to provision an SSID and even easier to connect other access points to that cluster, but what about the switch configuration?
To enable these features, all a network admin has to do is enable "MAS integration" on either Aruba Central or the local IAP GUI.
Once "MAS integration" is enabled on the AP, then the network admin has access to the following four integration features.
1) IAP Info on MAS Ports
Using LLDP, IAPs will communicate back to the MAS status messages to let the user see what is connected (or disconnected). If a remote tech pulls the wrong cable, and a quick "show lldp neighbor" command will give the admin a good overview on what is out there. Should there be other CDP-enabled devices, a "show neighbor-devices" command will give additional info.
(host) #show lldp neighbor
Capability codes: (R)Router, (B)Bridge, (A)Access Point, (P)Phone, (S)Station
(r)Repeater, (O)Other
LLDP Neighbor Information
-------------------------
Local Intf Chassis ID Capability Remote Intf Expiry-Time (Secs) System Name
---------- ---------- ---------- ----------- ------------------ -----------
GE0/0/2 d8:c7:c8:ca:f1:72 A bond0 107 d8:c7:c8:ca:f1:72
GE0/0/6 192.168.221.2 B: P Port 1 163 Cisco IP Phone SPA502G
GE0/0/46 00:26:88:01:c6:80 B:R fe-0/0/3.0 99 HOME-ROUTER
Number of neighbors: 3
(host) #show lldp neighbor interface gigabitethernet 0/0/2 detail
Interface: gigabitethernet0/0/2, Number of neighbors: 1
------------------------------------------------------------
Chassis id: d8:c7:c8:ca:f1:72, Management address: 10.10.10.254
Interface description: bond0, ID: d8:c7:c8:ca:f1:72, MTU: 1522
Device MAC: d8:c7:c8:ca:f1:72
Last Update: Mon May 20 07:05:27 2013
Time to live: 120, Expires in: 100 Secs
System capabilities : Bridge,Access point
Enabled capabilities: Access point
System name: d8:c7:c8:ca:f1:72
System description:
ArubaOS (MODEL: 105), Version 6.2.0.0-3.2.0.2 (37229)
Auto negotiation: Supported, Enabled
Autoneg capability:
10Base-T, HD: yes, FD: yes
100Base-T, HD: yes, FD: yes
1000Base-T, HD: no, FD: yes
Media attached unit type: 1000BaseTFD - Four-pair Category 5 UTP, full duplex mode (30)
2) Rogue AP Verification
Should an admin be on a switch and want to see rogue APs, a quick "show lldp neighbor interface 0/0/0 detail" command can give details as to what else might be blacklisted. "show port-error-recovery" will show when the port has changed security status.
(host) #show lldp neighbor interface gigabitethernet 0/0/2 detail
Interface: gigabitethernet0/0/2, Number of neighbors: 1
------------------------------------------------------------
Chassis id: d8:c7:c8:ca:f1:72, Management address: 10.10.10.254
Interface description: bond0, ID: d8:c7:c8:ca:f1:72, MTU: 1522
Device MAC: d8:c7:c8:ca:f1:72
Last Update: Mon May 20 07:05:27 2013
Time to live: 120, Expires in: 100 Secs
System capabilities : Bridge,Access point
Enabled capabilities: Access point
System name: d8:c7:c8:ca:f1:72
System description:
ArubaOS (MODEL: 105), Version 6.2.0.0-3.2.0.2 (37229)
Auto negotiation: Supported, Enabled
Autoneg capability:
10Base-T, HD: yes, FD: yes
100Base-T, HD: yes, FD: yes
1000Base-T, HD: no, FD: yes
Media attached unit type: 1000BaseTFD - Four-pair Category 5 UTP, full duplex mode (30)
MAC: 00:22:cf:51:6f:c1: Blacklist
MAC: 00:22:cf:51:6f:c0: Blacklist
(host) #show port-error-recovery
Layer-2 Interface Error Information
-----------------------------------
Interface Error Error seen time Recovery time
--------- ----- --------------- -------------
GE0/0/20 Blacklisted device detected 2013-04-03 14:35:45 (EDT) 2013-04-03 14:40:45 (EDT)
3) Auto-Prioritization of POE for Instant Access Points
Since Aruba's IAPs are all POE enabled, admins will likely want to give them priority over other POE devices on the network. To do so, simply use the default using the "poe-factory-initial" profile. The MAS detects the presence of an IAP and will automatically increases the PoE priority from low (default) to high. Below shows an example of an IAP that automatically received a high POE priority with the "poe-factory-initial" profile.
(host) #show poe interface brief
PoE Interface Brief
-------------------
Interface Admin Consumption(mW) Port Priority Port Status
--------- ----- --------------- ------------- -----------
GE0/0/0 Enable 0 Low Off
GE0/0/1 Enable 0 Low Off
GE0/0/2 Enable 5700 High On
GE0/0/3 Enable 0 Low Off
GE0/0/4 Enable 0 Low Off
GE0/0/5 Enable 0 Low Off
GE0/0/6 Enable 2400 Low On
GE0/0/7 Enable 0 Low Off
<INTENTIONALLY SNIPPED>
4) VLAN Trunks Sharing via GVRP
To save time provisioning switches with VLAN trunking, GVRP will automagically configure the switch's trunking profile based on the SSID of an Instant or Cloud-managed AP. First, set the VLAN on an SSID.
Then go to the MAS and see VLAN autoconfigured via GVRP.
(host) #show vlan
VLAN CONFIGURATION
------------------
VLAN Description Ports
---- ----------- -----
1 VLAN0001 GE0/0/0-23 GE0/1/0-1
500 GVRP VLAN GE0/0/2
510 GVRP VLAN GE0/0/2
520 GVRP VLAN GE0/0/2
(host) # show gvrp interfaces
Interface GVRP info
-------------------
Interface State Registrar Mode
--------- ----- --------------
gigabitethernet0/0/2 Enabled Normal