Technology Blog

MAS Integration on Instant AP and Cloud WiFi

Aruba Employee

Aruba's Instant Access Point (IAP) and Mobility Access Switch (MAS) work well together to save administrators time in configuration and troubleshooting.

 
With an Aruba's Instant and Cloud access points, it's easy to provision an SSID and even easier to connect other access points to that cluster, but what about the switch configuration?
 
To enable these features, all a network admin has to do is enable "MAS integration" on either Aruba Central or the local IAP GUI.
 
 
 
 
 
ArubaCentral-MAS-Integration.jpg
 
Instant-MAS-Integration.png
 
 
Once "MAS integration" is enabled on the AP, then the network admin has access to the following four integration features.
 
1) IAP Info on MAS Ports
 
Using LLDP, IAPs will communicate back to the MAS status messages to let the user see what is connected (or disconnected). If a remote tech pulls the wrong cable, and a quick "show lldp neighbor" command will give the admin a good overview on what is out there.  Should there be other CDP-enabled devices, a "show neighbor-devices" command will give additional info.
 
(host) #show lldp neighbor 

Capability codes: (R)Router, (B)Bridge, (A)Access Point, (P)Phone, (S)Station
                  (r)Repeater, (O)Other
LLDP Neighbor Information
-------------------------
Local Intf  Chassis ID         Capability  Remote Intf  Expiry-Time (Secs)  System Name
----------  ----------         ----------  -----------  ------------------  -----------
GE0/0/2     d8:c7:c8:ca:f1:72  A           bond0        107                 d8:c7:c8:ca:f1:72
GE0/0/6     192.168.221.2      B: P         Port 1       163                 Cisco IP Phone SPA502G
GE0/0/46    00:26:88:01:c6:80  B:R         fe-0/0/3.0   99                  HOME-ROUTER

Number of neighbors: 3
 
(host) #show lldp neighbor interface gigabitethernet 0/0/2 detail

Interface: gigabitethernet0/0/2, Number of neighbors: 1
------------------------------------------------------------
Chassis id: d8:c7:c8:ca:f1:72, Management address: 10.10.10.254
Interface description: bond0, ID: d8:c7:c8:ca:f1:72, MTU: 1522
Device MAC: d8:c7:c8:ca:f1:72
Last Update: Mon May 20 07:05:27 2013
Time to live: 120, Expires in: 100 Secs
System capabilities : Bridge,Access point
Enabled capabilities: Access point
System name: d8:c7:c8:ca:f1:72
System description:
  ArubaOS (MODEL: 105), Version 6.2.0.0-3.2.0.2 (37229)
Auto negotiation: Supported, Enabled
Autoneg capability:
  10Base-T, HD: yes, FD: yes
  100Base-T, HD: yes, FD: yes
  1000Base-T, HD: no, FD: yes
Media attached unit type: 1000BaseTFD - Four-pair Category 5 UTP, full duplex mode (30)
  
2) Rogue AP Verification
 
Should an admin be on a switch and want to see rogue APs, a quick "show lldp neighbor interface 0/0/0 detail" command can give details as to what else might be blacklisted.  "show port-error-recovery" will show when the port has changed security status.
 
(host) #show lldp neighbor interface gigabitethernet 0/0/2 detail 

Interface: gigabitethernet0/0/2, Number of neighbors: 1
------------------------------------------------------------
Chassis id: d8:c7:c8:ca:f1:72, Management address: 10.10.10.254
Interface description: bond0, ID: d8:c7:c8:ca:f1:72, MTU: 1522
Device MAC: d8:c7:c8:ca:f1:72
Last Update: Mon May 20 07:05:27 2013
Time to live: 120, Expires in: 100 Secs
System capabilities : Bridge,Access point
Enabled capabilities: Access point
System name: d8:c7:c8:ca:f1:72
System description:
  ArubaOS (MODEL: 105), Version 6.2.0.0-3.2.0.2 (37229)
Auto negotiation: Supported, Enabled
Autoneg capability:
  10Base-T, HD: yes, FD: yes
  100Base-T, HD: yes, FD: yes
  1000Base-T, HD: no, FD: yes
Media attached unit type: 1000BaseTFD - Four-pair Category 5 UTP, full duplex mode (30)
MAC:          00:22:cf:51:6f:c1: Blacklist                                              
MAC:          00:22:cf:51:6f:c0: Blacklist
 

(host) #show port-error-recovery

Layer-2 Interface Error Information
-----------------------------------
Interface  Error                        Error seen time            Recovery time
---------  -----                        ---------------            -------------
GE0/0/20   Blacklisted device detected  2013-04-03 14:35:45 (EDT)  2013-04-03 14:40:45 (EDT) 

 

3) Auto-Prioritization of POE for Instant Access Points
 
Since Aruba's IAPs are all POE enabled, admins will likely want to give them priority over other POE devices on the network.  To do so, simply use the default using the "poe-factory-initial" profile.  The MAS detects the presence of an IAP and will automatically increases the PoE priority from low (default) to high.   Below shows an example of an IAP that automatically received a high POE priority with the "poe-factory-initial" profile.
 
(host) #show poe interface brief 

PoE Interface Brief
-------------------
Interface  Admin   Consumption(mW)  Port Priority  Port Status
---------  -----   ---------------  -------------  -----------
GE0/0/0    Enable  0                Low            Off
GE0/0/1    Enable  0                Low            Off
GE0/0/2    Enable  5700             High           On
GE0/0/3    Enable  0                Low            Off
GE0/0/4    Enable  0                Low            Off
GE0/0/5    Enable  0                Low            Off
GE0/0/6    Enable  2400             Low            On
GE0/0/7    Enable  0                Low            Off
<INTENTIONALLY SNIPPED>
 
 
4) VLAN Trunks Sharing via GVRP 
 
To save time provisioning switches with VLAN trunking, GVRP will automagically configure the switch's trunking profile based on the SSID of an Instant or Cloud-managed AP.  First, set the VLAN on an SSID.
 
Instant-SSID-VLAN.png
 
Then go to the MAS and see VLAN autoconfigured via GVRP.
 
(host) #show vlan

VLAN CONFIGURATION
------------------
VLAN  Description  Ports
----  -----------  -----
1     VLAN0001     GE0/0/0-23 GE0/1/0-1
500   GVRP VLAN    GE0/0/2
510   GVRP VLAN    GE0/0/2
520   GVRP VLAN    GE0/0/2
 
(host) # show gvrp interfaces

Interface GVRP info
-------------------
Interface             State    Registrar Mode
---------             -----    --------------
gigabitethernet0/0/2  Enabled  Normal
 
  • access
  • IAP
  • Instant
  • MAS
  • Mobility
  • switch
Comments
MVP

Thanks Roger, this is a great article. It just goes to show the power of the MAS and its usefullness.

Thanks again.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Read all about it! If it’s happening now, it’s in the community.

Check out the latest blogs from your community team, the community experts and other industry sources.
Labels