Wireless Access

Reply
Highlighted
Contributor I

AOS 8.x - How to create a WLAN from scratch

AOS 8.x - How to create a WLAN from scratch

 

This would be helpful for anyone new to AOS 8

 

We will be creating a WPA2 802.1x SSID for the below Network Setup, leveraging Clustering and L2 Mobility Master Redundancy based on ArubaOS Release 8.3.0.0MyNetwork1.jpg

 

Deploying the Virtual Mobility Master with VMWare

Download the "ArubaOS_MM_8.3.0.0_64659.ova", from http://support.arubanetworks.com/

Open your vSphere Client and "Goto File -> Deploy OVF Template" and go through the wizard to get ArubaOS_MM_8.3.0.0_64659.ova deployed.

MM consumes 3 vCPU, 6GB RAM and 16 GB Storage.

Power ON the deployed Virtual Machine and MM by default boots from Partition 0

Fill in the start-up questions, below is how it looks. Once completed Mobility Master(MM1) will be UP.MM_Bringup1.jpg

 Use the above process and bring the other Mobility Master (MM2) as well.

 

Licensing the Mobility Master

Note: Just like licenses for Hardware Controllers are tied to Serial Number, the licenses for Virtual Machines are tied to "License Passphrase", which can be found at

Mobility Master -> Configuration -> System -> Licensing -> Mobility Master Licenses -> Click on + Signpassphrase.jpg

Your Virtual Machine licenses should be activated against "License Passphrase"

Once activated enter the license at

Mobility Master -> Configuration -> System -> Licensing -> Mobility Master Licenses -> Click on + Sign -> Paste the License.

My Mobility Master (MM1) has the following licenses.mylicense.jpg

 

Configuring L2 Mobility Master Redundancy

It involves two parts, one is configuring the VRRP and other is configuring the Master Redundancy.

Note: If you are deploying 2 MM on the same Virtual Machine, for the VRRP to work between them, please ensure "Promiscuous Mode: Accept" in that Virtual Machine Port Group.

Configuration -> Networking -> vSwitch0 -> Properties -> Select the Port Group -> And Edit its Properties.Promiscuous Mode.jpg

Configuring VRRP:

Goto Actual Mobility Master (/mm/mynode) of MM1 and MM2

Navigate to Configuration -> Services -> Redundancy -> Virtual Router Table -> Click on the + sign

Configure the following values.

 

MM1

MM2

ID

50

50

IP Version

V4

V4

Authentication Password:

aruba123

aruba123

IP Address:

192.168.26.2

192.168.26.2

Priority:

200

150

Admin State:

UP

UP

VLAN:

26

26

 

VRRP.jpg

 

Master Redundancy

Goto Actual Mobility Master (/mm/mynode) of MM1 and MM2

Navigate to, Configuration -> Services -> Redundancy -> Master Redundancy

 

MM1

MM2

Master VRRP:

50

50

IP address of peer:

192.168.26.3

192.168.26.1

Authentication:

IPSec Key

IPSec Key

IPSec Key:

aruba123

aruba123

Enable Database Synchronization:

Goto the MM (/mm) group above MM1 and MM2

Navigate to Configuration -> Services -> Redundancy -> Master Redundancy ->

Enable Database Synchronization

Sync Period: 60 minutes

 

Use “database-synchronize” command on Mobility Master, to force database synchronization on demand.

Final Screenshot

Master Redundancy.jpg

 Verification Commands:

show vrrp

show database synchronize

show switches

 

Adding Mobility Controller to MM

Ensure the Mobility Controller (eg: 7010 Controller, 7005 Controller) has ArubaOS_8.3.0.0 image in one of the boot partitions and boot it from that partition.

One the Mobility Controller comes up, Fill in the start-up questions. Following is the screenshot.MC_Bringup.png

Authorize the Mobility Controller in the Mobility Master.

Navigate to Mobility Master -> Configuration -> Controllers -> Local Controller IPSec KeysAuthorizing the MCs.jpg

 Create a Group “Campus-A”Creating Groups.jpg

 Add the Controller into the Group (MAC Address can be got by typing "show inventory" on the Mobility controller)

Adding Controller to Group.jpg

 

The Configuration Node Hierarchy and Inheritance

This can be viewed by using the following CLI command.Config-Node-Hierachy.jpg

 

Creating a Cluster among the Mobility Controllers:

Creating a Cluster:

Navigate to Managed Network -> CampusA -> Configurations -> Services -> Clusters -> Click on + sign

Name: Campus-A-Cluster

On the Controllers Box, add both the Controllers.             

                   

7010 Mobility Controller

7005 Mobility Controller

IP Version:

V4

 v4

IP Address:

192.168.17.177

192.168.17.17

Priority:

200

200

Now Goto the Actual Mobility Controllers 7005 and 7010 (eg: /md/Campus-A/00:0b:86:be:dc:d0 )

Navigate to -> Configuration -> Services -> Cluster -> Cluster Profile

Cluster group-membership: Campus-A-Cluster

Exclude VLAN: 1

 

If all VLANs in Mobility Controller 1 (7010) can see all VLAN in Mobility Controller 2 (7005), then the Cluster is L2 Connected

If they can't see all the VLANs, but reachable to each other, then cluster is L3 Connected.

Can be verified at, Managed Networks -> Dashboard -> Cluster 

Cluster Verification.jpg

 

Provisioning APs:

For this “Campus-A” Group, I am going to "Enable auto cert provisioning"

Goto “Campus-A” Group -> Configuration -> System -> CPSec -> Control Plane Security -> Enable "Auto Cert Provisioning" 

Set up VRRP between Mobility Controllers (7005 and 7010) in the cluster.

 

7010 Mobility Controller

7005 Mobility Controller

Vrrp id

60

60

 IP address

192.168.17.100

192.168.17.100

authentication

aruba123

aruba123

 priority

200

150

Admin State

UP

UP

VLAN

17

17

AP discovers the Controller using the following options.

  • Static
  • DHCP
    • option 60 text ArubaAP
    • option 43 text 192.168.17.100
  • DNS
    • By resolving "aruba-master" to 192.168.17.100
  • ADP

Once the AP comes UP, it will fall into the default Group.

Verify whether the APs have come UP using the following command.AP database long.jpg

 

Creating a WPA2 802.1x SSID

Navigate to Campus-A -> Configuration -> AP Groups -> Click on + sign -> Add the Group "Global-AP-Group"

Goto Campus-A -> Configuration -> WLANs -> Click on + sign -> Run through the “New WLAN” Wizard

General TabGeneral.jpg

 VLAN TabVLAN.jpg

 We have used the Named VLAN which was created at

Configuration -> Interfaces -> VLANs

VLAN name: EmployeeVLAN

VLAN ID: 17

This VLAN ID can be overwritten by the Mobility Controllers under the “Campus-A” Group

 

Security Tab:

Select "Enterprise" level security and add the Clearpass Server.

Security.jpg

 Clearpass.jpg

 Access TabAccess Tab.jpg

 

Once the WLAN is configured, Move the APs into the AP-Group you configured.

Goto Campus-A -> Configuration -> Access Points -> CampusAPs -> Select the APs -> Click on Provision and move it to the AP-Group (Global-AP-Group) you configured.Provision.jpg

 

 Verify the SSID is up at the Dashboard of the Campus-ASSID UP.jpg

 

 Connect your clients to the SSID and verify it in the Dashboard.Clientdot1xConnected.jpg

 

 Hope you find this useful. Please post your feedback !

 

Regards,

Kapildev Erampu

 

 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: