Wireless Access

Hey,

 

I am looking to setup an Aruba AP93H.

I configured it as an 'Mesh Point' so that it makes a connection with the network entirely through wireless.

 

I want to disable the 802.11a and 802.11g Profiles so that the 93H will not handle client wireless data. It will use it's wireless radio to handle only the 'mesh-backhaul' data. I will then configured the physical 4 ethernet ports appropriately.

 

It is currently apart of a Mesh group. I was going to create an 'AP Specific' profile for it and then disable the 802.11a and 802.11g Profiles from there so that I don't affect the other AP's in the group.

 

In order to have the 93H disable it's 802.11a and 802.11g Profiles I will create a new profile and uncheck the option 'Radio Enable'?

From what I read in the documentation (ArubaOS_6.3UG.pdf) it looks like this is what I would need to do. By doing this will the client data received through the physical ethernet ports be transfered as part of the 'mesh-backhaul' data?

 

Also, when you uncheck the 'Radio Enable' option do you have to worry about the 'Mode' setting (am-mode, ap-mode, spectrum-mode)?

 

Based on what I have been reading most of the other settings are best left as default so I am not sure if there is anything else that I should be worried about.

 

Thank you,

 

Cheers

You can do what you desire by not having any Virtual APs in the ap-group of that access point, OR use an ap-specific profile to exclude virtual APs.

Thanks @cjoseph.

 

If I were to create an ap-group specifically for the AP93H's let's say. Could I have it still talk with AP's that are not in it's ap-group to form the mesh? Could I accomplish this by using the same Mesh Cluster Profile for both ap-groups?

 

The reason I ask is because the deployment of our AP93H's will be far less then the rest of our AP105's (the other AP's that we have). The way I understand it is that the an AP in 'Mest Point' mode needs to be able to contact at least one other AP in order to join to the mesh and provide connectivity.

Yes.

haha!

 

Thanks @cjoseph.

 

I know these are probably dumb questions, just want to make sure I am understand everything correctly since it is all new to me.

 

Cheers

not dumb at all.

Hi,

 

Just a comment, maybe I am stupid for thinking this.

 

When you are configuring your Ethernet Ports if you do not set an AAA profile the system uses the 'default profile'.

Which is fine, except for that in almost every other case there is always a value listed as to what is being used by default.

In the case of the AAA profile when configure the Ethernet ports it is just blank, instead of saying 'default'

 

I sort of find this weird because it does not follow how every other setting is handled. If you have not set a profile then it is usually labeled as "default". 

 

 

I am definitely not critizing or anything. It is just an observation.

I am sure there is a obvious reason why it is left blank and I am not just understanding it!

That AAA profile is only applied when the port is marked "untrusted".  It is unused when the port is trusted.

 

Thank you again!

That makes sense.

 

I will have to read up on the Turst settings. I saw it but I didn't really know what it meant.

 

Thank you shedding some light on it!

 

I figured there had to be a reason!

 

Cheers

I set the port to trusted and you were 100% correct. The AAA profile is not used.

 

I did a search within the AOS 6.3 User Guide and found a definition of Trusted vs. Untrusted. 

 

I was curious if there is anyway to view devices physically connected through one of the ethernet ports?

I thought that perhaps it might show in the '# show user-table' command. But I do not see my connected device.

 

Is there any commands that would reveal physically connected devices?

 

If I use the '# show datapath session table <ip>' I can view the devices activity but that is all I have been able to find.

Devices only show up in the user table of the controller when coming in from an untrusted interface (wlan is an untrusted interface). If you make your wired interface untrusted and you make the initial role in the AAA profile something like authenticated, all wired users on that port will show up in the user table.

Yeah I sort of thought it had something to do with the Trust/Untrust of the port.

 

I had done what you suggested prior to setting the port to Trusted and set the inital role to something equivalent to 'authenticated'.

I was able to see the connected client the user-table.

 

I am not entirely sure what way we will go. I will present the options to the team and see what they decide.