OK, here are my configs. First, here is the "core" switch, This is an HP ProCurve 4204vl
; J8770A Configuration Editor; Created on release #L.11.20
hostname "ShenandoahCore4204"
module 1 type J8768A
module 2 type J9033A
interface B15
lacp Active
exit
interface B16
lacp Active
exit
interface B19
lacp Active
exit
ip routing
snmp-server community "public" Operator Unrestricted
vlan 1
name "DEFAULT_VLAN"
untagged A1-A3,A7-A12,A14-A24,B2-B4,B6-B16,B18-B24
ip address 192.168.0.1 255.255.255.0
tagged A4
no untagged A5-A6,A13,B1,B5,B17
exit
vlan 2
name "K8Network"
untagged A13,B1,B17
ip address 192.168.2.1 255.255.255.0
ip helper-address 192.168.0.10
tagged B12-B14,B16,B18-B24
exit
vlan 3
name "HSNetwork"
untagged B5
ip address 192.168.3.1 255.255.255.0
ip helper-address 192.168.0.10
tagged B12-B14,B16-B20,B22-B24
exit
vlan 4
name "WrlsStaff"
ip address 192.168.4.1 255.255.255.0
ip helper-address 192.168.0.10
tagged B12-B14,B16-B20,B22-B24
exit
vlan 5
name "WrlsStdnt"
untagged A6
ip address 192.168.5.1 255.255.248.0
ip helper-address 192.168.0.10
tagged B12-B14,B16-B20,B22-B24
exit
vlan 6
name "GuestWrls"
ip address 192.168.6.1 255.255.255.0
ip helper-address 192.168.0.10
tagged B12-B14,B16-B20,B22-B24
exit
vlan 9
name "StdntWrls"
untagged A5
ip address 192.168.9.1 255.255.252.0
ip helper-address 192.168.0.10
tagged B12-B14,B16-B20,B22-B24
exit
ip route 0.0.0.0 0.0.0.0 192.168.0.47
interface B14
dhcp-snooping trust
exit
interface B24
dhcp-snooping trust
exit
spanning-tree
spanning-tree priority 0
password manager
Here is the config for my new edge POE switch. It is an HP V1910-24G-PoE:
#
version 5.20 Release 1108P01
#
sysname MS-POESWITCH-01
#
domain default enable system
#
ip ttl-expires enable
#
vlan 1
description DEFAULT_VLAN
#
vlan 2
description K8Network
#
vlan 3
description HSNetwork
#
vlan 4
description WrlsStaff
#
vlan 5
description ESNetwork
#
vlan 6
description GuestWrls
#
vlan 9
description StdntWrls
#
domain system
access-limit disable
state active
idle-cut disable
self-service-url disable
#
user-group system
#
local-user admin
authorization-attribute level 3
service-type ssh telnet terminal
#
stp mode rstp
stp enable
#
interface NULL0
#
interface Vlan-interface1
ip address 192.168.0.170 255.255.255.0
#
interface GigabitEthernet1/0/1
port link-type trunk
port trunk permit vlan 1 to 6 9
poe enable
stp edged-port enable
#
interface GigabitEthernet1/0/2
poe enable
stp edged-port enable
#
interface GigabitEthernet1/0/3
port link-type hybrid
port hybrid vlan 2 tagged
port hybrid vlan 1 untagged
poe enable
stp edged-port enable
#
interface GigabitEthernet1/0/4
poe enable
stp edged-port enable
#
interface GigabitEthernet1/0/5
poe enable
stp edged-port enable
#
interface GigabitEthernet1/0/6
poe enable
stp edged-port enable
#
interface GigabitEthernet1/0/7
poe enable
stp edged-port enable
#
interface GigabitEthernet1/0/8
poe enable
stp edged-port enable
#
interface GigabitEthernet1/0/9
poe enable
stp edged-port enable
#
interface GigabitEthernet1/0/10
poe enable
stp edged-port enable
#
interface GigabitEthernet1/0/11
poe enable
stp edged-port enable
#
interface GigabitEthernet1/0/12
poe enable
stp edged-port enable
#
interface GigabitEthernet1/0/13
poe enable
stp edged-port enable
#
interface GigabitEthernet1/0/14
poe enable
stp edged-port enable
#
interface GigabitEthernet1/0/15
poe enable
stp edged-port enable
#
interface GigabitEthernet1/0/16
poe enable
stp edged-port enable
#
interface GigabitEthernet1/0/17
poe enable
stp edged-port enable
#
interface GigabitEthernet1/0/18
poe enable
stp edged-port enable
#
interface GigabitEthernet1/0/19
poe enable
stp edged-port enable
#
interface GigabitEthernet1/0/20
poe enable
stp edged-port enable
#
interface GigabitEthernet1/0/21
poe enable
stp edged-port enable
#
interface GigabitEthernet1/0/22
poe enable
stp edged-port enable
#
interface GigabitEthernet1/0/23
poe enable
stp edged-port enable
#
interface GigabitEthernet1/0/24
poe enable
stp edged-port enable
#
interface GigabitEthernet1/0/25
stp edged-port enable
#
interface GigabitEthernet1/0/26
stp edged-port enable
#
interface GigabitEthernet1/0/27
stp edged-port enable
#
interface GigabitEthernet1/0/28
stp edged-port enable
#
ip route-static 0.0.0.0 0.0.0.0 192.168.0.1
#
load xml-configuration
#
user-interface aux 0
authentication-mode scheme
user-interface vty 0 15
authentication-mode scheme
#
return
...and finally, here is the config for my Aruba Controller:
version 3.3
country US
ap regulatory-domain-profile default
country-code US
valid-11g-channel 1
valid-11g-channel 6
valid-11g-channel 11
valid-11a-channel 36
valid-11a-channel 40
valid-11a-channel 44
valid-11a-channel 48
valid-11a-channel 149
valid-11a-channel 153
valid-11a-channel 157
valid-11a-channel 161
valid-11a-channel 165
valid-11g-40mhz-channel-pair 1-5
valid-11g-40mhz-channel-pair 7-11
valid-11a-40mhz-channel-pair 36-40
valid-11a-40mhz-channel-pair 44-48
valid-11a-40mhz-channel-pair 149-153
valid-11a-40mhz-channel-pair 157-161
!
logging level warnings stm
wms
general poll-interval 60000
general poll-retries 3
general stat-update enable
general ap-ageout-interval 30
general sta-ageout-interval 30
general learn-ap disable
general persistent-known-interfering enable
!
adp discovery enable
adp igmp-join enable
adp igmp-vlan 0
netservice svc-icmp 1
netservice svc-esp 50
netservice svc-gre 47
netservice svc-svp 119
netservice svc-ftp tcp 21
netservice svc-ssh tcp 22
netservice svc-smtp tcp 25
netservice svc-telnet tcp 23
netservice svc-dns udp 53
netservice svc-dhcp udp 67 68
netservice svc-bootp udp 67 69
netservice svc-tftp udp 69
netservice svc-http tcp 80
netservice svc-kerberos udp 88
netservice svc-pop3 tcp 110
netservice svc-ntp udp 123
netservice svc-msrpc-udp udp 135 139
netservice svc-msrpc-tcp tcp 135 139
netservice svc-snmp udp 161
netservice svc-snmp-trap udp 162
netservice svc-smb-udp udp 445
netservice svc-smb-tcp tcp 445
netservice svc-https tcp 443
netservice svc-ike udp 500
netservice svc-rtsp tcp 554
netservice svc-nterm tcp 1026 1028
netservice svc-l2tp udp 1701
netservice svc-pptp tcp 1723
netservice svc-sccp tcp 2000
netservice svc-natt udp 4500
netservice svc-vocera udp 5002
netservice svc-sip-udp udp 5060
netservice svc-sip-tcp tcp 5060
netservice svc-sips tcp 5061
netservice svc-adp udp 8200
netservice svc-papi udp 8211
netservice svc-cfgm-tcp tcp 8211
netservice svc-syslog udp 514
netservice svc-noe udp 32512
netservice svc-noe-oxo udp 5000 alg noe
netservice svc-http-proxy1 tcp 3128
netservice svc-http-proxy2 tcp 8080
netservice svc-http-proxy3 tcp 8888
netservice svc-h323-tcp tcp 1720
netservice svc-h323-udp udp 1718 1719
netservice svc-v6-icmp 58
netservice svc-v6-dhcp udp 546 547
ip access-list session control
user any udp 68 deny
any any svc-icmp permit
any any svc-dns permit
any any svc-papi permit
any any svc-cfgm-tcp permit
any any svc-adp permit
any any svc-tftp permit
any any svc-dhcp permit
any any svc-natt permit
!
ip access-list session logon-control
user any udp 68 deny
any any svc-icmp permit
any any svc-dns permit
any any svc-dhcp permit
any any svc-natt permit
!
ip access-list session ap-acl
any any udp 5000
any any udp 5555
any any svc-gre permit
any any svc-syslog permit
any user svc-snmp permit
user any svc-snmp-trap permit
user any svc-ntp permit
!
ip access-list session allowall
any any any permit
!
ip access-list session captiveportal
user alias controller svc-https dst-nat 8081
user any svc-http dst-nat 8080
user any svc-https dst-nat 8081
user any svc-http-proxy1 dst-nat 8088
user any svc-http-proxy2 dst-nat 8088
user any svc-http-proxy3 dst-nat 8088
!
ip access-list session cplogout
user alias controller svc-https dst-nat 8081
!
ip access-list session vpnlogon
user any svc-ike permit
user any svc-esp permit
any any svc-l2tp permit
any any svc-pptp permit
any any svc-gre permit
!
ip access-list session srcnat
user any any src-nat
!
ip access-list session sip-acl
any any svc-sip-udp permit queue high
any any svc-sip-tcp permit queue high
!
ip access-list session svp-acl
any any svc-svp permit queue high
user host 224.0.1.116 any permit
!
ip access-list session vocera-acl
any any svc-vocera permit queue high
!
ip access-list session noe-acl
any any svc-noe permit queue high
!
ip access-list session skinny-acl
any any svc-sccp permit queue high
!
ip access-list session h323-acl
any any svc-h323-tcp permit queue high
any any svc-h323-udp permit queue high
!
ip access-list session dhcp-acl
any any svc-dhcp permit
!
ip access-list session icmp-acl
any any svc-icmp permit
!
ip access-list session tftp-acl
any any svc-tftp permit
!
ip access-list session dns-acl
any any svc-dns permit
!
ip access-list session http-acl
any any svc-http permit
!
ip access-list session https-acl
any any svc-https permit
!
ipv6 access-list session v6-logon-control
user any udp 68 deny
any any svc-v6-icmp permit
any any svc-v6-dhcp permit
any any svc-dns permit
!
ipv6 access-list session v6-dhcp-acl
any any svc-v6-dhcp permit
!
ipv6 access-list session v6-icmp-acl
any any svc-v6-icmp permit
!
ipv6 access-list session v6-dns-acl
any any svc-dns permit
!
ipv6 access-list session v6-http-acl
any any svc-http permit
!
ipv6 access-list session v6-https-acl
any any svc-https permit
!
ipv6 access-list session v6-allowall
any any any permit
!
user-role authenticated
session-acl allowall
ipv6 session-acl v6-allowall
!
user-role default-vpn-role
session-acl allowall
ipv6 session-acl v6-allowall
!
user-role logon
session-acl logon-control
session-acl captiveportal
session-acl vpnlogon
ipv6 session-acl v6-logon-control
!
user-role guest-logon
session-acl logon-control
session-acl captiveportal
captive-portal default
!
user-role ap-role
session-acl control
session-acl ap-acl
!
user-role voice
session-acl sip-acl
session-acl noe-acl
session-acl svp-acl
session-acl vocera-acl
session-acl skinny-acl
session-acl h323-acl
session-acl dhcp-acl
session-acl tftp-acl
session-acl dns-acl
session-acl icmp-acl
!
user-role guest
session-acl http-acl
session-acl https-acl
session-acl dhcp-acl
session-acl icmp-acl
session-acl dns-acl
ipv6 session-acl v6-http-acl
ipv6 session-acl v6-https-acl
ipv6 session-acl v6-dhcp-acl
ipv6 session-acl v6-icmp-acl
ipv6 session-acl v6-dns-acl
!
aaa server-group default
auth-server Internal
set role condition role value-of
!
aaa authentication vpn default-role default-vpn-role
mgmt-role read-only
description "This is the Default View Only Role"
permit view-only
!
crypto isakmp policy 20
encryption aes256
!
crypto ipsec transform-set default-aes esp-aes256 esp-sha-hmac
crypto dynamic-map default-dynamicmap 10000
set transform-set default-transform default-aes
!
wms
valid-11b-channel 1 mode enable
valid-11b-channel 6 mode enable
valid-11b-channel 11 mode enable
valid-11a-channel 36 mode enable
valid-11a-channel 40 mode enable
valid-11a-channel 44 mode enable
valid-11a-channel 48 mode enable
valid-11a-channel 149 mode enable
valid-11a-channel 153 mode enable
valid-11a-channel 157 mode enable
valid-11a-channel 161 mode enable
valid-11a-channel 165 mode enable
!
hostname Aruba3600
interface vlan 1
ip address 192.168.0.20 255.255.0.0
!
ip default-gateway 192.168.0.47
localip 0.0.0.0 ipsec xxx
clock timezone CST -6 0
mgmt-user admin root xxx
enable secret "xxx"
trusted all
The IP address for my controller is 192.168.0.20, and I have a DNS entry for "aruba-master" pointing to that. The port on the core switch I'm uploading to is B19. The uplink port on the edge POE switch is port GigabitEthernet1/0/1. The port I'm setting up for the AP is GigabitEthernet1/0/3. Right now I have a laptop plugged into that port, and it's working perfectly. I get a DHCP address for VLAN2, and I can ping servers in VLAN1 and get to the internet.
Please let me know if there is any other info from me that may help! Thank you!