07-02-2014 08:51 AM - edited 07-22-2014 01:08 PM
Here ill explain you the basics of AP Provisining
The first thing we should know about Aruba Access Points its that they can work in different modes(depending on how you buy it)
- If you buy an Aruba Instant AP it can work as a stand alone AP or a controllerless solution which does not need a physical controller
- If you buy normal APs which are not Aruba Instant then the APS are thin APS and ahts what we are going to talk here.
What are thin APs?
Its an AP that contains a minimal configuration, most of the config is located on the controller.
To boot correctly the AP need a few things otherwise you wont be able to provision it. When i say provision i mean configure this thin AP.
Here is the requirements(be sure the AP got them all so it can successfully communicate with the controller)
- IP Address, DNS, Defauilt Gateway, network mask
- Controllers(IP or DNS Name)
Now how do we get the IP address and the controller address?
You can do it statically by setting it at the APBOOT with a console cable connected directly to the console port of the AP
Here is how you do it:
To set him the ip address:
1. setenv ipaddr <ip address>
To set him the network mask
2. setenv netmask <netmask>
To set him the Gateway
3. setenv gatewayip <gatewayip>
4. setenv master <ip of the controller>
This command is to set from which controller he wil download the firmare if he needs to download, and also from which controller he will download the configuration
5. setenv serverip <ip of the controller>
After doing all this you need to save the config with this command:
Now if you donig it dynamically
The process is like this:
- DHCP Request(he will get the IP address of the AP by DHCP and also he will try to get the master IP by DHCP if it configured with the option 43
- If not he will try to multicast by ADP(aruba Discovery protocol) to find the controller IP
- If not he will try to broadcast ADP to find the controller ip address
- if not he will try to send dns query to aruba-master to see if the dns server knows the ip of aruba-master
Example of AP Provisioning went you got the record of aruba-master on the DNS server and you are distributing DHCP on the port that you will connect the AP.
The first thing you need is to create the statically A record on your DNS server
Now with this entry the AP will be able to find the controller with the DNS
For example when you connect a AP to the network and the DHCP server send him the ip address, netmask, default gateway and DNS Server, he will ask the DNS server who is aruba-master and in this case the DNS will asnwer its 172.16.3.216
Go to the controllerand check the control plane security settings
A really easy way is that when you are provisioning just put autocert provisioning(just when you are provisioning)
after you done provisioning please uncheck the auto cert provisioning(thats just for security purpuse)
Okay now you connect the AP to the network
You will notice that the AP will reboot like twice. One to download and install the firmware on the AP and the second time to install the certificate.
After that you will see the AP on AP installation tab
As you see on this example the AP as name will have the mac address of it, and the default group he will be is on the default one
now you just need to provision it
You need to select it and click provisioning like this
After you click provision you need just to configure a few things like this
Select the ap group, select indoor if its an indoor AP
After that you just change the name and thats it!
Click Apply and Reboot
Well thats it, it will reboot and it will come up with the configuration
Product Manager - Aruba Networks
07-22-2014 01:14 PM
i updated the manual and added a example which was missing in this.
Product Manager - Aruba Networks
07-22-2014 05:50 PM
Perfect timing for me, as I'm just getting ready to roll out my first batch of Aruba APs! I do have one follow up question, though, about whether or not an alternate path exists.
Our next series of upgrades will involve replacing Juniper APs with Aruba ones, mostly in a one for one swap. This means that the general set of steps for each one would be:
- Update DHCP records to new Aruba AP
- Remove Juniper AP
- Install Aruba AP
- Provision Aruba AP
The only downside here, is that there will be no service between steps 3 and 4, while the install technician (often student workers, in our case) relay back to the engineer that the AP is ready to provision. Alternatively, I'd much prefer to be able to pre-provision the AP on the controller, so it knows exactly where to slot a new AP into when it shows up. I know this can be done with RAPs by offloading the RAP whitelist to Clearpass, so I'm wondering - is it possible to do something like this for campus APs as well?
07-22-2014 06:44 PM
Did you mean controller instead clearpass?
Anyways there are ways to pre provision.
If i were you i would do this:
1-Install the controller on the Network, and do all the configuration needed.
2-Put the aruba-master record pointing to the aruba controller on the DNS Server
3-Provision the AP one by one for example in your office!
Now lets review Step 2 and Step 3
It is really important to have that record on the DNS server because that will tell the factory default AP where is the controller
Your DHCP server will give the AP the ip, subnet mask and default gateway needed plus your DNS ip address, so the factory default AP will get all that and will know where is the Aruba controller.
After that you will see it on your controller and you can provision it, i mean you can use ANY port that give you DHCP in your network.. the only requirements that is needed is that the network you will plug it has:
2-That network should have access to the Mobility controller main interface vlan IP.
This way you will be able to pre provision all your APS and you can give the ones that are physically installing the APS a AP which is configured... so the only down time you might have its when the installer switch the AP and how much it takes to boot up.
In one client a few days ago i was pre provisioning all the APS with a port he had next to his desk...
It has DHCP, and they got the record DNS on the DNS Server.
So i just had to plug the AP in that port pre provisioning it, and tell him this is the AP that is going to classroom 5-A, then pre provisioing another one and tell them this is the AP going to 6-A and they just took the AP put the name of the AP on the AP box and give them to the one that install the APs later. We did it that way because their installer was coming really late and i had to go to another client. Everything worked perfectly as i didnt has to come back.
As you starting you can read many good tutorials
Here are some i have created
I got more but they are for Airwave, instant APs, and other general things like calculating max devices for your APs.
Hope this help you
Product Manager - Aruba Networks
07-22-2014 06:59 PM
Okay, that's about what I suspected. I have the overall process working, including DHCP and the aruba-master DNS record; I was just hoping to streamline the process. I was hoping to be able to do the pre-provisioning process completely in the controler config with the AP still in the box, rather than having to set it up on the bench, but that's probably the route I'll go as it will still minimize the user visible outage for AP swaps.
07-23-2014 03:53 AM
03-11-2015 03:08 PM
Sadly, this is still not a feature for the CAPs. RAPs have zero touch provisioning with the controller RAP whitelist AP Name and AP Group values being setable. And with the default IAP image on the RAPs now, activate.arubanetwork.com rules can flip them from IAP->RAP mode and connect to a controller with a whitelist entry and be up and working right out of the box. CAP mode APs still have to be activaly connected to the controller before they can be provisioned and the AP Name and AP Group set and saved to the AP.
Feaure request ( Idea ) opened, as I have the same issue. IN-00003589, everyone who wants this functionality go promote it please.....