Search the Community
- ClearPass Recipe Review
- ClearPass Recipe Submission
- Admin Tool - Assign Role in Bulk
- Admin Tool - User Search
- CWNP Conf 2015
- Airheads Conference Vegas 2015
- Wlan Pro Conference 2015
- Airheads Conference Shanghai 2014
- WLAN Pro Conf EU 2014
- CWNP Conference 2014 (Sep 22 - 24)
- Airheads Local 2014
- Wireless Field Day 7 (Aug 6-8, 2014)
- Black Hat 2014 Contest
- Airheads EMEA Italy 2014 (June 9 - 13)
- Americas Airheads Conference 2014
- WLAN Professionals Summit 2014
- Airheads Roadshow 2013
- EMEA Airheads Conference 2013
- APJ Airheads Conference 2013
- Americas Airheads Conference 2013
- Americas Airheads Conference 2012
- APJ Airheads Conference 2012
- EMEA Airheads Conference 2012
- Airheads EMEA 2012 Contest: How to Enter - Contest Terms & Conditions
- Airheads EMEA 2012 Contest: Create your Entry to Win Here!
- Airheads Conferences Prior to 2012
- Americas Airheads Local Events 2012
- EMEA Airheads Local Events 2012
- Wireless Field Day 3 @ Aruba Networks
- Wireless Tech Field Day 2- Silicon Valley
- Wi-Fi Mobility Symposium- San Jose, CA USA
- SDN Apps
- Connector Translation Testing area
I want to give some users, each with a private password to access a ssid, each person has different times, for example a month or a week depending on people.
These people do not share the password, because the password must be associated with the Mac address. Automatically revoke passwords when expired.
It is possible to allow that person to enter the password on the first floor, but not to the second floor, or the entire floor, the Ap depends on the configuration.
Administrators can be administrators who have been granted password history, for example, granted on any day, expired date, granted how many times ...
This can be used by the controller or using ClearPass? thank you for support.
Forgive me for being a Aruba newbie- we have several Airwave managed clusters (AP315's), that are running 6.5.x firmware. I was looking to upgrade and found a version 8.3 variant of Aruba Instant. What's the difference between the two versions of Aruba Instant? Meaning is there a particular reason to run one or the other version? From what I can determine 8.3 has a longterm EOL, the 6.5 is EOL Aug 2022.
Have you already read the release notes, under "What's new"? There is too much to copy and pa...
Have you already read the release notes, under "What's new"? There is too much to copy and paste here, so I will just attach them.
If you already read the release notes, do you have any questions about them?
6.5 is current Instant software version. 8.3 has just been released weeks ago, and the 8.x versions...
6.5 is current Instant software version. 8.3 has just been released weeks ago, and the 8.x versions will be where the new features will be developed. Over time, you should consider moving to 8.x.
For now, if you have a stable 6.x deployment, I would upgrade to the latest version in 6.x, unless you need features that are only in 8.3 as described in the release notes.
I'm having a real tough time trying to find documentation on how to get RADIUS accounting working for controller management. We have 7205 controllers in HA mode and I was able to get RADIUS authentication working properly with our FreeRADIUS server but I cannot find any options to send accounting info (config changes is what I mostly want to capture). There is a checkbox for TACACS accounting but nothing for RADIUS. The only location I see for adding RADIUS accounting is under AAA profiles but I don't see an option to associate a AAA profile with management access. Is syslog the only way to capture this if we're not using TACACS?
Apologies if this has been answered before, but I'm at a bit of a loss on finding a functional USB to MicroB console cable for the new IAP-345.
I've tried two vendors standard cables, neither of which functioned correctly.
I found the AP-CBL-SERU article which indicates that a different pin order was used. The document found indicated that Arubas (orange) console cable is using Red/Black/Green/White USB-A to Micro-B.
However, Industry standard looks to be Red/White/Green/Black.
Does anyone know where I can acquire this console cable? I've got staging vendors I'm trying to make sure are outfitted to provision/t-shoot these APs but it doesn't really matter unless I can find a console cable that works.
Any leads appreciated!
The console port on the AP-345 (and most other indoor Aruba AP platforms) is NOT industry standard....
The console port on the AP-345 (and most other indoor Aruba AP platforms) is NOT industry standard.
To use the interface you'll need the custom/proprietary Aruba console cable AP-CBL-SERU (JY728A).
My current setup has our wireless and wired laptop users put onto the same subnet, but I'm wondering what the best practice for this actually is.
One of the problems I've encountered with this setup, is when a laptop is hooked up to a docking station and has both a wired and wireless connection on the same subnet. Usually windows would prioritize the ethernet connection, but this isn't always the case. Users lose connection intermittently due to having 2 nics on the same subnet.
What designs are other poeple using?
Keeping wired and wireless separate was mainly a concern due to all of the broadcasts that wired tr...
Keeping wired and wireless separate was mainly a concern due to all of the broadcasts that wired traffic creates. Those broadcasts degrade wireless traffic. We do have very good broadcast suppression, so why keep them separate anymore? Answer: To separate your troubleshooting and security domains. You want to be able to quicly compare any problems you have on the wireless network with the wired network to diagnose problems quickly. In an Aruba network, you can apply roles to traffic, which can limit what specific types of users can do. If you mix those users with wired users, it will affect that security model. You also in many circumstances would want treat wired and wireless clients differently. Keeping them in different VLANs allows you to do that.
Windows prefers the interface that has the highest cost (output of the "route print" command). If your wired users only have a 100meg interface, Windows will prefer a wireless interface that negotiates at 200megs. If your users connect via a gigabit ethernet connection, it is much less likely that windows would prefer the wireless interface for traffic, even though it would still be connected and send broadcasts to that client.
Some Windows wireless drivers have an option to disable wireless when wired is connected.
When devices are dual-connected, at times wired traffic will "leak" to the wireless side and create a duplicate user in the user table on the WLC with the wired ip address for that user. You can deal with that by enabling "enforce dhcp" on the AAA profile, or by editing the validuser ACL to only allow clients requesting ip addresses from wireless subnets. http://community.arubanetworks.com/t5/Controller-Based-WLANs/What-is-validuser-ACL-and-its-uses/ta-p/178584
So, my question is the Aruba RAP 303H can connect to Instant Acces Point 305 Controller?
So do I need a physical connection to connect the Remote AP to network?
hope your comments,
Hi Javier, Both IAP 305 & 303H use the same image version. So, they can form a c...
Both IAP 305 & 303H use the same image version. So, they can form a
However, 303H needs minimum version 18.104.22.168.
So, please ensure IAP is running atleast 22.214.171.124 Or above version. Once that is confirmed, you can add IAP 303H in to the same cluster & it should work fine.
I have to implement a wireless network for a High School. Clients are students which connect to the wireless network through Guest captive portal. The network consists of ClearPass and one controller, and of course many APs. At this first stage the customer only will purchase one controller, and in the second stage will purchase another one in order to have controller redundancy.
All this said, for this first stage the customer also wants to have some type of reliability in the way if the controller goes down, clients already authenticated keep their connection up, although new clients will not be able to authenticate.
In the first moment I thought to use bridge mode for this, but I can't since bridge mode doesn't support captive portal. Then I will have to use tunnel mode, but then if the controller goes down, all the APs and clients will go down. Is there anyway to achieve this kind of reliability with just one controller? Any help will be much appreciated...
The model is to deploy a second controller for redundancy, or open a TAC case and have another one ...The model is to deploy a second controller for redundancy, or open a TAC case and have another one sent overnight. The pricing is designed so that redundancy is cost effective for a second controller. Controllers have no moving parts and rarely fail. If you want to plan for that scenario you should have a second controller. Nothing was built to account for the failure of a single controller besides a second controller.
In one of our environments we have old devices with fixed IP that need to connect in 802.11b and 802.11g network.
We replaced an old ubquiti wifi solution with new IAPs 207 access points.
But we are facing problems, the old devices associate the wifi network, but do not communicate. The device stay with IP 0.0.0.0 . It seems the AP does not know who it is.
Please see the pictures attached.
Do you have any idea what can cause it?
in one location users can´t connect to SSIDs broadcasting by a virtual controller (in other APs from the same VC do it).
I did a packet capture and see a lot of broadcast deauthentication packets.
I think that we are under an attack and I can´t find the source of this so, What can I configure on a aruba instant controller to avoid the attack?
I just installed IAP VC with around 4 units of IAP 207 and IAP 305 to our customer. The IAP 305 will be the preferred master VC. Current OS is 126.96.36.199-8.3.0. Their environment is mixed between gn and ac client.
Now our customer reported me; they saw clients that're gn type were a poor performance (see picture). These gn clients are often time out when connecting to host (checking by using a ping command). Also found that bandwidth swings (not consistency). Singnal strength is no issue. Any suggestion, please.
Note: the configuration I used:
1. All of ClientAware, ClientScanning, ClientMatch, are enabled.
2. And min-tx-power 18, max-tx-power 24, band-steering-mode prefer-5ghz, air-time-fairness-mode default-access