Search the Community
- ClearPass Recipe Review
- ClearPass Recipe Submission
- Admin Tool - Assign Role in Bulk
- Admin Tool - User Search
- CWNP Conf 2015
- Airheads Conference Vegas 2015
- Wlan Pro Conference 2015
- Airheads Conference Shanghai 2014
- WLAN Pro Conf EU 2014
- CWNP Conference 2014 (Sep 22 - 24)
- Airheads Local 2014
- Wireless Field Day 7 (Aug 6-8, 2014)
- Black Hat 2014 Contest
- Airheads EMEA Italy 2014 (June 9 - 13)
- Americas Airheads Conference 2014
- WLAN Professionals Summit 2014
- Airheads Roadshow 2013
- EMEA Airheads Conference 2013
- APJ Airheads Conference 2013
- Americas Airheads Conference 2013
- Americas Airheads Conference 2012
- APJ Airheads Conference 2012
- EMEA Airheads Conference 2012
- Airheads EMEA 2012 Contest: How to Enter - Contest Terms & Conditions
- Airheads EMEA 2012 Contest: Create your Entry to Win Here!
- Airheads Conferences Prior to 2012
- Americas Airheads Local Events 2012
- EMEA Airheads Local Events 2012
- Wireless Field Day 3 @ Aruba Networks
- Wireless Tech Field Day 2- Silicon Valley
- Wi-Fi Mobility Symposium- San Jose, CA USA
- SDN Apps
- Connector Translation Testing area
In previous years, they have been made available, however, I do not see any literature on availability of those test this year, only classes. Does anyone have any information on this?
...wanted to to ACDX or ACMX testing and that a testing rep would contact me if I chose one of those...
When I signed up for breakouts (after paying for the conference) it asked if on the second day I wanted to to ACDX or ACMX testing and that a testing rep would contact me if I chose one of those (which I did, but haven't heard anything back yet).
I believe the ACMX is full also as I receieved a notice today saying that I would not be able to...
I believe the ACMX is full also as I receieved a notice today saying that I would not be able to sit the exam. Bummer
I'm looking to purchase the Aruba 7210 wireless controller along with 30 AP-335 wireless APs and 8 AP-334 wireless APs for my organization.
I'm a little confused about the licensing though, so I'm hoping someone can help me out with this.
Do I need to purchase a license for each of the APs that I intend to connect to the controller? If so, how do I determine exactly which license I need? Do I also have to purchase a license for the controller itself?
For example: I'm seeing item JW500AAE which is labeled as Aruba PEF VIA License for 7210 Controller E-LTU. The cost on this is about $16,000. Then I see JW472AAE Aruba Controller Per AP Capacity License E-LTU for $75.00 each.
So, basically, I'm getting really confused on exactly what I need to purchase to get this project rolling. I would have thought that the APs would have come with a license (especially for the asking price of $1,600 or so per AP.) But when I contacted the vendor, they said I needed to buy a license for each AP on top of the unit cost. They also advised me that the licenses have to be bought again after a set period of time.
Any advice is very much appreciated!
...you had one or two devices that normally connect to the open network but need access to resources...
I finally got in touch with one of my vendors who was able to explain the licensing to me. The answer is:
For 90% of most deployments, 2 licenses are typically used:
1) JW472AAE - Aruba Controller Per AP Capacity License
This is a perpetual license that allows one access point to be managed by the controller. You need one of these for every access point you want to connect to and manage with the controller. Your basic license.
2) JW473AAE - Aruba Controller Per AP PEF License
This is a license that must be acquired on top of the JW472AAE license. This license isn't mandatory, but it allows more advanced role-based access controls on a per AP basis. (Like if you wanted to have a restricted network and an open network, but you had one or two devices that normally connect to the open network but need access to resources only available on the restricted network.)
It's important to note that the PEF license augments the capacity license - it does not replace it. (Think: more $$ to use more features.)
My vendor said that for 90% of most deployments they see, the above two license types are really the only two to be concerned with. There are others that offer increasing functionality and features at an exponential price increase.
Also, Aruba does offer non-perpetual licenses that must be renewed every year. So, be very careful and talk to your vendor before you actually buy any licenses. In most scenarios, you'll probably want the perpetual licenses. There are; however, cases where an annual license may be a better fit for you.
In closing: I noticed that there seem to be large-quantity license "packs" available at significantly better prices than buying the licenses individually. For certain enterprise deployments, these options may be more viable.
My Opinion: It honestly confuses me why Aruba has made this process so complicated. They have two series of AP: IAP and AP. IAP can work with or without a controller whereas AP are marketed specifically for use with a controller. Why they charge $1500+ for an AP and then force you to pay more just to be able to use it seems a little "greedy" to me. I'd say that if you're going to market a product to work with another product, the licensing should be included in the price - especially at that price point.
Don't get me wrong ... Aruba's got some really nice high-quality stuff ... but you can tell they like some of their stuff just a little too much.
Yes, I contacted your sales team a few days ago and was told I'd have a call-back or an email...
Yes, I contacted your sales team a few days ago and was told I'd have a call-back or an email between then and a day or so ago.
They still haven't called me back or emailed me, so I'll try them again.
I'll post the answer I find out on here for others to benefit from.
...to be for a firewall, which I'm not interested in deploying or using. Based on what I have...
Follow-Up to my post:
The JW500AAE Aruba PEF VIA License for 7210 Controller E-LTU appears to be for a firewall, which I'm not interested in deploying or using.
Based on what I have been able to find so far, I'm guessing I only need to purchase the Capacity licenses for each AP I want to connect to the 7210 controller. (JW472AAE)
Am I understanding this correctly?
...RF Features including Wireless IDS/IPS. Please work with your Aruba partner or local Aruba...
PEF-VIA is basically to support the VIA VPN Agent.
Most of our customers have LIC-AP + LIC-PEFNG and many + LIC-RFP.
The LIC-PEFNG allows role-based access, stateful firewalling of client traffic and AppRF application recognition and prioritization.
LIC-RFP allows advanced RF Features including Wireless IDS/IPS.
Please work with your Aruba partner or local Aruba sales team to decide which licenses you need, in what quantity, and what they give you.
in one location users can´t connect to SSIDs broadcasting by a virtual controller (in other APs from the same VC do it).
I did a packet capture and see a lot of broadcast deauthentication packets.
I think that we are under an attack and I can´t find the source of this so, What can I configure on a aruba instant controller to avoid the attack?
Problem: Need to have a switch in a remote area of my office that is not reachable by wiring. (wireless signal is strong there)
Is it possible for me to put a POE switch in that location and connect an IAP and mesh it into current Wireless Network and thus allow the switch to join the network?
...entire day waiting for or looking for responses to follow up on. Well, maybe Colin does. So no one...
Malin, first, this is NOT a direct support board and it shouldn't be thought of as anything more than a volunteer-based community support community. People like myself (Arubans) do not spend our entire day waiting for or looking for responses to follow up on. Well, maybe Colin does. So no one is ignoring you, sometimes we are working in the background on your behalf while doing our regular job (none of us get paid to haunt these boards). Hope that makes sense.
That said, I spent some time yesterday discussing with engineering on how to make this work with IAP. For controller-based solutions, it works fine because we can configure the number of IPs allowed per mac address on the WLAN. Unfortunately IAP does NOT allow this modification to the WLAN stack, so the only application that will work in your case is to use 501 as a wired client bridge for a single device with mac cloning.
If you want to get another IAP-205, that will absolutely support mesh bridging to bridge the network for however many devices you have on the remote IAP. There are numerous pages on setting that up. My apologies for that not working.
The best solution would be the HP 501 802.11ac wireless bridge here: https://www.amazon.com/J...
The best solution would be the HP 501 802.11ac wireless bridge here: https://www.amazon.com/J9835A-Wireless-802-11B-Desktop-Wall-Mountable/dp/B00HEK8E3Y
I am creating an 802.11ac wave 2 wireless environment for a healthcare building. 5 floors, 325 devices per floor and using cisco voice phones. I am looking at Aruba wireless controllers and wondering the pros and cons to using a virtual wireless controller vs a physical one?
Any feedback would be appreciated.
The benefit of a physical controller is that the performance is predictable and it has hardware acc...
The benefit of a physical controller is that the performance is predictable and it has hardware acceleration for encryption features and a TPM for enhanced security. If you deploy on VM, you will need to make sure that you have the required resources reserved for the virtual mobility controller.
As your question is quite broad, the local Aruba sales team should be able to help/guide you towards the best solution in your case.
if you have budget it's better to use physical appliance (it gives more benefits)
if you have budget it's better to use physical appliance (it gives more benefits)
I am looking for the possible methods of redundancy for RAPs - I know in a master/standy scenario, you would NAT the public IP to the VIP and the VIP would handle the failover scenario with it's virtual IP and MAC. If two controllers are not within the same L2 network, meaning we can't setup VRRP, is LMS/Backup LMS a viable option? Obviously we would need (2) public IPs instead of (1) and the RAP would require a reboot, but in a DR scenario, is that a possible option? I've always used VRRP for this, but I understand it's limitations.
I looked through the RAP VRD as well, and it seems like best practice is VRRP in a Master/Standby setup.
...address as round-robin or both addresses at one time to the a-record that RAP points to.
2 public IPs. The VRRP implementation in ArubaOS does not work with RAP. EDIT: IF the VRRP is behind a NAT boundary (e.g. static nat to private VRRP does not work).
Setup a DNS a-record
Populate that A-record with both ip addresses
Have your DNS server deliver the ip address as round-robin or both addresses at one time to the a-record that RAP points to.
...just use the old method of LMS/Backup LMS or use something like a Netscaler to distribute a single...Is the VRD for the RAP outdated then, because it has VRRP as the method for Master/Standby.
If we setup the A record with two IPs, and use one of those methods, the RAP would resolve only 1 address though correct at a time? So if the controller went down, the RAP would also go down?
Can we just use the old method of LMS/Backup LMS or use something like a Netscaler to distribute a single public address and swing over if primary controller is down?
...supplying alternate addresses or I guess a Netscaler would provide redundancy upon cold boot for the...
If you setup DNS a-record with two addresses, what happens next depends on the DNS server configuration:
- DNS round robin will deliver one ip address and then the other
- An alternate DNS setup will deliver both addresses
If the DNS server is only serving up one address at a time (round robin), that is all that the RAP will try. If it finds a controller at that address, you can deliver a second address via backup LMS-IP, which it will use as backup. If it does not find a controller at that address, it should reboot, where the DNS server should supply the second address. If the DNS server is sending out two ip addresses, the RAP will try the first address, and if it does not exist, it will try the next address. LMS-IP and backup LMS can be delivered to the RAP in any scenario where it finds a controller.
LMS and Backup LMS can only be delivered if the RAP finds a controller after cold boot in the first place. DNS supplying alternate addresses or I guess a Netscaler would provide redundancy upon cold boot for the initial ip address.
I need to pass these 2 exams in a couple of weeks, months. What do you suggest, which exam should I do first, what is the recommendation?
I'd recommend starting with the ACMP (Controller). The ACCP (ClearPass) requires that you have a go...
I'd recommend starting with the ACMP (Controller). The ACCP (ClearPass) requires that you have a good understanding of how to integrate ClearPass with Network Access Devices like the Controller, so it helps to have the ACMP first before attempting the ACCP. Hope this helps.
We are having a debate at work on whether a particular configuration should be using a “Forward mode” of “bridge” or “tunnel” in the “Wired AP” profile used on the “Ethernet interface port configuration” applied to an Access Point.
Here’s the setup. We are a large campus with many buildings. A typical building has fiber coming in to a main switch. The main switch is connected to child switches which could be connected to their own child switches and so on. Access Points (APs) and other devices are connected to these switches and the different types of devices are partitioned into VLANs. The Ethernet ports on the APs are always configured to “tunnel” forward mode. Thus, traffic from an AP tunnels back to the Mobility controller while traffic from other devices on the same switch follows whatever paths have been established for it. Hopefully this makes perfect sense.
Now consider a building, X, that does not have fiber coming in to it but which has a switch to support wired connections within the building, including APs, like any other building. Building X is across the street from Building Y, which does have fiber and is setup as described in the previous paragraph. In order to connect Building X to the network, we use Aruba mesh nodes to create a wireless bridge from Building X to Building Y. In the abstract, you could view Building X as just another floor of Building Y, which connects to building Y’s main switch via a wireless bridge instead of a copper wire.
The wireless bridge is composed of a mesh “point” located at Building X, and a mesh “portal” located at Building Y. Of course the “Mesh Cluster” profile is using encryption so that unencrypted traffic, like a telnet password for logging in to Building X’s switch, is not broadcast out on the public airwaves. And of course the “Forward mode” of the “Wired AP” profile for the mesh point at Building X is set to “bridge,” since there is no controller to tunnel to in Building X. Hopefully I am stating things clearly and have not lost the audience.
Here is where the disagreement comes in. Should the “Forward mode” of the “Wired AP” profile for the mesh portal at Building Y be set to “bridge” or “tunnel?” Before you answer, consider an ordinary AP located in Building X. Like an AP in any other building, it will establish a tunnel back to the controller. If the mesh portal in Building Y is also set up to tunnel, then the tunneled traffic from the AP in Building X will be placed inside a second tunnel created by the mesh portal. Consider also an ordinary PC in Building X. If the mesh portal in Building Y is set up to tunnel, then, unlike a PC in any other building, this PC’s traffic will be tunneled back to the Mobility controller by the mesh portal before it is released to be routed wherever it wants to go. You have probably detected which side of the debate I fall on.
The argument in favor of “bridge” mode is that the only purpose of the wireless bridge (be careful, we are using the word “bridge” in different contexts here and it means slightly different things) is to emulate a copper connection between a child switch in Building X, and its parent switch in Building Y. There is no extra trunking required, the switches are configured like they are in any other building.
The argument in favor of “tunnel” mode is unclear but there seems to be strong sentiment in favor of it. Perhaps someone on this forum can offer some insight as to why tunnel mode should be preferred to bridge mode in this use case. Perhaps there is some consideration that I have overlooked that would explain a preference for tunnel mode.
All commentary is welcome. Anyone care to weigh in?
...style. If bridge or tunnel is making (1) administration harder (2) application visibility...
As long as there is not a situation where there is limited bandwidth, it is a matter of personal style. If bridge or tunnel is making (1) administration harder (2) application visibility limited or (3) traffic degraded, choose the opposite forwarding mode.
+1 for bridge mode, especially if there are APs on the other side of that mesh point, don't want do...
+1 for bridge mode, especially if there are APs on the other side of that mesh point, don't want double encapuslation up to the controller.
FWIW over the years with almost no exceptions, each Aruba mesh network I have seen where it was providing backhaul connectivity to campus buildings, ran the wired ports in bridge mode.
I have been trying to schedule the ACMX exam for 7 days and I get this error on the Aruba Training website:
Field format error: 10561-There's an error with this transaction. Please enter a complete billing address.
I sent an email to the support, but no one can give me a solution to the case.
First they said that there might be a problem on my credit card. I called my bank and there were no requests denied on their behalf.
Then they asked me to try to make the purchase with another credit card. I receive the same error with different credit cards.
The best response I received from support was to buy training credits from a partner.
I need to schedule this test as soon as possible. Does anyone know anything about this error or do you know where I can buy the Training credits in the United States?
Yesterday captive portal on our controller 7205 stopped working. I tried to login to web management and it's not working either. Tried with different browsers and computers.
APs work with radius client's normally.
SSH to controller works.
Controller has been restarted.
What should i try to get web-management (and captive portal) to work again?
Any help would be appreciated.
...TAC or check the release notes for a possible fix.
Looks like the Web Server has stopped responding.
# show web-server statistics Error in fetching statistics, Web Server is not respoding
This is still the same issue after a reboot and a httpd service restart? This might be a known issue with the OS you are running. Maybe speak to TAC or check the release notes for a possible fix.
Controller firmware update solved the problem.
Controller firmware update solved the problem.