Search the Community
- ClearPass Recipe Review
- ClearPass Recipe Submission
- Admin Tool - Assign Role in Bulk
- Admin Tool - User Search
- CWNP Conf 2015
- Airheads Conference Vegas 2015
- Wlan Pro Conference 2015
- Airheads Conference Shanghai 2014
- WLAN Pro Conf EU 2014
- CWNP Conference 2014 (Sep 22 - 24)
- Airheads Local 2014
- Wireless Field Day 7 (Aug 6-8, 2014)
- Black Hat 2014 Contest
- Airheads EMEA Italy 2014 (June 9 - 13)
- Americas Airheads Conference 2014
- WLAN Professionals Summit 2014
- Airheads Roadshow 2013
- EMEA Airheads Conference 2013
- APJ Airheads Conference 2013
- Americas Airheads Conference 2013
- Americas Airheads Conference 2012
- APJ Airheads Conference 2012
- EMEA Airheads Conference 2012
- Airheads EMEA 2012 Contest: How to Enter - Contest Terms & Conditions
- Airheads EMEA 2012 Contest: Create your Entry to Win Here!
- Airheads Conferences Prior to 2012
- Americas Airheads Local Events 2012
- EMEA Airheads Local Events 2012
- Wireless Field Day 3 @ Aruba Networks
- Wireless Tech Field Day 2- Silicon Valley
- Wi-Fi Mobility Symposium- San Jose, CA USA
- SDN Apps
- Connector Translation Testing area
I am very new to the Aruba product.
I bought a APIN215 and after try to get ti to work i figured out i need a controller. I had my eye on a 7010-RW Mobility Controller. The question is does this need a licence to use, is it a once off licence. I am looking at running 2 AP215 only.
What happens if not licence is installed
...that each license level is the same as the controller will support the minimum license count....
It depends, if you want to do any firewall, user roles etc then a PEF-NG license is a good start too. Also the RF Protect license is good for spectrum monitor and WIPS stuff. You need to make sure that each license level is the same as the controller will support the minimum license count.
So for example
2x AP Capacity
The licenses are permanent and do not expire. The licenses are applied to the controller and not the AP.
You could always request an eval from HPE to trial features first, these are valid for a maximum of 90 days.
...there is no licenses on the controller the AP will not show as "up". http://www...
You will need to license the controllers to the capacity of AP's that you require. If the there is no licenses on the controller the AP will not show as "up".
... JW472AAE Aruba LIC-AP Controller per AP Capacity License E-LTU licences. Or do i need to...
So to be clear
to have only 2 AP215 connect to the controler i need to only buy 2x JW472AAE Aruba LIC-AP Controller per AP Capacity License E-LTU licences.
Or do i need to buy one for the moblity control 7010-RW as well
How long do the liceences last.
Whilst grabbing a few eval licenses for my lab in preparation for my ACCX exam I noticed an option for "Virtual Mobility Controller".. See below.
Have I missed out on some news or something?
Yes I'm looking for the VMWare Virtual Mobility Controller download.Yes I'm looking for the VMWare Virtual Mobility Controller download.
The ova is the Virtual Mobility Controller (mobility master) download. Access Points cannot...
The ova is the Virtual Mobility Controller (mobility master) download. Access Points cannot be terminated on the Virtual Mobility controller, however...
The new AOS 8 architecture uses a virtualized services controller. This was demoed at ATM16.The new AOS 8 architecture uses a virtualized services controller. This was
demoed at ATM16.
cappalli wrote: The new AOS 8 architecture uses a virtualized services controller. This was...
The new AOS 8 architecture uses a virtualized services controller. This was
demoed at ATM16.
it is available from some year...
There is a special "VM" edition on price list about DoD release...
Planning an entry-level controller solution with about 50-60 APs. Previously I have used instant for smaller solutions, but I was looking at the following
-7205 Mobility Controller (JW735A)
Now I guess it would work with both instant APs (JW811A) and aruba APs (JW797A) but I wonder if there's a difference in licensing or such in addition to the preloaded OS (which would need to be changed in the instant version I guess). I still need a LIC-AP for both access points, and one of these can run both instant/arubaos and the other can't? At least some site seemed to have more expensive aruba APs, so that's what got me wondering?
...difference in licensing for this. you will need the AP license for the mobility controller equal...
If the AP is of type "IAP", i.e. IAP-315 then the ap can run the Instant OS as well as ArubaOS. If the AP is of type "AP" i.e. AP-315, then the AP can only run ArubaOS. This does change in some of the new AP's, as Aruba is moving towards the concept of a "Universal AP" that can run both.
If you obtain the IAP type AP's then they will ship with the Instant OS running, you will need to connect them and then convert them to ArubaOS.
there is no difference in licensing for this.
you will need the AP license for the mobility controller equal to the number of access points. (as well as any other licenses you might want i.e. PEF/VIA/RFP/ACR)
I would like to add our mobility controller to an AirWave which is accessible over Internet.
The controller is in 188.8.131.52 and I added the AirWave server using the Wizard.
I have mostly worked with Instant and add the IP address of the server on the VC interface was the only thing to do to see it in 'New Device'.
However, just by doing the wizard on the controller and put the SNMP community, I can't see it on the AirWave, even if I can see some AppRF information.
Do I have to add it manually ?
Thanks in advance.
...SSH ports on my local firewall to the controller. Thanks. nice2k.
Thanks, problem is solved.
I needed to add it as you said, but also to redirect SNMP and SSH ports on my local firewall to the controller.
If you go to device setup, click Add, select Aruba device and fill in the appropriate information.If you go to device setup, click Add, select Aruba device and fill in the appropriate information.
So, I've got a 2930 F switch plumbed into our network and talking RADIUS 802.1x auth to our Clearpass server. Swith uplink connectes to one of our 5510 .However ......
What I was interested in was enabling Airgroup connectivity for wired devivces on the switch so that they are part of the airgroup domain defined on our mobility controller.
I *thought* that there was a presentation at the last Atmosphere that showed a switch tunneling to a mobility controller and allowing controoler policies and acls to be applied to devices on the switch. Looking at the application where a study bedroom would have airgroup access on the WiFi network ( WPA2-Enterprise and WPA2-PSK) and on the wired ( 2930F switches) and use clearpass guest t ocontrol it all .....
If the above is correct,m can anyone point me at the appropraite documentation?
Hmmm I had a 5130 switch configured to have a tagged vlan into a router. mobility controller...
Hmmm I had a 5130 switch configured to have a tagged vlan into a router. mobility controller also had an interface on same vlan. Ran Chromecast and apple TV devices authenticated onto the wired vlan and were visible to the controller. Could use android and ios devices to stream music and video from wpa2-enterprise snd wpa2-psk devices to the wired ones
Thought there was a switch config option to treat the switch as a "RAP" in order to connect it to the controller. roles and policies could then be applied to switch users with traffic going via mobility controller.
...into our clearpass server .... just need to get them talking to our mobility controller
Now that's a good document.
Got a pair of 2930F's and 2930M's configured as two stacks plumbed into our clearpass server .... just need to get them talking to our mobility controller
...discover servers advertised by the controller.Wired AirGroup servers can be discovered on the wire using the AP multicast aggregation features in ArubaOS.
There is no official/supported method for wired clients (Aruba switches or not) to discover servers advertised by the controller.
Yes, there are definitely ways to get it to work, but most are not officially supported. Are you...Yes, there are definitely ways to get it to work, but most are not officially supported.
Are you referring to tunneled-node? That will forward all traffic though, not just SSDP and mDNS advertisements. Take a look at the ClearPass Solution Guide for Wired Policy Enforcement.
I have an installation of wifi network using 10 Alcatel-Lucent AP93 with OAW-4306G Mobility Controller. Now we want to expand the installation using Aruba IAPs. Is there a way to make the virtual controller a slave to the mobility controller (or the master). If not what would recommend as a best bractice for this type of installations.
So the only choice is to use the new IAPs seperatly from the controller ?
So the only choice is to use the new IAPs seperatly from the controller ?
OK. What if the mobility controller is Aruba and not Alcatel, what would you recommend...
What if the mobility controller is Aruba and not Alcatel, what would you recommend ?
I know that one solution is to convert the IAPs to campus aps but due to licence limitations, itis not possible
NB. Alcatel-Lucent use aruba hardware (in this case 600 series) uses and software is not that different.
yes, if you want a support solution that is your only choice.
yes, if you want a support solution that is your only choice.
I'm playing with Aruba OS 8.X in the lab.
I've succesfully configured a Mobility Master, but I'm having issues creating a cluster of Mobility Controllers.
I'm trying to follow the example on the Aruba Solutions Exchange, but my controllers keep reporting that they are L3 connected.
I would also like to setup a VRRP between the controllers in the cluster.
Here is a dwg:
Here are the commands I tried to use:
no paging #Group-level configuration cd /md/ns-lab/cluster-nh configure terminal lc-cluster group-profile cluster-nh write memory cd /md/ns-lab/cluster-nh/00:1a:1e:00:da:90 lc-cluster group-membership cluster-nh write memory /md/ns-lab/cluster-nh/00:1a:1e:00:90:40 lc-cluster group-membership cluster-nh write memory #Group-level configure cd /md/ns-lab/cluster-nh lc-cluster group-profile cluster-nh controller 172.30.97.10 controller 172.30.97.11 redundancy write memory
However I get the following error:
(mm-nh-p) [md] #logon 172.30.97.10 Last login: Mon Feb 13 09:49:05 2017 from 184.108.40.206 (ctrl-nh-1) [MDC] *#show lc-cluster group-membership Cluster Enabled, Profile Name = "nh-cluster" Redundancy Mode On Active Client Rebalance Threshold = 50% Standby Client Rebalance Threshold = 75% Unbalance Threshold = 5% Cluster Info Table ------------------ Type IPv4 Address Priority Connection-Type STATUS ---- --------------- -------- --------------- ------ self 172.30.97.10 150 N/A CONNECTED (Leader) peer 172.30.97.11 100 L3-Connected CONNECTED (Member, last HBT_RSP 39ms ago, RTD = 0.260 ms) (ctrl-nh-1) [MDC] *#
Also If I try to configure a VRRP IP I get
lc-cluster group-profile nh-cluster (mm-nh-p) [cluster-nh] (Classic Controller Cluster Profile "nh-cluster") #controller 172.30.97.10 priority 150 vrrp-ip 172.30.97.18 vrrp-vlan 376 (mm-nh-p) [cluster-nh] (Classic Controller Cluster Profile "nh-cluster") #controller 172.30.97.11 priority 100 vrrp-ip 172.30.97.18 vrrp-vlan 376 Error: vrrp-ip 172.30.97.18 matches with vrrp-ip for controller ip 172.30.97.10
This seems like this should work. Also, after I perform the configuration if I try to show the configuration profile I get:
(mm-nh-p) [cluster-nh] #show lc-cluster group-profile nh-cluster Classic Controller Cluster Profile "nh-cluster" undefined. (mm-nh-p) [cluster-nh] #
Any help would be appreciated.
...sending a specially crafted L2 broadcast packet on each configured vlan on the controller. This vlan...
I saw the same problem and was able to solve it. Reason was that there was a dummy vlan configured on both MCs but the vlan was not connected thru my network between both MCs. After I removed this vlan cluster was L2 connected.
This is the role:
As a follow-up to the cluster members in a full mesh state, the cluster members connection type become known as L3-Connected.
Once all cluster peers are in L3-Connected state, a mechanism called VLAN Probing is launched on each cluster member.
The Vlan Probing scheme on each cluster member consists of sending a specially crafted L2 broadcast packet on each configured vlan on the controller.
This vlan probing scheme is bidirectional and is performed between every pair of cluster members
This remains the same logic, configure 3 VRRP IP addresses, configure each controller...
This remains the same logic, configure 3 VRRP IP addresses, configure each controller to be master for one of these VIP (CTRL1=VIP1, CTRL2=VIP2, CTRL3=VIP3) and for each VRRP group configure a standby. The configuration is made in the lc-cluster group profile not to confuse with vrrp config for VLAN IP interfaces. T Just to clarify, this is optional to provide a virtual IP address for radius servers (NAS-IP). AP however will use another mechanism to terminate active and standby GRE tunnels to 2 controllers within the cluster . There is no need to use a VRRP IP for LMS in 8.x, redundancy is implemented within the cluster.
If you want to use the VRRP IP address in a cluster which is a good idea if your controller fails...
If you want to use the VRRP IP address in a cluster which is a good idea if your controller fails and you still want the cluster to be reached by external radius servers (CoA packet by instance), you need two VRP IP addresses :
controller 172.30.97.11 priority 100 vrrp-ip 172.30.97.19 vrrp-vlan 376
172.30.87.18 is master on 172.30.97.10 and back-up on 172.30.97.11 and 172.30.87.19 is master on 172.30.97.11 and back-up on 172.30.97.10
I'm trying to connect my Aruba MC 7210 to my ClearPass 6.6 appliance but I get radius error.
1. In ClearPass - I Configured my MC 7210 "\Configuration\Network\Devices\"
2. In MC 7210 - I configured my Radius Server(ClearPass)
3. In MC 7210 - I configured my Server Group
4. In MC 7210 - I configured my RFC 3576 Server(ClearPass)
"\Configuration\authentication\Servers\RFC 3576 Server"
5. In MC 7210 - I configured my WLAN pointing to Radius Server
And I receive Radius Server Authentication Error. What can I do?
Here we have some logs...
[Th 13 Req 5 SessId R00000005-01-5824b6c9] ERROR RadiusServer.Radius - rlm_service: Service Categorization failed
[Th 13 Req 5 SessId R00000005-01-5824b6c9] ERROR RadiusServer.Radius - rlm_service: Policy Server result = 65535, msg = Service classification failed
[RequestHandler-1-0x7f08245e2700 r=psauto-1478731079-11 h=223 r=R00000005-01-5824b6c9] ERROR Core.ServiceReqHandler - doServiceClassification: Error. Ret code=0 response list size=0
OK. Look through the input tab in the access tracker request and make sure those all match. Also, ...OK. Look through the input tab in the access tracker request and make sure
those all match. Also, remove rule 3.
Your SSID rule is likely the issue. You're searching for "secure", but the SSID is "DigiWorld.Arub...Your SSID rule is likely the issue. You're searching for "secure", but the
SSID is "DigiWorld.Aruba"
You have high capacity guest mode enabled. You can only use EAP-PEAP Public in this mode.You have high capacity guest mode enabled. You can only use EAP-PEAP Public
in this mode.
does anyone know this issue, that the license tab is missing on Aruba Virtual Mobility Controller?
See the attachment below.
Thanks for help!
...choosing Virtual Mobility controller.
I got the PassPhrase via CLI, but it is not working.
I am choosing Virtual Mobility controller.
...) you can change between Mobillity Master (folder icon), and Mobillity Controller(controller icon)....
i have a solution for the issue:
- On the left site (tree horizontaly lines) you can change between Mobillity Master (folder icon), and Mobillity Controller(controller icon). The license tab is only visible under the Mobility Master (folder icon) not under Mobillity Controller.
- The passphrase in the webinterface is wrong. There are letters missing. You have to connect to console and use "#show license passphrase" and there you will find the correct one!
Let me know if you need help.
...Virtual Mobility Master Standalone = Standalone Master Get Outlook for iOSWhat option you selected from the initial setup MD or a standalone ?
MD = Manage Device by Virtual Mobility Master
Standalone = Standalone Master
Get Outlook for iOS
The license tab will appear after adding the Aruba MC-VA-XX license key via CLIThe license tab will appear after adding the Aruba MC-VA-XX license key via CLI
I've been a long time reader of airheads, looking forward to asking my own question :)
I'd like to create a small guest network but not for public but for pre-approved guest which aren't in our active directory. Our corperate SSID uses windows NPS to authenticate onto AD but I've seem that you can populate an Internal DB of users and use that for WPA2-Enterprise authentication. I've found the controller section where you can add the users manually.
My question is I've seen that there is a self service user administration roll where you can create guest users via the web interface without access to the rest of the controller, can this be used to populate the internal db of guest users?
Hope that makes sense :)
You can, but you need to setup a separate WPA2 enterprise SSID that has termination (controller...
You can, but you need to setup a separate WPA2 enterprise SSID that has termination (controller certificate used as the server certificate), with the internal database as the server.
Again, the only way that you can use users setup in the internal database for WPA2 enterprise is to use termination.