Search the Community
- ClearPass Recipe Review
- ClearPass Recipe Submission
- Admin Tool - Assign Role in Bulk
- Admin Tool - User Search
- CWNP Conf 2015
- Airheads Conference Vegas 2015
- Wlan Pro Conference 2015
- Airheads Conference Shanghai 2014
- WLAN Pro Conf EU 2014
- CWNP Conference 2014 (Sep 22 - 24)
- Airheads Local 2014
- Wireless Field Day 7 (Aug 6-8, 2014)
- Black Hat 2014 Contest
- Airheads EMEA Italy 2014 (June 9 - 13)
- Americas Airheads Conference 2014
- WLAN Professionals Summit 2014
- Airheads Roadshow 2013
- EMEA Airheads Conference 2013
- APJ Airheads Conference 2013
- Americas Airheads Conference 2013
- Americas Airheads Conference 2012
- APJ Airheads Conference 2012
- EMEA Airheads Conference 2012
- Airheads EMEA 2012 Contest: How to Enter - Contest Terms & Conditions
- Airheads EMEA 2012 Contest: Create your Entry to Win Here!
- Airheads Conferences Prior to 2012
- Americas Airheads Local Events 2012
- EMEA Airheads Local Events 2012
- Wireless Field Day 3 @ Aruba Networks
- Wireless Tech Field Day 2- Silicon Valley
- Wi-Fi Mobility Symposium- San Jose, CA USA
- SDN Apps
- Connector Translation Testing area
If you import the Ruckus radius dictionary into Clearpass, then you can specify the Ruckus SSID jus...
If you import the Ruckus radius dictionary into Clearpass, then you can specify the Ruckus SSID just like Aruba.
You can download the Ruckus radius dictionary on the Ruckus support site: https://support.ruckuswireless.com/answers/000005579
I've attached a picture of what it should look like.
..., make sure the APs are separated more than 3m/10ft from other APs or transmitters (like indoor...Can you make sure that both access points run the same Aruba Instant firmware version? As you have a 105 and 205 AP, they run a different hardware architecture and only cluster if the version is the same. If firmware mismatches, the new AP will not join, exactly what you describe.
Further, on the close proximity, performance will be poor if you place APs close to eachother. As a rule of thumb, make sure the APs are separated more than 3m/10ft from other APs or transmitters (like indoor cellular, DECT, or picocell stations). But the AP should come up, just performance is below what you could expect.
...you see the other IAP in the WebUI from the one that is "working"? One thing I would test...
Are they each one assigned statically as their own Virtual controller with different name? Do you see the other IAP in the WebUI from the one that is "working"?
One thing I would test is to enable the Extended SSID in System > General > Show Advanced Option. This option is to enable from 8 to 16 SSID but I had issue in the past when this option is not enable, an IAP would keep connectivity to the cluster via a hidden wireless link when isolated between 2 switches or 2 network. Might be worth trying!
...start working. If i plug in my cable on the other switch, the other ap will start working too....
Yes they have the same controller IP and, when they are attached on the same switch, if i go on the IP of the non working IAP, i am redirected on the IP of the working IAP.
Another thing that i have just discovered: when they are on different switch, to make them emit wifi,it seems that i need to connect my PC with the etherneth cable to make them work.
So: if im not plugged in with my cable, they will not work. If i plug in my cable on a switch, the ap on that switch will start working. If i plug in my cable on the other switch, the other ap will start working too....
..., same FW version, same FW release ). With the command "allowed-ap mac:address:of:the:other:ap...
Hi and thanks everybody for the replies.
The problem is solved.
I have used two IAP 205 ( Aruba, same FW version, same FW release ).
With the command "allowed-ap mac:address:of:the:other:ap" inside the two IAP ( telnet ). AP 1 must have the AP 2 mac address allowed and vice versa.
Now they are able to join the same cluster ( one became "master"/"controller" and the other "slave" ). I can clearly see the join if i go on the virtual controller IP: i see two IAP.
I will test if two different models can work together if they have the same Firmware Release.
I hope that this post will help people for future problems. Thanks all.
On your AirWave server, navigate to Home -> Documentation -> Supported Infrastructure Devices...
On your AirWave server, navigate to Home -> Documentation -> Supported Infrastructure Devices. It has a list of generally supported device types. If you don't see your device on the list, feel free to submit a feature request to get support for that added sometime in the future.
Very few bridge deployments involve 32 APs that are within earshot of each other.  ...
Very few bridge deployments involve 32 APs that are within earshot of each other.
For those 32 APs, application sessions are transferred from AP to ap as the user roams. For the 33rd, ap the device can roam, but the application sessions will not be transferred.
...it Doubles the boot times of the APs when it is enabled. Are there any other significant...
One Further question, I currently have CPSec disabled. I've noted in the documentation that it Doubles the boot times of the APs when it is enabled. Are there any other significant drawbacks to having it turned on?
The reason I ask is, I'm really considering bridge mode for the wired ports on the 93H. I currently have everything working in tunneled mode but would like to move the wired ports to bridge and leave the wireless in tunnel mode. We have a lot of Streaming DVD players and other device connected Wired in our dorms which I would rather have Bridged instead of tunneled back to the controller. This seems possible, but I haven't tested yet. Any thoughts?
Hi, I don't have the second controller but please also elaborate on other points like is there a...Hi,
I don't have the second controller but please also elaborate on other points like is there a possibility of having a backup IAP to minimize the downtime ?
If not, how much time does it takes to re-establish ? also is it a good design ?
Yes it will re-establish. If you have a second controller, you can create a backup IPSec to that co...Yes it will re-establish. If you have a second controller, you can create a backup IPSec to that controller.
...known use case that we have working at other locations around the world and may be an interesting...
Hi Lee, just a couple of things to add to the discussion. ClearPass can absolutely work in multi vendor networks and provide the guest registration/sponsoring and authentication services you describe. One difference though with Bluesocket is that ClearPass is not an inline device, it works out of band and uses protocols like radius and http/s to interface with the network infraestructure. So aside from bandwidth quotas, ClearPass itself does not do firewall policies or rate limiting of traffic.
You can however configure specific role based policies on ClearPass that will trigger enforcement actions on a NAS device such as your cisco WLC (same is true for Cisco switches). You can send back radius attributes and dACLs to enforce basic firewall and QoS policies. You can also configure ClearPass to send upstream messages to your internet firewall and provide a deeper layer 7 enforcement. Given you are talking maily about guest access, you can probably just plumb the guest VLAN through a specific firewall zone and policy although I would need to better understand the types of roles and FW policies currently in use on your Bluesocket boxes.
One other thing to note, ClearPass can also interface with your Bluesocket environment if you want to retain its inline firewalling capabilities. You could centralize all of the actual guest sponsoring, device registration and guest authentication with ClearPass and just use the Bluesocket boxes to enforce firewall and network policies as they are today. This is a known use case that we have working at other locations around the world and may be an interesting option for you.
We can have one of our ClearPass technical specialists reach out to you to discuss further if thats of interest. Also happy to answer any other questions on this forum
A good chunk of the CPG customer base uses the product with other vendors.
Take a look at the Clearpass solution, http://www.arubanetworks.com/products/clearpass/
It is very feature rich and will probably meet all of your needs and more. It integrates with Cisco and many other vendors.
...: Honestly, "seeing" 100 other networks is not really a dealbreaker. RF can travel hundreds of...
- Hope that most of your clients support 5ghz.
- Hope that most of your clients support DFS channels
- Deploy DFS channels and make the 5ghz 6db stronger than the 2.4ghz band.
Honestly, "seeing" 100 other networks is not really a dealbreaker. RF can travel hundreds of feet, especially in the 2.4ghz, so they can be observed with laptops, but less with mobile devices. If clients are actively connecting to those foreign networks AND sending data AND YOUR clients can see the traffic, that is what could be problematic. Most likely you can see these networks because the access points are powerful, but the clients might not be powerful enough to create more cochannel interference for you.
If these are 5ghz networks, the cochannel interference from these networks is less of a problem, because it does not propagate as far as the 2.4ghz band. This gives you an opportunity to deploy on 5ghz to support your clients.
If these are instant APs, you would want to keep an eye on the RF utilization on any channels that you choose to deploy on by looking at the front page. On controller-based access points, the dashboard will also give you an idea of what the RF utilization is on any access points you choose to deploy.
I've got the same question, how would you best onboard a ubuntu 16 or other linux device ?
...and it works fine. but i still not able to onboard Ubuntu 16 and other Linux. anyone has a...
sorry nevermind this.
my mistake i chose the auth mehtod using OCSP enabled TLS.
i use just TLS and it works fine.
but i still not able to onboard Ubuntu 16 and other Linux.
anyone has a workaround for this?
if i use Ubuntu onboarding profile, the quickconnect ERROR on the last step configuring new network.
..., choose other (dont choose ubuntu even if it is ubuntu 16). it will help you auto generate the...
pop-up the device categorization under onboard setting, when you use linux anything but ubuntu 14, choose other (dont choose ubuntu even if it is ubuntu 16). it will help you auto generate the certificate and download it.
but you have to setup the network profile manually.
yes it was my problem too. user had to convert it one by one but i dont see any other option for...
yes it was my problem too. user had to convert it one by one but i dont see any other option for now.
Customer already happy enough it could auto generate a cert and download it. running the same command to convert it for every user was not a problem for them.