Controllerless Networks

last person joined: an hour ago 

Aruba Instant Wi-Fi: Meet the controllerless Wi-Fi solution that's easy to set-up, is loaded with security and smarts, and won't break your budget.
Expand all | Collapse all

Configuring AP-387 for Point to Point link

  • 1.  Configuring AP-387 for Point to Point link

    Posted Sep 23, 2019 04:35 AM

    AP-387 is for 802.11ad 60Ghz Point to Point Solution.
    The AP-387's 5Ghz radio will not serve clients, it will only operate in Point to Point mesh mode.
    If you are doing controllerless networks, The pair of AP-387s should be deployed in Standalone mode with mesh.
    Two AP-387s in Standalone mode will ignore L2 VC advertisements and run independently, allowing you to bridge an IAP VC over an AP-387 Point to Point link.AP387.jpg

     

    How to configure AP-387 for Point to Point link:

     

    Version Used: ArubaInstant_Hercules_8.5.0.2_71711

     

    Power up AP387 and interrupt it in the "apboot" prompt to set the following. 
    //This can be done in the GUI, but will require multiple reboots
    setenv standalone_mode 1
    setenv uap_controller_less 1

    We are making the AP387 in standalone mode and telling it not to look for controller.

     

    Set country code and disable extended SSID
    virtual-controller-country AU
    name <AP-Name>
    no extended-ssid

     

    Configure the clusterless mesh settings. You don't need to goto "configure terminal" for this.
    no mesh-disable
    mesh-cluster-name <cluster-name>
    mesh-cluster-key <cluster-key>

    The cluster name is unique per Point to Point link.

     

    In the Mesh Point, make the ethernet port trusted and enable ethernet briding.wired-port-profile.jpg

    Enabling Ethernet Briding on Mesh Point.Point_EnetBridging.jpg

     

    AP Environment Variable and Values.

    Mesh Portal AP-Env:Portal_AP_Env.jpg

     

    Mesh Point AP-Env:Point_AP_Env.jpg

     

    Verification Commands:

    Mesh Portal:

    show aps

    show ap mesh linkaps-mesh-link-portal.png

    show ap mesh neighbourPortal-Mesh-Neighbour.jpg

     

    Mesh Point:

    show aps

    show ap mesh linkaps-mesh-link-Point.png

    show ap mesh neighbourPoint-Mesh-Neighbour.jpg

     

    The 60Ghz radio has only three channels (1-3). Channel 2 will offer the highest performance for longer links.

     



  • 2.  RE: Configuring AP-387 for Point to Point link

    Posted Dec 10, 2019 09:37 AM

    Nice post. Only think I would add is that any current and future AP-387 PtP links should be upgraded to IAP 8.6.0.0 or later. there was a change to the radio balancing algorithm to prefer the 60Ghz link more heavily so that in the presence of high 5Ghz interference, the link performance is not as impacted due to 5Ghz interference. 



  • 3.  RE: Configuring AP-387 for Point to Point link

    Posted Dec 23, 2019 01:36 PM

    Does anyone know if I can upgrade the 387's while they are in mesh portal/point roles, or do I have to go and pull down the mesh point and bring it back to the office, plug it into the network to upgrade it? In my two installations the mesh points are not easily accessable to bring down.



  • 4.  RE: Configuring AP-387 for Point to Point link

    Posted Dec 23, 2019 02:32 PM

    You should be able to do that while it is connected.  If this is an Instant-based 387, the standard method of upgrading applies for an Instant cluster



  • 5.  RE: Configuring AP-387 for Point to Point link

    Posted Dec 24, 2019 09:06 AM

    Yes, it is instant based. Everytime I go into the cluster and do an upgrade it seems like only the mesh portal upgrades and the point doesn't. Does anyone know if there is an upgrade guide for instant point to point AP's?



  • 6.  RE: Configuring AP-387 for Point to Point link

    Posted Dec 24, 2019 09:11 AM

    What models are the rest of the APs?  The AP-387 is Hercules class, so if your other APs are Hercules Class, it should upgrade with those, as well.  If not, a multi-class cluster upgrade requires a external HTTP, ftp or tftp server to upgrade all pieces...

     

    EDIT:  What is your configuration?



  • 7.  RE: Configuring AP-387 for Point to Point link

    Posted Dec 24, 2019 10:00 AM

    version 8.4.0.0-8.4.0
    virtual-controller-country US
    virtual-controller-key
    name Robo-BN-Mesh
    terminal-access
    clock timezone none 00 00
    rf-band all

    allow-new-aps
    allowed-ap 90:4c:81:c0:27:fe
    allowed-ap 90:4c:81:c0:28:4c

     

    arm
    wide-bands 5ghz
    80mhz-support
    a-channels 116E
    min-tx-power 9
    max-tx-power 127
    band-steering-mode prefer-5ghz
    air-time-fairness-mode default-access
    channel-quality-aware-arm-disable
    client-aware
    scanning

    rf dot11g-radio-profile
    max-distance 0
    max-tx-power 9
    min-tx-power 6
    disable-arm-wids-functions off
    free-channel-index 40

    rf dot11a-radio-profile
    max-distance 0
    max-tx-power 18
    min-tx-power 12
    disable-arm-wids-functions off


    syslog-level warn ap-debug
    syslog-level warn network
    syslog-level warn security
    syslog-level warn system
    syslog-level warn user
    syslog-level warn user-debug
    syslog-level warn wireless


    extended-ssid

     

     

     

     

     

     

    wlan access-rule BR
    index 0
    rule any any match any any any permit

    wlan access-rule default_wired_port_profile
    index 1
    rule any any match any any any permit

    wlan access-rule wired-SetMeUp
    index 2
    rule masterip 0.0.0.0 match tcp 80 80 permit
    rule masterip 0.0.0.0 match tcp 4343 4343 permit
    rule any any match udp 67 68 permit
    rule any any match udp 53 53 permit

    wlan access-rule Wired-Trunk-Port
    index 3
    rule any any match any any any permit

    wlan ssid-profile BR
    enable
    index 0
    type employee
    essid BNR
    wpa-passphrase
    opmode wpa2-psk-aes
    max-authentication-failures 0
    rf-band all
    captive-portal disable
    dtim-period 1
    broadcast-filter arp
    dmo-channel-utilization-threshold 90
    local-probe-req-thresh 0
    max-clients-threshold 64

    enet-vlan 400
    auth-survivability cache-time-out 24

     

    wlan external-captive-portal
    server localhost
    port 80
    url "/"
    auth-text "Authenticated"
    auto-whitelist-disable
    https


    blacklist-time 3600
    auth-failure-blacklist-time 3600


    ids
    wireless-containment none


    wired-port-profile wired-SetMeUp
    switchport-mode access
    allowed-vlan all
    native-vlan guest
    no shutdown
    access-rule-name wired-SetMeUp
    speed auto
    duplex auto
    no poe
    type guest
    captive-portal disable
    no dot1x

    wired-port-profile default_wired_port_profile
    switchport-mode trunk
    allowed-vlan all
    native-vlan 1
    shutdown
    access-rule-name default_wired_port_profile
    speed auto
    duplex full
    no poe
    type employee
    captive-portal disable
    no dot1x

    wired-port-profile Wired-Trunk-Port
    switchport-mode trunk
    allowed-vlan all
    native-vlan 400
    no shutdown
    access-rule-name Wired-Trunk-Port
    speed auto
    duplex auto
    no poe
    type employee
    auth-server InternalServer
    captive-portal disable
    no dot1x


    enet0-port-profile Wired-Trunk-Port
    enet1-port-profile Wired-Trunk-Port

    uplink
    preemption
    enforce none
    failover-internet-pkt-lost-cnt 10
    failover-internet-pkt-send-freq 30
    failover-vpn-timeout 180

     

    airgroup
    disable

    airgroupservice airplay
    disable
    description AirPlay

    airgroupservice airprint
    disable
    description AirPrint

     


    cluster-security
    allow-low-assurance-devices



  • 8.  RE: Configuring AP-387 for Point to Point link

    Posted Jan 21, 2020 08:45 AM

    "In the Mesh Point, make the ethernet port trusted and enable ethernet briding."


    These settings only apply for the Mesh Point? Not for the Mesh Portal? Any additional configuration for the Mesh Portal?

     

    FYI: I have the point-to-point link up and running



  • 9.  RE: Configuring AP-387 for Point to Point link

    Posted Jan 22, 2020 06:49 AM

    No additional config for Mesh Portal. Just ensure that the ap environment variables of Mesh Point and Mesh Portal matches the screenshot in the post.



  • 10.  RE: Configuring AP-387 for Point to Point link

    Posted Jan 23, 2020 07:41 AM

    Thx for your reply. I got it up and running smoothly. *thumbs_up*



  • 11.  RE: Configuring AP-387 for Point to Point link

    Posted Apr 23, 2020 07:53 AM

    Q: What will trigger the AP to move from Mesh Portal to Mesh Point except a manual reboot when in Standalone mode?

     

    I'm trying to use this a backup link for a single fiber between two buildings. 

     

    During normal scenario the AP designated as Mesh Point will have Eth0 connectivity to it's gateway. During error situation (if fiber is disconnected) it will loose this connectivity, but switch link will be up. I think tho that it will only revert to Mesh Point if the physical switch-port goes down.

     

    I have tried to simulate this by doing an interface disable (so that POE is still up), but in standalone mode the "Mesh Point" AP doesn't reboot and change to Mesh Point unless I manually do a "no power-over-ethernet". In cluster mode it will reboot after a few seconds and come up in Mesh Point mode.

     

    It looks to me like I have to have manually disconnect/reconnect the "Mesh Point" to get the Mesh link up in case of fiber-disconnect..

     

    Any tips for how to achieve what I want here without having to do this manual reconnect?



  • 12.  RE: Configuring AP-387 for Point to Point link

    Posted 5 days ago

    Hi,

    I think it's a matter of Spanning-Tree to get working properly.

    the MeshPoint-AP must have the "ethernet-bridging" set - so it stays to be a meshpoint if the uplink is up.

    Did you get it working as intended ?

    I guess - it would be similar if you do have two P2P-links (one as a backup) and want to make use of shared L2 between the locations and not do any ECMP via the two P2P-links.

    Did you try if STP is working via the P2P-link when using tagged management-vlan and untagged VLAN-1 on the mesh-ap-uplinks ?

    Of course the stp-cost should be much higher compared to the fiber-link stp-costs, so the meshpoint-AP uplink is in stp-blocking during normal operation.

    Groetjes

    Jochem



    ------------------------------
    Jochem Knoben
    ------------------------------



  • 13.  RE: Configuring AP-387 for Point to Point link

    Posted May 26, 2020 08:53 AM

    Hello,

     

    When I activate "Enabling Ethernet Brinding" on mesh point.

    I lose the connection with the mesh point. I can't ping anymore the IP adress of the mesh point and I can't access on webadmin.

     

    Can you help me for this problem ?

     

    Thank you for your help,

     

     



  • 14.  RE: Configuring AP-387 for Point to Point link

    Posted Jul 28, 2020 04:48 PM

    adrien_chaput

     

    I've had a few Mesh Points take up to 15 minutes to check in with the Mesh Portal. Just keep the Point aimed at the portal and powered up.  It will probably reboot a few times until it finally checks in.



  • 15.  RE: Configuring AP-387 for Point to Point link

    Posted Jan 20, 2021 02:36 PM
    adrien_chaput

    Did you find a solution to your problem? I'm in the same boat. Link is up and working between mesh portal and mesh point, but no access to the 387's webadmin. 

    Thanks,

    Rob

    ------------------------------
    Rob Whale
    ------------------------------



  • 16.  RE: Configuring AP-387 for Point to Point link

    Posted Jan 21, 2021 12:24 PM
    I have this set up running and I am able to get into the point and the portal with the bridging turned on.   if you want to send me some of the config to look at I will compare it to what I have to see if there is any difference.  are you using hard coded IP addresses,  are you trunking on this connection or just one vlan passing?

    ------------------------------
    Dave Abels
    ------------------------------



  • 17.  RE: Configuring AP-387 for Point to Point link

    Posted Jan 25, 2021 02:31 PM
    Thanks Dave.

    Found the problem. I'm trunking 2 vlans and had the wrong vlan id in Uplink management VLAN.

    ------------------------------
    Rob Whale
    ------------------------------