Controllerless Networks

last person joined: 10 hours ago 

Aruba Instant Wi-Fi: Meet the controllerless Wi-Fi solution that's easy to set-up, is loaded with security and smarts, and won't break your budget.
Expand all | Collapse all

IAP 277 adding a mesh (point to point) to existing config

Jump to Best Answer
  • 1.  IAP 277 adding a mesh (point to point) to existing config

    Posted Oct 31, 2016 02:09 PM

    Good morning,

       I am working on configuring two IAP-277s to bring our network to an isolated trailer. We currently have an IAP cluster up on VLAN 10 (10.0.100.0/24) that is broadcasting 2 SSIDs and operating the Bridge off of a hidden SSID. I am having some trouble with getting this all to work.

    Here is what the setup looks like:

    quickmap.jpg

    I followed a guide and have done the following:

    -Add the mesh Access Point to the cluster. 

    -Turn off Extended SSID

    -Select the IAP in the cluster and change the Uplink to Ethernet Bridging Enabled.

    -Reboot the IAP cluster.

    -Move the Mesh Point IAP to the remote location and power it up.

    Unfortunately, my cluster loses the IAP after moving it. (It's not a distance issue as I have this setup in a lab)

     

    I have a few questions:

    1)Can I connect the IAP to a POE switch? Some articles that I read are stating that the Eth0/Uplink port cannot be active in order for the bridge to work.

    2)Can I use my existing cluster and add a mesh portal/point to it? Or do I need to add a whole new VLAN to my network?

     

    Any input would be appreciated. Thank you



  • 2.  RE: IAP 277 adding a mesh (point to point) to existing config

    Posted Nov 01, 2016 11:29 AM

    Yes you can connect the IAP mesh point to a POE switch, the main thing to watch out for is that there is nothing on the remote/bidge side that is handing out IP addresses.

    You shouldn't have an issue with adding a mesh point to an existing cluster, so long as the mesh point, mesh portal, and VC are all on the same Layer 2 network.



  • 3.  RE: IAP 277 adding a mesh (point to point) to existing config

    Posted Nov 01, 2016 03:44 PM

    Thank you for the reply. I was able to make some headway on it as the Portal and Point are now communicating. 

    Now I cannot get traffic to pass through the remote switch over to the datacenter. 1/2 way there :-P

     

    I have the IAP plugged into a Trunked (native vlan 10, access to all others) but I cannot ping to or from the remote switch. I am, however, able to ping back to the datacenter from the Mesh Point IAP, but cannot ping from the remote Point IAP to the remote switch that it is directly connected to. Would this be something I need to change on the IAPs Ethernet 0 or would my switch be the suspect?



  • 4.  RE: IAP 277 adding a mesh (point to point) to existing config

    Posted Nov 01, 2016 09:27 PM

    Not sure, can you email me the config of your portal and point to jerrod.howard@hpe.com and I will try to look at it tomorrow. 



  • 5.  RE: IAP 277 adding a mesh (point to point) to existing config

    Posted Nov 02, 2017 08:03 AM

     

    Hi, I am having an issue whereas the Mesh Point (remote AP) connects back to the Mesh Portal (Network Root AP) but remote network is unable to ping back to main Network.

     

    Was this ever resolved?



  • 6.  RE: IAP 277 adding a mesh (point to point) to existing config

    Posted Nov 02, 2017 02:22 PM


  • 7.  RE: IAP 277 adding a mesh (point to point) to existing config

    Posted Nov 06, 2017 11:33 AM

    net_sparrow - To clarify your remote access point is able to ping back to the network, but the switch connected to it cannot ping back, correct?

     

    That was my problem and it ended up being a problem with either eth0 bridging not being enabled or a vlan mismatch on the remote switch and wired_port_profile on the remote access point. 

     

    To test, I would recommend allowing all vlans on the wired port profile as well as the port on the switch that the access point connects to.



  • 8.  RE: IAP 277 adding a mesh (point to point) to existing config
    Best Answer

    Posted Nov 06, 2017 11:41 AM

    Here is, kind of, the step-by-step I wrote after I figured out my setup:

    Creating an Aruba IAP wireless bridge
    1.	Bring up the IAP as a normal member of the cluster
    2.	Static the IP and set a reservation
    3.	Create a WIRED INTERFACE NETWORK on the cluster: native vlan X trunk ALL
    4.	Assign the profile to port 0 on the cluster IAPs
    5.	ON THE CLUSTER Set Extended SSID to DISABLED
    6.	***REBOOT THE CLUSTER IF YOU HAD TO DO STEP 3 and/or 5***
    7.	On the mesh POINT set the Uplink values to VLAN X and BRIDGE ENABLED
    8.	Reboot the IAP in the current port.
    9.	After a full reboot, disconnect the IAP and power it up on the remote switch
    10.	On the POINT IAPs switch, set the PoE Profile “Upstream-TrunkPorts” to ENABLED(We use Aruba MAS switches, so this is more-or-less just setting the vlan to match the config on the IAP)
    11.	On the POINT IAPs switch, set the port (0/0/0) to the “Upstream-TrunkPorts-Group” group (We use Aruba MAS switches, so this is more-or-less just setting the vlans to match the config on the IAP)

    I used TRUNK ALL for the initial setup to ensure I could get communication, then I went back and locked it down to the proper VLANS. Hope it can help.




  • 9.  RE: IAP 277 adding a mesh (point to point) to existing config

    Posted Nov 07, 2017 12:34 PM

    I have been configuring similar setup last week.

    Two IAPs 277 acting as a bridge between two locations, and in each location the respective AP is connected to a switch:

     

    Switch====IAP(Mesh Portal) - - - wireless link - - - IAP(Mesh Point)=====Switch

     

    Configuring Mesh Link is relatively easy:

    1. Starting from the factory default settings, let the IAPs form the initial cluster. 
    2. substitute the default Instant (SetMeUp) SSID with a new one, where Extended SSID option is disabled. (reboot required) extended-ssid.JPG
    3. enable ETH0 bridging on the IAP that is selected to be Mesh Point (reboot required).extended-ssid.JPG

    After the reboot the mesh link between Mesh Portal and Mesh Point is up and running. You are also able to use the wireless link behind the Mesh Point in the remote location. However, as in my case, if want to use the wired connection behind the Mesh Point here comes the tricky part of the configuration. 

     

    1. Enabling ETH0 bridging option (step 3 above) to form the mesh link disables the wired link. If you want to use it, you have to enable it, and this is a bit hidden. Go to More->Wired  and check the wired profiles there. You have to either define your own wired profile on ETH0 or, as I did, modify the default_wired_profile and enable ETH0, as per default it is in the admin mode DOWN (reboot required).  wired-profile.JPGset the admin state to upset the admin state to up
    2. Last issue to check (may not affect all the setups) is to check on the switch from with the IAP is powered up in the remote location whether there is enough power assigned on that interface. In my case (8 port 2930, AOS-S 16.02) I had initially 25W and lldp on, and that was not sufficient to enable the ETH0 again - the IAP went into a reboot loop. Solution was to increase it to 30W and turn the LLDP off.

     

     



  • 10.  RE: IAP 277 adding a mesh (point to point) to existing config

    Posted Nov 07, 2017 12:49 PM

    files showing below:

     

    PtP drawing.jpg

    Attachment(s)

    txt
    MASTER_Tech-support.txt   283 KB 1 version
    txt
    Master_Switch.txt   6 KB 1 version
    txt
    Master_Switch.txt   6 KB 1 version
    txt
    SLAVE_Tech-support.txt   226 KB 1 version


  • 11.  RE: IAP 277 adding a mesh (point to point) to existing config

    Posted Nov 07, 2017 04:22 PM

    Hi VincentArriola. Thankyou for your update and help on this issue.

     

    I had already completed the setup as outlined in your email with the exception of  

     

    7.            On the mesh POINT set the Uplink values to VLAN X and BRIDGE ENABLED

    When I attempt this I lose all connectivity with the planned mesh POINT so have to revert the changed via CLI and reload.

     

    10.          On the POINT IAPs switch, set the PoE Profile “Upstream-TrunkPorts” to ENABLED(We use Aruba MAS switches, so this is more-or-less just setting the vlan to match the config on the IAP)

     

    11.          On the POINT IAPs switch, set the port (0/0/0) to the “Upstream-TrunkPorts-Group” group (We use Aruba MAS switches, so this is more-or-less just setting the vlans to match the config on the IAP)

     

    With points 10 & 11 I am using HP switches and trunking all with a native VLAN 4 on the switch ports the Aruba APs connect to.

     

    VLAN 4 = Management (switches/APs and Clients) -- this is going into an existing site so I am unable to change this although I know it’s not ideal.

     

    VLAN 5 = VOIP network.

     

    The mesh network between Master Portal and Slave Point establishes OK and I can ping from the Master network switch to the Slave mesh point on VLAN 4. For the VOIP VLAN 5 I can ping through from Master switch to Slave network and back again.

     

    From the Slave Mesh Point I can ping the Master Portal, VLAN 4 and 5 back on the Master switch and any clients connected on the Master switch.

     

    My problems:

     

    From the Master network switch I am unable to ping anything past the Slave Point on VLAN 4. Traceroute produces no results. We need the ability to connect to the remote Slave Point from the remote switch should it become ‘stranded’ as both Aruba’s will be installed on roof tops. We also need to be able to see the switch and clients connected on VLAN4 on the Slave site.

     

    I know the problem is likely to be with eth0 bridging and/or switch port configuration. VLAN 5 connection is OK whereas VLAN 4 is not. As I said earlier I attempted to change the uplink VLAN to 4 on the Slave mesh Point but lost connection so this was changed back to VLAN 0.

     

    Please find attached above my redacted show tech-support from both Master (mesh portal) and Slave (mesh point), switch and a schematic showing the setup.

     

    Thank you for any assistance you can provide.

     

     



  • 12.  RE: IAP 277 adding a mesh (point to point) to existing config

    Posted Nov 08, 2017 06:09 AM
    net_sparrow
    please double check if at your Mesh Point the admin state of your Eth0 port is up, as it goes to down per default as soon as you enable bridging on the Eth0 (please refer to point 1 in the second part of my previous post on how to do it).


  • 13.  RE: IAP 277 adding a mesh (point to point) to existing config

    Posted Nov 08, 2017 11:36 AM

    Hi Lukasz,

     

    Thank you. I've confirmed the Slave Point Eth0 port is active. I can see the Slave Point MAC on the switch and protocol up.

     

    Importantly I can pass traffic back across from the Slave switch VLAN 5 but not VLAN 4.

     

    Untitled.jpg



  • 14.  RE: IAP 277 adding a mesh (point to point) to existing config

    Posted Nov 08, 2017 12:39 PM

    Hi net_sparrow,

    ok, then the next place to do the check is in the very next Tab of your wired profile applied on the ETH0 port, namely under VLAN. Please double check, both native VLAN and allowed VLANs there, if it corresponds to what you wanted to set. You may also want to double check security settings in the third tab, too.

    wired-profile-vlan.JPG



  • 15.  RE: IAP 277 adding a mesh (point to point) to existing config

    Posted Nov 07, 2017 12:45 PM

    Hi VincentArriola. Thankyou for your update and help on this issue.

     

    I had already completed the setup as outlined in your email with the exception of  

     

    7.            On the mesh POINT set the Uplink values to VLAN X and BRIDGE ENABLED

    When I attempt this I lose all connectivity with the planned mesh POINT so have to revert the changed via CLI and reload.

     

    10.          On the POINT IAPs switch, set the PoE Profile “Upstream-TrunkPorts” to ENABLED(We use Aruba MAS switches, so this is more-or-less just setting the vlan to match the config on the IAP)

     

    11.          On the POINT IAPs switch, set the port (0/0/0) to the “Upstream-TrunkPorts-Group” group (We use Aruba MAS switches, so this is more-or-less just setting the vlans to match the config on the IAP)

     

    With points 10 & 11 I am using HP switches and trunking all with a native VLAN 4 on the switch ports the Aruba APs connect to.

     

    VLAN 4 = Management (switches/APs and Clients) -- this is going into an existing site so I am unable to change this although I know it’s not ideal.

     

    VLAN 5 = VOIP network.

     

    The mesh network between Master Portal and Slave Point establishes OK and I can ping from the Master network switch to the Slave mesh point on VLAN 4. For the VOIP VLAN 5 I can ping through from Master switch to Slave network and back again.

     

    From the Slave Mesh Point I can ping the Master Portal, VLAN 4 and 5 back on the Master switch and any clients connected on the Master switch.

     

    My problems:

     

    From the Master network switch I am unable to ping anything past the Slave Point on VLAN 4. Traceroute produces no results. We need the ability to connect to the remote Slave Point from the remote switch should it become ‘stranded’ as both Aruba’s will be installed on roof tops. We also need to be able to see the switch and clients connected on VLAN4 on the Slave site.

     

    I know the problem is likely to be with eth0 bridging and/or switch port configuration. VLAN 5 connection is OK whereas VLAN 4 is not. As I said earlier I attempted to change the uplink VLAN to 4 on the Slave mesh Point but lost connection so this was changed back to VLAN 0.

     

    Please find attached my redacted show tech-support from both Master (mesh portal) and Slave (mesh point), switch and a schematic showing the setup.

     

    Thank you for any assistance you can provide.

     

     



  • 16.  RE: IAP 277 adding a mesh (point to point) to existing config

    Posted Nov 07, 2017 12:52 PM

    Hi VincentArriola. Thankyou for your update and help on this issue.

     

    I had already completed the setup as outlined in your email with the exception of  

     

    7.            On the mesh POINT set the Uplink values to VLAN X and BRIDGE ENABLED

     

    When I attempt this I lose all connectivity with the planned mesh POINT so have to revert the changed via CLI and reload.

     

    10.          On the POINT IAPs switch, set the PoE Profile “Upstream-TrunkPorts” to ENABLED(We use Aruba MAS switches, so this is more-or-less just setting the vlan to match the config on the IAP)

    11.          On the POINT IAPs switch, set the port (0/0/0) to the “Upstream-TrunkPorts-Group” group (We use Aruba MAS switches, so this is more-or-less just setting the vlans to match the config on the IAP)

     

    With points 10 & 11 I am using HP switches and trunking all with a native VLAN 4 on the switch ports the Aruba APs connect to.

     

    VLAN 4 = Management (switches/APs and Clients) -- this is going into an existing site so I am unable to change this although I know it’s not ideal.

     

    VLAN 5 = VOIP network.

     

    The mesh network between Master Portal and Slave Point establishes OK and I can ping from the Master network switch to the Slave mesh point on VLAN 4. For the VOIP VLAN 5 I can ping through from Master switch to Slave network and back again.

     

    From the Slave Mesh Point I can ping the Master Portal, VLAN 4 and 5 back on the Master switch and any clients connected on the Master switch.

     

    My problems:

     

    From the Master network switch I am unable to ping anything past the Slave Point on VLAN 4. Traceroute produces no results. We need the ability to connect to the remote Slave Point from the remote switch should it become ‘stranded’ as both Aruba’s will be installed on roof tops. We also need to be able to see the switch and clients connected on VLAN4 on the Slave site.

     

    I know the problem is likely to be with eth0 bridging and/or switch port configuration. VLAN 5 connection is OK whereas VLAN 4 is not. As I said earlier I attempted to change the uplink VLAN to 4 on the Slave mesh Point but lost connection so this was changed back to VLAN 0.

     

    Please find attached my redacted show tech-support from both Master (mesh portal) and Slave (mesh point), switch and a schematic showing the setup.

     

    Thank you for any assistance you can provide.

     

     



  • 17.  RE: IAP 277 adding a mesh (point to point) to existing config

    Posted Nov 07, 2017 01:00 PM

    Hi VincentArriola. Thankyou for your update and help on this issue.

     

    I had already completed the setup as outlined in your email with the exception of  

     

    7.            On the mesh POINT set the Uplink values to VLAN X and BRIDGE ENABLED

    When I attempt this I lose all connectivity with the planned mesh POINT so have to revert the changed via CLI and reload.

     

    10.          On the POINT IAPs switch, set the PoE Profile “Upstream-TrunkPorts” to ENABLED(We use Aruba MAS switches, so this is more-or-less just setting the vlan to match the config on the IAP)

     

    11.          On the POINT IAPs switch, set the port (0/0/0) to the “Upstream-TrunkPorts-Group” group (We use Aruba MAS switches, so this is more-or-less just setting the vlans to match the config on the IAP)

     

    With points 10 & 11 I am using HP switches and trunking all with a native VLAN 4 on the switch ports the Aruba APs connect to.

     

    VLAN 4 = Management (switches/APs and Clients) -- this is going into an existing site so I am unable to change this although I know it’s not ideal.

     

    VLAN 5 = VOIP network.

     

    The mesh network between Master Portal and Slave Point establishes OK and I can ping from the Master network switch to the Slave mesh point on VLAN 4. For the VOIP VLAN 5 I can ping through from Master switch to Slave network and back again.

     

    From the Slave Mesh Point I can ping the Master Portal, VLAN 4 and 5 back on the Master switch and any clients connected on the Master switch.

     

    My problems:

     

    From the Master network switch I am unable to ping anything past the Slave Point on VLAN 4. Traceroute produces no results. We need the ability to connect to the remote Slave Point from the remote switch should it become ‘stranded’ as both Aruba’s will be installed on roof tops. We also need to be able to see the switch and clients connected on VLAN4 on the Slave site.

     

    I know the problem is likely to be with eth0 bridging and/or switch port configuration. VLAN 5 connection is OK whereas VLAN 4 is not. As I said earlier I attempted to change the uplink VLAN to 4 on the Slave mesh Point but lost connection so this was changed back to VLAN 0.

     

    Please find attached my redacted show tech-support from both Master (mesh portal) and Slave (mesh point), switch and a schematic showing the setup.

     

    Thank you for any assistance you can provide.