Wireless Access

last person joined: an hour ago 

Access network design for branch, remote, outdoor and campus locations with Aruba access points, and mobility controllers.
Expand all | Collapse all

Mesh Setup on 3200XM with iAP-275s?

  • 1.  Mesh Setup on 3200XM with iAP-275s?

    Posted Nov 09, 2015 09:51 AM

    Has anyone setup a mesh network using iAP-275s and a 3200XM controller?   I am told by the Aruba techs that is a very common setup but I have had two of them try to get it working here with no to little success.   

     

    Any advice is appreciated.  I am very new to this and basically have been working with them remoted into and doing most of the work.  

     

    The problem we are having is that when a client connects to the WiFi via a 275 setup up as a Campus AP and acting as a Mesh Point, the client is unable to get any web pages and cannot even get the Guest Login page on ClearPass.   But when the same client connects to the same WiFi but to a 275 setup as a Remote AP and acting as a Mesh Portal, everything works fine.   

     

    We have been trying this for over three weeks now and coming into our deadline for this to work.   Any help or request for more information will be much appreciated.  

     

     



  • 2.  RE: Mesh Setup on 3200XM with iAP-275s?

    Posted Nov 09, 2015 10:48 AM

    Would need more details on what you are trying to do and how you are setting up your mesh. Remote Mesh Portal is NOT a common deployment.

     

    So you have two IAP-275s that are running as mesh devices?

    One is a portal and the other is a point and they both show up in the controller?

    What channel is the 5Ghz?

    Are you doing tunneled or bridged?

     

    Are both in the same AP gorup and there is no 'ap-specific' config?

    What firmware version?

     

    If you want to email me your tech-support, shoot it to jhoward -at- arubanetworks -dot- com. I've done this more times than I can count and it should work fine



  • 3.  RE: Mesh Setup on 3200XM with iAP-275s?

    Posted Nov 09, 2015 01:10 PM

    Jerrod,

     

    Much thanks for the reply.   

     

    I am very new to this so please bear with me.

     

    So you have two IAP-275s that are running as mesh devices?
    -- Yes

    One is a portal and the other is a point and they both show up in the controller?
    -- Yes

    What channel is the 5Ghz?
    -- 157

    Are you doing tunneled or bridged?
    -- Bridged
    Are both in the same AP group and there is no 'ap-specific' config?
    -- Same AP group

    What firmware version?
    -- Version 6.4.3.4

     

    We are trying to setup a network with 7 APs, two of them will be wired into an external network with Internet access and the other 5 will be the points connecting to those two portals.  And in one stop, we will need one point to be able to connect to another point, with that one connecting to the portal.   

     

    The Aruba tech setup the VLANs and DHCP pools in the controller along with showing me how to convert the iAPs to Remote and Campus APs.  

     

     



  • 4.  RE: Mesh Setup on 3200XM with iAP-275s?

    Posted Nov 09, 2015 05:57 PM

    So the issue is likely in the bridge config. For giggles, until I see a show tech, change the mode from bridge to tunnel in your single point and portal config. Is the goal to transport a single VLAN or are you attempting to transport multipel VLANs over the mesh link?



  • 5.  RE: Mesh Setup on 3200XM with iAP-275s?

    Posted Nov 12, 2015 07:19 AM

    The tech connected back in and totally redid the setup.  Made the mode tunnel and re-provisioned both APs.  We were able to get a client to connect to the internet via the mesh point with the portal being directly connected to the 3200XM controller.  But once we moved the portal to an outside network, one connected to one of our DSL modems, the client, still connecting to the point, was not able to get to the internet.   The client works fine connecting to the portal, though.   

     

    So, his last thoughts were that there is something wrong in the code, in the firmware of the APs that are acting as mesh points.   He is taking this setup back to his lab to work on it and hopefully I will hear back soon.

     

    To answer your question, I believe there are two VLANs involved.  One, VLAN 150, setup for the communication between the portal and the point, and another, VLAN 568, setup for the clients to use.

     



  • 6.  RE: Mesh Setup on 3200XM with iAP-275s?

    Posted Nov 12, 2015 08:24 AM

    Not sure I follow, you moved the portal to an outside network? You may need to make a network drawing that shows what VLANs are where, how everything is connecting, including any and all switches. If it work in on way but not another based on how the portal is wired, it's not a code issue on the mesh point, but likely a network config issue somewhere in between. 



  • 7.  RE: Mesh Setup on 3200XM with iAP-275s?

    Posted Nov 12, 2015 08:39 AM

    Having a network diagram of all this is a good idea, and I will see what I can to.   

     

    Until then...

    In between where?  The client and the point?  The point and the portal?  The portal and the controller?  

     

    All Wireshark traces show network traffic going in both directions until the wireshare trace is done on the client when it is connected to the point.  

     

    The tech is thinking it is a code issue at the mesh point.   The only difference is the client connecting to the mesh point.  Everything else is the same from when it works and does not work.  The client can get to the internet when connecting to the mesh portal regardless of how the mesh portal connects to the controller, directly (internal network) or via the web (external/outside network).

     

    I am open to futher investigations.

     



  • 8.  RE: Mesh Setup on 3200XM with iAP-275s?

    Posted Nov 12, 2015 03:23 PM

    I will wait for a drawing to comment further, as it would just be speculation on my part. Also make sure you don't have ANY port security enabled on the mesh point or portal's switch port.



  • 9.  RE: Mesh Setup on 3200XM with iAP-275s?

    Posted Nov 12, 2015 03:23 PM

    Also note, if this is a critical situation, a TAC case should be opened to let TAC diagnose your config and deployment.



  • 10.  RE: Mesh Setup on 3200XM with iAP-275s?

    Posted Jan 14, 2016 10:59 AM
      |   view attached

    Sorry for the long delay.   I have been working with a few Aruba Techs.   Case #1767177.  And they have made some changes.  We have currently been lead to belive there is a problem within the firmware of the AP-275s, the point, I believe.  They have requested numerious logs and wireshark captures.

     

    But I am including a network diagram of our current setup.  Please bear in mind, I am still learning all this so if there is anything that should/could be added to the diagram, please let me know.  Any and all help/suggestions would be appreciated.

    Attachment(s)



  • 11.  RE: Mesh Setup on 3200XM with iAP-275s?

    Posted Jan 26, 2016 10:06 AM

    Received the following from the Aruba/HPE tech....

     

    "Please modify wlan ssid-profile REMOTEMESH encryption mode as “wpa2-psk-aes”.  Let’s see if this could be a temporary workaround.       

    In my testbed if encryption mode is open , the packet would not pass to controller , R&D is analyzing the root cause."

     

     

    I did the following...

    • Aruba 3200XM
      • Configuration | ADVANCED SERVICES | All Profiles
        • SSID | REMOTEMESH | Advanced
          • Encryption
            • Unchecked “opensystem”
            • Checked “wpa2-psk-aes”
          • Apply
            • Error processing command 'wlan ssid-profile "REMOTEMESH" opmode wpa2-psk-aes':Error: opmode requires a pre-shared key. Either wpa-hexkey or wpa-passphrase must be set.
          • Basic | 802.11 Security
            • Encryption changed to WEP
          • Basic | Keys
            • “1234567890”
          • Apply
            • Configuration Updated Successfully
          • Repeated steps for the SSID TEST
          • Connected to REMOTEMESH via laptop.
            • Entered key
            • Able to surf the internet

    Having a key on a SSID that is suppose to be an open, public network is not the plan but this temporary workaround is the closest we have come to a solution, so far.