ArubaOS and Controllers

Contributor I

Re: problems with mesh

I think this is what we need.

interface vlan 103
ip address
ip helper-address

interface vlan 1091
ip address

ap mesh-cluster-profile "MeshCluster_testNET"
cluster "MeshCluster_testNET"
rf-band g

ap mesh-radio-profile "MeshRadio_testNET"
mpv 1091

wlan ssid-profile "testNET"
essid "testNET"
opmode wpa2-psk-aes
wpa-passphrase xxxxx

wlan virtual-ap "VAP testNET"
allowed-band g
aaa-profile "AAA testNET"
ssid-profile "testNET"
vlan 103

ap-group "AP group testNET"
virtual-ap "VAP testNET"
mesh-radio-profile "MeshRadio_testNET"
mesh-cluster-profile "MeshCluster_testNET" priority 1

Reviewed Config

Good info. Thanks!

Based on reviewing your configuration I would note the following:

- You are using 2.4 GHz for both client access and the mesh link. Do you really mean to use 2.4 GHz for client access and 5.0 GHz for the mesh link ? (that is the most typical configuration on an AP-65)

- Beyond the frequency question above, I also notice a Mesh Private VLAN (MPV) still in the config as Colin has already noted. Not needed in this configuration if its just AP-65 to AP-65 on a local mesh connection.
Contributor I

Re: problems with mesh

I changed both, MVP to 0 and mesh cluster RF band to a. I also restarted the APs.

When running show ap mesh topology, I've seen one child for a few seconds. Then it disappeared, came back and now seems to stay. At no point, the testNET SSID was broadcasted by two APs (using Network Stumbler).

Also, show ap active displays only the mesh portal.

But we got a little bit further. :)
Contributor I

Re: problems with mesh

This might also be of interest:

(Aruba 200) #show ap mesh neighbors ap-name AP4

Neighbor list
MAC Portal Channel Age Hops Cost Relation Flags RSSI Rate Tx/Rx A-Req A-Resp A-Fail HT-Details Cluster ID
--- ------ ------- --- ---- ---- -------- ----- ---- ---------- ----- ------ ------ ---------- ----------
00:1a:1e:03:9c:49 00:1a:1e:ba:ec:88 60 0 1 65535 C 1s o 61 6/54 12 12 0 Unsupported MeshCluster_testNET

Total count: 1, Children: 1
Relation: P = Parent; C = Child; N = Neighbor; B = Blacklisted-neighbor
Flags: R = Recovery-mode; S = Sub-threshold link; D = Reselection backoff; F = Auth-failure; H = High Throughput; L = Legacy allowed;
a = SAE Accepted; b = SAE Blacklisted-neighbour; e = SAE Enabled; u = portal-unreachable; o = opensystem

Good progress... Show AP database

What does the "Show AP database" output look like on the system now that the child is up?

Also, show ap details ip-addr x.x.x.x on the Mesh Point will let you know what the second radio (radio 1) is doing on the AP-65. It should be active and advertising.
Contributor I

Re: problems with mesh

Sleeping over it didn't change anything. So this is the situation today:

(Aruba 200) #show ap mesh active

Mesh Cluster Name: MeshCluster_testNET
Name Group IP Address BSSID Band/Ch/EIRP/MaxEIRP MTU Enet Ports Mesh Role Parent #Children AP Type Uptime
---- ----- ---------- ----- -------------------- --- ---------- --------- ------ --------- ------- ------
AP4 AP group testNET 00:1a:1e:ba:ec:88 802.11a/60/23/23 1500 - Portal - 1 65 8m:22s

(Aruba 200) #show ap database

AP Database
Name Group AP Type IP Address Status Flags Switch IP
---- ----- ------- ---------- ------ ----- ---------
AP4 AP group testNET 65 Up 8m:34s M
AP5 AP group testNET 65 Down

(Aruba 200) #show ap details ip-addr (mesh point)

AP "AP5" Basic Information
Item Value
---- -----
AP IP Address
LMS IP Address
Group AP group testNET
Location Name N/A
Status Down

AP "AP5" Hardware Information
Item Value
---- -----
AP Type 65
Serial # A90267010
Wired MAC Address 00:1a:1e:c8:39:c4
Radio 0 BSSID 00:1a:1e:03:9c:48
Radio 1 BSSID 00:1a:1e:03:9c:40
Enet 1 MAC Address N/A
Enet 2 MAC Address N/A
Enet 3 MAC Address N/A
Enet 4 MAC Address N/A
Enet 5 MAC Address N/A
Enet 6 MAC Address N/A
Enet 7 MAC Address N/A

(Aruba 200) #show ap details ip-addr (mesh portal)

AP "AP4" Basic Information
Item Value
---- -----
AP IP Address
LMS IP Address
Group AP group testNET
Location Name N/A
Status Up; Mesh
Up time 12m:41s
Installation indoor

AP "AP4" Hardware Information
Item Value
---- -----
AP Type 65
Serial # A90171376
Wired MAC Address 00:1a:1e:c3:ae:c8
Radio 0 BSSID 00:1a:1e:ba:ec:88
Radio 1 BSSID 00:1a:1e:ba:ec:80
Enet 1 MAC Address N/A
Enet 2 MAC Address N/A
Enet 3 MAC Address N/A
Enet 4 MAC Address N/A
Enet 5 MAC Address N/A
Enet 6 MAC Address N/A
Enet 7 MAC Address N/A

AP "AP4" Operating Information
Item Value
---- -----
AP State Running
Entry created 2010-10-14 16:42:25
Last activity 2010-10-15 06:59:53
Reboots 7
Bootstraps 7
Bootstrap Threshold 16
Slot/Port 1/1

AP "AP4" Radio 0 Operating Information
Item Value Source
---- ----- ------
Mode MPP Provisioned
Band 802.11a Provisioned
Channel 60 ARM
EIRP 23 Configuration

AP "AP4" Radio 1 Operating Information
Item Value Source
---- ----- ------
Mode AP Configuration
Band 802.11g
Channel 1 ARM
802.11b Protection Enabled Configuration

AP "AP4" Provisioning Parameters
Item Value
---- -----
AP Name AP4
AP Group AP group testNET
Location name N/A
SNMP sysLocation N/A
Gateway N/A
Netmask N/A
IP Addr N/A
Domain Name N/A
Server Name
Server IP N/A
Antenna gain for 802.11a N/A
Antenna gain for 802.11g N/A
Antenna for 802.11a both
Antenna for 802.11g both
PAP User Name N/A
PAP Password N/A
PPPOE User Name N/A
PPPOE Password N/A
PPPOE Service Name N/A
USB User Name N/A
USB Password N/A
USB Device Type any
USB Device Identifier N/A
USB Dial String N/A
USB Initialization String N/A
USB TTY device path N/A
USB modeswitch parameters N/A
Remote AP No
Link Priority Ethernet 0
Link Priority Cellular 0
Mesh Role mesh-portal
Installation default
Latitude N/A
Longitude N/A
Altitude N/A
Antenna bearing for 802.11a N/A
Antenna bearing for 802.11g N/A
Antenna tilt angle for 802.11a N/A
Antenna tilt angle for 802.11g N/A
Mesh SAE sae-disable
Contributor I


I finally solved this. The Aruba configuration was correct all the time. Even running the mesh in the same band as the user WLAN is working.

The problem was caused by the LAN switch that connects the mesh portal with our network. We use mac-based VLANs on our switches and allow only one mac address at a time per port. This obviously didn't work for the mesh portal. So the mesh portal couldn't route the traffic from the mesh point to the controller. Connecting the mesh portal to a switch without those security features makes the mesh working.

Thanks to Jason!

View solution in original post

Guru Elite

One thing to note.

One thing to note about Mesh, is that access points ONLY get mesh information programmed into them when you PROVISION THEM. If you make any changes to a mesh cluster profile, or mesh radio profile, you need to reprovision BOTH sides of the link (mesh point first, of course), for it to take effect.

Once again, the parameters that determine what mesh SSID, mesh radio, etc are written into flash when an AP is provisioned and NOT as soon as you make changes and do a "Save Config". What might save you is "mesh recovery mode" which is what each mesh access point falls back to when it cannot find another mesh AP and connects as "unprovisioned" to the controller. You can then reprovision that AP with the correct parameters and you should be fine.

This was not the problem in this particular case, but many times you are making changes to mesh parameters and your mesh points get orphaned, as a result. A quick reprovision will help.

Please look at the Aruba knowledgebase ( and search for answerID 1037 for more on the mesh recovery.

*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Knowledgebase
Airheads Video Knowledge Base
Remote Access Point Solution Guide
ArubaOS Consolidated Release Notes
ArubaOS 8 ViA VPN Solution Guide