Technical Webinar- Aruba Central with Instant AP
05-31-2018 05:44 AM - edited 07-16-2018 02:37 AM
Adding this post here to share the content of the Airheads Technical Webinar we delivered this Tuesday, May 29th on Aruba Central with Instant AP. For those who could not attend the session please find below:
- Webinar Recording:
- Webinar Slides:
Please note that you can find additional on-demand technical webinars on our Airheads webinar repository page.
As well, the webinar calendar up to December 2018 is available here.
Please feel free to leave any additional comments and questions you may have below. We will make sure to answer them as soon as possible.
Re: Technical Webinar- Aruba Central with Instant AP
05-31-2018 06:27 AM
Please see below the Q&A that took place during the webinar.
Q1: Does central provide all the features of LIC-PEF and LIC-RFP ?
A1: IAP does not make use of any license even if it is running locally. So, it supports LIC-PEF & LIC-RFP features directly. From Central perspective, the only license needed is Device management license in order to manage it via Central.
In case you need to use other services (cloud guest, clarity,presence analytics), you would need network service subscription license.
Q2: What are the main differences or advantiges/disadvantiges between Aruba Central and AirWave
Q3: When will wlan controllers be supported in central?
A3: PLM team is looking for the possibilites to integrate central with WLAN controller. As of now we dont have any extact ETA
Q4: Is it possible to use a Single-Sign-On for mutliple users via Active Directory.
A4: Is it SSO for logging in to Central UI?
If yes, we expect it to supported in upcoming release.
Q5: Is there a list, what switches can be managed by Central GUI(Wired management)? (I have a 8310M and I can only put it into a Template Group. Why?)
A5: All the information/list is avaiable in user-guide along with minimum version supported
Q6: HI, are the any time span between you do the lic purchase and when you have to activate the license
The adding of subscriptions is not the startdate but the delivery date is, right?
A6: its Activation date.
Q7: Is it possible to deploy Central in a controller based solution?
A7: As of now no.. But its on road map .. we can expect this starting from 8.4 and above
Q8: is it possible to use a Single-Sign-On for mutliple users via Active Directory or is the only possiblity to register each user manually on the portal...
A8: One user/first user need to register. And that user can add the second and consequtive users as Admin user or Read Only .. so the second user need not go thru the registration process
Q9: well with our personal Cental enviroment we received the licenses on the 7th of may, however we only added them around the 20th of may. Now we see an end date of the 7th of may 2019 instead of the 20th of may 2019.
A9: Looks something is wrong. It will good to open a TAC case to look at the backend
Q10: ... so this is the only possiblity - It`s not possible to use a Active Directory for example... because this method is difficult do use when you have 100+ users...
A10: Sorry the question is incomplete.
Q11: in an IAP cluster can I add central management to some access points or I have to add it to all the access points in the cluster?
A11: Its recommended to add all the MAC address/AP's
Q12: Can we use a single Cloud guest subscription for a IAP deployment with more than 1 AP. What will happen if the subscription cloud guest is applied to only the virtual wlc ap and the ssid uses splash page from cloud guest?
A12: No. Guest License is required for all the AP. if the Guest License is not mapped to slave AP, then client connecting to that slave AP will not pass the captive portal authentication
Q13: So if I have a controller based architecture , can´t I get Guest portal services ONLY with Aruba Central if I don´t need device management? Do I have to buy ClearPass? Do I only have that possibility?
A13: Currenlty we dont support controller-based architecture. As of now the only option is use Clearpass
Q14: there is no subscription license difference between IAP and/or switches, isn`t it?
A14: There is a difference, we have different SKU for IAP and Switches
Q15: can devices be part of more than one groups?
A15: No.. there is no use-case for the device in two different group.. single VC cannot be more than one group. But multiple VC in a group, can have multiple/differnt VC specific configuration
Q16: What happens to a 1yr subscription after activation but only assign devices after 6 months later after activation, will the subscription only last for 6 months?
A16: Only the activation date will be considered..
Q17: there is also no use case in an MSP enviroment?
A17: Service providers who are managing multiple customers can make use of MSP.
They will have insight in to the entire inventory, subscription keys etc.
They can create customers, assigned devices/licenses & configure the groups as pre requirement.
Q18: Can you configure a specific setting on one switch which is part of a group? For example VLAN port memberships?
A18: Yes, device specific config is there
Q19: What happens with device password when your licence expires? Is the device left with the Central Password, or is it reset back to its original password? THank You,
A19: there will be no change in the password.
Q20: With MSP, is it possible to see which specific licenses and subscriptions are assigned to customers? We have different customers with different length of licenses, but can't see which are assigned
A20: Under Device management, there is a separate column called 'Customer" .. by using this we can see the assigned license
Q21: that only shows whether the device is subscribed, it doesnt show when the license assigned to the device will expire
A21 : Audit trial will give us some additional information
Q22: After the 90 day evaluation period, the account get deactivated or just expire the 10/20 subscription?
What about the 2 server of central: portal-prod2.central... vs central... it's very confusing when creating account and login
A22: Expire the subscription
Q23: the config is pushed through SNMP?
Q24: regarding the activation date of the licenses, we also have a customer who received the licenses on 03-19-2018 while they have been added to Central on 03-23-2018 and yet the expiration date here is also 03-19-2019. So do we need to open a TAC case for them as well?
A24: Yes, please open a TAC case for the same.
A25: they are two different central servers
Q26: does al the cluster IPs need internet + dns access or only the master?
A26: only VC need to have the internet or dns access. But in case if VC get change then we need to provide access to other VC.. so recommneded to provide access to all the device
Q27: are there design guides how the networks should/could look like on the customer side?
A27: we do have few VRD(Validate Reference Design) guide in Aruba support site .. or you can get in touch with Aruba Sales/System Engineer about the deployment or POC
Q28: is there a link to a recorded IAP webinar to get a better understandig how this works in detail?
Q29: what is meant on a switch when i use the command "show aruba central" - Mode: monitor or managed and what is the difference?
A29: Aruba Central is now available in two operational modes:
n Standard Enterprise Mode—The standard enterprise mode provides a complete view of the devices that are monitored and managed by Central. It also allows end-end provisioning, management, monitoring, maintenance operations for the devices associated with the Central customer accounts.
Managed Service Mode—The Managed Service Portal provides a consolidated view of the networks of customers. The service provider administrators can manage devices, and subscriptions associated with the customer accounts within their network
We can get more detailed information from User Guide. which is available in Aruba support site
Nitesh: Managed means it is being manged by Central.
Q30: I have to leave in a few minutes sorry. But could I ask if stacked switches would be viewable within Central soon?
A30: As of now we only support stacking for 2920 switches. This is only available via template groups. We have monitoring support for this switch.
Q31: is there a way to export or save the configurations done on central as a backup to be able to restore it?
Q32: What are the prerequisits for an Aruba switch to be managed in central through UI?
A32: we need to check the support switch platform and support firmware version
Q33: how does this RADSEC certificate look like and where is this one stored?
A33: RADSEC certificate is stored on the AP itself. Cloud guest servers are aware of the CA which has signed the certificate & this allows RADSEC connection to be successful.
Q34: we as aruba partner have 7x iaps. what is correct procedure to quit eval/demo central and start it on another site?
A34: We need to unassign the licenses for the devices. After few minutes, the devices will be listed as down on Central.
We can then delete those devices from Monitoring page.
Q35: if we use a local LDAP server for user account on guest login, does the IAP communicate directly with the local LDAP server or the credential should be synchronized with cloud central?
A35: For cloud guest based SSID, the cloud guest servers are automatically added to the configuration. So, we won’t use any external servers in that case.
Q36: If the switch is used before, can it be reverted to default config to join Central (erase startup config)?
A36: Yes, we can factory reset the switch & use it with Central. We need to ensure it is supported on Central & is running atleast the minimum version needed for communication with Central.
Q37: When will be possible add switches already configured?
A37: Please consult with your Aruba SE’s & they would have more information on the roadmap items.
Q38: i have put a 2930f-8g switch into my aruba central and provisioned it. now i want to reset it to factory default to unmanage it. its not connected to the network and i have erased the config on it. but i cannot logon to the switch over console now. clear button is not working. do you know what to do?
A38: Please open a TAC case to debug this further.
Q39: How to use and maintain the VOICE VLAN. We need this
A39: Please use template group to address that.
Q40: How to config port a1-a4 and b1-b4 on 3810M
A40: Currently SFP ports are only supported via template groups.
Q41: so what would be the advantage of using CLI Snippet
A41: For switches, Central currently includes limited configuration options in the UI. If certain configuration parameters, are not available in the UI, Aruba recommends that you use CLI snippets to push configuration changes to switches.
Q42: so what would be the advantage of using CLI Snipped when it is recommend to use Template groups?
A42: Switches can be managed via both UI & Template group but we can’t use both at the same time.
If certain configuration parameters, are not available in the UI, Aruba recommends that you use CLI snippets to push configuration changes to switches.
UI groups are recommended for very simple setups /business where need would be sufficed by UI config itself
Q43: In central port 1-24 are defined for 3810M (with 24 sfp), but in switch a1-a4+b1+4
A43: a1-a4 & b1-b4 are SFP ports. They are only supported via template based configuration.
Q44: How we can authenticate users via facebook link etc
A44: Please refer to the following link:
Q45: How to export devices to Excel? Serial, MAC, model and given name?
A45: Please check the report section on Central.
Q46: Why isn't name given to iap visible when scanning rf (using Chanalyzer and similar). Using Cisco AP we see the names entered
A46: BSSID would be listed rather than the IAP name. In case, there is an issue with name not getting displayed, please open a TAC case.
Re: Technical Webinar- Aruba Central with Instant AP
10-14-2018 08:08 PM
I have one question about the presentation.
On slide 31 you talk about How MSP mode works.There you can see all tasks the Service Provider can perform, and also the tasks the customers are allowed to perfom.
Can you provide further information about these functions:
1. Change PSK and guest portal
2. Terminate service and retain AP configuration ?
Thanks in advance
PS: If you feel this information is useful and solved your question or problem, please do not forget to mark it as a solution and give me some kudos.
Re: Technical Webinar- Aruba Central with Instant AP
10-19-2018 11:07 AM
The MSP can grant different levels of access to the end customer. One of the options is precisely what you're pointing out. The SSID gets created by the MSP, and APs are placed there, but then the customer is allowed to modified the PSK.
The case of a guest portal is slighlty different, as it's a different "app" in Central, so assigning a different access level is extremely simple.
Hope this helps
ACMP, ACCP, ACDX#100
If I answerd your question, please click on "Accept as Solution".
If you find this post useful, give me kudos for it ;)