How an Aruba campus AP discovers its master controller
How does an Aruba Campus Access Point (CAP) discover its controller in order to become operational?
Care should be taken to avoid NAT devices between the campus access points and their controller.
Upon boot up to its AOS code, an Aruba campus AP acquires its IP information (address, netmask, gateway, dns, domain) via dhcp and initiates the Aruba Discovery Protocol (ADP) to find its controller.
The ADP protocol leverages DHCP, DNS lookup and broadcast/multicast queries to find a controller in the following manner:
- Upon receiving and accepting a DHCP offer, if options 60 (ArubaAP) and option 43 (IP_address) are present, ADP will use option 43 value as the ip address of the AP master controller.
- If DHCP options 60 and 43 are not present, the ADP protocol will send two UDP discovery frames (1 broadcast and 1 multicast) every 0.5s for 5 seconds.
- If no response from any controller is received, the AP will initiate a DNS lookup for aruba-master.domain (default), where 'domain' is the domain received via dhcp.
- If a DNS response that resolves aruba-master is received, the AP will reboot and restart all over again.
Once the campus AP locates a controller (its master), it will communicate with it using the papi protocol (inside a secure tunnel if cpsec is enabled) to upgrade itself and/or to download its ap-group configuration if already provisioned.
Configuration of DHCP options 60 and 43 under Windows and Linux is available here
The following wireshark capture illustrates the steps taken by an AP to acquire an IP address via DHCP (no option 43), to send broadcast/multicast queries and finally to do a DNS lookup for aruba-master.gta.net that received a response with two IP addresses for the master controller: