How-to: Configure a basic Instant mesh
IAP 175 - Instant Mesh Setup
1. Wire all instant APs to a DHCP server so all the IAPs get their IP addresses. APs with country code "US" support over-the air provisioning (OTA). For OTA, wire one IAP to the switch and turn on other mesh APs. The wired AP becomes the mesh portal. For over-the-air provisioning to work correctly, only one virtual controller (one subnet) should be heard over the air.
Note: For over-air-provisioning, the portal has to be configured with an SSID. Instant SSID – mesh is not yet initialized.
2. IAP will beacon an open SSID ‘instant’. Connect a laptop to the default open ‘instant’ ssid
3. From the browser window, navigate to ‘instant.arubanetworks.com’ and click on ‘I understand the risks’ and ‘Add exception.’ This ignores the certificate warnings that are displayed due to the fact that the client does not recognize the certificate signing authority.
4. Connecting to ‘instant.arubanetworks.com’ brings up the Virtual Controller webui. Default username/password is admin/admin
5. Create a new SSID and wpa-2 personal keys with ‘unrestricted’ or ‘network based’ access rules with any any permit for basic connectivity.
6. Connect a client to the new SSID and disconnect from the ‘instant’ SSID. The ‘instant SSID’ should go away if no clients are connected to it.
7. All the IAPs will show up on the Virtual Controller as shown below. Disconnect the IAPs that you want to deploy as Mesh Points from the switch/router (no wired link on the Ethernet interface) and place these at the desired location. The wired IAPs are Mesh Portals.
Instant mesh cheat sheet:
· Limited to maximum of two hops from mesh portal
· Each Portal can have up to a maximum of 8 children
· During the setup phase, for an AP to mesh to its Virtual Controller (VC) the AP must see only one instant network. If the mesh point see more than one instant network, it will not form a mesh to either portals
New Mesh Provisioning Procedure in 4.1
In IAP releases prior to 4.1, mesh is enabled in the factory default configuration. An "out-of-box" IAP may mesh unintentionally with other IAPs automatically and cause deployment issues.
From 4.1, IAP mesh will be disabled in the factory default configuration. Customer has to enable meshing through explicit configuration steps.
IAP mesh background
AP mesh is very similar to AOS mesh, it also have following restrictions where mesh CANNOT work:
- standalone IAP;
- single radio platform, e.g. IAP9x,RAP3;
- "extended_ssid" has being enabled;
- 5G band has being configured for WIFI uplink;
- 5G band has being provisioned for AM / Spectrum;
- All 11AC platforms, e.g. IAP22x (Ardmore), IAP27x(k2);
From 4.1, we turned on “extended_ssid” in the factory configuration, effectively disabling mesh *Mesh network could upgrade smoothly to 4.1 when Mesh was already enabled
How to deploy IAP mesh in 4.1
Use following steps to deploy mesh network in IAP4.1:
- Put all IAPs in a wired switch, make sure VC key and configuration has been properly synchronized, and make sure country code has being configured; # Configure a new SSID and delete factory default SSID
- Turn off ‘extended-ssid’ and reboot the IAP cluster;
- Move one of the IAP to the remote site, without wired uplink it will become mesh point.
Useful commands for troubleshooting IAP mesh (Command output not shown):
show swarm state show aps