How to configure and troubleshoot a hierarchical deployment setup running 3G Uplink on Aruba Instant?
Instant network supports Ethernet, 3G/4G USB and Wi-Fi as the uplinks. USB modems and the Wi-Fi uplink can be used to extend the connectivity to places where an Ethernet uplink cannot be configured. It also provides a reliable backup link for the Ethernet based Instant networks.
This article details on configuration and troubleshooting of Instant network when 3G USB modem is used as an uplink.
- 3G and 4G LTE USB modems can be provisioned on RAP-3 and RAP-108/109
- Master Election Protocol prefers the IAP (Instant Access Point) with 3G/4G uplink when electing for VC for the Instant network.
- Instant does not support configuration of an Eth0 uplink port of a Virtual Controller.
The following software and hardware are used in this document to illustrate the concept and configuration steps:
|Hardware||Aruba Instant RAP-3WN|
Aruba Instant 184.108.40.206-220.127.116.11
This section details on the configuration for the above shown setup. As mentioned below, we first divide configuration into different categories:
- Configuration for 3G uplink
- Creating wired ethernet profiles for Eth1 and Eth2
- Creating DHCP server for Wired Vlan connecting to Eth2 downlink port
I. Take the below steps to configure 3G uplink IAP:
1. Login into Instant WebUI
2. Click on "Settings" from the main menu.
3. Click on "Show advance options" at the bottom of the General tab.
4. Click on "Uplink" tab for 3G Uplink settings. For information, Wi-Fi uplink and PPPoE configuration is also done here.
II. Take below steps to configure wired ethernet profiles for downlink ports:
Eth1 connects to a private vlan to which IAP's are connected and Eth2 is connected to Wired swicth to which wired clients are connected.
In the above topology, we considered IAP network connecting to Eth1 on Vlan 10 and Wired clients connecting to Eth2 on Vlan20.
NOTE: Below steps talk of creating of two ethernet profiles. .
- Log into Instant WebUI
- Click on "Wired" from the Main menu in the top-right corner.
- Click on "New" to create Wired Ethernet Profile:
4. Configure Wired Ethernet profile with the required Vlan, Authentication and Access Control list. Under Wired Settings, enter the name of the Profile, and configure Duplex settings and Content Filtering.
5. Under VLAN, configure Port mode (Trunk or Access), Native Vlan and Allowed Vlans. In our case, we used Access| Vlan 10 for Eth1 andAccess|Vlan 20 for Eth2.
6. For wired clients connecting to Eth2, we can have Dot1X and Mac authentication options. But for Eth1, where IAP's are being connected, these authentication options should be disabled.
7. Once Authentication is configured, move to the next screen to define Access Lists. For Eth2, we can configure access list and you have wired clients coming in through this port. But for Eth1, have it unrestricted.
NOTE: By default, for "Network-based" every thing is allowed.
Once the Wired Ethernet Profiles are configured, assign it to the downlink ethernet ports:
III. Now, its time to configure DHCP server for Vlan's mentioned in the Wired Ethernet Profiles. IAP's connecting to Eth1 take IP address from Vlan 10 DHCP server and clients connecting to Eth2 downlink ports will get IP address from the Vlan 20 DHCP server.
1. Log into Instant WebUI
2. Click on "VPN" from the top-right corner
3. Click on "DHCP Server" and then Click on "New"
4. Click on "Finish"
Below steps and screen shots help us to verify the configuration:
1.The below image shows that the uplink is Ethernet (Eth0) and the 3G profile is LOAD state. 3G uplink should be in LOAD status. If its in INIT state the automatic failover to 3G will not work.
2. Below images shows that uplink failovered to 3G when Ethernet is DOWN.
3. Here we see, IAP connecting to Eth1 port and getting an IP address in VLAN 10:
4. Below we see a wired user connecting to Eth2 port and getting an IP address from Vlan 20:
(To view this list of wired users, Click on "Wired" from the top-right menu of Instant GUI)
5. Once the IAP is UP on 3G link, it can be accessed using Public IP via WebUI or SSH. Below image shows SSH access to pulic IP.
(NOTE: Ensure that "Terminal Access" is enabled in Settings -> General Tab (Click on "Show Advanced Option"s)
Below are the certain steps that help in troubleshooting the issue if 3G uplink fails:
Verify that 3G USB modem is working by connecting it to a laptop and accessing the Internet. This ensures that hardware is functioning and the plan from service provider is active.
Ensure that 3G uplink is in LOAD state, when "Show Uplink status" command is executed.
When the failover from Ethernet to 3G fails, then in the "Show log system" verify if the 3G uplink probe is sent. As we see below:
- Country: India
- ISP: Airtel-3G