Controllerless Networks

last person joined: 2 days ago 

Instant Mode - the controllerless Wi-Fi solution that's easy to set up, is loaded with security and smarts, and won't break your budget
Back to discussions
Expand all | Collapse all

Aruba Instant & Aruba Activate

This thread has been viewed 5 times

  • 1.  Aruba Instant & Aruba Activate

    Posted Jan 17, 2014 03:42 PM

    >For Aruba Activate , is it for free to privde zero touch provisining ?

    >As i understood , i will define my APs @ Aruba activate  Mnually by Myself ?

    >Then when APs powers up with Factory default it will contact Aruba Activate to get the IP  of Configuration Server ( AirWave ) , right ?

    >if i have setup of 6 Instant APs but want to tunnel all traffic to Centralized Controller  at remote location , is this doable ?



  • 2.  RE: Aruba Instant & Aruba Activate

    Posted Jan 17, 2014 05:35 PM
    Activate is a free service to any customer.

    You can assign your devices to folders within Activate and then apply provisioning rules to the folder.....including assigning AirWave or Aruba Central server or converting to campus or remote AP.

    If you want to setup a VPN from the IAPs (IAP-VPN/RAP-NG) you'll need to provision against AirWave or Central to provide the configuration for that. Activate cannot do that alone.


  • 3.  RE: Aruba Instant & Aruba Activate

    Posted Jan 17, 2014 09:20 PM

    Hi Telnet-1,

     

    Sometimes your devices might already be seen on the Activate dashboard off of the purchase, if the same account is maintained since purchase.  Else, you can manually add.  To ensure you see the devices on the dashboard;

    a) Verify that your IAP can reach out to the Internet;
    b) Verify that your IAP firmware version is 6.2.0.0-3.3.0.0_37688
    c) If your IAP has ever communicated with an Airwave or Activate instance in the past, please perform a factory_reset or "write erase all" and reboot the device.
    d) Login to the IAP Web UI and verify that the Airwave Server IP under System>Admin is blank

     

    With regards to creating a VPN tunnel from IAP to Controller, You can refer to the knowledge base article:  https://arubanetworkskb.secure.force.com/pkb/articles/FAQ/How-to-configure-basic-IAP-VPN-Controller-Configuration for quick details of IAP-VPN configuration.

     

    For a client to connect to a RAPNG network, an SSID or wired ports on an IAP should be configured for the appropriate RAPNG mode of operation. The VLAN configuration in an SSID or wired port determines whether an SSID/wired port is configured for the RAPNG. 

     

    Airwave could be used to apply a sample configuration as follows:

     

    • Find the the VC that you like for the "Golden Config" and click on the edit wrench and click "Import Settings".
    • Navigate to Groups>List>Add and create a new group
    • Click on the Group to Edit, Add a New Template
    • Enter the VC that you imported settings and click fetch.  This now serves as the golden template for all IAP's in this group.

    Some screenshots for the above config as attached here.

     

    [Please hit Kudos if my reply helps]



  • 4.  RE: Aruba Instant & Aruba Activate

    Posted Jan 18, 2014 04:56 AM

    Thx , from the below KB , IAP traffic will be sent to Controller through VPN

    Thsi means that i will be able to do all Processing on Controller ( Authentication , Firewalls , ... )

    https://arubanetworkskb.secure.force.com/pkb/articles/FAQ/How-to-configure-basic-IAP-VPN-Controller-Configuration

     

     



  • 5.  RE: Aruba Instant & Aruba Activate
    Best Answer

    Posted Jan 18, 2014 06:54 PM

    Yes, we can pass all traffic including authentication to the Controller for a Single Data Center (one Controller) or Multiple Data Centers with one Controller in each, that can be used for redundancy of the IAP VPN tunnel.  You may select Distributed L3 or Centralized L2 mode of operation on the IAP.  For a deployment with Master-Standby Controller setup, we need to perform local authentication (at IAP end).

     

    Also, note that the RADIUS and Airwave traffic from the IAP will carry the VPN-pool IP address that was assigned by the Controller to the IAP.  To understand the different IAP modes of operation, this might be useful read:  https://arubanetworkskb.secure.force.com/pkb/articles/FAQ/What-are-the-IAP-VPN-modes

     

    To tunnel all traffic from IAP to the Controller, the routing profile on the IAP should look like:

    routing-profile

    route 0.0.0.0 0.0.0.0 <Controller-IP>

     

    For the Master-Standby deployment, we need to add a routing profile exception for radius server and Airwave IPs, since the design requirement for this solution requires local radius authentication at IAP:

    routing-profile
    route <radius server ip> 255.255.255.255 0.0.0.0
    route <Airwave IP> 255.255.255.255 0.0.0.0

     

    Also, we now have an option on the IAP to configure enterprise domain to tunnel all DNS queries matching that domain, to the client’s original DNS server without proxying on IAP. 

     

    Example1: Tunnell all DNS queries to the Controller:

    internal-domains
    domain-name *

     

    Example2: To configure an enterprise domain to tunnel only DNS queries matching that domain Controller. 

     

    internal-domains
    domain-name corpdomain.com

     

    Hope this helps.

     

    Regards,

    Riyaz

     

    [Hit Kudos if you find the info useful]



  • 6.  RE: Aruba Instant & Aruba Activate

    Posted Aug 19, 2014 09:23 PM

    Can Activate be used in a non-Instant RAP-only environment?



  • 7.  RE: Aruba Instant & Aruba Activate

    EMPLOYEE
    Posted Aug 19, 2014 09:24 PM

    RAPs that are Instant compatible are supported in Activate.  (pretty much anything after the RAP-2, RAP-5)



  • 8.  RE: Aruba Instant & Aruba Activate

    Posted Aug 19, 2014 09:27 PM

    Ah so no good for a customer with all RAP-5WNs.

    cheers