Controllerless Networks

I am trying to configure a Point-to-Point bridge accross two IAP-277's and I think I know what to do but wanted to clear upsomething before starting to configure them.  Do I configure both the near and far side eth0 port for bridging or does this only happen for the far end?

You should configure both to bridge to be safe. If your network is flat, then you are likely fine to just do the far side. But I would do both and certainly both if you are trunking VLANs over the mesh.

The network is just one big vlan. I had my far side set as bridge and I could not ping to a client on the other side of it. I then set my near side to bridge and then rebooted. When it came back up I could no longer manage the cluster. I am reseting the cluster now and will try again.

Are you doing 'vlan 1' for your cluster config or have you specified some other VLAN? Do you have an SSID configured so that the APs are defaulting on reboot?

everything is on vlan 1

SSID is configured with WPA2-PSK

If you can, OM me your config or post the screenshots. I assume you have the extend SSID disabled and you could at least bring up the mesh link on the bench so you know the mesh is working right? I don't have an IAP set to bridge and I likely need to get a pair and run the latest code, but this is what I had configured with a TRUNK bridge config (you should be able to just ignore the trunking elements

wired-port-profile iap-mesh_bridge
 switchport-mode trunk
 allowed-vlan 10,20,30
 native-vlan 1
 no shutdown
 access-rule-name iap-mesh_bridge
 speed auto
 duplex auto
 poe
 type employee
 auth-server InternalServer
 captive-portal disable
 no dot1x


enet0-port-profile iap-mesh_bridge
enet1-port-profile iap-mesh_bridge

Correct, the extended SSID is already disabled and I can see the far end come up via mesh. The issue just comes when I connect cables into the near and far end and try pinging accross them.  I will send you a config shortly as I reset the APs when I reset them. I should have the config back to you in about 15 minutes.

Here is my running config. I have Client A (10.10.40.92) connected to a dumb switch that is connected to radio FDC-ArubaB1P2P (10.10.40.96). Accross the air is radio FDC-ArubaB2P2P (10.10.40.95) connected to a dumb switch with Client B (10.10.40.85) attached to it. Client A and Client B cannot ping each other currently. Mesh is up and running and I have set the far radio FDC-ArubaB2P2P for Eth0 Bridging according to the manual.

Config:

*********************************************************************************************************
9/15/2016 14:06:41 PM Target: FDC-AruabB1P2P Command: show running-config
*********************************************************************************************************
version 6.4.4.0-4.2.3
virtual-controller-country US
virtual-controller-key 3b490805017cf618f3f3e52cac325f090b2eec924dc968a29e
name FDC-P2P
virtual-controller-ip 10.10.40.94
terminal-access
clock timezone Central-Time -06 00
rf-band all

allow-new-aps
allowed-ap f0:5c:19:c3:d0:8c
allowed-ap f0:5c:19:c3:d0:54

arm
wide-bands 5ghz
80mhz-support
min-tx-power 18
max-tx-power 127
band-steering-mode prefer-5ghz
air-time-fairness-mode default-access
client-aware
scanning

syslog-level warn ap-debug
syslog-level warn network
syslog-level warn security
syslog-level warn system
syslog-level warn user
syslog-level warn user-debug
syslog-level warn wireless

mgmt-user admin 2b167deb72769b5185f2f178a771f20d

wlan access-rule default_wired_port_profile
index 0
rule any any match any any any permit

wlan access-rule wired-instant
index 1
rule masterip 0.0.0.0 match tcp 80 80 permit
rule masterip 0.0.0.0 match tcp 4343 4343 permit
rule any any match udp 67 68 permit
rule any any match udp 53 53 permit

wlan access-rule FDCP2P
index 2
rule any any match any any any permit

wlan ssid-profile FDCP2P
enable
index 0
type employee
essid FDCP2P
wpa-passphrase 170a9bd7911837d505146cf1ae7734d655600a5f9603218b
opmode wpa2-psk-aes
max-authentication-failures 0
rf-band all
captive-portal disable
dtim-period 1
broadcast-filter arp
dmo-channel-utilization-threshold 90
local-probe-req-thresh 0
max-clients-threshold 64

auth-survivability cache-time-out 24

wlan external-captive-portal
server localhost
port 80
url "/"
auth-text "Authenticated"
auto-whitelist-disable
https

blacklist-time 3600
auth-failure-blacklist-time 3600

ids
wireless-containment none

wired-port-profile wired-instant
switchport-mode access
allowed-vlan all
native-vlan guest
no shutdown
access-rule-name wired-instant
speed auto
duplex auto
no poe
type guest
captive-portal disable
no dot1x

wired-port-profile default_wired_port_profile
switchport-mode trunk
allowed-vlan all
native-vlan 1
shutdown
access-rule-name default_wired_port_profile
speed auto
duplex full
no poe
type employee
captive-portal disable
no dot1x

enet0-port-profile default_wired_port_profile

uplink
preemption
enforce none
failover-internet-pkt-lost-cnt 10
failover-internet-pkt-send-freq 30
failover-vpn-timeout 180

airgroup
disable

airgroupservice airplay
disable
description AirPlay

airgroupservice airprint
disable
description AirPrint

Look like:

enet0-port-profile default_wired_port_profile

wired-port-profile default_wired_port_profile
switchport-mode trunk
allowed-vlan all
native-vlan 1
shutdown
access-rule-name default_wired_port_profile
speed auto
duplex full
no poe
type employee
captive-portal disable
no dot1x

Can you enable the port or run a 'no shut'?

Also which is the VC?

Thanks for all the help. I ended up just create a whole new port profile and added it to the eth0 port. The new port profile resolved the issue. I think it had to do with the port being set as trunk instead of access on the old port profile. Thanks again for all of the help!

Awesome. usually good too not to modify the defaults and create new profiles when modifying something. Thanks for all the work and followup!