Controllerless Networks

Reply
Highlighted
Contributor I

SSIDs/VLANs - (IAP-VPN)

Hello,

in implementing IAP-VPN and I ran into an issue about SSIDs and Vlans. We have about 8 SSID and about 60 Vlans configured on the master controller. what is the best practice to copy the vlans and the ssids into the IAPs from the controllers. I saw some videos but they all shows you how to create SSIDs/Vlans manually wish what I am trying to avoid. 

 

Any explanation on how, documents or videos is appropriate it.

 

Thanks 

Highlighted
MVP Expert

Re: SSIDs/VLANs - (IAP-VPN)

What do you mean by copying SSIDs and VLANs?



Thank you

Victor Fabian

Pardon typos sent from Mobile
Thank you

Victor Fabian
Lead Mobility Architect @WEI
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Highlighted
Contributor I

Re: SSIDs/VLANs - (IAP-VPN)

Hi victor,

 

The Master controller has all the SSIDs configured on it and since the controller is will no longer manage the SSIDs how would I move the SSID to IAP (VC). 

 

From my understanding and forgive if I missed something. after implementing IAP-VPN the controller purpose becomes as VPN  concentrator and have no role of managing IAP/SSID or Vlans

 

So how do you get all the SSIDs moved to the IAPs?

 

 

Here is a short output of the current config of the SSIDs and Vlans on the controller.

 

AUCONDC) # show ap remote essid ap-name AUCON1

ESSID Summary
-------------
ESSID APs Clients VLAN(s) Encryption
----- --- ------- ------- ---------
AUCON1GUEST 1 5 10-16 Open
AUCON1EMPL 1 0 10 17-20 WPA2 8021X AES
AUCON1VIP 1 1 50 WPA2 PSK AES
AUCON1SALES 1 15 20-25 WPA2 PSK AES

Highlighted
MVP Expert

Re: SSIDs/VLANs - (IAP-VPN)

I see , the IAP uses a different command format compare to the controller.

 

If you have AirWave you can push these settings, using a template based configuration .

 

If you don't AirWave and you are planning to deploy several sites , i recommend manually configuring one site and then use that configuration as your template

 

You can use the following as a template (this assumes you are using ClearPass) to get you going:

wlan auth-server CPPM-RADIUS-SVR-1
ip <CLEARPASS-IP-1>
port 1812
acctport 1813
key <SHARED-KEY>
rfc3576
cppm-rfc3576-port 5999
exit
wlan auth-server CPPM-RADIUS-SVR-2
ip <CLEARPASS-IP-2>
port 1812
acctport 1813
key <SHARED-KEY>
rfc3576
cppm-rfc3576-port 5999
exit
wlan external-captive-portal SPLASH-CP-AUTH-PROFILE
server <CLEARPASS-URL>
port 443
url "/guest/splash_page.php"
auth-text ""
https
end
commit apply
configure terminal
exit
wlan access-rule EMPLOYEE-ROLE
index 14
rule any any match any any any permit
exit
wlan access-rule MACHINE-AUTH-ROLE
index 15
rule any any match any any any permit
exit
wlan access-rule REGISTERED-DEVICE-ROLE
index 16
rule any any match any any any permit
end
commit apply
configure terminal
wlan access-rule GUEST-ROLE
index 17
rule any any match any any any permit
exit
wlan access-rule GUEST-LOGON-ROLE
index 18
captive-portal external profile SPLASH-CP-AUTH-PROFILE
rule any any match udp 67 68 permit
rule any any match udp 53 53 permit
rule alias <CLEARPASS-URL> match tcp 80 80 permit
rule alias <CLEARPASS-URL> match tcp 443 443 permit
end
commit apply
configure terminal
wlan ssid-profile <802.1X-SSID-PROFILE>
enable
index 5
type employee
essid <802.1X-SSID>
opmode wpa2-aes
max-authentication-failures 0
vlan <SECURE-VLAN-ID>
auth-server CPPM-RADIUS-SVR-1
auth-server CPPM-RADIUS-SVR-2
set-role Aruba-User-Role value-of
rf-band all
captive-portal disable
dtim-period 1
broadcast-filter all
server-load-balancing
radius-accounting
radius-interim-accounting-interval 5
g-min-tx-rate 12
a-min-tx-rate 12
multicast-rate-optimization
dynamic-multicast-optimization
dmo-channel-utilization-threshold 90
local-probe-req-thresh 0
max-clients-threshold 64
okc
end
commit apply
configure terminal
wlan ssid-profile <GUEST-SSID-PROFILE>
enable
index 6
type guest
essid <GUEST-SSID>
opmode opensystem
max-authentication-failures 0
vlan <GUEST-VLAN-ID>
auth-server CPPM-RADIUS-SVR-1
auth-server CPPM-RADIUS-SVR-2
set-role Aruba-User-Role value-of
rf-band all
captive-portal external profile SPLASH-CP-AUTH-PROFILE
mac-authentication
dtim-period 1
broadcast-filter all
enforce-dhcp
server-load-balancing
radius-accounting
radius-interim-accounting-interval 5
g-min-tx-rate 12
a-min-tx-rate 12
multicast-rate-optimization
dmo-channel-utilization-threshold 90
local-probe-req-thresh 0
max-clients-threshold 64
end
commit apply

Thank you

Victor Fabian
Lead Mobility Architect @WEI
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Highlighted
Contributor I

Re: SSIDs/VLANs - (IAP-VPN)

Thanks Victor,

 

So far all I have is Airwave, 72xx controller and IAP. it looks like I will be using Airwave for a template based configuration. any docs or tips on how to do that? I will do some googling on my side to see if I can find some examples. 

 

Thanks!

Xzyan. 

Highlighted
MVP Expert

Re: SSIDs/VLANs - (IAP-VPN)

Here you go:

https://community.arubanetworks.com/t5/Validated-Reference-Design/Aruba-Instant-Validated-Reference-Design-V2-0/ta-p/456734


Thank you

Victor Fabian

Pardon typos sent from Mobile
Thank you

Victor Fabian
Lead Mobility Architect @WEI
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Highlighted
Contributor I

Re: SSIDs/VLANs - (IAP-VPN)

Thanks Victor! I will go through the chapters. 

Highlighted
Contributor I

Re: SSIDs/VLANs - (IAP-VPN)

Hello again!

 

After reading the chapters, there is no where it mentions how to copy the SSID's or Vlans from the controller via airwave or central and move them to IAP (VC). 

 

My goal is to copy or move all the SSIDs/Vlans from the controllers to IPA (VC). Any where I look it mentioned that I have to create the SSID and Vlans on the IAP manually.. 

 

any advise? 

Highlighted
MVP Expert

Re: SSIDs/VLANs - (IAP-VPN)

Today there isn’t a way to copy and paste the controller config into the Aruba Instant or viceversa but you can use AirWave to push the config to all your IAPS



Thank you

Victor Fabian

Pardon typos sent from Mobile
Thank you

Victor Fabian
Lead Mobility Architect @WEI
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: