Controllerless Networks

Reply
Highlighted
New Contributor

[Tutorial] Aruba Instant OS 8.3 Hierarchical Deployment, aka IAP as CPE

 

I’ve read about hierarchical deployment in the Aruba Instant Validated Reference Design - V2.0, this is something I’ve personally not seen in the wild.

This got me thinking on how this could apply to using the IAP as a CPE.

I could not find any recent examples; here is the older one https://community.arubanetworks.com/t5/Controller-less-WLANs/How-to-configure-and-troubleshoot-a-hierarchical-deployment/ta-p/179760

 

I’ve configured the Hierarchical deployment in my lab using Aruba Instant OS 8.3.0.6.

AP-203R eth 0 connected to the internet and eth1 connected to port 1 on the 2530.

The 2530 connects to other IAPs (315 on port 8) and wired clients.


H IAP.jpg

 

 

I’ve kept the switch configuration basic

 

Screen Shot 2019-03-21 at 3.46.11 PM.png 

Screen Shot 2019-03-21 at 3.47.10 PM.png

 

Log into Instant WebUI

Click on "Wired" from the Main menu in the top-right corner.

Click on "New" to create Wired Ethernet Profile:

 

Screen Shot 2019-03-21 at 10.47.46 AM.png

 

Configure Wired Settings for downlink to the LAN switch.

 

Screen Shot 2019-03-21 at 10.49.38 AM.png

 

Under VLAN Management, configure Port mode (Trunk). Add allowed VLANs for Eth1, in my case I used; 101 (IAP), 102 (Switch), 201 (Employee) and 202 (Guest). Note the native VLAN is not specified, we will come back to this later.

 

Screen Shot 2019-03-21 at 10.51.37 AM.png 

 

I did not set any L2 Security on this downlink port, I did not want to complicate adding other Access Points to the cluster in my test lab.

 

Screen Shot 2019-03-21 at 10.53.18 AM.png 

 

I did not set any policy, everything is allowed on the downlink port.

 

Screen Shot 2019-03-21 at 10.53.37 AM.png

 

After finishing the wired profile, I assigned it to eth1 on the 203R

 

Screen Shot 2019-03-21 at 10.54.31 AM.png

 

I used Local DHCP Scopes on the IAP for the VLANs setup in the Wired Ethernet Profile.

Note the VLAN IDs in the scope should match the VLAN IDs in the Wired Ethernet Profile.

 

Screen Shot 2019-03-21 at 10.57.43 AM.png

 

IAP Private VLAN for other Instant Access Points to form the IAP Cluster

 

Screen Shot 2019-03-21 at 11.10.56 AM.png

 

Infra for managing local site infrastructure like the switch.

 

Screen Shot 2019-03-21 at 11.12.05 AM.png

 

Employee, I used this scope for both wired and wireless client end devices.

 

Screen Shot 2019-03-21 at 11.16.18 AM.png

 

Last the Guest scope

 Screen Shot 2019-03-21 at 11.17.24 AM.png

 

Screen Shot 2019-03-21 at 11.17.56 AM.png 

 

At this point I went back to edit my Wired Downlink Profile, remember we had no untagged/native VLAN set on the IAP and the switch is expecting IAP Private VLAN 101 as untagged/native. This bit is not obvious, but “Client VLAN assignment” sets the untagged/native VLAN.

 

Screen Shot 2019-03-21 at 3.31.52 PM.png

 

My LAN switch was now getting an IP address from DHCP on the 203R IAP

 

Screen Shot 2019-03-21 at 3.48.15 PM.png

 

The 315 joined the cluster

 Screen Shot 2019-03-21 at 3.30.52 PM.png

 

Screen Shot 2019-03-21 at 3.51.43 PM.png 

 

I configured a basic employee WLAN Network

 

Screen Shot 2019-03-21 at 12.39.55 PM.png 

 

I used the same VLAN 201 for the wireless and wired devices

 

Screen Shot 2019-03-21 at 12.40.47 PM.png 

 

I set a basic PSK

 

Screen Shot 2019-03-21 at 12.41.12 PM.png

 

I used the same open allow all access as wired

 

Screen Shot 2019-03-21 at 12.41.40 PM.png

 

Lastly, I connected Clients.

Tinkerbell plugged into the 2530 and a wireless client on each Access Point.

 

Screen Shot 2019-03-21 at 3.54.29 PM.png

 Screen Shot 2019-03-21 at 3.53.52 PM.png

 

Screen Shot 2019-03-21 at 4.26.09 PM.png

 

I even managed to get decent speeds, my UFB is limited to 100Mbps down and 20Mbps up.

 

speed.jpg

 

Note the uplink on the 203R is ethernet with DHCP provided, standard UFB / NBN stuff in ANZ.

Some ISPs in NZ require you to add an 802.1q VLAN tag on the uplink.

 

vlan10.jpg

 

You may even want to use 4G as backup

https://community.arubanetworks.com/t5/Education-Australia-New-Zealand/IAP-4G-Modem-Configuration/gpm-p/296720

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: