Wireless Access

I'm in the process of configuring our new 7210 controllers. Wondering how to control the IP that the controllers will use for ADP. It seems to be based on the controller IP you set for the controller and not the IP for the VLAN the ADP request (?) came from.

 

Controller config:

interface vlan 100
	ip address 10.65.0.22 255.255.240.0
!

interface vlan 140
	ip address 10.65.44.22 255.255.252.0
!

controller-ip vlan 100

Switch config:

interfaces {
    interface-range access-point-ports {
        member ge-6/0/0;
        unit 0 {
            family ethernet-switching {
                port-mode access;
                vlan {
                    members access-points;
                }
            }
        }
    }
}
vlans {
    access-points {
        vlan-id 140;
    }
}

AP console output:

APBoot 1.4.0.6 (build 38177)
Built: 2013-04-25 at 22:52:20

Model: AP-22x
CPU0:  P1020E, Version: 1.1, (0x80ec0011)
Core:  E500, Version: 5.1, (0x80212051)
Clock:
       CPU0: 800 MHz
       CPU1: 800 MHz
       CCB:  400 MHz
       DDR:  333.333 MHz (666.667 MT/s data rate) (Asynchronous)
       LBC:   25 MHz
L1:    D-cache 32KB enabled
       I-cache 32KB enabled
I2C:   ready
DRAM:  Configuring DDR for 666.667 MT/s data rate
DDR:   512 MB (DDR3, 32-bit, CL=5, ECC off)
POST1: memory passed
Flash: 32 MB
L2:    256 KB enabled
Power: 802.3at POE
PCIe1: RC, link up, x1
       dev fn venID devID class  rev    MBAR0    MBAR1    MBAR2    MBAR3
       00  00  14e4  43a2 00002   03 80000004 00000000 80200004 00000000
PCIe2: RC, link up, x1
       dev fn venID devID class  rev    MBAR0    MBAR1    MBAR2    MBAR3
       00  00  14e4  43a1 00002   03 a0000004 00000000 a0200004 00000000
Net:   eth0, eth1
Radio: bcm43460#0, bcm43460#1

Hit <Enter> to stop autoboot:  0
Checking image @ 0xee000000
Invalid image format version: 0xffffffff
Checking image @ 0xeee00000
Copying image from 0xeee00000

Image is signed; verifying checksum... passed
Signer Cert OK
Policy Cert OK
RSA signature verified.

Aruba Networks
ArubaOS Version 6.3.1.0 (build 39345 / label #39345)
Built by p4build@tortuga on 2013-08-08 at 16:30:24 PDT (gcc version 4.5.1)

Memory: 510348k/524288k available (8348k kernel code, 13940k reserved, 540k data, 352k bss, 5008k init)
Processor 1 found.
Brought up 2 CPUs
PCI: Probing PCI hardware
pci 0000:00:00.0: PCI bridge to [bus 01-ff]
pci 0001:02:00.0: PCI bridge to [bus 03-ff]
pci 0000:00:00.0: enabling device (0106 -> 0107)
pci 0001:02:00.0: enabling device (0106 -> 0107)
ee000000.nor: Found 1 x16 devices at 0x0 in 16-bit bank
Amd/Fujitsu Extended Query Table at 0x0040
number of CFI chips: 1
/proc/gfar_eth0_stats created
/proc/gfar_eth1_stats created
Enabling watchdog on CPU 1
Enabling watchdog on CPU 0

Starting Kernel SHA1 KAT ...Completed Kernel SHA1 KAT
Starting Kernel HMAC-SHA1 KAT ...Completed Kernel HMAC-SHA1 KAT
Starting Kernel DES KAT ...Completed Kernel DES KAT
Starting Kernel AES KAT ...Completed Kernel AES KAT

Domain Name: arubanetworks.com
No panic info available
Ethernet port 1 mode: active-standby
ADDRCONF(NETDEV_UP): eth0: link is not ready
ADDRCONF(NETDEV_UP): bond0: link is not ready
bonding: bond0: enslaving eth0 as a backup interface with a down link.
ADDRCONF(NETDEV_UP): eth1: link is not ready
bonding: bond0: enslaving eth1 as a backup interface with a down link.
AP xml model 66, num_radios 2 (jiffies 3217)
init_asap_mod: installation:0
radio 0: band 1 ant 0 max_ssid 16
radio 1: band 0 ant 0 max_ssid 16
ethernet_device_event: dev eth0 is up
ASAP Slowpath initialized
Starting watchdog process...
Getting an IP address...
PHY: eth0 (mdio@ffe24000:00) - Link is Up - 1000/Full
bonding: bond0: link status definitely up for interface eth0.
bonding: bond0: making interface eth0 the new active one.
bonding: bond0: first active interface up!
ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
10.65.44.100 255.255.252.0 10.65.44.1
Running ADP...Done. Master is 10.65.0.24
wifi0: AP type AP-225, radio 0, max_bssids 16
wifi1: AP type AP-225, radio 1, max_bssids 16
AP rebooted Wed Dec 31 16:06:39 PST 1969; SAPD: Unable to contact switch: HELLO-TIMEOUT. Last Ctrl msg: HELLO len=1028 dest=10.65.0.24 tries=10 seq=0
shutting down watchdog process (nanny will restart it)...

	<<<<<       Welcome to the Access Point     >>>>>

~ #

 

Switching to vlan 140 for the controller IP makes the ADP return the correct IP and the AP gets set up correctly. What's the recommended way of having your APs on a separate vlan with ADP or should we use DHCP option 43?

 

Also we're running two controllers in HA mode. The first time after switching the controller IPs to vlan 140, it found the local controller via ADP and not the master. Will this cause issues in the future or will they still function properly if it contacts the local first for provisioning?

#7210

Yes, ADP will return the IP defined as the controller-ip.

 

I find that most people use either the aruba-master DNS name or DHCP option 43.

 

DHCP option 43 gives you a little bit more control as the DNS option is more "global".

 

If you are going to use either of those options, you should disable ADP (it's one of the first things I disable when a controller boots up).

 

(config) #adp discovery disable

 

For my own experience I suggest you use DHCP option 43 and disable ADP :
- one gives you more control of your APs based on VLAN reach the controller
- and that's the first option that the APs use when they boot up if is not set statically from console
- if you bring another controller and it's the same VLAN as your APs if ADP is in use and the APs those can easily move over to the other controller