Wireless Access

Does anyone here use Aruba 800 wireless controllers and AP70 on
their network ?   I am setting up this new wireless network with the
above equipment.  The wireless controllers are up on the network and
I can ping them, HTTPS to them however i can not get the APs to
register to the controller.

1) When i plug the APs to the switch they are getting an IP address
and I can ping them however it seems like they're going up down (
switchports are going from amber to green).   Do I need some kind of
special cable for the APs?  I went to configuration manual and follow
every step for the AP configuration and they are still not showing in
controller.

2) How do i provision the APs to communicate with the controller ?


controller config :

show run

Building Configuration...





version 2.4

enable secret "aa7891c511763a0428a019803059aeef65df5a3d3be23cc1"

enable "8L8E8N0T0Z0F8N5[5[8N"

hostname "aruba-master"

logging level warnings stm

clock summer-time UTC-5 recurring first sunday april 02:00 last sunday
october 02:00


clock timezone UTC -5

ip access-list session validuser

  any any any permit

!

vpn-dialer default-dialer

  ike authentication PRE-SHARE 218d0f532708d2c0a9963544c5733235dd78c9b696abed06

!

user-role ap-role

!

user-role pre-employee

!

user-role trusted-ap

!

user-role guest

--More-- (q) quit (u) pageup (/) search (n) repeat

!

user-role stateful-dot1x

!

user-role logon

!

aaa derivation-rules user

  set role condition essid equals "aruba-master" set-value pre-employee

!

aaa mgmt-authentication mode enable

aaa pubcookie-authentication

!

aaa dot1x enforce-machine-authentication

 mode disable

!

dot1x timeout wpa-key-timeout 1



interface mgmt

        shutdown

!



interface loopback

        ip address X.X.X.X

!



--More-- (q) quit (u) pageup (/) search (n) repeat

vlan 6





interface fastethernet 1/0

        description "fe1/0"

        trusted

        switchport access vlan 6

!



interface fastethernet 1/1

        description "fe1/1"

        trusted

        switchport access vlan 6

!



interface fastethernet 1/2

        description "fe1/2"

        trusted

        switchport access vlan 6

!



interface fastethernet 1/3

        description "fe1/3"

        trusted

--More-- (q) quit (u) pageup (/) search (n) repeat

        switchport access vlan 6

!



interface fastethernet 1/4

        description "fe1/4"

        trusted

        switchport access vlan 6

!



interface fastethernet 1/5

        description "fe1/5"

        trusted

        switchport access vlan 6

!



interface fastethernet 1/6

        description "fe1/6"

        trusted

        switchport access vlan 6

!



interface fastethernet 1/7

        description "fe1/7"

        trusted

--More-- (q) quit (u) pageup (/) search (n) repeat

        switchport access vlan 6

!



interface gigabitethernet  1/8

        description "gig1/8"

        trusted

        switchport mode trunk

!



interface vlan 1

!



interface vlan 6

        ip address X.X.X.X X.X.X.X

!



ip default-gateway X.X.X.X



country US



ap location 0.0.0

ap-logging level informational snmpd



double-encrypt disable

--More-- (q) quit (u) pageup (/) search (n) repeat

ap-logging level informational sapd

ap-logging level warnings am

ap-logging level warnings stm

max-imalive-retries 10

bkplms-ip 0.0.0.0

opmode opensystem

mode ap_mode

authalgo opensystem

rts-threshhold 2333

tx-power 2

max-retries 4

dtim-period 1

max-clients 64

beacon-period 100

power-mgmt enable

ageout 1000

hide-ssid disable

deny-bcast disable

rf-band g

bootstrap-threshold 7

local-probe-response enable

max-tx-fail 0

forward-mode tunnel

native-vlan-id 1

--More-- (q) quit (u) pageup (/) search (n) repeat

arm assignment disable

arm client-aware enable

arm scanning disable

arm scan-time 110

arm scan-interval 10

arm multi-band-scan disable

arm voip-aware-scan enable

arm max-tx-power 4

arm rogue-ap-aware disable

voip call-admission-control disable

voip drop-sip-invite-for-cac disable

voip active-load-balancing disable

voip vocera-call-capacity 10

voip sip-call-capacity 10

voip svp-call-capacity 10

voip sccp-call-capacity 10

voip call-handoff-reservation 20

voip high-capacity-threshold 20

essid "XXX_Wireless"

vlan-id 6

weptxkey 1

ap-enable enable

  phy-type a

    channel 36

--More-- (q) quit (u) pageup (/) search (n) repeat

    rates 6,12,24

    txrates 6,9,12,18,24,36,48,54

    essid "aruba-master"

    vlan-id 6

    opmode opensystem

    deny-bcast enable

    hide-ssid disable

  !

  phy-type g

    short-preamble enable

    channel 1

    rates 1,2

    txrates 1,2,5,11,6,9,12,18,24,36,48,54

    bg-mode mixed

    dtim-period 3

  !

!

ap location 0.0.0

  phy-type enet1

    mode active-standby

    switchport mode access

    switchport access vlan 1

    switchport trunk native vlan 1

    switchport trunk allowed vlan ALL

--More-- (q) quit (u) pageup (/) search (n) repeat

    trusted disable

  !

!

wms

 general poll-interval 60000

 general poll-retries 2

 general ap-ageout-interval 30

 general sta-ageout-interval 30

 general ap-inactivity-timeout 5

 general sta-inactivity-timeout 60

 general grace-time 2000

 general laser-beam enable

 general laser-beam-debug disable

 general wired-laser-beam disable

 general stat-update enable

 general am-stats-update-interval 0

 ap-policy learn-ap enable

 ap-policy classification disable

 ap-policy protect-unsecure-ap enable

 ap-policy detect-misconfigured-ap disable

 ap-policy protect-misconfigured-ap disable

 ap-policy protect-mt-channel-split disable

 ap-policy protect-mt-ssid disable

 ap-policy detect-ap-impersonation disable

--More-- (q) quit (u) pageup (/) search (n) repeat

 ap-policy protect-ap-impersonation disable

 ap-policy beacon-diff-threshold 50

 ap-policy beacon-inc-wait-time 3

 ap-policy min-pot-ap-beacon-rate 25

 ap-policy min-pot-ap-monitor-time 2

 ap-policy protect-ibss disable

 ap-policy ap-load-balancing disable

 ap-policy ap-lb-max-retries 8

 ap-policy ap-lb-util-high-wm 90

 ap-policy ap-lb-util-low-wm 80

 ap-policy ap-lb-util-wait-time 30

 ap-policy ap-lb-user-high-wm 255

 ap-policy ap-lb-user-low-wm 230

 ap-policy persistent-known-interfering disable

 ap-config short-preamble disable

 ap-config privacy disable

 ap-config wpa disable

 station-policy protect-valid-sta disable

 station-policy handoff-assist disable

 station-policy rssi-falloff-wait-time 4

 station-policy low-rssi-threshold 20

 station-policy rssi-check-frequency 3

 station-policy detect-association-failure disable

 global-policy detect-bad-wep disable

--More-- (q) quit (u) pageup (/) search (n) repeat

 global-policy detect-interference disable

 global-policy interference-inc-threshold 100

 global-policy interference-inc-timeout 30

 global-policy interference-wait-time 30

 event-threshold fer-high-wm 0

 event-threshold fer-low-wm 0

 event-threshold frr-high-wm 16

 event-threshold frr-low-wm 8

 event-threshold flsr-high-wm 16

 event-threshold flsr-low-wm 8

 event-threshold fnur-high-wm 0

 event-threshold fnur-low-wm 0

 event-threshold frer-high-wm 16

 event-threshold frer-low-wm 8

 event-threshold ffr-high-wm 16

 event-threshold ffr-low-wm 8

 event-threshold bwr-high-wm 0

 event-threshold bwr-low-wm 0

 valid-11b-channel 1 mode enable

 valid-11b-channel 6 mode enable

 valid-11b-channel 11 mode enable

 valid-11a-channel 36 mode enable

 valid-11a-channel 40 mode enable

 valid-11a-channel 44 mode enable

--More-- (q) quit (u) pageup (/) search (n) repeat

 valid-11a-channel 48 mode enable

 valid-11a-channel 149 mode enable

 valid-11a-channel 153 mode enable

 valid-11a-channel 157 mode enable

 valid-11a-channel 161 mode enable

 valid-11a-channel 165 mode enable

 ids-policy signature-check disable

 ids-policy rate-check disable

 ids-policy dsta-check disable

 ids-policy sequence-check disable

 ids-policy mac-oui-check disable

 ids-policy eap-check disable

 ids-policy ap-flood-check disable

 ids-policy adhoc-check disable

 ids-policy wbridge-check disable

 ids-policy sequence-diff 300

 ids-policy sequence-time-tolerance 300

 ids-policy sequence-quiet-time 900

 ids-policy eap-rate-threshold 10

 ids-policy eap-rate-time-interval 60

 ids-policy eap-rate-quiet-time 900

 ids-policy ap-flood-threshold 50

 ids-policy ap-flood-inc-time 3

 ids-policy ap-flood-quiet-time 900

--More-- (q) quit (u) pageup (/) search (n) repeat

 ids-policy signature-quiet-time 900

 ids-policy dsta-quiet-time 900

 ids-policy adhoc-quiet-time 900

 ids-policy wbridge-quiet-time 900

 ids-policy mac-oui-quiet-time 900

 ids-policy rate-frame-type-param assoc channel-threshold 30

 ids-policy rate-frame-type-param assoc channel-inc-time 3

 ids-policy rate-frame-type-param assoc channel-quiet-time 900

 ids-policy rate-frame-type-param assoc node-threshold 30

 ids-policy rate-frame-type-param assoc node-time-interval 60

 ids-policy rate-frame-type-param assoc node-quiet-time 900

 ids-policy rate-frame-type-param disassoc channel-threshold 30

 ids-policy rate-frame-type-param disassoc channel-inc-time 3

 ids-policy rate-frame-type-param disassoc channel-quiet-time 900

 ids-policy rate-frame-type-param disassoc node-threshold 30

 ids-policy rate-frame-type-param disassoc node-time-interval 60

 ids-policy rate-frame-type-param disassoc node-quiet-time 900

 ids-policy rate-frame-type-param deauth channel-threshold 30

 ids-policy rate-frame-type-param deauth channel-inc-time 3

 ids-policy rate-frame-type-param deauth channel-quiet-time 900

 ids-policy rate-frame-type-param deauth node-threshold 20

 ids-policy rate-frame-type-param deauth node-time-interval 60

 ids-policy rate-frame-type-param deauth node-quiet-time 900

 ids-policy rate-frame-type-param probe-request channel-threshold 200

--More-- (q) quit (u) pageup (/) search (n) repeat

 ids-policy rate-frame-type-param probe-request channel-inc-time 3

 ids-policy rate-frame-type-param probe-request channel-quiet-time 900

 ids-policy rate-frame-type-param probe-request node-threshold 200

 ids-policy rate-frame-type-param probe-request node-time-interval 15

 ids-policy rate-frame-type-param probe-request node-quiet-time 900

 ids-policy rate-frame-type-param probe-response channel-threshold 200

 ids-policy rate-frame-type-param probe-response channel-inc-time 3

 ids-policy rate-frame-type-param probe-response channel-quiet-time 900

 ids-policy rate-frame-type-param probe-response node-threshold 150

 ids-policy rate-frame-type-param probe-response node-time-interval 15

 ids-policy rate-frame-type-param probe-response node-quiet-time 900

 ids-policy rate-frame-type-param auth channel-threshold 30

 ids-policy rate-frame-type-param auth channel-inc-time 3

 ids-policy rate-frame-type-param auth channel-quiet-time 900

 ids-policy rate-frame-type-param auth node-threshold 30

 ids-policy rate-frame-type-param auth node-time-interval 60

 ids-policy rate-frame-type-param auth node-quiet-time 900

 ids-signature "ASLEAP"

   mode enable

   frame-type beacon ssid asleap

 !

 ids-signature "Null-Probe-Response"

   mode enable

   frame-type probe-response ssid-length 0

--More-- (q) quit (u) pageup (/) search (n) repeat

 !

 ids-signature "AirJack"

   mode enable

   frame-type beacon ssid AirJack

 !

 ids-signature "NetStumbler Generic"

   mode enable

   payload 0x00601d 3

   payload 0x0001 6

 !

 ids-signature "NetStumbler Version 3.3.0x"

   mode enable

   payload 0x00601d 3

   payload 0x000102 12

 !

 ids-signature "Deauth-Broadcast"

   mode enable

   frame-type deauth

   dst-mac ff:ff:ff:ff:ff:ff

 !

!

site-survey calibration-max-packets 256

site-survey calibration-transmit-rate 500

site-survey rra-max-compute-time 600000

--More-- (q) quit (u) pageup (/) search (n) repeat

site-survey max-ha-neighbors 3

site-survey neighbor-tx-power-bump 2

site-survey ha-compute-time 0





arm min-scan-time 8

arm ideal-coverage-index 5

arm acceptable-coverage-index 2

arm wait-time 15

arm free-channel-index 25

arm backoff-time 240

arm error-rate-threshold 0

arm error-rate-wait-time 30

arm noise-threshold 0

arm noise-wait-time 120



ems server-ip 0.0.0.0



crypto isakmp groupname changeme



vpdn group l2tp

  ppp authentication PAP

!



--More-- (q) quit (u) pageup (/) search (n) repeat



masterip 127.0.0.1

location "Building1.floor1"

mobility

  parameters 60 buffer 32

  manager disable

  proxy-dhcp enable

  station-masquerade enable

  on-association disable

  trusted-roam disable

  ignore-l2-broadcast disable

  block-dhcp-release disable

  no new-user-roaming

  max-dhcp-requests 4

  secure 1000 shared-secret 4012c7accbe0f26bbb1703b4bf36dfa0

!

mobility-local

  local-ha disable

!

mobagent

  home-agent parameters 1000 bindings 300

  secure-mobile spi 1000 3abd01a8027810fb5dad94d4bacadec7

  foreign-agent parameters 1100 bindings 300 pending 0 pending-time 300

!

--More-- (q) quit (u) pageup (/) search (n) repeat



syslocation "1501 Wilson BLVD"

syscontact "Christina Antonetti"

snmp-server new traps

vpdn group pptp

  no ppp authentication PAP

  ppp authentication MSCHAPv2

!



stm dos-prevention enable

stm vlan-mobility disable

stm strict-compliance enable

stm fast-roaming disable

stm sta-dos-prevention enable

stm sta-dos-block-time 3600

stm auth-failure-block-time 0

stm coverage-hole-detection disable

stm good-rssi-threshold 20

stm poor-rssi-threshold 10

stm hole-detection-interval 180

stm good-sta-ageout 30

stm idle-sta-ageout 90

stm ap-inactivity-timeout 15



--More-- (q) quit (u) pageup (/) search (n) repeat

mux-address 0.0.0.0



adp discovery enable

adp igmp-join enable

adp igmp-vlan 0



voip prioritization enable





mgmt-role guest-provisioning

        description "This is Default Super User Role"

        permit local-userdb read write

!

mgmt-role root

        description "This is Default Super User Role"

        permit super-user

!

mgmt-user admin root b65b8ff25272bb5f9e17bea3f22d10e8560b34e4d81de262





no database synchronize

database synchronize rf-plan-data





--More-- (q) quit (u) pageup (/) search (n) repeat

ip igmp

!



ip router pim

!



ads netad mode disable



packet-capture-defaults tcp disable udp disable sysmsg disable other disable

end