Wireless Access

I am a prospective customer currently evaluating Aruba with 215s and 205s and am running into some issues with the basic configurations.  I would just like to configure a simple instant mesh to test, however that seems to not be working.  Here are the steps in the guide:

"To provision IAPs as mesh IAPs:

1. Connect the IAPs to a wired switch

2. Ensure that the Virtual Controller key is synchronized and the country code is configured.

3. Ensure that a valid SSID is configured on the IAP.

4. If the IAP has a factory default SSID (instant SSID), delete the SSID

5. If an extended SSID is enabled on the virtual controller, disable it and reboot the IAP cluster.

6. Disconnect the IAPs that you want to deploy as mesh points from the switch and place the IAPs at a remote location. The IAPs power on without any wired uplink connection and function as mesh points and the IAPs with valid uplink connections function as the mesh portal."

I fired up two brand new 215s and 205s by connecting them to a POE switch.  The 215 became the VC and detected the 205.  I removed the "Instant" SSID and created a test SSID.  So far so good.  After that, I disconnected the 205 and connected it to a different, isolated POE switch.  Now all connectivity is lost.  The 205 doesn't seem to want to connect over WiFi to the 215, and I suspect the problem is that it is trying to act as its own VC.  

I suspect I need to enable Eth bridging before deployment, however I cannot do this in my pre-staging environment because it is connected to the internal switch and warns of traffic issues when enabling this (and I do not want to create a loop).  My other option would be to console into the device directly and enable bridging, however this defeats the purpose of this solution as I would have to manually configure a hundred of these.  

My question is: how can I bridge this?  Because documentation is limited at best.  Additionally, are there other ways to create a mesh/swarm?  Can I utilize a controller to provision APs to deploy on site without having to console into each one?  Also, is there documentation regarding my options using a controller appliance vs VC?  

The current project i have is to deploy about a hundred 205 APs connected to POE switches to service devices locally, and these 100 need to be wirelessly connected on the backhaul to multiple 215s.  I need some product experts to help facilitiate the best way to do this.

The main thing is to create some kind of SSID (that will get rid of the default 'Instant' SSID), and then disable the extended SSID.

What country code are you in? Are you using any specific VLANs for client traffic versus the native VLAN or is it all flat?

Are you not seeing the IAP mesh points coming up at all, or you're just not seeing the wired traffic from the far side. An easy test would be to put the ethernet connection on the mesh point into a non-connected VLAN on the point's switch, along with another port in that same VLAN and put a laptop on that second port. You won't see any STP loop messages, etc because that non-connected VLAN on the mesh point side is not connected to anything except the laptop.

---

@jhoward wrote:

The main thing is to create some kind of SSID (that will get rid of the default 'Instant' SSID), and then disable the extended SSID.

 

What country code are you in? Are you using any specific VLANs for client traffic versus the native VLAN or is it all flat?

 

Are you not seeing the IAP mesh points coming up at all, or you're just not seeing the wired traffic from the far side. An easy test would be to put the ethernet connection on the mesh point into a non-connected VLAN on the point's switch, along with another port in that same VLAN and put a laptop on that second port. You won't see any STP loop messages, etc because that non-connected VLAN on the mesh point side is not connected to anything except the laptop.

---

Thanks for the quick response.

1) As stated, I already removed the default "instant" SSID and created a test SSID on the VC.  

2) The system never requested a country code when I first logged in.  These had been configured by a previous tech for testing, so I just reset the configs to default in the admin menu and created my own for testing.  

3) Since this is a test network, there are no VLANs, just a out-of-band POE switch for initial config, then a second OoB POE switch to test the wireless backhaul.  

4) As soon as I disconnected the 205 from the switch the 215 was plugged into, and connected it to the second OoB switch, the 205 disappeared from the VC on 215 and will not come up in the VC at all.

Not sure what's going on then, you might factory reset them both, it sounds like some other manual settings might be carrying forward and a fresh start would be good. But up to you if you want to go that far.

When you take the 205 to the other side, is that 205 getting an IP address from the wire? If so it won't bring up the mesh radio...so that could be it as well.

I still didn't see what country code you are in? Some countries don't allow 5Ghz at all so mesh would never work. If it's US, you are fine. 

What version of IAP are you on? There's been some tuning and improvement in the mesh point election as well that might be worth moving up to as well.

You might try to set the 215 manually as the VC master (it sounds like the 205 is the VC and if so, then it may not be coming up on the far side since it's not getting an IP address. 

So try first to bring them both back to the LAN switch that gives out IP addresses, then manually set the 215 as the VC Master, then take the 205 over to the other side. If that doesn't work, factory reset, put both on the same switch to get an IP address, bring up the VC and do your configuration again, then move the 205 over. 

When you take t

---

@jhoward wrote:

Not sure what's going on then, you might factory reset them both, it sounds like some other manual settings might be carrying forward and a fresh start would be good. But up to you if you want to go that far.

 

When you take the 205 to the other side, is that 205 getting an IP address from the wire? If so it won't bring up the mesh radio...so that could be it as well.

 

I still didn't see what country code you are in? Some countries don't allow 5Ghz at all so mesh would never work. If it's US, you are fine. 

 

What version of IAP are you on? There's been some tuning and improvement in the mesh point election as well that might be worth moving up to as well.

 

You might try to set the 215 manually as the VC master (it sounds like the 205 is the VC and if so, then it may not be coming up on the far side since it's not getting an IP address. 

 

So try first to bring them both back to the LAN switch that gives out IP addresses, then manually set the 215 as the VC Master, then take the 205 over to the other side. If that doesn't work, factory reset, put both on the same switch to get an IP address, bring up the VC and do your configuration again, then move the 205 over. 

 

When you take t

 

 

---

1) Regarding DHCP, I statically set the IPs of both so that after I moved them, they would still be on the same subnet.

2) I am in the US so 5GHz shouldn't be an issue.

3) The APs show 6.4.4.3 

4) I configured the 215 as the preferred VC, then booted the 205 and I was able to configure settings of the 205 via the VC site hosted on the 215.  

5) I will attempt a manual reset and try again.  FYI, the reason I am involved is the previous tech wasn't able to get this working either.  One thing I noted in the documentation is that different models require the exact same versions, so I will also check that as well.  

Roger that, I've never done static IPs, I can try middle of next week. it shouldn't matter but it's not anything I have visibility with or have ever tested. That should be Release 6.4.4.3-4.2.2.1 so it's new enough to work fine.

After working with support techs, the issue was identified as follows:

I was setting up the mesh points on an out-of-band prep area with PoE switches.  I had the VC and the points all on the same switch, so they were detected by the communication protocols, but over the switches and not wifi.  

After moving the points off that network and onto other remote PoE switches, they were acting as their own VCs for that network because the data port was enabled by default.  Even though it could not detect any other Aruba gear on the cable (as nothing else was plugged into the switch), it still tried to use the Eth port as the primary instead of attaching back to the original VC.  The solution was to disable data on the switchport and still allow it to be powered up via PoE, then allow it to connect to the VC over WiFi, then enable Eth bridging and re-enable the remote switch port.

The functionality of the Instant Mesh in this manner eliminates any ease of deployment in my scenario, especially on a higher-end scale.  I need to deploy hundreds of endpoints and this would require special configuration prep on every switch (OoB), then deploy the points to the remote switches, then reconfiguration of the switches on-site.  So my question becomes: can this work another way using controllers?  Or even if we had them would I have to utilize the same process?