Wireless Access

Reply
Regular Contributor I

Configure Controllers from 1 Location and move to a different Location

Hello,

 

We are an internatinal company and we are designing to have 2 Mobility Masters and then 2 Local controllers at each site/location.  Each location has a different Network Address Scheme; hence the Wireless VLan IP addresses are different at each site.

 

I have already deployed 3 different sites(2 local controlelrs at each site).

 

I have been challenged with configuring as much as I can for another 3 remote site locations (2 local controllers each site) from the main headquarters location.  Then to ship the local controllers to their destinations (will requitre a different local controller IP address and then setup the remaining configurations while at that location.  

 

In order to keep the local configuration standardized I think it would be best to setup the local controllers to synch with the MM with the "PSKwithIP" option.  Aruba support has stated that they prefer this option over PSK with MAC address.  Otherwise I will have 3 sites with "PSKwithIP" and another 3 with "PSKwithMAC".

 

My questions are

 

1).  Is using PSKwithIP to initiallyu connect to the MM and then changing the Local controller's local IP address a good idea?  Or should I use the PSKwithMAC option?

 

2.  I will write up the basics if my idea to accomlilsh this and I would like feedback regrding if that is a good plan?

 

Keep in mind that a Man. Device Cluster cannot be created on the Managed Network Group level until the final destination/production IP addresses are in place.  Nor can the local MD VRRP configurations be made until the final/production IP addresses are in place.

 

 

Highlighted
Regular Contributor I

Re: Configure Controllers from 1 Location and move to a different Location

My plan is summarized below:

 

1.  Connect each new local with a temporary IP address when at the HQ Site.  

     a.  Update the version of the MD operating system and join the MD's to the Mobility masters.

 

2.  Create the appropriate MD-Groups below the Manged Network section.

     a.  Then synch up the the MD's to the Mobilty Master and then afdd each MD to the final destination MD Group.

     b. The Host name will not change but the IP address will eventualy change.

 

3.  After verifying that the communication works between the new MDs and the Mobility Masters and the licenging is up to date on the Mobility Master I will remove the Local Controllers from the Mobility Master's configuration (Web UI - MM - Configuration - Controllers - Delete the MD).

 

4.  That should stop communication/synchronization from the mobility Master and those specific MDs.

     a.  At that point the Aruba Web User Interface will display the MAC address of those controlelrs from the Group Level.

 

5.  Then ship the controllers to their destination and when I arrive at that destination, I will need to logon locally to the MD from the command line.

    a.  I will need to perform a local-confg enable<Enter>.

    b.  Then make configuration changes to the controller's local IP address.

    c.  The make cahnges to the controller's ip-default gateway.

 

6.  Then connect the local controller and make sure it is accessble on the local network.

 

7.  Then add the IP-Based IP Sec Key on the MM for the controller's new IP address.  The PSK will remain the same as what it was before.

Guru Elite

Re: Configure Controllers from 1 Location and move to a different Location

My opinion:

 

You can:

- Setup the controller as a standalone controller with temporary ip address, etc at the HQ site using the console.  Reboot.

- Upgrade the ArubaOS code using a usb key plugged into the controller

("dir usb: partition 1" to see the contents of your USB key plugged into the controller.  "copy usb: partition 1 ArubaOS_blahblah system: partition 0")

- Wait for the upgrade to finish successfully.

- Do a write erase all, then type "halt" so that the controller shuts down.

- Ship the Controller to the new site

- Go through the Wizard on the console with the correct ip address/subnet mask/default gateway/PSK with ip, I guess

- Reboot and it should connect to your MM.

- If you don't have the mac address already in the MM, it will be "parked".  (type "show switches debug" on the MM to verify that it has connected to the MM with "UNK" ) on the MM where you can whitelist by mac address and it will move it into the destination folder you specify with a reboot.

- ***Don't use local configuration****  It is only for a last resort and just complicates your configuration.


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars
Regular Contributor I

Re: Configure Controllers from 1 Location and move to a different Location

I have 1 quesitons about your reply.

 

1).  When will I type 'halt' after the write-erase?  Immidately after the 'Enter' trigger for the write erase?

       a. Or wIll I be prompted to type halt?

       b. WiIl I need to hit the enter key right away after I type 'halt'?

       c. I would hate to type halt and then ship the unit to teh destinatin and the controller does not respond at all.

 

2).  If I use local-config enable<enter> to change the IP address of the controller will I be able to change the IP address later from the MM side?

 

Or will I need to change the IP address on the local controller by using the local-config enable command in the future?

Guru Elite

Re: Configure Controllers from 1 Location and move to a different Location

1.  You can type "halt" after write erase.  Halt will tell you when you can shut down the controller after.  This is to make sure it shuts down properly.

2.  If the ip address of the controller is not specified in the global config, the controller will take the ip address from the startup wizard and it will "stick".  When you first provision the controller as a standalone, the ip address does not matter, because you are upgrading the AOS code using the usb and you are typing "write erase all" after.  You might ask, why not put the ip address and PSK in when upgrading the code and make it an MD? You can certainly try that.  The global configuration can certainly override the ip address later when the MD connects to the MM, but it is risky.  I would rather program the ip address of the MD with the startup wizard so that there are no issues, and I don't have to use local-config to rescue it, which can be a pain.


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars
Regular Contributor I

Re: Configure Controllers from 1 Location and move to a different Location

OK,

 

1).  What if I just type >write erase<enter> insterad of write erase all<enter>?

      a.  Then, when prompted type >halt<enter> ?

 

That way I can setup local database user accounts early on and not have t re-enter them when I am on-site.

 

2).  For argument, when you use local-config enable and change a configuration, does that prevent any future configuration changes for that area to come from the MM?  Is that one of the ways it is more confusing? 

 

3).  You mentined the 'Global Configuration' and that it can overide the local configuration.  Do you mean the configurations that are propagated dwon to the MD when the MM are synched up to each other?

 

 

Regular Contributor I

Re: Configure Controllers from 1 Location and move to a different Location

OK, my new plan is summarized below.  Thank you Cjoseph for your input and ideas:

 

1. Connect each new local with a temporary IP address when at the HQ Site.
a. Update the version of the MD operating system and join the MD's to the Mobility masters.

 

2. Create the appropriate MD-Groups below the Manged Network section.
a. Then synch up the the MD's to the Mobilty Master and then add each MD to the final destination MD Group.
b. The Hostname will not change but the IP address will eventualy change.

 

3. After verifying that the communication works between the new MDs and the Mobility Masters and the licenging is up to date on the Mobility Master I will remove the Local Controllers from the Mobility Master's configuration.
a. Navigate to Web UI - MM - Configuration - Controllers - Delete the MD.


4. Then, I will execute>wite erase<enter> from the local controllers that weill need ot be shipped elswhere.
a. Then execute >halt<enter> for each controller.
b. This will power off the controller.

 

5. Then ship the controllers to their destination and when I arrive at that destination, I will need to logon locally to the MD from the console port.
a. Proceed to enter the new full-setup information.
b. verify that the local controllers is correctly on the network.


6. Then navigate to the MM's Web UI - MM - Configuration - Controllers and add the new controllers IPsec tunnel information.
a. The MM will try to synch up with the local controllers and propagate the configurations that were in place earlier.


7. Test, test and test.
a. Restart the controllers and verify that everthing is working as expected.

Guru Elite

Re: Configure Controllers from 1 Location and move to a different Location

You are not saving any time staging the controller at HQ.  Most of the time will be consumed by reboots.  You might as well just do it once at the destination, really.  "write erase all" means that you will have to do everything over again, anyways.  Just do it once at the destination (bring up MD, point it to MM, upgrade code, done).

 


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars
Regular Contributor I

Re: Configure Controllers from 1 Location and move to a different Location

Well a lot of configuration can be entered from the MM side to the Local Controller after they are placed in the Managed Device Group from the MM Web UI.  When we get to the destination location our time is limited every day because of security reasons.  We want to have as much of the little things already configured on the MM side.  Then when the MD re-synchs back up it wll download those configurations.  Our time will be limited.

 

The only quesiton that I have now is.

 

1.)  Is the process above basically the same as if one connects an MD to the Mobility Master.  Then removes the MD from the MM IP Sec configuration from both sides (MD and MM) and then re-adds the MD to the MM configuration (on both devices) after a write erase of the MD? 

 

We needed to do that at another remote site becuase of communication issues and removing the IP Sec tunnel from both the MD and the MM and trying a different IP Sec key worked.  I think it is the same thing.  Hopefully...

Guru Elite

Re: Configure Controllers from 1 Location and move to a different Location

The majority of the configuration can be entered at the group (folder) level before the controller even joins.  The rest can be entered after the controller joins (specific ip addresses of vlans, for example).  When you join a controller with a PSK, the controller is listed as "UNK" until you add the controller's wired mac address to a specific folder.  When it is added via it's wired mac address to a folder, the controller will get all the configuration in that folder.  You can then navigate to the controller in the folder structure and configure specific ip addresses and even port configuration.  That configuration will then get pushed to the controller.  The ip address, subnet mask and default gateway that you assign to a controller using the console setup is automatically added to the controller's configuration and you don't need to re-configure that on the MM after the controller is joined.  You would just have to "cd" to the controller's folder on the MM to add all of the other port/ip address configuration for the controller.

 

There is no real advantage to pre-staging a controller.  You should just do it onsite.


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: