Wireless Access

Reply
Aruba Employee

Howto: Point-to-Point Mesh on AOS 8.5

I needed to replace a rather old indoor MSM point-point mesh deployment. It has served faultlessly for nearly a decade, linking one end of the house to the other. However, the time has come, along with some otherwise unused APs. The existing Aruba wireless environment was recently migrated from 6.x to 8.5.
The documentation for mesh with AOS8.5 was somewhat sparse without many examples, which prompted this post.

 

Preparation

  • You should already have a working 8.x environment.
  • Mobility Master + physical controller is suggested, but not a requirement.
  • Enable "Show advanced profiles" in the MM GUI: Admin | Preferences

    Show advanced prefs.png

     

  • All the examples here are based on AOS 8.5.
  • Two supported access points. Check the release notes - some of the older ones are not supported in later versions of 8.x.
    Appropriate antennae, mounts, etc. I have used two APs with built-in omni-directional antennae, but for point-point links, focussed antennae would be a better option.
  • Have the manual ready for reference (you should probably read it too...) https://h20628.www2.hp.com/km-ext/kmcsdirect/emr_na-a00072769en_us-1.pdf

 

Don't forget the new AP387 point to point APs using 802.11ad 60GHz for outdoor links!

AP-387.png

 

 

Topology
I have built a point to point link, aka wireless bridge. It carries multiple VLANs as shown below.

point to point.png

  • Mesh portal - at the centre of the network (near end)
  • Mesh point - connects to the mesh portal to establish the wireless bridge (far end)

Configuration
Mesh Group
Create a new Group that will contain your mesh APs. This will give you control on all the settings relevant to the mesh link, and what to do with otherwise unused radios. I created one called BV-Mesh to distinguish it from the existing BV group.

Mesh AP group.png
Initial config changes under Radio were:

  • 2.4GHz --> spectrum mode
  • 5GHz remains in AP mode

Mesh Cluster Profile
Configured under Managed Network | Configuration | System | Profiles | Mesh | Mesh Cluster
Create a new profile rather than using the default.

Mesh cluster profile.png

 

Mesh High-throughput Profile
Whilst you are there, create a new high-throughput profile. It looks like almost everything is enabled in the default profiel anyway, but it is good practice to leave the default profiles alone and create new ones so they can be modified.

Mesh high-throughput profile.png

 

Wired AP Profile
This one is specifically required to set the untagged VLAN on the AP ethernet port. If you don't have this set correctly, tagged VLAN traffic will communicate fine, but the untagged/native/PVID traffic will probably not work.
Create a new Wired AP profile, eg MeshWiredPort: System | Profiles | AP | Wired AP

Mesh WiredAP profile.png

 

For my network, VLAN 148 is the relevant VLAN for managed APs. I have allowed all VLANs; you may want to designate specific VLANs.

 

Mesh Group Profiles
Go back to the mesh group, and check the new profiles just created.
Add the new mesh cluster profile

Under profiles (make sure advanced profiles is enabled), select the previously created profiles

  • Mesh | Mesh Cluster
  • Mesh | Mesh Radio | Mesh High-throughour SSID
  • AP | Ethernet interface 0 port config | Wired AP

Mesh add cluster profile.png

 

Add APs
Do the initial provisioning with the AP connected to the local network, and relocate the end point after testing.

 

  • Get the AP managed by the controller first as a regular AP
  • The first AP will be the near end mesh portal. Provision it as mesh and select Mesh portal

    Mesh portal AP provision.png

     

  • The second AP will be the far end mesh point. Provision it as mesh and select Mesh point

 

Switch Port Configuration
Controller-based APs will normally tunnel 802.11 frames back to the controller and therefore only need a single untagged VLAN. However, a mesh AP is more than likely going to require multiple VLANs to carry them over the wireless bridge.


You can tag all the required VLANs to the port, or you can enable GVRP/MVRP and let that auto-tag them. I have tested with GVRP auto-tagging the mesh link (MVRP should work the same way).


Using device-profile and GVRP/MVRP may be the simplest way to enable a switch to support regular APs and mesh APs.

 

Near switch with mesh portal connected (5406)

interface B11
   name "AOS8 Mesh AP"
   poe-lldp-detect enabled
   untagged vlan 148
   spanning-tree root-guard
   exit

Far switch with mesh point connected (2915)

interface 1
   name "AOS8 mesh AP"
   unknown-vlans block
   power-over-ethernet critical
   untagged vlan 148
   loop-protect
   exit

GVRP is enabled at both ends, so this is what I see on the port at the far end. "Auto" in the second command output indicates the VLAN was automatically added by GVRP/MVRP.

bvtv09(config)# sh vlans ports 1 detail

 Status and Counters - VLAN Information - for ports 1

  Port name: AOS8 mesh AP
  VLAN ID Name                 | Status     Voice Jumbo Mode
  ------- -------------------- + ---------- ----- ----- --------
  1       Management           | Port-based No    No    Tagged
  100     BV-Main              | Port-based No    No    Tagged
  145     Aruba controlled ... | Port-based No    No    Tagged
  148     Aruba AOS8 Contro... | Port-based No    Yes   Untagged


bvtv09(config)# sh vlans 145

 Status and Counters - VLAN Information - VLAN 145

  VLAN ID : 145
  Name : Aruba controlled family
  Status : Port-based
  Voice : No
  Jumbo : No

  Port Information Mode     Unknown VLAN Status
  ---------------- -------- ------------ ----------
  1                Auto     Block        Up
  10               Untagged Learn        Down

 

Post Deployment
Two APs should now be configured under Mesh APs

Mesh APs list.png

 

From the dashboard, you can see the mesh APs too. This is the mesh portal view

Mesh portal AP215 dashboard.png

 

Extra Info from CLI

(bvmm01-vm) [mynode] #cd
/
/md
/md/BV
/md/WGA
/mm
/mm/mynode
BV7005                  Alias for /md/BV/00:0b:86:be:8d:e8
bvmc01-vm               Alias for /md/BV/00:0c:29:2d:ef:11
<node-path>             Path of config node

(bvmm01-vm) [mynode] #cd bv7005
(bvmm01-vm) [00:0b:86:be:8d:e8] #mdc


 Redirecting to Managed Device Shell

(BV7005) [MDC] *#show ap mesh
active                  Show mesh cluster APs currently registered on this switch
debug                   Show Mesh debugging information
neighbors               show all MESH neighbors
tech-support            Display all information for an AP
topology                Show mesh tree

(BV7005) [MDC] *#show ap mesh active

Mesh Cluster Name: Mesh-BV
--------------------------
Name           Group    IP Address      BSSID              Band/Ch/EIRP/MaxEIRP    MTU   Enet Ports  Mesh Role  Parent         #Children  AP Type  Uptime
----           -----    ----------      -----              --------------------    ---   ----------  ---------  ------         ---------  -------  ------
Mesh-AP205_03  BV-Mesh  172.20.148.106  f0:5c:19:f5:f6:11  802.11a/104E/15.0/25.0        Bridge      Point      Mesh-AP215_03  0          205      8h:49m:7s
Mesh-AP215_03  BV-Mesh  172.20.148.107  f0:5c:19:8c:4c:11  802.11a/104E/21.0/28.7  1578  -           Portal     -              1          215      9h:15m:25s

Total APs :2
(BV7005) [MDC] *#show ap mesh topology

Mesh Cluster Name: Mesh-BV
--------------------------
Name           Mesh Role    Parent         Path Cost  Node Cost  Link Cost  Hop Count  RSSI  Rate Tx/Rx  Last Update  Uplink Age  #Children
----           ---------    ------         ---------  ---------  ---------  ---------  ----  ----------  -----------  ----------  ---------
Mesh-AP205_03  Point (AC)   Mesh-AP215_03  1          0          0          1          44    6/866       4m:54s       8h:43m:52s  0
Mesh-AP215_03  Portal (AC)  -              0          1          0          0          0     -           5m:35s       9h:15m:39s  1

Total APs :2
(R): Recovery AP. (N): 11N Enabled. (AC): 11AC Enabled. For Portals 'Uplink Age' equals uptime.

(BV7005) [MDC] *#show ap mesh neighbors ap-name Mesh-AP205_03

Neighbor list
-------------
MAC                Portal  Channel  Age  Hops  Cost  Relation                 Flags  RSSI  Rate Tx/Rx  A-Req  A-Resp  A-Fail  HT-Details        Cluster ID
---                ------  -------  ---  ----  ----  -----------------        -----  ----  ----------  -----  ------  ------  ----------        ----------
f0:5c:19:8c:4c:11  Yes     104E     0    0     1.00  P 8h:46m:14s             VLK    43    650/780     3      3       0       VHT-80MHzsgi-3ss  Mesh-BV

Total count: 1, Children: 0
Relation: P = Parent; C = Child; N = Neighbor; B = Blacklisted-neighbor
Flags: R = Recovery-mode; S = Sub-threshold link; D = Reselection backoff; F = Auth-failure; H = High Throughput; V = Very High Throughput, E= High efficient, L = Legacy allowed
        K = Connected; U = Upgrading; G = Descendant-upgrading; Z = Config pending; Y = Assoc-resp/Auth pending
        a = SAE Accepted; b = SAE Blacklisted-neighbour; e = SAE Enabled; u = portal-unreachable; o = opensystem

 



Richard Litchfield, HPE Aruba
Consulting System Engineer
Network Ambassador
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: