Wireless Access

Reply
Highlighted
Contributor I

Re: Virtual Mobility Controller and IAP-VPN

Same problem here. Is there a certificate required to be deployed to the iaps? How would you do that by using Aruba Activate? Didn't found any rule which would fit for this requirement... Maybe we also need a 'crypto isakmp ca' installed on the vmc?

 

Any advice would be really helpful.

Highlighted
Occasional Contributor II

Re: Virtual Mobility Controller and IAP-VPN

Hi,

I was able to resolve without the certificate as follows:

 

1. Create a user and password on the internal base of the controller (Configuration > Authentication > Auth Servers > All Server > Internal > User + "user+password+role_authentication");


2. Create a "Shared Secrets" in VPN Services (Configuration > Services > VPN > Shared Secrets > IKE Shared Secrets + Subnet:0.0.0.0 | Subnet mask: 0.0.0.0 | Representation type: Text-based | "password");


3. Converter the IAP to CAP mode (Can not IAP Mode Converter to RAP Directly);


4. With the AP converted to CAP mode on the controller, RAP mode converter by placing as user information + IKE_PSK_Shared_Secrets (Configuration > Access Points > Campus APs > "Select AP Campus" > Provision > Remote_AP_Yes> Remote AP Authentication Method: "Pre-shared Key").

 

 

Highlighted
Contributor I

Re: Virtual Mobility Controller and IAP-VPN

Thanks @apaiva for your detailed workaround. But the custumor would require a solution which scales better to deploy muliple batches of IAPs for IAP-VPN.

Highlighted
Occasional Contributor II

Re: Virtual Mobility Controller and IAP-VPN

  1. With this Virtual solution is suffering a lot .... Unfortunately I could only solve it that way. You can even batch convert IAP (cluster) to CAP, but CAP to RAP only individually.

     

     

  2. I have two open cases for virtual contoller:

    1. About Fallback mode for Wired ports (model IAP-205H and IAP-303H). Where LAN ports do not navigate in fallback mode;

    2. Navigation  problem when tunnel mode, when using ports aggregations in vmware.

Suddenly, somebody can help me! :)

Highlighted
MVP Guru Elite

Re: Virtual Mobility Controller and IAP-VPN


@apaiva wrote:
  1. With this Virtual solution is suffering a lot .... Unfortunately I could only solve it that way. You can even batch convert IAP (cluster) to CAP, but CAP to RAP only individually.

     

     

  2. I have two open cases for virtual contoller:

    1. About Fallback mode for Wired ports (model IAP-205H and IAP-303H). Where LAN ports do not navigate in fallback mode;

     

    2. Navigation  problem when tunnel mode, when using ports aggregations in vmware.

Suddenly, somebody can help me! :)


For 2.2 (vmware), it is no a MTU issue ?

 

And yes, if you are using RAP, it is better to use hardware controller...



PowerArubaSW: Powershell Module to use Aruba Switch API for Vlan, VlanPorts, LACP, LLDP... More info

PowerArubaCP: Powershell Module to use ClearPass API (create NAD, Guest...) More info

PowerArubaCX: Powershell Module to use ArubaCX API (get interface/vlan/ports info)

PowerArubaIAP: Powershell Module to use Aruba Instant AP

PowerArubaMC: Powershell Module to use Mobility Controller / Master


ACMP 6.4 / ACMX #107 / ACCP 6.5 / ACSP
Highlighted
Occasional Contributor II

Re: Virtual Mobility Controller and IAP-VPN

Hi @alagoutte

 

This MTU in the Conotroller configuration and vmware has already been adjusted by support Aruba

Aruba:
Configuration> AP Groups> "MyGroup"> Profile> AP> AP System> "RAP MTU" and "SAP MTU". Unsuccessfully.

vmware:
Edit Advanced vSphere Distributed Switch Settings

Procedure:
1. Log in to the vSphere Client and select the Networking inventory view;
2. Right-click the vSphere distributed switch in the inventory pane, and select Edit Settings;

3. Select Advanced to edit the following vSphere distributed switch settings.
Unsuccessfully.

 

Thanks for the sugestion.

Regarding RAP, we can not buy hardware. No way.

Highlighted
MVP Guru Elite

Re: Virtual Mobility Controller and IAP-VPN

Where the port aggregation is used ?



PowerArubaSW: Powershell Module to use Aruba Switch API for Vlan, VlanPorts, LACP, LLDP... More info

PowerArubaCP: Powershell Module to use ClearPass API (create NAD, Guest...) More info

PowerArubaCX: Powershell Module to use ArubaCX API (get interface/vlan/ports info)

PowerArubaIAP: Powershell Module to use Aruba Instant AP

PowerArubaMC: Powershell Module to use Mobility Controller / Master


ACMP 6.4 / ACMX #107 / ACCP 6.5 / ACSP
Highlighted
Occasional Contributor II

Re: Virtual Mobility Controller and IAP-VPN

Hi @alagoutte,

 

In the Controller there are no aggregated ports, we are only using the ge-0/0/0 interface. This aggregation is performed on the physical ports of the blade server (v-switch) where it has an internal v-switch to the network core switch (which has aggregation and vlan trunk all). Isolation has already been performed using only 1 v-switch interface, but the problem has not been solved.

In this same client, there is a server with vmware (which is not a blade) where we perform the same settings restore (of that ArubaOS that is in trouble) and it works normally, without problem in the navigation of the device.

 

att,

apaiva

Highlighted
MVP Guru Elite

Re: Virtual Mobility Controller and IAP-VPN

Ok, it is very specific... need to see with TAC



PowerArubaSW: Powershell Module to use Aruba Switch API for Vlan, VlanPorts, LACP, LLDP... More info

PowerArubaCP: Powershell Module to use ClearPass API (create NAD, Guest...) More info

PowerArubaCX: Powershell Module to use ArubaCX API (get interface/vlan/ports info)

PowerArubaIAP: Powershell Module to use Aruba Instant AP

PowerArubaMC: Powershell Module to use Mobility Controller / Master


ACMP 6.4 / ACMX #107 / ACCP 6.5 / ACSP
Highlighted
Contributor II

Re: Virtual Mobility Controller and IAP-VPN

Is there any other way to set up the VPN that deploying certificates with Activate? Can be the certificates deployed with Airwave on RW mode? Is it mandatory to use Activate?

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: