Wireless Access

Contributor I

a first rap, but not as we know it



My questions are summerized below, but first some context.

The company has a private wan (mpls/vpn), 12 remote sites, with classic routing enabled.

In the HQ site we have a campus wifi that works, dot1x, controller is w620 with OS 6.1. All servers and data live in HQ, as well as internet breakout for the whole group. Remote user profile is both TerminalServer grunts, as well as Laptop Aristocrats.


All private wan traffic traverses an ASA, there are appropriate nat exempts and acl's  in place. It's pretty much ip any to any, with the exception of surveillance cams, remote viewing of which i block. All wired IP devices work fine. There is an A-record for the arubacontroller, and it is reachable from all subnets.


I built a first configuration for a remote sites : dhcp policy & user policy & src-nat rolled into a user role, that user role connected to a dedicated AAA profile, and in the VAP area I selected split tunneling. I did this with the manual on my lap, I ommitted the sip policy but other than that I pretty much followed the recipe.


Now I'm sitting a the remote site typing this, I have access to the W620 config pages, and I'm looking at the boot process of the AP using putty.

I can see the AP getting an IP & GW (and I assume dns settings coz my laptop did) from the resident dhcpserver, then it proceeds to "Running ADP". After a while it prints "cat  /tmp/master no such file or directory" and proceeds to reboot, ad infinitum. Purge+save+reset yields no improvement.


Yesterday at HQ, when I provisioned the ap to this remote vap, it showed up in the provisioning table in. Now it is missing.


Questions :

1. Since classic routing is working, why doesn't the AP show up in my provisioning table ?

2. My remote Aristocrats will receive an IP in the same vlan as my campus Aristocrats, right ? So I don't need to define a separate ip range for the remote wifivlan ?

3. I don't need vpn policies right ?

4. Are my remote accesspoints RAP's from a licence perspective or CAP's? If the latter is true, then my 620 is sorely undersized.

5. The whole aruba config oozes object orientation : reuse of proven settings, inheritance, collections etc. But yesterday I realised I can't have the same private and public SSID's across the WAN, and I'll have to instruct the laptop guys to configure their laptops per SSID they come across. I had hoped to configure their laptops once in HQ, and they would autoconnect when walking into a remote site, using the same dot1x settings. Am I mistaken ?




thx !




Contributor I

Re: a first rap, but not as we know it

Update : hardcoding the ip address of the controller in de provision page works, now the AP boots, shows up in de provisioning table with the remote ip address.


That table shows " Inactive " though for the AP concerned, and inssider confirms no radio is active.




thx for any advice.




Search Airheads
Showing results for 
Search instead for 
Did you mean: