I needed to replace a rather old indoor MSM point-point mesh deployment. It has served faultlessly for nearly a decade, linking one end of the house to the other. However, the time has come, along with some otherwise unused APs. The existing Aruba wireless environment was recently migrated from 6.x to 8.5.
The documentation for mesh with AOS8.5 was somewhat sparse without many examples, which prompted this post.
Preparation
- You should already have a working 8.x environment.
- Mobility Master + physical controller is suggested, but not a requirement.
- Enable "Show advanced profiles" in the MM GUI: Admin | Preferences
- All the examples here are based on AOS 8.5.
- Two supported access points. Check the release notes - some of the older ones are not supported in later versions of 8.x.
Appropriate antennae, mounts, etc. I have used two APs with built-in omni-directional antennae, but for point-point links, focussed antennae would be a better option. - Have the manual ready for reference (you should probably read it too...) https://h20628.www2.hp.com/km-ext/kmcsdirect/emr_na-a00072769en_us-1.pdf
Don't forget the new AP387 point to point APs using 802.11ad 60GHz for outdoor links!
Topology
I have built a point to point link, aka wireless bridge. It carries multiple VLANs as shown below.
- Mesh portal - at the centre of the network (near end)
- Mesh point - connects to the mesh portal to establish the wireless bridge (far end)
Configuration
Mesh Group
Create a new Group that will contain your mesh APs. This will give you control on all the settings relevant to the mesh link, and what to do with otherwise unused radios. I created one called BV-Mesh to distinguish it from the existing BV group.
Initial config changes under Radio were:
- 2.4GHz --> spectrum mode
- 5GHz remains in AP mode
Mesh Cluster Profile
Configured under Managed Network | Configuration | System | Profiles | Mesh | Mesh Cluster
Create a new profile rather than using the default.
Mesh High-throughput Profile
Whilst you are there, create a new high-throughput profile. It looks like almost everything is enabled in the default profiel anyway, but it is good practice to leave the default profiles alone and create new ones so they can be modified.
Wired AP Profile
This one is specifically required to set the untagged VLAN on the AP ethernet port. If you don't have this set correctly, tagged VLAN traffic will communicate fine, but the untagged/native/PVID traffic will probably not work.
Create a new Wired AP profile, eg MeshWiredPort: System | Profiles | AP | Wired AP
For my network, VLAN 148 is the relevant VLAN for managed APs. I have allowed all VLANs; you may want to designate specific VLANs.
Mesh Group Profiles
Go back to the mesh group, and check the new profiles just created.
Add the new mesh cluster profile
Under profiles (make sure advanced profiles is enabled), select the previously created profiles
- Mesh | Mesh Cluster
- Mesh | Mesh Radio | Mesh High-throughour SSID
- AP | Ethernet interface 0 port config | Wired AP
Add APs
Do the initial provisioning with the AP connected to the local network, and relocate the end point after testing.
- Get the AP managed by the controller first as a regular AP
- The first AP will be the near end mesh portal. Provision it as mesh and select Mesh portal
- The second AP will be the far end mesh point. Provision it as mesh and select Mesh point
Switch Port Configuration
Controller-based APs will normally tunnel 802.11 frames back to the controller and therefore only need a single untagged VLAN. However, a mesh AP is more than likely going to require multiple VLANs to carry them over the wireless bridge.
You can tag all the required VLANs to the port, or you can enable GVRP/MVRP and let that auto-tag them. I have tested with GVRP auto-tagging the mesh link (MVRP should work the same way).
Using device-profile and GVRP/MVRP may be the simplest way to enable a switch to support regular APs and mesh APs.
Near switch with mesh portal connected (5406)
interface B11
name "AOS8 Mesh AP"
poe-lldp-detect enabled
untagged vlan 148
spanning-tree root-guard
exit
Far switch with mesh point connected (2915)
interface 1
name "AOS8 mesh AP"
unknown-vlans block
power-over-ethernet critical
untagged vlan 148
loop-protect
exit
GVRP is enabled at both ends, so this is what I see on the port at the far end. "Auto" in the second command output indicates the VLAN was automatically added by GVRP/MVRP.
bvtv09(config)# sh vlans ports 1 detail
Status and Counters - VLAN Information - for ports 1
Port name: AOS8 mesh AP
VLAN ID Name | Status Voice Jumbo Mode
------- -------------------- + ---------- ----- ----- --------
1 Management | Port-based No No Tagged
100 BV-Main | Port-based No No Tagged
145 Aruba controlled ... | Port-based No No Tagged
148 Aruba AOS8 Contro... | Port-based No Yes Untagged
bvtv09(config)# sh vlans 145
Status and Counters - VLAN Information - VLAN 145
VLAN ID : 145
Name : Aruba controlled family
Status : Port-based
Voice : No
Jumbo : No
Port Information Mode Unknown VLAN Status
---------------- -------- ------------ ----------
1 Auto Block Up
10 Untagged Learn Down
Post Deployment
Two APs should now be configured under Mesh APs
From the dashboard, you can see the mesh APs too. This is the mesh portal view
Extra Info from CLI
(bvmm01-vm) [mynode] #cd
/
/md
/md/BV
/md/WGA
/mm
/mm/mynode
BV7005 Alias for /md/BV/00:0b:86:be:8d:e8
bvmc01-vm Alias for /md/BV/00:0c:29:2d:ef:11
<node-path> Path of config node
(bvmm01-vm) [mynode] #cd bv7005
(bvmm01-vm) [00:0b:86:be:8d:e8] #mdc
Redirecting to Managed Device Shell
(BV7005) [MDC] *#show ap mesh
active Show mesh cluster APs currently registered on this switch
debug Show Mesh debugging information
neighbors show all MESH neighbors
tech-support Display all information for an AP
topology Show mesh tree
(BV7005) [MDC] *#show ap mesh active
Mesh Cluster Name: Mesh-BV
--------------------------
Name Group IP Address BSSID Band/Ch/EIRP/MaxEIRP MTU Enet Ports Mesh Role Parent #Children AP Type Uptime
---- ----- ---------- ----- -------------------- --- ---------- --------- ------ --------- ------- ------
Mesh-AP205_03 BV-Mesh 172.20.148.106 f0:5c:19:f5:f6:11 802.11a/104E/15.0/25.0 Bridge Point Mesh-AP215_03 0 205 8h:49m:7s
Mesh-AP215_03 BV-Mesh 172.20.148.107 f0:5c:19:8c:4c:11 802.11a/104E/21.0/28.7 1578 - Portal - 1 215 9h:15m:25s
Total APs :2
(BV7005) [MDC] *#show ap mesh topology
Mesh Cluster Name: Mesh-BV
--------------------------
Name Mesh Role Parent Path Cost Node Cost Link Cost Hop Count RSSI Rate Tx/Rx Last Update Uplink Age #Children
---- --------- ------ --------- --------- --------- --------- ---- ---------- ----------- ---------- ---------
Mesh-AP205_03 Point (AC) Mesh-AP215_03 1 0 0 1 44 6/866 4m:54s 8h:43m:52s 0
Mesh-AP215_03 Portal (AC) - 0 1 0 0 0 - 5m:35s 9h:15m:39s 1
Total APs :2
(R): Recovery AP. (N): 11N Enabled. (AC): 11AC Enabled. For Portals 'Uplink Age' equals uptime.
(BV7005) [MDC] *#show ap mesh neighbors ap-name Mesh-AP205_03
Neighbor list
-------------
MAC Portal Channel Age Hops Cost Relation Flags RSSI Rate Tx/Rx A-Req A-Resp A-Fail HT-Details Cluster ID
--- ------ ------- --- ---- ---- ----------------- ----- ---- ---------- ----- ------ ------ ---------- ----------
f0:5c:19:8c:4c:11 Yes 104E 0 0 1.00 P 8h:46m:14s VLK 43 650/780 3 3 0 VHT-80MHzsgi-3ss Mesh-BV
Total count: 1, Children: 0
Relation: P = Parent; C = Child; N = Neighbor; B = Blacklisted-neighbor
Flags: R = Recovery-mode; S = Sub-threshold link; D = Reselection backoff; F = Auth-failure; H = High Throughput; V = Very High Throughput, E= High efficient, L = Legacy allowed
K = Connected; U = Upgrading; G = Descendant-upgrading; Z = Config pending; Y = Assoc-resp/Auth pending
a = SAE Accepted; b = SAE Blacklisted-neighbour; e = SAE Enabled; u = portal-unreachable; o = opensystem