Wireless Access

• VMC on ESXi (VMC_8.10.0.10_89128)
• An IAP access-point (AOS 8.10.0.10_89128)
• A Fortigate Firewall passing all traffic, basically acting as a router only.
• Fortigate acting as a DHCP server

In my first setup (below), I had a factory default AP, the AP kept failing when I hit the convert to Campus AP button.  When reviewing the logs from the AP the common theme was "Authentication failures (IKEv2). 

I pivoted and placed the AP directly into the VMC subnet, as depicted below. I observed the network being quite unstable for a while. When trying to log into the VMC some menus looked strange The maintenance and diagnostics menu were repeated over and over again. I reviewed the logs and I found KERNEL logs of the Access-point with the interface that flapped a whole bunch of times.

Eventually the Access-point appeared within the Controller, but I have no idea how and why. I think I followed the manuals appropriately, but it would be great if someone can point me to the do's and don'ts of onboarding access-points into a virtual controller. The youtube videos weren't enough for me at least :)

------------------------------
Martijn van Overbeek
Architect, Netcraftsmen a BlueAlly Company
------------------------------

Sounds like the deployment of the VMC isn't correct, make sure to follow all of the instructions in the Virtual Appliance Installation Guide.

Of particular importance is getting the security settings on the vSwitch correct.

• VMC on ESXi (VMC_8.10.0.10_89128)
• An IAP access-point (AOS 8.10.0.10_89128)
• A Fortigate Firewall passing all traffic, basically acting as a router only.
• Fortigate acting as a DHCP server

In my first setup (below), I had a factory default AP, the AP kept failing when I hit the convert to Campus AP button.  When reviewing the logs from the AP the common theme was "Authentication failures (IKEv2). 

I pivoted and placed the AP directly into the VMC subnet, as depicted below. I observed the network being quite unstable for a while. When trying to log into the VMC some menus looked strange The maintenance and diagnostics menu were repeated over and over again. I reviewed the logs and I found KERNEL logs of the Access-point with the interface that flapped a whole bunch of times.

Eventually the Access-point appeared within the Controller, but I have no idea how and why. I think I followed the manuals appropriately, but it would be great if someone can point me to the do's and don'ts of onboarding access-points into a virtual controller. The youtube videos weren't enough for me at least :)

------------------------------
Martijn van Overbeek
Architect, Netcraftsmen a BlueAlly Company
------------------------------

I double checked the settings, my port-group is set with the correct security settings. The only thing I found with my setup that was different from the manual was the removal of the unused disk. I changed that.

Sounds like the deployment of the VMC isn't correct, make sure to follow all of the instructions in the Virtual Appliance Installation Guide.

Of particular importance is getting the security settings on the vSwitch correct.

• VMC on ESXi (VMC_8.10.0.10_89128)
• An IAP access-point (AOS 8.10.0.10_89128)
• A Fortigate Firewall passing all traffic, basically acting as a router only.
• Fortigate acting as a DHCP server

In my first setup (below), I had a factory default AP, the AP kept failing when I hit the convert to Campus AP button.  When reviewing the logs from the AP the common theme was "Authentication failures (IKEv2). 

I pivoted and placed the AP directly into the VMC subnet, as depicted below. I observed the network being quite unstable for a while. When trying to log into the VMC some menus looked strange The maintenance and diagnostics menu were repeated over and over again. I reviewed the logs and I found KERNEL logs of the Access-point with the interface that flapped a whole bunch of times.

Eventually the Access-point appeared within the Controller, but I have no idea how and why. I think I followed the manuals appropriately, but it would be great if someone can point me to the do's and don'ts of onboarding access-points into a virtual controller. The youtube videos weren't enough for me at least :)

------------------------------
Martijn van Overbeek
Architect, Netcraftsmen a BlueAlly Company
------------------------------

Did you configure the controller discovery options?  You need either a DNS entry or to configure DHCP scope options 43 and 60 to instruct the AP on where to find the controller at boot time.  I've not tested, not entirely sure that the IAP will save the IP used for the conversion as the LMS.

I double checked the settings, my port-group is set with the correct security settings. The only thing I found with my setup that was different from the manual was the removal of the unused disk. I changed that.

Sounds like the deployment of the VMC isn't correct, make sure to follow all of the instructions in the Virtual Appliance Installation Guide.

Of particular importance is getting the security settings on the vSwitch correct.

• VMC on ESXi (VMC_8.10.0.10_89128)
• An IAP access-point (AOS 8.10.0.10_89128)
• A Fortigate Firewall passing all traffic, basically acting as a router only.
• Fortigate acting as a DHCP server

In my first setup (below), I had a factory default AP, the AP kept failing when I hit the convert to Campus AP button.  When reviewing the logs from the AP the common theme was "Authentication failures (IKEv2). 

I pivoted and placed the AP directly into the VMC subnet, as depicted below. I observed the network being quite unstable for a while. When trying to log into the VMC some menus looked strange The maintenance and diagnostics menu were repeated over and over again. I reviewed the logs and I found KERNEL logs of the Access-point with the interface that flapped a whole bunch of times.

Eventually the Access-point appeared within the Controller, but I have no idea how and why. I think I followed the manuals appropriately, but it would be great if someone can point me to the do's and don'ts of onboarding access-points into a virtual controller. The youtube videos weren't enough for me at least :)

------------------------------
Martijn van Overbeek
Architect, Netcraftsmen a BlueAlly Company
------------------------------

I saw those settings yes but was wondering what does that do for an IAP when you press the convert button and point it to the VMC? I will try it out regardless!

Did you configure the controller discovery options?  You need either a DNS entry or to configure DHCP scope options 43 and 60 to instruct the AP on where to find the controller at boot time.  I've not tested, not entirely sure that the IAP will save the IP used for the conversion as the LMS.

I double checked the settings, my port-group is set with the correct security settings. The only thing I found with my setup that was different from the manual was the removal of the unused disk. I changed that.

Sounds like the deployment of the VMC isn't correct, make sure to follow all of the instructions in the Virtual Appliance Installation Guide.

Of particular importance is getting the security settings on the vSwitch correct.

• VMC on ESXi (VMC_8.10.0.10_89128)
• An IAP access-point (AOS 8.10.0.10_89128)
• A Fortigate Firewall passing all traffic, basically acting as a router only.
• Fortigate acting as a DHCP server

In my first setup (below), I had a factory default AP, the AP kept failing when I hit the convert to Campus AP button.  When reviewing the logs from the AP the common theme was "Authentication failures (IKEv2). 

I pivoted and placed the AP directly into the VMC subnet, as depicted below. I observed the network being quite unstable for a while. When trying to log into the VMC some menus looked strange The maintenance and diagnostics menu were repeated over and over again. I reviewed the logs and I found KERNEL logs of the Access-point with the interface that flapped a whole bunch of times.

Eventually the Access-point appeared within the Controller, but I have no idea how and why. I think I followed the manuals appropriately, but it would be great if someone can point me to the do's and don'ts of onboarding access-points into a virtual controller. The youtube videos weren't enough for me at least :)

------------------------------
Martijn van Overbeek
Architect, Netcraftsmen a BlueAlly Company
------------------------------

The 345 when factory defaulted will boot as UAP, meaning the AP has the ability to discover a controller and automatically convert.  Manual conversion from IAP isn't necessary.  Support for campus operation requires a controller discovery method be implemented, and if traversing a L3 boundary then DNS or DHCP are your available options.

I saw those settings yes but was wondering what does that do for an IAP when you press the convert button and point it to the VMC? I will try it out regardless!

Did you configure the controller discovery options?  You need either a DNS entry or to configure DHCP scope options 43 and 60 to instruct the AP on where to find the controller at boot time.  I've not tested, not entirely sure that the IAP will save the IP used for the conversion as the LMS.

I double checked the settings, my port-group is set with the correct security settings. The only thing I found with my setup that was different from the manual was the removal of the unused disk. I changed that.

Sounds like the deployment of the VMC isn't correct, make sure to follow all of the instructions in the Virtual Appliance Installation Guide.

Of particular importance is getting the security settings on the vSwitch correct.

• VMC on ESXi (VMC_8.10.0.10_89128)
• An IAP access-point (AOS 8.10.0.10_89128)
• A Fortigate Firewall passing all traffic, basically acting as a router only.
• Fortigate acting as a DHCP server

In my first setup (below), I had a factory default AP, the AP kept failing when I hit the convert to Campus AP button.  When reviewing the logs from the AP the common theme was "Authentication failures (IKEv2). 

I pivoted and placed the AP directly into the VMC subnet, as depicted below. I observed the network being quite unstable for a while. When trying to log into the VMC some menus looked strange The maintenance and diagnostics menu were repeated over and over again. I reviewed the logs and I found KERNEL logs of the Access-point with the interface that flapped a whole bunch of times.

Eventually the Access-point appeared within the Controller, but I have no idea how and why. I think I followed the manuals appropriately, but it would be great if someone can point me to the do's and don'ts of onboarding access-points into a virtual controller. The youtube videos weren't enough for me at least :)

------------------------------
Martijn van Overbeek
Architect, Netcraftsmen a BlueAlly Company
------------------------------

Thank you that is insightful, information. I tried the DHCP options but thus far an unlucky. I find various information on the internet, some say to use DEC to HEX conversion while others say I have to convert ASCII to HEX. The settings I used are in the screenshots below. I read something about using 0104 prior to the IP, that what I used. Any recommendations? Thanks again for the advise so far!

The 345 when factory defaulted will boot as UAP, meaning the AP has the ability to discover a controller and automatically convert.  Manual conversion from IAP isn't necessary.  Support for campus operation requires a controller discovery method be implemented, and if traversing a L3 boundary then DNS or DHCP are your available options.

I saw those settings yes but was wondering what does that do for an IAP when you press the convert button and point it to the VMC? I will try it out regardless!

Did you configure the controller discovery options?  You need either a DNS entry or to configure DHCP scope options 43 and 60 to instruct the AP on where to find the controller at boot time.  I've not tested, not entirely sure that the IAP will save the IP used for the conversion as the LMS.

I double checked the settings, my port-group is set with the correct security settings. The only thing I found with my setup that was different from the manual was the removal of the unused disk. I changed that.

Sounds like the deployment of the VMC isn't correct, make sure to follow all of the instructions in the Virtual Appliance Installation Guide.

Of particular importance is getting the security settings on the vSwitch correct.

• VMC on ESXi (VMC_8.10.0.10_89128)
• An IAP access-point (AOS 8.10.0.10_89128)
• A Fortigate Firewall passing all traffic, basically acting as a router only.
• Fortigate acting as a DHCP server

In my first setup (below), I had a factory default AP, the AP kept failing when I hit the convert to Campus AP button.  When reviewing the logs from the AP the common theme was "Authentication failures (IKEv2). 

I pivoted and placed the AP directly into the VMC subnet, as depicted below. I observed the network being quite unstable for a while. When trying to log into the VMC some menus looked strange The maintenance and diagnostics menu were repeated over and over again. I reviewed the logs and I found KERNEL logs of the Access-point with the interface that flapped a whole bunch of times.

Eventually the Access-point appeared within the Controller, but I have no idea how and why. I think I followed the manuals appropriately, but it would be great if someone can point me to the do's and don'ts of onboarding access-points into a virtual controller. The youtube videos weren't enough for me at least :)

------------------------------
Martijn van Overbeek
Architect, Netcraftsmen a BlueAlly Company
------------------------------

Option 43 input is entirely dependent on the DHCP server used, but I've usually not had to explicitly use a hex value.  You can search for "aruba option 43" and find a bunch of resources on that, but handling of UAP isn't always as straightforward as the days of CAP/IAP only.

ISC:

Unfortunately I haven't setup my lab Windows DHCP server to support a similar setup, but I can probably recreate that if you are particularly interested.  Requires setting a policy based on the option 60 value received and then always returning "ArubaAP" as shown in the ISC config.  Option 43 is predefined but input can be done using ASCII.

https://www.arubanetworks.com/techdocs/ArubaOS_60/UserGuide/DHCP_Option_43.php

------------------------------
Carson Hulcher, ACEX#110

Original Message:
Sent: Mar 13, 2024 04:34 PM
From: mvanoverbeek
Subject: Unknown problems onboarding IAPs to a Virtual Controller

Thank you that is insightful, information. I tried the DHCP options but thus far an unlucky. I find various information on the internet, some say to use DEC to HEX conversion while others say I have to convert ASCII to HEX. The settings I used are in the screenshots below. I read something about using 0104 prior to the IP, that what I used. Any recommendations? Thanks again for the advise so far!

------------------------------
Martijn van Overbeek
Architect, Netcraftsmen a BlueAlly Company

Original Message:
Sent: Mar 13, 2024 12:11 PM
From: chulcher
Subject: Unknown problems onboarding IAPs to a Virtual Controller

The 345 when factory defaulted will boot as UAP, meaning the AP has the ability to discover a controller and automatically convert.  Manual conversion from IAP isn't necessary.  Support for campus operation requires a controller discovery method be implemented, and if traversing a L3 boundary then DNS or DHCP are your available options.

------------------------------
Carson Hulcher, ACEX#110

Original Message:
Sent: Mar 13, 2024 11:40 AM
From: mvanoverbeek
Subject: Unknown problems onboarding IAPs to a Virtual Controller

I saw those settings yes but was wondering what does that do for an IAP when you press the convert button and point it to the VMC? I will try it out regardless!

------------------------------
Martijn van Overbeek
Architect, Netcraftsmen a BlueAlly Company

Original Message:
Sent: Mar 13, 2024 10:10 AM
From: Carson Hulcher
Subject: Unknown problems onboarding IAPs to a Virtual Controller

Did you configure the controller discovery options?  You need either a DNS entry or to configure DHCP scope options 43 and 60 to instruct the AP on where to find the controller at boot time.  I've not tested, not entirely sure that the IAP will save the IP used for the conversion as the LMS.

------------------------------
Carson Hulcher, ACEX#110

Original Message:
Sent: Mar 13, 2024 09:46 AM
From: mvanoverbeek
Subject: Unknown problems onboarding IAPs to a Virtual Controller

I double checked the settings, my port-group is set with the correct security settings. The only thing I found with my setup that was different from the manual was the removal of the unused disk. I changed that.

------------------------------
Martijn van Overbeek
Architect, Netcraftsmen a BlueAlly Company

Original Message:
Sent: Mar 12, 2024 10:21 PM
From: chulcher
Subject: Unknown problems onboarding IAPs to a Virtual Controller

Sounds like the deployment of the VMC isn't correct, make sure to follow all of the instructions in the Virtual Appliance Installation Guide.

Of particular importance is getting the security settings on the vSwitch correct.

------------------------------
Carson Hulcher, ACEX#110

Original Message:
Sent: Mar 12, 2024 01:56 PM
From: mvanoverbeek
Subject: Unknown problems onboarding IAPs to a Virtual Controller

• VMC on ESXi (VMC_8.10.0.10_89128)
• An IAP access-point (AOS 8.10.0.10_89128)
• A Fortigate Firewall passing all traffic, basically acting as a router only.
• Fortigate acting as a DHCP server

In my first setup (below), I had a factory default AP, the AP kept failing when I hit the convert to Campus AP button.  When reviewing the logs from the AP the common theme was "Authentication failures (IKEv2). 

I pivoted and placed the AP directly into the VMC subnet, as depicted below. I observed the network being quite unstable for a while. When trying to log into the VMC some menus looked strange The maintenance and diagnostics menu were repeated over and over again. I reviewed the logs and I found KERNEL logs of the Access-point with the interface that flapped a whole bunch of times.

Eventually the Access-point appeared within the Controller, but I have no idea how and why. I think I followed the manuals appropriately, but it would be great if someone can point me to the do's and don'ts of onboarding access-points into a virtual controller. The youtube videos weren't enough for me at least :)

------------------------------
Martijn van Overbeek
Architect, Netcraftsmen a BlueAlly Company
------------------------------