Customizing IAP Settings. Aruba Instant 6.5.2.0, RAP-155, IAP-207, RAP-108, IAP-305, Instant
Add to My manuals466 Pages
advertisement
![Customizing IAP Settings. Aruba Instant 6.5.2.0, RAP-155, IAP-207, RAP-108, IAP-305, Instant | Manualzz Customizing IAP Settings. Aruba Instant 6.5.2.0, RAP-155, IAP-207, RAP-108, IAP-305, Instant | Manualzz](http://s3.manualzz.com/store/data/065045696_1-2596b7af9e274a2b316ebd13b4ae14bd-360x466.png)
Chapter 7
Customizing IAP Settings
This chapter describes the procedures for configuring settings that are specific to an IAP in the cluster.
n
IAP Discovery Logic on page 67
n n
Modifying the IAP Host Name on page 72
Configuring Zone Settings on an IAP on page 72
n n n n
Specifying a Method for Obtaining IP Address on page 73
Configuring External Antenna on page 73
Configuring Radio Profiles for an IAP on page 75
Enabling Flexible Radio on page 76
n n n n n n n n n
Configuring Uplink VLAN for an IAP on page 77
Changing the IAP Installation Mode on page 77
Changing USB Port Status on page 78
Master Election and Virtual Controller on page 79
Adding an IAP to the Network on page 80
Removing an IAP from the Network on page 81
Support for BLE Asset Tracking on page 81
Intelligent Power Monitoring on page 82
Transmit Power Calculation Support on 200 Series and 300 Series Access Points on page 83
IAP Discovery Logic
In the previous Instant releases, access points are predefined as either controller-based campus APs or controllerless Instant APs. Each Instant AP is shipped with the Instant manufacturing image and must join an
IAP cluster in order to receive configurations from the virtual controller.
Starting with Instant 6.5.2.0, the APs introduced in this release can run in both controller-based mode and controllerless mode. Based on the selected mode, the AP runs a corresponding image: n n
Controller-based APs run an ArubaOS image.
Controllerless APs run an Instant image.
Each AP is shipped with a manufacturing image based on the Instant image containing reduced functions.
When the AP is booted up with the manufacturing image, it enters the controller and Instant discovery process to determine if it will be upgraded to the controller-based mode (ArubaOS image) or controllerless mode
(Instant image). After the controller, Instant virtual controller (VC), or AirWave/Activate/Central is discovered, the AP image is upgraded accordingly.
By default, controller discovery has a higher priority than Instant discovery. For more information on
Controller Discovery, refer to the AP Discovery Logic section in the ArubaOS 6.5.2.0 User Guide.
If the AP cannot locate any controllers during the controller discovery process, it enters Instant discovery.
Preference Role
Users can predefine the AP mode by configuring the preference role. APs with the default preference role follow the standard discovery logic by attempting controller discovery before initiating Instant discovery. APs
Aruba Instant 6.5.2.0 | User Guide Customizing IAP Settings | 67
with the controllerless preference role can bypass controller discovery and immediately initiate Instant discovery.
In the Instant UI
To set the AP preference role to controllerless in the WebUI:
1. Navigate to Maintenance > WLAN > Convert to Instant Mode in the Instant UI.
2. Select the AP(s) on which you want to set the preference role to controllerless.
3. Click Convert to IAP .
In the CLI
To set the AP preference role to controllerless in the CLI, execute the following commands:
(host) #ap redeploy controller-less all ap-group ap-name ip-addr ip6-addr wired-mac
Discovery Logic Workflow
The following steps describe the AP discovery logic:
Figure 24 AP Discovery Logic
1. The AP boots up with the manufacturing image in unprovisioned mode.
2. The AP enters the controller discovery process using static/DHCP/ADP/DNS-based controller discovery.
68 | Customizing IAP Settings Aruba Instant 6.5.2.0 | User Guide
l l
If a controller is discovered, the AP receives the controller’s IP address or domain assignment. The AP connects to the controller and downloads the ArubaOS image. After the image is downloaded, the AP reboots. The configuration syncs, and the AP runs in controller-based mode.
If the AP cannot locate any controller (for example, if the controller is powered off or becomes unreachable), it enters Instant discovery.
If the preference role is set to controllerless, the AP bypasses controller discovery and immediately enters Instant discovery (skip to Step 3)
3. The AP enters the Instant discovery process to locate an Instant VC, Activate, AirWave, or Central.
l l
If a VC is discovered, the AP joins the existing IAP cluster and downloads the Instant image from the cluster. After the image is downloaded, the AP reboots. The configuration syncs, and the AP runs in controllerless mode.
If the AP cannot locate a VC in an existing IAP cluster, the AP attempts to locate Activate, AirWave, or
Central to upgrade the image and form a new IAP cluster.
APs running the manufacturing image cannot form an IAP cluster.
l
If the AP locates Activate, it receives preconfigured provisioning rules to connect to AirWave/Central or convert into a campus AP (CAP) or remote AP (RAP).
APs that connect to Activate are automatically upgraded from the manufacturing image to the latest Instant/ArubaOS image. Refer to the latest Aruba Activate User Guide for details on configuring provisioning rules.
l
If the AP locates AirWave, it can be upgraded to the Instant image. If an enforced image upgrade rule is configured in AirWave, the AP is upgraded to the Instant image configured for the enforced upgrade rule. If no enforced upgrade rule is configured, the AP is upgraded to the latest Instant image in AirWave.
After the AP is upgraded, it reboots in controllerless mode and forms a new IAP cluster. The AP converts into the master, and other undeployed APs can join the cluster to upgrade to the Instant image. Refer to the latest AirWave 8.2 – User Guide for details on AP image upgrade.
Central syncs with Aruba Activate to retrieve the latest Instant image.
l
If the AP cannot locate Activate, AirWave, or Central, it continues to run in unprovisioned mode until the image is upgraded.
If the AP is not upgraded to the ArubaOS or Instant image, it enters a 15 minute reboot period. If there is no keyboard input or WebUI session (manual upgrade) within the 15 minutes, the AP reboots.
Manual Upgrade
APs running in unprovisioned mode broadcast a special provisioning SSID to which users can connect to upgrade the AP manually. Upon connecting, users can access a local provisioning page in the WebUI to upgrade the AP to an ArubaOS or Instant image. For more information on upgrading APs manually, refer to the following scenarios: n n
Controller-based AP via Manual CAP/RAP Conversion in the ArubaOS 6.5.2.0 User Guide .
Controllerless AP via Manual IAP Conversion in the ArubaOS 6.5.2.0 User Guide .
The provisioning SSID for all APs running Aruba Instant 6.5.2.0, including legacy IAPs is SetMeUp-xx:xx:xx:xx .
Aruba Instant 6.5.2.0 | User Guide Customizing IAP Settings | 69
Deployment Scenarios
This section describes the controllerless AP deployment and hybrid deployment scenarios:
Controllerless AP Deployments
The following sections describe controllerless AP deployment scenarios.
Controllerless AP in an Instant Network
Users can deploy APs directly into a running Instant network, which consists of an IAP cluster and a virtual controller that manages the network. A virtual controller must be available before any AP can be upgraded through this deployment scenario. For more information on electing a master in an Instant network, see
Master Election and Virtual Controller on page 79 .
APs are upgraded to the Instant image through a virtual controller as explained in the following steps:
1. The AP boots up with the manufacturing image in unprovisioned mode.
2. The AP enters the controller discovery process using static/DHCP/ADP/DNS-based controller discovery.
If the preference role is set to controllerless, the AP bypasses controller discovery and immediately enters Instant discovery (skip to Step 3)
3. If the AP cannot locate any controller, it enters the Instant discovery process to locate an Instant VC,
Activate, AirWave, or Central.
4. The AP attempts to discover a VC in an existing IAP cluster.
5. If a VC is discovered, the AP joins the existing IAP cluster and downloads the Instant image from the cluster.
6. After the image is downloaded, the AP reboots.
7. The configuration syncs, and the AP runs in controllerless mode.
Controllerless AP via Activate, AirWave, or Central
If the AP cannot locate a virtual controller in an existing IAP cluster, the AP attempts to connect to Activate,
AirWave, or Central to upgrade the AP to the Instant image and form a new IAP cluster.
In this deployment scenario, Activate, AirWave, or Central must be accessible to the AP.
APs are upgraded to the Instant image through Activate, AirWave, or Central as explained in the following steps:
1. The AP boots up with the manufacturing image in unprovisioned mode.
2. The AP enters the controller discovery process using static/DHCP/ADP/DNS-based controller discovery.
If the preference role is set to controllerless, the AP bypasses controller discovery and immediately enters Instant discovery (skip to Step 3)
3. If the AP cannot locate any controller, it enters the Instant discovery process to locate an Instant VC,
Activate, AirWave, or Central.
4. The AP attempts to discover a VC in an existing IAP cluster.
5. If the AP cannot locate a VC in an existing IAP cluster, the AP attempts to locate Activate, AirWave, or Central to upgrade the image and form a new IAP cluster.
APs running the manufacturing image cannot form an IAP cluster.
70 | Customizing IAP Settings Aruba Instant 6.5.2.0 | User Guide
l
If the AP locates Activate, it receives preconfigured provisioning rules to connect to AirWave/Central or convert into a campus AP (CAP) or remote AP (RAP).
APs that connect to Activate are automatically upgraded from the manufacturing image to the latest Instant/ArubaOS image. Refer to the latest Aruba Activate User Guide for more details on configuring provisioning rules.
l
If the AP locates AirWave, it can be upgraded to the Instant image. If an enforced image upgrade rule is configured in AirWave, the AP is upgraded to the Instant image that is configured for the enforced upgrade rule. If no enforced upgrade rule is configured, the AP is upgraded to the latest Instant image in
AirWave. After the AP is upgraded, it reboots in controllerless mode. Refer to the latest AirWave 8.x User
Guide for details on AP image upgrade.
All firmware must be uploaded to AirWave before the AP connects and downloads the Instant image. Refer to the latest
AirWave 8.2 - Aruba Instant Deployment Guide for details on firmware upload.
l
If the AP locates Central, it can be upgraded to the Instant image through the Maintenance >
Firmware page in the Central WebUI. After the AP is upgraded, it reboots in controllerless mode. Refer to the latest Aruba Central User Guide for more details on AP image upgrade.
Central synchronizes with Aruba Activate to retrieve the latest Instant image.
After the AP is upgraded to controllerless mode, it forms a new IAP cluster and converts into the master. Other undeployed APs can join the cluster and upgrade to the Instant image.
Controllerless AP via Manual IAP Conversion.
If the AP cannot be upgraded into an IAP through a virtual controller, Activate, AirWave, or Central, users can connect to a special provisioning SSID broadcasted by the unprovisioned AP to manually convert the AP to an
IAP through the WebUI. Refer to the Controllerless AP in an Instant Network section and the Controllerless AP via Activate, AirWave, or Central section in the ArubaOS 6.5.2.0 User Guide for details on upgrading an AP to the
Instant image using a VC, Activate, AirWave, or Central.
To manually convert an AP to an IAP in the WebUI:
1. Log in to your virtual controller.
2. Connect to the following provisioning SSID broadcasted by the unprovisioned AP: SetMeUp-xx:xx:xx .
3. Open a web browser, and the navigate to the following URL: https://setmeup.arubanetworks.com/
4. Under Access Point Setup , select Image File or Image URL to upload the Instant image.
l l
If you selected Image File , click Browse to locate and select an Instant image file from your local file explorer.
If you selected Image URL , enter the web address of the Instant image under URL .
5. Click Save .
After the AP is upgraded, it reboots in the controllerless mode.
Aruba Instant 6.5.2.0 | User Guide Customizing IAP Settings | 71
AP Deployments in Hybrid Controller-Instant Networks
Users can deploy APs into hybrid networks, which contain both controller-based and controllerless APs. APs in hybrid networks are upgraded to the ArubaOS or Instant image using the same methods as APs in pure controller or Instant networks. However, the following items must be in place before deploying APs in a hybrid network: l
Controller-based APs and controllerless APs must run on different subnets (for example, a controllerbased AP subnet and a separate controllerless AP subnet).
l
Different discovery methods should be used for controller-based APs and controllerless APs, as the controller discovery process and Instant AirWave discovery process share the same DHCP/DNS discovery methods. For example, controller-based APs can use a DHCP server to discover a controller, while controllerless APs can use a DNS server on AirWave.
l
If the same discovery method must be used for both controller-based APs and controllerless APs, Aruba recommends that you use DHCP-based discovery. DHCP servers can respond to DHCP requests based on the AP’s subnet and vendor ID. DNS servers do not have a subnet limit and this can cause the APs that share a DNS server to be upgraded on the wrong AP subnet.
Modifying the IAP Host Name
You can change the host name of an IAP through the Instant UI or the CLI.
In the Instant UI
To change the host name:
1. On the Access Points tab, click the IAP you want to rename.
2. Click the edit link.
3. Edit the IAP name in Name . You can specify a name of up to 32 ASCII characters.
4. Click OK .
In the CLI
To change the name:
(Instant AP)# hostname <name>
Configuring Zone Settings on an IAP
All IAPs in a cluster use the same SSID configuration including master and slave IAPs. However, if you want to assign an SSID to a specific IAP, you can configure zone settings for an IAP.
The following constraints apply to the IAP zone configuration: n
An IAP can belong to only one zone and only one zone can be configured on an SSID.
n n
If an SSID belongs to a zone, all IAPs in this zone can broadcast this SSID. If no IAP belongs to the zone configured on the SSID, the SSID is not broadcast.
If an SSID does not belong to any zone, all IAPs can broadcast this SSID.
You can add an IAP zone by using the UI or the CLI.
For the SSID to be assigned to an IAP, the same zone details must be configured on the SSID. For more information on
SSID configuration, see
Configuring WLAN Settings for an SSID Profile on page 89 .
In the Instant UI
1. On the Access Points tab, click the IAP for which you want to set the zone. The edit link is displayed.
72 | Customizing IAP Settings Aruba Instant 6.5.2.0 | User Guide
2. Click the edit link. The edit window for modifying IAP details is displayed.
3. Specify the IAP zone in Zone .
4. Click OK .
In the CLI
To change the name:
(Instant AP)# zone <name>
Specifying a Method for Obtaining IP Address
You can either specify a static IP address or allow the IAP to obtain an IP address from the DHCP server. By default, the IAPs obtain IP address from the DHCP server. You can specify a static IP address for the IAP by using the Instant UI or the CLI.
In the Instant UI
To configure a static IP address:
1. On the Access Points tab, click the IAP to modify.
2. Click the edit link.
3. Select Specify statically option to specify a static IP address. The following text boxes are displayed: a. Enter a new IP address for the IAP in the IP address text box.
b. Enter the subnet mask of the network in the Netmask text box.
c. Enter the IP address of the default gateway in the Default gateway text box.
d. Enter the IP address of the DNS server in the DNS server text box.
e. Enter the domain name in the Domain name text box.
4. Click OK and reboot the IAP.
In the CLI
To configure a static IP address:
(Instant AP)# ip-address <IP-address> <subnet-mask> <NextHop-IP> <DNS-IP-address> <domainname>
When IAP-VPN is not configured or IPsec tunnel to the controller is down, DNS query from the client that is associated to the master IAP is taken by DNS proxy function on the master IAP. So, if the DNS server address for the the master
IAP is set (by dnsip or from DHCP server), the DNS query will be sent to the DNS server by the master IAP. But if the
DNS server address is not set, the DNS query will not be sent by the master IAP. However, the DNS query from the client that is associated to the slave IAP is not affected to this behavior.
Configuring External Antenna
If your IAP has external antenna connectors, you need to configure the transmit power of the system. The configuration must ensure that the system’s Equivalent Isotropically Radiated Power (EIRP) is in compliance with the limit specified by the regulatory authority of the country in which the IAP is deployed. You can also measure or calculate additional attenuation between the device and the antenna before configuring the antenna gain. To know if your IAP device supports external antenna connectors, refer to the Aruba Instant
Installation Guide that is shipped along with the IAP device.
Aruba Instant 6.5.2.0 | User Guide Customizing IAP Settings | 73
EIRP and Antenna Gain
The following formula can be used to calculate the EIRP-limit-related RF power based on selected antennas
(antenna gain) and feeder (Coaxial Cable loss):
EIRP = Tx RF Power (dBm) + GA (dB) - FL (dB)
The following table describes this formula:
Table 19: Formula Variable Definitions
Formula Element Description
EIRP Limit specific for each country of deployment
Tx RF Power RF power measured at RF connector of the unit
GA
FL
Antenna gain
Feeder loss
Example
For example, the maximum gain that can be configured on an IAP with AP-ANT-1F dual-band and omnidirectional antenna is as follows:
Table 20: Maximum Antenna Gains
Frequency Band Gain (dBi)
2.4–2.5 GHz 2.0 dBi
4.9–5.875 GHz 5.0 dBi
For information on antenna gain recommended by the manufacturer, see www.arubanetworks.com
.
Configuring Antenna Gain
You can configure antenna gain for IAPs with external connectors by using the Instant UI or the CLI.
In the Instant UI
To configure the antenna gain value:
1. Navigate to the Access Points tab, select the IAP to configure, and then click edit .
2. In the Edit Access Point window, select External Antenna to configure the antenna gain value. This option is available only for access points that support external antennas,
3. Enter the antenna gain values in dBm for the 2.4 GHz and 5 GHz bands.
4. Click OK .
In the CLI
To configure external antenna for 5 GHz frequency:
(Instant AP)# a-external-antenna <dBi>
To configure external antenna for 2.4 GHz frequency:
(Instant AP)# g-external-antenna <dBi>
74 | Customizing IAP Settings Aruba Instant 6.5.2.0 | User Guide
Configuring Radio Profiles for an IAP
You can configure a radio profile on an IAP either manually or by using the Adaptive Radio Management (ARM) feature.
ARM is enabled on Instant by default. It automatically assigns appropriate channel and power settings for the
IAPs. For more information on ARM, see
Adaptive Radio Management on page 254 .
Configuring ARM-Assigned Radio Profiles for an IAP
To enable ARM-assigned radio profiles:
1. On the Access Points tab, click the IAP to modify.
2. Click the edit link.
3. Click the Radio tab. The Radio tab details are displayed.
4. Select the Access mode.
5. Select the Adaptive radio management assigned option under the bands that are applicable to the IAP configuration.
6. Click OK .
Configuring Radio Profiles Manually for IAP
When radio settings are assigned manually by the administrator, the ARM is disabled.
To manually configure radio settings:
1. On the Access Points tab, click the IAP for which you want to enable ARM.
2. Click the edit link.
3. Click the Radio tab.
4. Ensure that an appropriate mode is selected.
By default, the channel and power for an IAP are optimized dynamically using ARM. You can override ARM on the 2.4 GHz and 5 GHz bands and set the channel and power manually if desired. The following table describes various configuration modes for an IAP:
Table 21: IAP Radio Modes
Mode
Access
Description
In Access mode, the IAP serves clients, while also monitoring for rogue IAPs in the background.
If the Access mode is selected, perform the following actions:
1. Select Administrator assigned in 2.4 GHz and 5 GHz band sections.
2. Select appropriate channel number from the Channel drop-down list for both 2.4 GHz and 5 GHz band sections.
3. Enter appropriate transmit power value in the Transmit power text box in 2.4
GHz and 5 GHz band sections.
Monitor
Spectrum Monitor
In Monitor mode, the IAP acts as a dedicated monitor, scanning all channels for rogue IAPs and clients. You can set one radio on the Monitor mode and the other radio on the access mode, so that the clients can use one radio when the other one is in the Air Monitor mode.
In Spectrum Monitor mode, the IAP functions as a dedicated full-spectrum RF monitor, scanning all channels to detect interference, whether from the neighboring
IAPs or from non-WiFi devices such as microwaves and cordless phones.
Aruba Instant 6.5.2.0 | User Guide Customizing IAP Settings | 75
In the Spectrum Monitor mode, the IAPs do not provide access services to clients.
4. Click OK .
In the CLI
To configure a radio profile:
(Instant AP)# wifi0-mode {<access> | <monitor> | <spectrum-monitor>}
(Instant AP)# wifi1-mode {<access> | <monitor> | <spectrum-monitor>}
If the access mode is configured, you can configure the channel and transmission power by running the following commands:
(Instant AP)# a-channel <channel> <tx-power>
(Instant AP)# g-channel <channel> <tx-power>
Configuring Maximum Clients on SSID Radio Profiles
You can also set the maximum number of clients individually for SSID profiles operating on the 2.4 GHz and 5
GHz radios. This configuration is not persistent and is lost once the IAP is rebooted.
To configure maximum clients for an SSID radio profile in the prilvileged exec mode:
(Instant AP)# a-max-clients <ssid_profile> <max-clients>
(Instant AP)# g-max-clients <ssid_profile> <max-clients>
To view the maximum clients allowed for an SSID profile:
(Instant AP)# show a-max-clients <ssid_profile>
(Instant AP)# show g-max-clients <ssid_profile>
You can also set the maximum clients when configuring SSID profiles using the Max Clients Threshold parameter in the Instant UI and max-clients-threshold parameter in the Instant CLI. For more information, see
Settings for an SSID Profile on page 89
.
If the maximum clients setting is configured multiple times, using either the configuration mode or Privileged
EXEC mode, the latest configuration takes precedence.
Enabling Flexible Radio
This feature allows the AP to seamlessly switch between modes where the radio resources are either combined in a single 2x2 radio or separated into two 1x1 radios.
You can configure the flexible radio in the following modes: n
5 GHz mode: acts as a single radio operating on 5 GHz band n n
2.4 GHz mode: acts as a single radio operating on 2.4 GHz band
2.4 GHz and 5 GHz mode: acts as two radio interfaces, one operating on 5 GHz band, and the other on the
2.4 GHz band. By default, the flexible radio is set to this mode.
You can configure the Flexible Radio parameter using the Instant UI or the CLI:
In the Instant UI
To configure flexible radio:
1. On the Access Points tab, click the IAP to modify.
2. Click the edit link.
3. Click the Flexible Radio tab.
76 | Customizing IAP Settings Aruba Instant 6.5.2.0 | User Guide
4. Specify the Mode from the drop-down list.
5. Click OK .
6. Reboot the IAP.
In the CLI
To configure the flexible radio mode:
(Instant AP)# flex-radio-mode <mode>
Configuring Uplink VLAN for an IAP
Instant supports a management VLAN for the uplink traffic on an IAP. You can configure an uplink VLAN when an IAP needs to be managed from a non-native VLAN. After an IAP is provisioned with the uplink management
VLAN, all management traffic sent from the IAP is tagged with the management VLAN.
Ensure that the native VLAN of the IAP and uplink are not the same.
You can configure the uplink management VLAN on an IAP by using the Instant UI or the CLI.
In the Instant UI
To configure uplink management VLAN:
1. On the Access Points tab, click the IAP to modify.
2. Click the edit link.
3. Click the Uplink tab.
4. Specify the VLAN in the Uplink Management VLAN text box.
5. Click OK .
6. Reboot the IAP.
In the CLI
To configure an uplink VLAN:
(Instant AP)# uplink-vlan <VLAN-ID>
To view the uplink VLAN status:
(Instant AP)# show uplink-vlan
Uplink Vlan Current :0
Uplink Vlan Provisioned :1
Changing the IAP Installation Mode
By default, all IAP models initially ship with an indoor or outdoor installation mode. This means that
IAPs with an indoor installation mode are normally placed in enclosed, protected environments and those with an outdoor installation mode are used in outdoor environments and exposed to harsh elements.
In most countries, there are different channels and power that are allowed for indoor and outdoor operation. You may want to change an IAP’s installation mode from indoor to outdoor or vice versa.
Aruba Instant 6.5.2.0 | User Guide Customizing IAP Settings | 77
In the Instant UI
To configure the installation mode for an IAP, follow these steps:
1. Navigate to the Access Points tab, select the IAP to configure, and then click edit .
2. In the Edit Access Point window, select Installation Type to configure the installation type for the IAP you have selected.
Note that, by default, the Default mode is selected. This means that the IAP installation type is based on the IAP model.
3. You can either select the Indoor option to change the installation to Indoor mode or select the Outdoor option to change the installation to Outdoor mode.
the to Outdoor mode.
4. Click OK . A pop-up appears on the screen indicating the IAP needs to be rebooted for the changes to take effect.
5. Click OK .
In the CLI
To configure the Installation Type:
(Instant AP)# ap-installation <type[default|indoor|outdoor]>
To view the installation type of the IAPs:
(Instant AP)# show ap allowed-channels
Changing USB Port Status
The USB port can be enabled or disabled based on your uplink preferences. If you do not want to use the cellular uplink or 3G/4G modem in your current network setup, you can set the USB port status to disabled. By default, the USB port status is enabled.
You can change the USB port status by using the Instant UI or the CLI.
In the Instant UI
To change the USB port status:
1. From the Access Points tab, click the IAP to modify.
2. Click the edit link.
3. Click the Uplink tab.
4. Set the port status by selecting any of the following options: n n
Disabled —To disable the port status.
Enabled —To re-enable the port status.
5. Click OK .
6. Reboot the IAP.
In the CLI
To disable the USB port:
(Instant AP)# usb-port-disable
To re-enable the USB port:
78 | Customizing IAP Settings Aruba Instant 6.5.2.0 | User Guide
(Instant AP)# no usb-port-disable
To view the USB port status:
(Instant AP)# show ap-env
Antenna Type:External usb-port-disable:1
Master Election and Virtual Controller
Instant does not require an external Mobility Controller to regulate and manage the Wi-Fi network. Instead, one IAP in every network assumes the role of VC. It coordinates, stores, and distributes the settings required for providing a centralized functionality to regulate and manage the Wi-Fi network. The VC is the single point of configuration and firmware management. When configured, the VC sets up and manages the Virtual Private
Network (VPN) tunnel to a mobility controller in the data center.
The VC also functions like any other IAP with full RF scalability. It also acts as a node, coordinating DHCP address allocation for network address translated clients ensuring mobility of the clients when they roam between different IAPs.
Master Election Protocol
The Master Election Protocol enables the Instant network to dynamically elect an IAP to take on a VC role and allow graceful failover to a new VC when the existing VC is not available. This protocol ensures stability of the network during initial startup or when the VC goes down by allowing only one IAP to self-elect as a VC.
Preference to an IAP with 3G/4G Card
The Master Election Protocol prefers the IAP with a 3G/4G card when electing a VC for the Instant network during the initial setup.
The VC is selected based on the following criteria: n n n
If there is more than one IAP with 3G/4G cards, one of these IAPs is dynamically elected as the VC.
When an IAP without 3G/4G card is elected as the VC but is up for less than 5 minutes, another IAP with
3G/4G card in the network is elected as the VC to replace it and the previous VC reboots.
When an IAP without 3G/4G card is already elected as the VC and is up for more than 5 minutes, the VC will not be replaced until it goes down.
IAP-135 is preferred over IAP-105 when a VC is elected.
Preference to an IAP with Non-Default IP
The Master Election Protocol prefers an IAP with non-default IP when electing a VC for the Instant network during initial startup. If there are more than one IAPs with non-default IPs in the network, all IAPs with default
IP will automatically reboot and the DHCP process is used to assign new IP addresses.
Viewing Master Election Details
To verify the status of an IAP and master election details, execute the following commands:
(Instant AP)# show election statistics
(Instant AP)# show summary support
Manual Provisioning of Master IAP
In most cases, the master election process automatically determines the best IAP that can perform the role of
VC, which will apply its image and configuration to all other IAPs in the same IAP management VLAN. When the
Aruba Instant 6.5.2.0 | User Guide Customizing IAP Settings | 79
VC goes down, a new VC is elected.
Provisioning an IAP as a Master IAP
You can provision an IAP as a master IAP by using the Instant UI or the CLI.
In the Instant UI
To provision an IAP as a master IAP:
1. On the Access Points tab, click the IAP to modify.
2. Click the edit link.
3. Select Enabled from the Preferred master drop-down list. This option is disabled by default.
Figure 25 IAP Settings—Provisioning Master IAP
4. Click OK .
In the CLI
To provision an IAP as a master IAP:
(Instant AP)# iap-master
To verify if the IAP is provisioned as master IAP:
(Instant AP)# show ap-env
Antenna Type:Internal
Iap_master:1
Adding an IAP to the Network
To add an IAP to the Instant network, assign an IP address. For more information, see
Assigning an IP address to the IAP on page 19
.
After an IAP is connected to the network, if the Auto-Join feature is enabled, the IAP inherits the configuration from the VC and is listed in the Access Points tab.
If the auto-join mode is disabled, perform the following steps by using the Instant UI.
80 | Customizing IAP Settings Aruba Instant 6.5.2.0 | User Guide
In the Instant UI:
To add an IAP to the network:
1. On the Access Points tab, click the New link.
2. In the New Access Point window, enter the MAC address for the new IAP.
3. Click OK .
Removing an IAP from the Network
You can remove an IAP from the network by using the Instant UI, only if the Auto-Join feature is disabled.
In the Instant UI
To remove an IAP from the network:
1. On the Access Points tab, click the IAP to delete. The x icon is displayed beside the IAP.
2. Click x to confirm the deletion.
The deleted IAPs cannot join the Instant network anymore and are not displayed in the Instant UI. However, the master
IAP details cannot be deleted from the VC database.
Support for BLE Asset Tracking
Starting from Instant 6.5.2.0, IAPs can monitor BLE asset tags to track the location of time-sensitive, high-value assets embedded with BLE tags.
BLE tags are located through the following steps:
1. IAP beacons scan the network for BLE tags.
2. When a tag is detected, the IAP beacon sends information about the tag to the IAP, including the MAC address and RSSI of the tag. This data is maintained in a list by the BLE daemon process on the IAP.
3. The list of tags is sent from the BLE daemon process on the IAP to the BLE relay process on the IAP.
4. The IAP opens a secure WebSocket connection with the designated WebSocket endpoint on the management server, such as the Meridian editor.
5. After receiving the list of tags from the IAP, the management server calculates the location of each tag by triangulating the tag’s RSSI data on a floor plan.
Each BLE tag must be heard by at least three IAP beacons for triangulation.
In the CLI
Execute the following command in the CLI to view the list of BLE tags discovered and reported by the IAP.
(Instant AP)# show ap debug ble-table assettags
Execute the following command in the CLI to manage BLE tag reporting and logging.
(Instant AP) (config)# ble_relay mgmt-server type ws <ws-endpoint>
Execute the following commands in the CLI to view BLE tag data:
(Instant AP)# show ap debug ble-relay tag-report
(Instant AP)# show ap debug ble-relay disp-attr
(Instant AP)# show ap debug ble-relay ws-log
Aruba Instant 6.5.2.0 | User Guide Customizing IAP Settings | 81
Intelligent Power Monitoring
Intelligent Power Monitoring (IPM) is a feature that actively measures the power utilization of an IAP and dynamically adapts to the power budget. The static power management method, in contrast to IPM, limits the operation and performance of an AP based on the worst case power usage model.
IPM dynamically limits the power requirement of an IAP as per the available power resources. This is in contrast to the existing static power management method where the power profiles (POE-AF/POE-AT/DC or LLDP) are hard-coded for each IAP. In order to manage this prioritization, you can define a set of power reduction steps and associate them with a priority. IPM applies a sequence of power reduction steps as defined by the priority definition until the AP is functioning within the power budget. This happens dynamically as IPM constantly monitors the IAP power consumption and reacts to over-consumption by applying the next power reduction step in the priority list if the IAP exceeds the power threshold.
IPM is supported in 300 Series, AP-303H, 310 Series, and 330 Series access points.
Important Points to Remember
n n
By default, IPM is disabled.
When enabled, IPM enables all IAP functionality initially. IPM then proceeds to shut down or restrict functionality if the power usage of the AP goes beyond the power budget of the IAP.
Some functionality may still be restricted because IPM does not override the pre-existing settings that restrict functionality. For example, USB functionality can be disabled in the provisioning profile regardless of the power source.
Configuring IPM
Setting a low-priority value for a power reduction step reduces the power level sooner than setting a highpriority value for a power reduction step. However, if the power reduction step is of the same type but different level, the smallest reduction should be allocated the lowest priority value so that the power reduction step takes place earlier. For example, the cpu_throttle_25 or radio_2ghz_power_3dB parameter should have a lower priority level than the cpu_throttle_50 or radio_2ghz_power_6dB , respectively, so that IPM reduces the CPU throttle or power usage based on the priority list.
You can configure IPM only through the Instant CLI:
In the CLI
To enable IPM:
(Instant AP)(config)# ipm
(Instant AP)(ipm)# enable
To alter the IPM priority list:
(Instant AP)(ipm)# ipm-power-reduction-step-prio ipm-step ?
cpu_throttle_25 Reduce CPU frequency to 25% cpu_throttle_50 cpu_throttle_75 disable_alt_eth
Reduce CPU frequency to 50%
Reduce CPU frequency to 75%
Disable 2nd Ethernet port disable_pse disable_usb radio_2ghz_chain_1x1 radio_2ghz_chain_2x2 radio_2ghz_chain_3x3 radio_2ghz_power_3dB radio_2ghz_power_6dB radio_5ghz_chain_1x1 radio_5ghz_chain_2x2 radio_5ghz_chain_3x3 radio_5ghz_power_3dB
Disable PSE
Disable USB
Reduce 2GHz chains to 1x1
Reduce 2GHz chains to 2x2
Reduce 2GHz chains to 3x3
Reduce 2GHz radio power by 3dB from maximum
Reduce 2GHz radio power by 6dB from maximum
Reduce 5GHz chains to 1x1
Reduce 5GHz chains to 2x2
Reduce 5GHz chains to 3x3
Reduce 5GHz radio power by 3dB from maximum
82 | Customizing IAP Settings Aruba Instant 6.5.2.0 | User Guide
radio_5ghz_power_6dB Reduce 5GHz radio power by 6dB from maximum
Transmit Power Calculation Support on 200 Series and 300 Series
Access Points
This feature allows calculation of the transmit power of each outgoing 802.11 packet so that IAP adheres to the latest regulatory limits. Also, the MIMO gain is considered while calculating the transmit power. MIMO gain refers to effective increase in EIRP of a packet due to usage of multiple antennae (power gain) and various signal processing techniques such as CDD (Cyclic Delay Diversity), transmit beamforming, and so on
(correlation gain).
Two new action commands, a-ant-pol and g-ant-pol , are added to configure the antenna polarization for both the radios. A new show command show ap debug power-table is added that displays the following information: n n n
Power limit table based on regulatory powers, user configured power, and override powers.
Board limit table.
A combination of all the above fields to calculate the actual transmit power of the packets.
This feature is supported on 200 Series and 300 Series access points and the command show ap debug power-table does not display any value for 100 Series access points.
Aruba Instant 6.5.2.0 | User Guide Customizing IAP Settings | 83
advertisement
Related manuals
advertisement
Table of contents
- 3 Contents
- 11 Revision History
- 12 About this Guide
- 12 Intended Audience
- 12 Related Documents
- 12 Conventions
- 13 Contacting Support
- 14 About Aruba Instant
- 14 Instant Overview
- 17 What is New in this Release
- 19 Setting up an IAP
- 19 Setting up Instant Network
- 20 Provisioning an IAP
- 23 Logging in to the Instant UI
- 24 Accessing the Instant CLI
- 28 Automatic Retrieval of Configuration
- 28 Managed Mode Operations
- 28 Prerequisites
- 29 Configuring Managed Mode Parameters
- 30 Verifying the Configuration
- 31 Instant User Interface
- 31 Login Screen
- 32 Main Window
- 60 Initial Configuration Tasks
- 60 Configuring System Parameters
- 66 Changing Password
- 67 Customizing IAP Settings
- 67 IAP Discovery Logic
- 72 Modifying the IAP Host Name
- 72 Configuring Zone Settings on an IAP
- 73 Specifying a Method for Obtaining IP Address
- 73 Configuring External Antenna
- 75 Configuring Radio Profiles for an IAP
- 76 Enabling Flexible Radio
- 77 Configuring Uplink VLAN for an IAP
- 77 Changing the IAP Installation Mode
- 78 Changing USB Port Status
- 79 Master Election and Virtual Controller
- 80 Adding an IAP to the Network
- 81 Removing an IAP from the Network
- 81 Support for BLE Asset Tracking
- 82 Intelligent Power Monitoring
- 83 Transmit Power Calculation Support on 200 Series and 300 Series Access Points
- 84 VLAN Configuration
- 84 VLAN Pooling
- 84 Uplink VLAN Monitoring and Detection on Upstream Devices
- 85 IPv6 Support
- 85 IPv6 Notation
- 85 Enabling IPv6 Support for IAP Configuration
- 87 Firewall Support for IPv6
- 87 Debugging Commands
- 88 Wireless Network Profiles
- 88 Configuring Wireless Network Profiles
- 106 Configuring Fast Roaming for Wireless Clients
- 110 Configuring Modulation Rates on a WLAN SSID
- 110 Multi-User-MIMO
- 111 Management Frame Protection
- 111 Disabling Short Preamble for Wireless Client
- 112 Editing Status of a WLAN SSID Profile
- 112 Editing a WLAN SSID Profile
- 112 Deleting a WLAN SSID Profile
- 113 Wired Profiles
- 113 Configuring a Wired Profile
- 118 Assigning a Profile to Ethernet Ports
- 118 Editing a Wired Profile
- 119 Deleting a Wired Profile
- 119 Link Aggregation Control Protocol
- 121 Understanding Hierarchical Deployment
- 122 Captive Portal for Guest Access
- 122 Understanding Captive Portal
- 123 Configuring a WLAN SSID for Guest Access
- 128 Configuring Wired Profile for Guest Access
- 129 Configuring Internal Captive Portal for Guest Network
- 132 Configuring External Captive Portal for a Guest Network
- 138 Configuring Facebook Login
- 139 Configuring Guest Logon Role and Access Rules for Guest Users
- 141 Configuring Captive Portal Roles for an SSID
- 143 Configuring Walled Garden Access
- 146 Authentication and User Management
- 146 Managing IAP Users
- 151 Supported Authentication Methods
- 152 Supported EAP Authentication Frameworks
- 153 Configuring Authentication Servers
- 167 Understanding Encryption Types
- 168 Configuring Authentication Survivability
- 170 Configuring 802.1X Authentication for a Network Profile
- 172 Enabling 802.1X Supplicant Support
- 173 Configuring MAC Authentication for a Network Profile
- 175 Configuring MAC Authentication with 802.1X Authentication
- 177 Configuring MAC Authentication with Captive Portal Authentication
- 178 Configuring WISPr Authentication
- 179 Blacklisting Clients
- 182 Uploading Certificates
- 185 Roles and Policies
- 185 Firewall Policies
- 198 Content Filtering
- 202 Configuring User Roles
- 204 Configuring Derivation Rules
- 211 Using Advanced Expressions in Role and VLAN Derivation Rules
- 214 DHCP Configuration
- 214 Configuring DHCP Scopes
- 221 Configuring the Default DHCP Scope for Client IP Assignment
- 223 Configuring Time-Based Services
- 223 Time Range Profiles
- 223 Configuring a Time Range Profile
- 224 Applying a Time Range Profile to a WLAN SSID
- 225 Verifying the Configuration
- 226 Dynamic DNS Registration
- 226 Enabling Dynamic DNS
- 227 Configuring Dynamic DNS Updates for DL3 Clients
- 227 Verifying the Configuration
- 229 VPN Configuration
- 229 Understanding VPN Features
- 230 Configuring a Tunnel from an IAP to a Mobility Controller
- 241 Configuring Routing Profiles
- 243 IAP-VPN Deployment
- 243 Understanding IAP-VPN Architecture
- 246 Configuring IAP and Controller for IAP-VPN Operations
- 254 Adaptive Radio Management
- 254 ARM Overview
- 255 Configuring ARM Features on an IAP
- 261 Configuring Radio Settings
- 265 Deep Packet Inspection and Application Visibility
- 265 Deep Packet Inspection
- 265 Enabling Application Visibility
- 266 Application Visibility
- 271 Enabling URL Visibility
- 271 Configuring ACL Rules for Application and Application Categories
- 274 Configuring Web Policy Enforcement Service
- 276 Voice and Video
- 276 Wi-Fi Multimedia Traffic Management
- 279 Media Classification for Voice and Video Calls
- 280 Enabling Enhanced Voice Call Tracking
- 282 Services
- 282 Configuring AirGroup
- 291 Configuring an IAP for RTLS Support
- 292 Configuring an IAP for Analytics and Location Engine Support
- 293 Managing BLE Beacons
- 294 Clarity Live
- 296 Configuring OpenDNS Credentials
- 296 Integrating an IAP with Palo Alto Networks Firewall
- 298 Integrating an IAP with an XML API Interface
- 301 CALEA Integration and Lawful Intercept Compliance
- 307 Cluster Security
- 307 Overview
- 308 Enabling Cluster Security
- 309 Cluster Security Debugging Logs
- 309 Verifying the Configuration
- 310 IAP Management and Monitoring
- 310 Managing an IAP from AirWave
- 321 Managing IAP from Aruba Central
- 323 Uplink Configuration
- 323 Uplink Interfaces
- 328 Uplink Preferences and Switching
- 333 Intrusion Detection
- 333 Detecting and Classifying Rogue IAPs
- 333 OS Fingerprinting
- 334 Configuring Wireless Intrusion Protection and Detection Levels
- 339 Configuring IDS
- 341 Mesh IAP Configuration
- 341 Mesh Network Overview
- 342 Setting up Instant Mesh Network
- 342 Configuring Wired Bridging on Ethernet 0 for Mesh Point
- 344 Mobility and Client Management
- 344 Layer-3 Mobility Overview
- 345 Configuring L3-Mobility
- 347 Spectrum Monitor
- 347 Understanding Spectrum Data
- 352 Configuring Spectrum Monitors and Hybrid IAPs
- 355 IAP Maintenance
- 355 Upgrading an IAP
- 358 Backing up and Restoring IAP Configuration Data
- 359 Converting an IAP to a Remote AP and Campus AP
- 365 Resetting a Remote AP or Campus AP to an IAP
- 365 Rebooting the IAP
- 367 Monitoring Devices and Logs
- 367 Configuring SNMP
- 370 Configuring a Syslog Server
- 372 Configuring TFTP Dump Server
- 373 Running Debug Commands
- 377 Uplink Bandwidth Monitoring
- 379 Hotspot Profiles
- 379 Understanding Hotspot Profiles
- 380 Configuring Hotspot Profiles
- 391 Sample Configuration
- 394 Mobility Access Switch Integration
- 394 Mobility Access Switch Overview
- 395 Configuring IAPs for Mobility Access Switch Integration
- 396 ClearPass Guest Setup
- 396 Configuring ClearPass Guest
- 400 Verifying ClearPass Guest Setup
- 401 Troubleshooting
- 402 IAP-VPN Deployment Scenarios
- 402 Scenario 1—IPsec: Single Datacenter Deployment with No Redundancy
- 408 Scenario 2—IPsec: Single Datacenter with Multiple Controllers for Redundancy
- 414 Scenario 3—IPsec: Multiple Datacenter Deployment with Primary and Backup Cont...
- 421 Scenario 4—GRE: Single Datacenter Deployment with No Redundancy
- 427 Glossary of Terms