Uplink Configuration. Aruba Instant 6.5.2.0, RAP-155, IAP-207, RAP-108, IAP-305, Instant
Add to My manuals466 Pages
advertisement
Chapter 26
Uplink Configuration
This chapter provides the following information: n n
Uplink Preferences and Switching on page 328
Uplink Interfaces
Instant network supports Ethernet, 3G and 4G USB modems, and the Wi-Fi uplink to provide access to the corporate Instant network. The 3G/4G USB modems and the Wi-Fi uplink can be used to extend the connectivity to places where an Ethernet uplink cannot be configured. It also provides a reliable backup link for the Ethernet-based Instant network.
The following figure illustrates a scenario in which the IAPs join the VC as slave IAPs through a wired or mesh
Wi-Fi uplink:
Figure 94 Uplink Types
The following types of uplinks are supported on Instant: n n n
Ethernet Uplink
The Eth0 port on an IAP is enabled as an uplink port by default. You can view the type of uplink and the status of uplink of an IAPin the Info tab on selecting a client.
Aruba Instant 6.5.2.0 | User Guide Uplink Configuration | 323
Figure 95 Uplink Status
Ethernet uplink supports the following types of configuration in this Instant release.
l l l
PPPoE
DHCP
Static IP
You can use PPPoE for your uplink connectivity in both IAP and IAP-VPN deployments. PPPoE is supported only in a single IAP deployment.
Uplink redundancy with the PPPoE link is not supported.
When the Ethernet link is up, it is used as a PPPoE or DHCP uplink. After the PPPoE settings are configured,
PPPoE has the highest priority for the uplink connections. The IAP can establish a PPPoE session with a PPPoE server at the ISP and get authenticated using Password Authentication Protocol (PAP) or the Challenge
Handshake Authentication Protocol (CHAP). Depending upon the request from the PPPoE server, either the
PAP or the CHAP credentials are used for authentication. After configuring PPPoE, reboot the IAP for the configuration to take effect. The PPPoE connection is dialed after the IAP comes up. The PPPoE configuration is checked during IAP boot and if the configuration is correct, Ethernet is used for the uplink connection.
When PPPoE is used, do not configure Dynamic RADIUS Proxy and IP address of the VC. An SSID created with default
VLAN is not supported with PPPoE uplink.
You can also configure an alternate Ethernet uplink to enable uplink failover when an Ethernet port fails.
Configuring PPPoE Uplink Profile
You can configure PPPoE settings from the Instant UI or the CLI.
In the Instant UI
Configuring PPPoE settings:
1. Click the System link on the Instant main window.
2. In the System section, click the Show advanced options link.
3. Perform the following steps in the PPPoE section in the Uplink tab: a. Enter the PPPoE service name provided by your service provider in the Service name text box.
b. Enter the secret key used for Challenge Handshake Authentication Protocol (CHAP) authentication in the
CHAP secret and Retype text boxes. You can use a maximum of 34 characters for the CHAP secret key.
324 | Uplink Configuration Aruba Instant 6.5.2.0 | User Guide
c. Enter the username for the PPPoE connection in the User text box.
d. Enter a password for the PPPoE connection and confirm the password in the Password and Retype text boxes.
4. Select a value from the Local interface drop-down list to set a local interface for the PPPoE uplink connections. The selected DHCP scope will be used as a local interface on the PPPoE interface and the Local,
L3 DHCP gateway IP address as its local IP address. When configured, the local interface acts as an unnumbered PPPoE interface and allows the entire Local, L3 DHCP subnet to be allocated to clients.
The options in the Local interface drop-down list are displayed only if a Local, L3 DHCP scope is configured on the
IAP.
5. Click OK .
6. Reboot the IAP for the configuration to take effect.
In the CLI
To configure a PPPoE uplink connection:
(Instant AP)(config) # pppoe-uplink-profile
(Instant AP)(pppoe-uplink-profile)# pppoe-svcname <service-name>
(Instant AP)(pppoe-uplink-profile)# pppoe-username <username>
(Instant AP)(pppoe-uplink-profile)# pppoe-passwd <password>
(Instant AP)(pppoe-uplink-profile)# pppoe-chapsecret <password>
(Instant AP)(pppoe-uplink-profile)# pppoe-unnumbered-local-l3-dhcp-profile <dhcp-profile>
(Instant AP)(pppoe-uplink-profile)# end
(Instant AP)# commit apply
To view the PPPoE configuration:
(Instant AP)# show pppoe config
PPPoE Configuration
-------------------
Type
----
Value
-----
User
Password
Service name testUser
3c28ec1b82d3eef0e65371da2f39c4d49803e5b2bc88be0c internet03
CHAP secret 8e87644deda9364100719e017f88ebce
Unnumbered dhcp profile dhcpProfile1
To view the PPPoE status:
(Instant AP)# show pppoe status pppoe uplink state:Suppressed.
Cellular Uplink
Instant supports the use of 3G and 4G USB modems to provide the Internet backhaul to an Instant network.
The 3G or 4G USB modems can be used to extend client connectivity to places where an Ethernet uplink cannot be configured. This enables the IAPs to automatically choose the available network in a specific region.
RAP-155/155P devices do not support the high-speed option (HSO) module.
Aruba Instant 6.5.2.0 | User Guide Uplink Configuration | 325
When UML290 runs in auto-detect mode, the modem can switch from 4G network to 3G network or vice-versa based on the signal strength. To configure the UML290 for the 3G network only, manually set the USB type to pantech-3g .
To configure the UML290 for the 4G network only, manually set the 4G USB type to pantech-lte .
Configuring Cellular Uplink Profiles
You can configure 3G or 4G uplinks by using the Instant UI or the CLI.
In the Instant UI
To configure 3G/4G uplinks:
1. Click the System link on the Instant main window.
2. In the System window, click the show advanced settings link.
3. Click the Uplink tab.
4. To configure a 3G or 4G uplink, select the Country and ISP .
5. Click OK .
6. Reboot the IAP for changes to take effect.
In the CLI
To configure 3G/4G uplink manually:
(Instant AP)(config) # cellular-uplink-profile
(Instant AP)(cellular-uplink-profile)# usb-type <3G-usb-type>
(Instant AP)(cellular-uplink-profile)# 4g-usb-type <4g-usb>
(Instant AP)(cellular-uplink-profile)# modem-country <country>
(Instant AP)(cellular-uplink-profile)# modem-isp <service-provider-name>
(Instant AP)(cellular-uplink-profile)# usb-auth-type <usb-authentication_type>
(Instant AP)(cellular-uplink-profile)# usb-user <username>
(Instant AP)(cellular-uplink-profile)# usb-passwd <password>
(Instant AP)(cellular-uplink-profile)# usb-dev <device-ID>
(Instant AP)(cellular-uplink-profile)# usb-tty <tty-port>
(Instant AP)(cellular-uplink-profile)# usb-init <Initialization-parameter>
(Instant AP)(cellular-uplink-profile)# usb-dial <dial-parameter>
(Instant AP)(cellular-uplink-profile)# usb-modeswitch <usb-modem>
(Instant AP)(cellular-uplink-profile)# end
(Instant AP)# commit apply
To switch a modem from the storage mode to modem mode:
(Instant AP)(cellular-uplink-profile)# usb-modeswitch <usb-modem>
To view the cellular configuration:
(Instant AP)# show cellular config
Managing Cellular SIM PIN
IAPs now support the Subscriber Identity Module (SIM) Personal Identification Number (PIN) management functions such as locking, unlocking, and renewing the SIM PIN of the 3G/4G modems. In the current release, these functions can be configured only through the IAP CLI.
To prevent any fradulent use of 3G/4G modems connected to an IAP, you can enable locking of the SIM PIN of the modems. When enabled, if an incorrect PIN code is provided in the three consecutive attempts, the
SIM PIN is locked. To unlock the PIN, the users must use the Personal Unblocking Code (PUK) code provided by your ISP.
After enabling SIM PIN lock, reboot the IAP to apply the SIM PIN lock configuration changes.
326 | Uplink Configuration Aruba Instant 6.5.2.0 | User Guide
To enable SIM PIN lock:
(Instant AP)# pin-enable <pin_current_used>
To disable SIM PIN locking:
(Instant AP)# no pin-enable <pin_current_used>
To unlock a PIN with the PUK code provided by the operator:
(Instant AP)# pin-puk <pin_puk> <pin_new>
To renew the PIN:
(Instant AP)# pin-renew <pin_current> <pin_new>
Wi-Fi Uplink
The Wi-Fi uplink is supported on all the IAP models, except for the 802.11ac IAP models (IAP-2xx and IAP-3xx
Series access points). However only the master IAP uses this uplink. The Wi-Fi allows uplink to open, PSK-CCMP, and PSK-TKIP SSIDs.
n n
For single-radio IAPs, the radio serves wireless clients and the Wi-Fi uplink.
For dual-radio IAPs, both radios can be used to serve clients but only one of them can be used for the Wi-Fi uplink.
When the Wi-Fi uplink is in use, the client IP is assigned by the internal DHCP server.
Configuring a Wi-Fi Uplink Profile
The following configuration conditions apply to the Wi-Fi uplink: n n n
To bind or unbind the Wi-Fi uplink on the 5 GHz band, reboot the IAP.
If the Wi-Fi uplink is used on the 5 GHz band, mesh is disabled. The two links are mutually exclusive.
For IAPs to connect to an ArubaOS-based WLAN using Wi-Fi uplink, the controller must run ArubaOS 6.2.1.0
or later.
In the Instant UI
To provision an IAP with the Wi-Fi uplink:
1. If you are configuring a Wi-Fi uplink after restoring factory settings on an IAP, connect the IAP to an
Ethernet cable to allow the IAP to get the IP address. Otherwise, go to step 2.
2. Click the System link on the Instant main window.
3. In the System section, click the Show advanced options link. The advanced options are displayed.
4. Click the Uplink tab.
5. Under Wi-Fi , enter the name of the wireless network that is used for the Wi-Fi uplink in the Name (SSID) text box.
6. Select the type of key for uplink encryption and authentication from the Key management drop-down list. If the uplink wireless router uses mixed encryption, WPA-2 is recommended for the Wi-Fi uplink.
7. Select the band in which the VC currently operates, from the band drop-down list. The following options are available: n n
2.4 GHz (default)
5 GHz
8. Select a passphrase format from the Passphrase format drop-down list. The following options are available: n n
8–63 alphanumeric characters
64 hexadecimal characters
Aruba Instant 6.5.2.0 | User Guide Uplink Configuration | 327
Ensure that the hexadecimal password string is exactly 64 digits in length.
9. Enter a Pre-Shared Key (PSK) passphrase in the Passphrase text box and click OK .
10.Navigate to System > General > Show Advanced Options view and set the Extended SSID parameter to Disabled .
11.Reboot the IAP to apply the changes. After the IAP reboot, the Wi-Fi and mesh links are automatically enabled.
In the CLI
To configure Wi-Fi uplink on an IAP:
(Instant AP)(config) # wlan sta-profile
(Instant AP)(sta uplink)# cipher-suite<clear | wpa-tkip-psk | wpa2-ccmp-psk>
(Instant AP)(sta uplink)# essid <essid>
(Instant AP)(sta uplink)# uplink-band <band>
(Instant AP)(sta uplink)# wpa-passphrase <key>
(Instant AP)(sta uplink)# end
(Instant AP)# commit apply
To view the W-Fi uplink status in the CLI:
(Instant AP)# show wifi-uplink status configured :NO
To view the configuration status in the CLI:
(Instant AP)# show wifi-uplink config
ESSID
Cipher Suite
Passphrase
Band
:
:
:
:
(Instant AP)# show wifi-uplink auth log
---------------------------------------------------------------------wifi uplink auth configuration:
----------------------------------------------------------------------
---------------------------------------------------------------------wifi uplink auth log:
----------------------------------------------------------------------
[1116]2000-01-01 00:00:45.625: Global control interface '/tmp/supp_gbl'
Uplink Preferences and Switching
This topic describes the following procedures: n n n n n
Setting an Uplink Priority on page 329
Enabling Uplink Preemption on page 330
Switching Uplinks Based on VPN and Internet Availability on page 330
Viewing Uplink Status and Configuration on page 332
Enforcing Uplinks
The following configuration conditions apply to the uplink enforcement:
328 | Uplink Configuration Aruba Instant 6.5.2.0 | User Guide
n n n n
When an uplink is enforced, the IAP uses the specified uplink as the primary uplink regardless of uplink preemption configuration and the current uplink status.
When an uplink is enforced and multiple Ethernet ports are configured ,and if the uplink is enabled on the wired profiles, the IAP tries to find an alternate Ethernet link based on the priority configured.
When no uplink is enforced and preemption is not enabled, and if the current uplink fails, the IAP tries to find an available uplink based on the priority configured. The uplink with the highest priority is used as the primary uplink. For example, if Wi-Fi-sta has the highest priority, it is used as the primary uplink.
When no uplink is enforced and preemption is enabled, and if the current uplink fails, the IAP tries to find an available uplink based on the priority configured. If current uplink is active, the IAP periodically tries to use a higher-priority uplink and switches to the higher-priority uplink even if the current uplink is active.
You can enforce a specific uplink on an IAP by using the Instant UI or the CLI.
In the Instant UI
To enforce an uplink:
1. Click the System > show advanced settings > Uplink . The Uplink tab contents are displayed.
2. Under Management , select the type of uplink from the Enforce Uplink drop-down list. If Ethernet uplink is selected, the Port text box is displayed.
3. Specify the Ethernet interface port number.
4. Click OK . The selected uplink is enforced on the IAP.
In the CLI
To enforce an uplink:
(Instant AP)(config)# uplink
(Instant AP)(uplink)# enforce {cellular|ethernet | wifi | none}
(Instant AP)(uplink)# end
(Instant AP)# commit apply
Setting an Uplink Priority
You can set an uplink priority by using the Instant UI or the CLI.
In the Instant UI
Setting an uplink priority:
1. Click System > show advanced settings > Uplink .
2. Under Uplink Priority List , select the uplink, and click the icons in the Uplink Priority List section, to increase or decrease the priority. By default, the Eth0 uplink is set as a high-priority uplink.
3. Click OK . The selected uplink is prioritized over other uplinks.
In the CLI
Setting an uplink priority:
(Instant AP)(config)# uplink
(Instant AP)(uplink)# uplink-priority {cellular <priority> | ethernet <priority> | [port
<Interface-number> <priority>] | wifi <priority>}
(Instant AP)(uplink)# end
(Instant AP)# commit apply
Setting an Ethernet uplink priority :
(Instant AP)(uplink)# uplink-priority ethernet port 0 1
(Instant AP)(uplink)# end
(Instant AP)# commit apply
Aruba Instant 6.5.2.0 | User Guide Uplink Configuration | 329
Enabling Uplink Preemption
The following configuration conditions apply to uplink preemption: n n n
Preemption can be enabled only when no uplink is enforced.
When preemption is disabled and the current uplink goes down, the IAP tries to find an available uplink based on the uplink priority configuration.
When preemption is enabled and if the current uplink is active, the IAP periodically tries to use a higherpriority uplink, and switches to a higher-priority uplink even if the current uplink is active.
You can enable uplink preemption by using Instant UI or the CLI.
In the Instant UI
To enable uplink preemption:
1. Click System > show advanced settings > Uplink . The Uplink tab contents are displayed.
2. Under Management , ensure that the Enforce Uplink is set to none.
3. Select Enabled from the Pre-emption drop-down list.
4. Click OK .
In the CLI
To configure uplink preemption:
(Instant AP)(config)# uplink
(Instant AP)(uplink)# preemption
(Instant AP)(uplink)# end
(Instant AP)# commit apply
Switching Uplinks Based on VPN and Internet Availability
The default priority for uplink switchover is Ethernet and then 3G/4G. The IAP can switch to the lower-priority uplink if the current uplink is down.
Switching Uplinks Based on VPN Status
Instant supports switching uplinks based on the VPN status when deploying multiple uplinks (Ethernet, 3G/4G, and Wi-Fi). When VPN is used with multiple backhaul options, the IAP switches to an uplink connection based on the VPN connection status, instead of only using the Ethernet or the physical backhaul link.
The following configuration conditions apply to uplink switching: n n
If the current uplink is Ethernet and the VPN connection is down, the IAP tries to reconnect to VPN. The retry time depends on the fast failover configuration and the primary or backup VPN tunnel. If this fails, the
IAP waits for the VPN failover timeout and selects a different uplink such as 3G/4G or Wi-Fi.
If the current uplink is 3G or Wi-Fi, and Ethernet has a physical link, the IAP periodically suspends user traffic to try and connect to the VPN on the Ethernet. If the IAP succeeds, the IAP switches to Ethernet. If the IAP does not succeed, it restores the VPN connection to the current uplink.
Uplink switching based on VPN status is automatically enabled if VPN is configured on the IAP. However, you can specify the duration in the VPN failover timeout text box to wait for an uplink switch. By default, this duration is set to 180 seconds. The IAP monitors the VPN status and when the VPN connection is not available for 3 minutes, the uplink switches to another available connection (if a low-priority uplink is detected and the uplink preference is set to none). When VPN failover timeout is set to 0, uplink does not switch over.
When uplink switching based on the Internet availability is enabled, the uplink switching based on VPN failover is automatically disabled.
330 | Uplink Configuration Aruba Instant 6.5.2.0 | User Guide
Switching Uplinks Based on Internet Availability
You can configure Instant to switch uplinks based on Internet availability.
When the uplink switchover based on Internet availability is enabled, the IAP continuously sends Internet
Control Management Protocol (ICMP) packets to some well-known Internet servers. If the request is timed out due to a bad uplink connection or uplink interface failure, and the public Internet is not reachable from the current uplink, the IAP switches to a different connection.
You can set preferences for uplink switching by using the Instant UI and the CLI.
In the Instant UI
To configure uplink switching:
1. Click System > show advanced settings > Uplink . The Uplink tab contents are displayed.
2. Under Management , configure the following parameters: n
VPN failover timeout —To configure uplink switching based on VPN status, specify the duration to wait for an uplink switch. The default duration is set to 180 seconds.
n
Internet failover —To configure uplink switching based on Internet availability, perform the following steps: a. Select Enabled from the Internet failover drop-down list.
b. Specify the required values for the following parameters: l l l
Max allowed test packet loss —The maximum number of ICMP test packets that are allowed to be lost to determine if the IAP must switch to a different uplink connection.
You can specify a value within the range of 1–1000.
Secs between test packets —The frequency at which ICMP test packets are sent. You can specify a value within the range of 1–3600 seconds.
Internet check timeout —Internet check timeout is the duration for the test packet timeout. You can specify a value within the range of 0–3600 seconds and the default value is 10 seconds.
n
Internet failover IP —To configure an IP address to which the IAP must send IAP packets and verify if the Internet is reachable when the uplink is down. By default, the master IAP sends the ICMP packets to
8.8.8.8 IP address only if the out-of-service operation based on Internet availability (internet-down state) is configured on the SSID.
3. Click OK .
When Internet failover is enabled, the IAP ignores the VPN status, although uplink switching based on VPN status is enabled.
In the CLI
To enable uplink switching based on VPN status:
(Instant AP)(config)# uplink
(Instant AP)(uplink)# failover-vpn-timeout <seconds>
(Instant AP)(uplink)# end
(Instant AP)# commit apply
To enable uplink switching based on Internet availability:
(Instant AP)(config)# uplink
(Instant AP)(uplink)# failover-internet
(Instant AP)(uplink)# failover-internet-ip <ip>
(Instant AP)(uplink)# failover-internet-pkt-lost-cnt <count>
Aruba Instant 6.5.2.0 | User Guide Uplink Configuration | 331
(Instant AP)(uplink)# failover-internet-pkt-send-freq <frequency>
(Instant AP)(uplink)# end
(Instant AP)# commit apply
Viewing Uplink Status and Configuration
To view the uplink status:
(Instant AP)# show uplink status
Uplink preemption :enable
Uplink preemption interval
Uplink enforce
Ethernet uplink eth0
Uplink Table
:600
:none
:DHCP
------------
Type State Priority In Use
---eth0
-----
UP
--------
2
------
Yes
Wifi-sta INIT 1
3G/4G INIT 3
Internet failover
Internet failover IP
No
No
:enable
:192.2.0.1
Max allowed test packet loss :10
Secs between test packets :30
VPN failover timeout (secs) :180
Internet check timeout (secs) :10
ICMP pkt sent
ICMP pkt lost
:1
:1
Continuous pkt lost :1
VPN down time :0
AP1X type:NONE
Certification type:NONE
Validate server:NONE
To view the uplink configuration in the CLI:
(Instant AP)# show uplink config
Uplink preemption :enable
Uplink preemption interval
Uplink enforce
:600
:none
Ethernet uplink eth0
Internet failover
:DHCP
:disable
Max allowed test packet loss :10
Secs between test packets :30
VPN failover timeout (secs) :180
Internet check timeout (secs) :10
Secs between test packets :30
332 | Uplink Configuration Aruba Instant 6.5.2.0 | User Guide
advertisement
Related manuals
advertisement
Table of contents
- 3 Contents
- 11 Revision History
- 12 About this Guide
- 12 Intended Audience
- 12 Related Documents
- 12 Conventions
- 13 Contacting Support
- 14 About Aruba Instant
- 14 Instant Overview
- 17 What is New in this Release
- 19 Setting up an IAP
- 19 Setting up Instant Network
- 20 Provisioning an IAP
- 23 Logging in to the Instant UI
- 24 Accessing the Instant CLI
- 28 Automatic Retrieval of Configuration
- 28 Managed Mode Operations
- 28 Prerequisites
- 29 Configuring Managed Mode Parameters
- 30 Verifying the Configuration
- 31 Instant User Interface
- 31 Login Screen
- 32 Main Window
- 60 Initial Configuration Tasks
- 60 Configuring System Parameters
- 66 Changing Password
- 67 Customizing IAP Settings
- 67 IAP Discovery Logic
- 72 Modifying the IAP Host Name
- 72 Configuring Zone Settings on an IAP
- 73 Specifying a Method for Obtaining IP Address
- 73 Configuring External Antenna
- 75 Configuring Radio Profiles for an IAP
- 76 Enabling Flexible Radio
- 77 Configuring Uplink VLAN for an IAP
- 77 Changing the IAP Installation Mode
- 78 Changing USB Port Status
- 79 Master Election and Virtual Controller
- 80 Adding an IAP to the Network
- 81 Removing an IAP from the Network
- 81 Support for BLE Asset Tracking
- 82 Intelligent Power Monitoring
- 83 Transmit Power Calculation Support on 200 Series and 300 Series Access Points
- 84 VLAN Configuration
- 84 VLAN Pooling
- 84 Uplink VLAN Monitoring and Detection on Upstream Devices
- 85 IPv6 Support
- 85 IPv6 Notation
- 85 Enabling IPv6 Support for IAP Configuration
- 87 Firewall Support for IPv6
- 87 Debugging Commands
- 88 Wireless Network Profiles
- 88 Configuring Wireless Network Profiles
- 106 Configuring Fast Roaming for Wireless Clients
- 110 Configuring Modulation Rates on a WLAN SSID
- 110 Multi-User-MIMO
- 111 Management Frame Protection
- 111 Disabling Short Preamble for Wireless Client
- 112 Editing Status of a WLAN SSID Profile
- 112 Editing a WLAN SSID Profile
- 112 Deleting a WLAN SSID Profile
- 113 Wired Profiles
- 113 Configuring a Wired Profile
- 118 Assigning a Profile to Ethernet Ports
- 118 Editing a Wired Profile
- 119 Deleting a Wired Profile
- 119 Link Aggregation Control Protocol
- 121 Understanding Hierarchical Deployment
- 122 Captive Portal for Guest Access
- 122 Understanding Captive Portal
- 123 Configuring a WLAN SSID for Guest Access
- 128 Configuring Wired Profile for Guest Access
- 129 Configuring Internal Captive Portal for Guest Network
- 132 Configuring External Captive Portal for a Guest Network
- 138 Configuring Facebook Login
- 139 Configuring Guest Logon Role and Access Rules for Guest Users
- 141 Configuring Captive Portal Roles for an SSID
- 143 Configuring Walled Garden Access
- 146 Authentication and User Management
- 146 Managing IAP Users
- 151 Supported Authentication Methods
- 152 Supported EAP Authentication Frameworks
- 153 Configuring Authentication Servers
- 167 Understanding Encryption Types
- 168 Configuring Authentication Survivability
- 170 Configuring 802.1X Authentication for a Network Profile
- 172 Enabling 802.1X Supplicant Support
- 173 Configuring MAC Authentication for a Network Profile
- 175 Configuring MAC Authentication with 802.1X Authentication
- 177 Configuring MAC Authentication with Captive Portal Authentication
- 178 Configuring WISPr Authentication
- 179 Blacklisting Clients
- 182 Uploading Certificates
- 185 Roles and Policies
- 185 Firewall Policies
- 198 Content Filtering
- 202 Configuring User Roles
- 204 Configuring Derivation Rules
- 211 Using Advanced Expressions in Role and VLAN Derivation Rules
- 214 DHCP Configuration
- 214 Configuring DHCP Scopes
- 221 Configuring the Default DHCP Scope for Client IP Assignment
- 223 Configuring Time-Based Services
- 223 Time Range Profiles
- 223 Configuring a Time Range Profile
- 224 Applying a Time Range Profile to a WLAN SSID
- 225 Verifying the Configuration
- 226 Dynamic DNS Registration
- 226 Enabling Dynamic DNS
- 227 Configuring Dynamic DNS Updates for DL3 Clients
- 227 Verifying the Configuration
- 229 VPN Configuration
- 229 Understanding VPN Features
- 230 Configuring a Tunnel from an IAP to a Mobility Controller
- 241 Configuring Routing Profiles
- 243 IAP-VPN Deployment
- 243 Understanding IAP-VPN Architecture
- 246 Configuring IAP and Controller for IAP-VPN Operations
- 254 Adaptive Radio Management
- 254 ARM Overview
- 255 Configuring ARM Features on an IAP
- 261 Configuring Radio Settings
- 265 Deep Packet Inspection and Application Visibility
- 265 Deep Packet Inspection
- 265 Enabling Application Visibility
- 266 Application Visibility
- 271 Enabling URL Visibility
- 271 Configuring ACL Rules for Application and Application Categories
- 274 Configuring Web Policy Enforcement Service
- 276 Voice and Video
- 276 Wi-Fi Multimedia Traffic Management
- 279 Media Classification for Voice and Video Calls
- 280 Enabling Enhanced Voice Call Tracking
- 282 Services
- 282 Configuring AirGroup
- 291 Configuring an IAP for RTLS Support
- 292 Configuring an IAP for Analytics and Location Engine Support
- 293 Managing BLE Beacons
- 294 Clarity Live
- 296 Configuring OpenDNS Credentials
- 296 Integrating an IAP with Palo Alto Networks Firewall
- 298 Integrating an IAP with an XML API Interface
- 301 CALEA Integration and Lawful Intercept Compliance
- 307 Cluster Security
- 307 Overview
- 308 Enabling Cluster Security
- 309 Cluster Security Debugging Logs
- 309 Verifying the Configuration
- 310 IAP Management and Monitoring
- 310 Managing an IAP from AirWave
- 321 Managing IAP from Aruba Central
- 323 Uplink Configuration
- 323 Uplink Interfaces
- 328 Uplink Preferences and Switching
- 333 Intrusion Detection
- 333 Detecting and Classifying Rogue IAPs
- 333 OS Fingerprinting
- 334 Configuring Wireless Intrusion Protection and Detection Levels
- 339 Configuring IDS
- 341 Mesh IAP Configuration
- 341 Mesh Network Overview
- 342 Setting up Instant Mesh Network
- 342 Configuring Wired Bridging on Ethernet 0 for Mesh Point
- 344 Mobility and Client Management
- 344 Layer-3 Mobility Overview
- 345 Configuring L3-Mobility
- 347 Spectrum Monitor
- 347 Understanding Spectrum Data
- 352 Configuring Spectrum Monitors and Hybrid IAPs
- 355 IAP Maintenance
- 355 Upgrading an IAP
- 358 Backing up and Restoring IAP Configuration Data
- 359 Converting an IAP to a Remote AP and Campus AP
- 365 Resetting a Remote AP or Campus AP to an IAP
- 365 Rebooting the IAP
- 367 Monitoring Devices and Logs
- 367 Configuring SNMP
- 370 Configuring a Syslog Server
- 372 Configuring TFTP Dump Server
- 373 Running Debug Commands
- 377 Uplink Bandwidth Monitoring
- 379 Hotspot Profiles
- 379 Understanding Hotspot Profiles
- 380 Configuring Hotspot Profiles
- 391 Sample Configuration
- 394 Mobility Access Switch Integration
- 394 Mobility Access Switch Overview
- 395 Configuring IAPs for Mobility Access Switch Integration
- 396 ClearPass Guest Setup
- 396 Configuring ClearPass Guest
- 400 Verifying ClearPass Guest Setup
- 401 Troubleshooting
- 402 IAP-VPN Deployment Scenarios
- 402 Scenario 1—IPsec: Single Datacenter Deployment with No Redundancy
- 408 Scenario 2—IPsec: Single Datacenter with Multiple Controllers for Redundancy
- 414 Scenario 3—IPsec: Multiple Datacenter Deployment with Primary and Backup Cont...
- 421 Scenario 4—GRE: Single Datacenter Deployment with No Redundancy
- 427 Glossary of Terms