Uplink Configuration. Aruba Instant 6.5.2.0, RAP-155, IAP-207, RAP-108, IAP-305, Instant
Add to My manuals466 Pages
advertisement
Chapter 26
Uplink Configuration
This chapter provides the following information: n n
Uplink Preferences and Switching on page 328
Uplink Interfaces
Instant network supports Ethernet, 3G and 4G USB modems, and the Wi-Fi uplink to provide access to the corporate Instant network. The 3G/4G USB modems and the Wi-Fi uplink can be used to extend the connectivity to places where an Ethernet uplink cannot be configured. It also provides a reliable backup link for the Ethernet-based Instant network.
The following figure illustrates a scenario in which the IAPs join the VC as slave IAPs through a wired or mesh
Wi-Fi uplink:
Figure 94 Uplink Types
The following types of uplinks are supported on Instant: n n n
Ethernet Uplink
The Eth0 port on an IAP is enabled as an uplink port by default. You can view the type of uplink and the status of uplink of an IAPin the Info tab on selecting a client.
Aruba Instant 6.5.2.0 | User Guide Uplink Configuration | 323
Figure 95 Uplink Status
Ethernet uplink supports the following types of configuration in this Instant release.
l l l
PPPoE
DHCP
Static IP
You can use PPPoE for your uplink connectivity in both IAP and IAP-VPN deployments. PPPoE is supported only in a single IAP deployment.
Uplink redundancy with the PPPoE link is not supported.
When the Ethernet link is up, it is used as a PPPoE or DHCP uplink. After the PPPoE settings are configured,
PPPoE has the highest priority for the uplink connections. The IAP can establish a PPPoE session with a PPPoE server at the ISP and get authenticated using Password Authentication Protocol (PAP) or the Challenge
Handshake Authentication Protocol (CHAP). Depending upon the request from the PPPoE server, either the
PAP or the CHAP credentials are used for authentication. After configuring PPPoE, reboot the IAP for the configuration to take effect. The PPPoE connection is dialed after the IAP comes up. The PPPoE configuration is checked during IAP boot and if the configuration is correct, Ethernet is used for the uplink connection.
When PPPoE is used, do not configure Dynamic RADIUS Proxy and IP address of the VC. An SSID created with default
VLAN is not supported with PPPoE uplink.
You can also configure an alternate Ethernet uplink to enable uplink failover when an Ethernet port fails.
Configuring PPPoE Uplink Profile
You can configure PPPoE settings from the Instant UI or the CLI.
In the Instant UI
Configuring PPPoE settings:
1. Click the System link on the Instant main window.
2. In the System section, click the Show advanced options link.
3. Perform the following steps in the PPPoE section in the Uplink tab: a. Enter the PPPoE service name provided by your service provider in the Service name text box.
b. Enter the secret key used for Challenge Handshake Authentication Protocol (CHAP) authentication in the
CHAP secret and Retype text boxes. You can use a maximum of 34 characters for the CHAP secret key.
324 | Uplink Configuration Aruba Instant 6.5.2.0 | User Guide
c. Enter the username for the PPPoE connection in the User text box.
d. Enter a password for the PPPoE connection and confirm the password in the Password and Retype text boxes.
4. Select a value from the Local interface drop-down list to set a local interface for the PPPoE uplink connections. The selected DHCP scope will be used as a local interface on the PPPoE interface and the Local,
L3 DHCP gateway IP address as its local IP address. When configured, the local interface acts as an unnumbered PPPoE interface and allows the entire Local, L3 DHCP subnet to be allocated to clients.
The options in the Local interface drop-down list are displayed only if a Local, L3 DHCP scope is configured on the
IAP.
5. Click OK .
6. Reboot the IAP for the configuration to take effect.
In the CLI
To configure a PPPoE uplink connection:
(Instant AP)(config) # pppoe-uplink-profile
(Instant AP)(pppoe-uplink-profile)# pppoe-svcname <service-name>
(Instant AP)(pppoe-uplink-profile)# pppoe-username <username>
(Instant AP)(pppoe-uplink-profile)# pppoe-passwd <password>
(Instant AP)(pppoe-uplink-profile)# pppoe-chapsecret <password>
(Instant AP)(pppoe-uplink-profile)# pppoe-unnumbered-local-l3-dhcp-profile <dhcp-profile>
(Instant AP)(pppoe-uplink-profile)# end
(Instant AP)# commit apply
To view the PPPoE configuration:
(Instant AP)# show pppoe config
PPPoE Configuration
-------------------
Type
----
Value
-----
User
Password
Service name testUser
3c28ec1b82d3eef0e65371da2f39c4d49803e5b2bc88be0c internet03
CHAP secret 8e87644deda9364100719e017f88ebce
Unnumbered dhcp profile dhcpProfile1
To view the PPPoE status:
(Instant AP)# show pppoe status pppoe uplink state:Suppressed.
Cellular Uplink
Instant supports the use of 3G and 4G USB modems to provide the Internet backhaul to an Instant network.
The 3G or 4G USB modems can be used to extend client connectivity to places where an Ethernet uplink cannot be configured. This enables the IAPs to automatically choose the available network in a specific region.
RAP-155/155P devices do not support the high-speed option (HSO) module.
Aruba Instant 6.5.2.0 | User Guide Uplink Configuration | 325
When UML290 runs in auto-detect mode, the modem can switch from 4G network to 3G network or vice-versa based on the signal strength. To configure the UML290 for the 3G network only, manually set the USB type to pantech-3g .
To configure the UML290 for the 4G network only, manually set the 4G USB type to pantech-lte .
Configuring Cellular Uplink Profiles
You can configure 3G or 4G uplinks by using the Instant UI or the CLI.
In the Instant UI
To configure 3G/4G uplinks:
1. Click the System link on the Instant main window.
2. In the System window, click the show advanced settings link.
3. Click the Uplink tab.
4. To configure a 3G or 4G uplink, select the Country and ISP .
5. Click OK .
6. Reboot the IAP for changes to take effect.
In the CLI
To configure 3G/4G uplink manually:
(Instant AP)(config) # cellular-uplink-profile
(Instant AP)(cellular-uplink-profile)# usb-type <3G-usb-type>
(Instant AP)(cellular-uplink-profile)# 4g-usb-type <4g-usb>
(Instant AP)(cellular-uplink-profile)# modem-country <country>
(Instant AP)(cellular-uplink-profile)# modem-isp <service-provider-name>
(Instant AP)(cellular-uplink-profile)# usb-auth-type <usb-authentication_type>
(Instant AP)(cellular-uplink-profile)# usb-user <username>
(Instant AP)(cellular-uplink-profile)# usb-passwd <password>
(Instant AP)(cellular-uplink-profile)# usb-dev <device-ID>
(Instant AP)(cellular-uplink-profile)# usb-tty <tty-port>
(Instant AP)(cellular-uplink-profile)# usb-init <Initialization-parameter>
(Instant AP)(cellular-uplink-profile)# usb-dial <dial-parameter>
(Instant AP)(cellular-uplink-profile)# usb-modeswitch <usb-modem>
(Instant AP)(cellular-uplink-profile)# end
(Instant AP)# commit apply
To switch a modem from the storage mode to modem mode:
(Instant AP)(cellular-uplink-profile)# usb-modeswitch <usb-modem>
To view the cellular configuration:
(Instant AP)# show cellular config
Managing Cellular SIM PIN
IAPs now support the Subscriber Identity Module (SIM) Personal Identification Number (PIN) management functions such as locking, unlocking, and renewing the SIM PIN of the 3G/4G modems. In the current release, these functions can be configured only through the IAP CLI.
To prevent any fradulent use of 3G/4G modems connected to an IAP, you can enable locking of the SIM PIN of the modems. When enabled, if an incorrect PIN code is provided in the three consecutive attempts, the
SIM PIN is locked. To unlock the PIN, the users must use the Personal Unblocking Code (PUK) code provided by your ISP.
After enabling SIM PIN lock, reboot the IAP to apply the SIM PIN lock configuration changes.
326 | Uplink Configuration Aruba Instant 6.5.2.0 | User Guide
To enable SIM PIN lock:
(Instant AP)# pin-enable <pin_current_used>
To disable SIM PIN locking:
(Instant AP)# no pin-enable <pin_current_used>
To unlock a PIN with the PUK code provided by the operator:
(Instant AP)# pin-puk <pin_puk> <pin_new>
To renew the PIN:
(Instant AP)# pin-renew <pin_current> <pin_new>
Wi-Fi Uplink
The Wi-Fi uplink is supported on all the IAP models, except for the 802.11ac IAP models (IAP-2xx and IAP-3xx
Series access points). However only the master IAP uses this uplink. The Wi-Fi allows uplink to open, PSK-CCMP, and PSK-TKIP SSIDs.
n n
For single-radio IAPs, the radio serves wireless clients and the Wi-Fi uplink.
For dual-radio IAPs, both radios can be used to serve clients but only one of them can be used for the Wi-Fi uplink.
When the Wi-Fi uplink is in use, the client IP is assigned by the internal DHCP server.
Configuring a Wi-Fi Uplink Profile
The following configuration conditions apply to the Wi-Fi uplink: n n n
To bind or unbind the Wi-Fi uplink on the 5 GHz band, reboot the IAP.
If the Wi-Fi uplink is used on the 5 GHz band, mesh is disabled. The two links are mutually exclusive.
For IAPs to connect to an ArubaOS-based WLAN using Wi-Fi uplink, the controller must run ArubaOS 6.2.1.0
or later.
In the Instant UI
To provision an IAP with the Wi-Fi uplink:
1. If you are configuring a Wi-Fi uplink after restoring factory settings on an IAP, connect the IAP to an
Ethernet cable to allow the IAP to get the IP address. Otherwise, go to step 2.
2. Click the System link on the Instant main window.
3. In the System section, click the Show advanced options link. The advanced options are displayed.
4. Click the Uplink tab.
5. Under Wi-Fi , enter the name of the wireless network that is used for the Wi-Fi uplink in the Name (SSID) text box.
6. Select the type of key for uplink encryption and authentication from the Key management drop-down list. If the uplink wireless router uses mixed encryption, WPA-2 is recommended for the Wi-Fi uplink.
7. Select the band in which the VC currently operates, from the band drop-down list. The following options are available: n n
2.4 GHz (default)
5 GHz
8. Select a passphrase format from the Passphrase format drop-down list. The following options are available: n n
8–63 alphanumeric characters
64 hexadecimal characters
Aruba Instant 6.5.2.0 | User Guide Uplink Configuration | 327
Ensure that the hexadecimal password string is exactly 64 digits in length.
9. Enter a Pre-Shared Key (PSK) passphrase in the Passphrase text box and click OK .
10.Navigate to System > General > Show Advanced Options view and set the Extended SSID parameter to Disabled .
11.Reboot the IAP to apply the changes. After the IAP reboot, the Wi-Fi and mesh links are automatically enabled.
In the CLI
To configure Wi-Fi uplink on an IAP:
(Instant AP)(config) # wlan sta-profile
(Instant AP)(sta uplink)# cipher-suite<clear | wpa-tkip-psk | wpa2-ccmp-psk>
(Instant AP)(sta uplink)# essid <essid>
(Instant AP)(sta uplink)# uplink-band <band>
(Instant AP)(sta uplink)# wpa-passphrase <key>
(Instant AP)(sta uplink)# end
(Instant AP)# commit apply
To view the W-Fi uplink status in the CLI:
(Instant AP)# show wifi-uplink status configured :NO
To view the configuration status in the CLI:
(Instant AP)# show wifi-uplink config
ESSID
Cipher Suite
Passphrase
Band
:
:
:
:
(Instant AP)# show wifi-uplink auth log
---------------------------------------------------------------------wifi uplink auth configuration:
----------------------------------------------------------------------
---------------------------------------------------------------------wifi uplink auth log:
----------------------------------------------------------------------
[1116]2000-01-01 00:00:45.625: Global control interface '/tmp/supp_gbl'
Uplink Preferences and Switching
This topic describes the following procedures: n n n n n
Setting an Uplink Priority on page 329
Enabling Uplink Preemption on page 330
Switching Uplinks Based on VPN and Internet Availability on page 330
Viewing Uplink Status and Configuration on page 332
Enforcing Uplinks
The following configuration conditions apply to the uplink enforcement:
328 | Uplink Configuration Aruba Instant 6.5.2.0 | User Guide
n n n n
When an uplink is enforced, the IAP uses the specified uplink as the primary uplink regardless of uplink preemption configuration and the current uplink status.
When an uplink is enforced and multiple Ethernet ports are configured ,and if the uplink is enabled on the wired profiles, the IAP tries to find an alternate Ethernet link based on the priority configured.
When no uplink is enforced and preemption is not enabled, and if the current uplink fails, the IAP tries to find an available uplink based on the priority configured. The uplink with the highest priority is used as the primary uplink. For example, if Wi-Fi-sta has the highest priority, it is used as the primary uplink.
When no uplink is enforced and preemption is enabled, and if the current uplink fails, the IAP tries to find an available uplink based on the priority configured. If current uplink is active, the IAP periodically tries to use a higher-priority uplink and switches to the higher-priority uplink even if the current uplink is active.
You can enforce a specific uplink on an IAP by using the Instant UI or the CLI.
In the Instant UI
To enforce an uplink:
1. Click the System > show advanced settings > Uplink . The Uplink tab contents are displayed.
2. Under Management , select the type of uplink from the Enforce Uplink drop-down list. If Ethernet uplink is selected, the Port text box is displayed.
3. Specify the Ethernet interface port number.
4. Click OK . The selected uplink is enforced on the IAP.
In the CLI
To enforce an uplink:
(Instant AP)(config)# uplink
(Instant AP)(uplink)# enforce {cellular|ethernet | wifi | none}
(Instant AP)(uplink)# end
(Instant AP)# commit apply
Setting an Uplink Priority
You can set an uplink priority by using the Instant UI or the CLI.
In the Instant UI
Setting an uplink priority:
1. Click System > show advanced settings > Uplink .
2. Under Uplink Priority List , select the uplink, and click the icons in the Uplink Priority List section, to increase or decrease the priority. By default, the Eth0 uplink is set as a high-priority uplink.
3. Click OK . The selected uplink is prioritized over other uplinks.
In the CLI
Setting an uplink priority:
(Instant AP)(config)# uplink
(Instant AP)(uplink)# uplink-priority {cellular <priority> | ethernet <priority> | [port
<Interface-number> <priority>] | wifi <priority>}
(Instant AP)(uplink)# end
(Instant AP)# commit apply
Setting an Ethernet uplink priority :
(Instant AP)(uplink)# uplink-priority ethernet port 0 1
(Instant AP)(uplink)# end
(Instant AP)# commit apply
Aruba Instant 6.5.2.0 | User Guide Uplink Configuration | 329
Enabling Uplink Preemption
The following configuration conditions apply to uplink preemption: n n n
Preemption can be enabled only when no uplink is enforced.
When preemption is disabled and the current uplink goes down, the IAP tries to find an available uplink based on the uplink priority configuration.
When preemption is enabled and if the current uplink is active, the IAP periodically tries to use a higherpriority uplink, and switches to a higher-priority uplink even if the current uplink is active.
You can enable uplink preemption by using Instant UI or the CLI.
In the Instant UI
To enable uplink preemption:
1. Click System > show advanced settings > Uplink . The Uplink tab contents are displayed.
2. Under Management , ensure that the Enforce Uplink is set to none.
3. Select Enabled from the Pre-emption drop-down list.
4. Click OK .
In the CLI
To configure uplink preemption:
(Instant AP)(config)# uplink
(Instant AP)(uplink)# preemption
(Instant AP)(uplink)# end
(Instant AP)# commit apply
Switching Uplinks Based on VPN and Internet Availability
The default priority for uplink switchover is Ethernet and then 3G/4G. The IAP can switch to the lower-priority uplink if the current uplink is down.
Switching Uplinks Based on VPN Status
Instant supports switching uplinks based on the VPN status when deploying multiple uplinks (Ethernet, 3G/4G, and Wi-Fi). When VPN is used with multiple backhaul options, the IAP switches to an uplink connection based on the VPN connection status, instead of only using the Ethernet or the physical backhaul link.
The following configuration conditions apply to uplink switching: n n
If the current uplink is Ethernet and the VPN connection is down, the IAP tries to reconnect to VPN. The retry time depends on the fast failover configuration and the primary or backup VPN tunnel. If this fails, the
IAP waits for the VPN failover timeout and selects a different uplink such as 3G/4G or Wi-Fi.
If the current uplink is 3G or Wi-Fi, and Ethernet has a physical link, the IAP periodically suspends user traffic to try and connect to the VPN on the Ethernet. If the IAP succeeds, the IAP switches to Ethernet. If the IAP does not succeed, it restores the VPN connection to the current uplink.
Uplink switching based on VPN status is automatically enabled if VPN is configured on the IAP. However, you can specify the duration in the VPN failover timeout text box to wait for an uplink switch. By default, this duration is set to 180 seconds. The IAP monitors the VPN status and when the VPN connection is not available for 3 minutes, the uplink switches to another available connection (if a low-priority uplink is detected and the uplink preference is set to none). When VPN failover timeout is set to 0, uplink does not switch over.
When uplink switching based on the Internet availability is enabled, the uplink switching based on VPN failover is automatically disabled.
330 | Uplink Configuration Aruba Instant 6.5.2.0 | User Guide
Switching Uplinks Based on Internet Availability
You can configure Instant to switch uplinks based on Internet availability.
When the uplink switchover based on Internet availability is enabled, the IAP continuously sends Internet
Control Management Protocol (ICMP) packets to some well-known Internet servers. If the request is timed out due to a bad uplink connection or uplink interface failure, and the public Internet is not reachable from the current uplink, the IAP switches to a different connection.
You can set preferences for uplink switching by using the Instant UI and the CLI.
In the Instant UI
To configure uplink switching:
1. Click System > show advanced settings > Uplink . The Uplink tab contents are displayed.
2. Under Management , configure the following parameters: n
VPN failover timeout —To configure uplink switching based on VPN status, specify the duration to wait for an uplink switch. The default duration is set to 180 seconds.
n
Internet failover —To configure uplink switching based on Internet availability, perform the following steps: a. Select Enabled from the Internet failover drop-down list.
b. Specify the required values for the following parameters: l l l
Max allowed test packet loss —The maximum number of ICMP test packets that are allowed to be lost to determine if the IAP must switch to a different uplink connection.
You can specify a value within the range of 1–1000.
Secs between test packets —The frequency at which ICMP test packets are sent. You can specify a value within the range of 1–3600 seconds.
Internet check timeout —Internet check timeout is the duration for the test packet timeout. You can specify a value within the range of 0–3600 seconds and the default value is 10 seconds.
n
Internet failover IP —To configure an IP address to which the IAP must send IAP packets and verify if the Internet is reachable when the uplink is down. By default, the master IAP sends the ICMP packets to
8.8.8.8 IP address only if the out-of-service operation based on Internet availability (internet-down state) is configured on the SSID.
3. Click OK .
When Internet failover is enabled, the IAP ignores the VPN status, although uplink switching based on VPN status is enabled.
In the CLI
To enable uplink switching based on VPN status:
(Instant AP)(config)# uplink
(Instant AP)(uplink)# failover-vpn-timeout <seconds>
(Instant AP)(uplink)# end
(Instant AP)# commit apply
To enable uplink switching based on Internet availability:
(Instant AP)(config)# uplink
(Instant AP)(uplink)# failover-internet
(Instant AP)(uplink)# failover-internet-ip <ip>
(Instant AP)(uplink)# failover-internet-pkt-lost-cnt <count>
Aruba Instant 6.5.2.0 | User Guide Uplink Configuration | 331
(Instant AP)(uplink)# failover-internet-pkt-send-freq <frequency>
(Instant AP)(uplink)# end
(Instant AP)# commit apply
Viewing Uplink Status and Configuration
To view the uplink status:
(Instant AP)# show uplink status
Uplink preemption :enable
Uplink preemption interval
Uplink enforce
Ethernet uplink eth0
Uplink Table
:600
:none
:DHCP
------------
Type State Priority In Use
---eth0
-----
UP
--------
2
------
Yes
Wifi-sta INIT 1
3G/4G INIT 3
Internet failover
Internet failover IP
No
No
:enable
:192.2.0.1
Max allowed test packet loss :10
Secs between test packets :30
VPN failover timeout (secs) :180
Internet check timeout (secs) :10
ICMP pkt sent
ICMP pkt lost
:1
:1
Continuous pkt lost :1
VPN down time :0
AP1X type:NONE
Certification type:NONE
Validate server:NONE
To view the uplink configuration in the CLI:
(Instant AP)# show uplink config
Uplink preemption :enable
Uplink preemption interval
Uplink enforce
:600
:none
Ethernet uplink eth0
Internet failover
:DHCP
:disable
Max allowed test packet loss :10
Secs between test packets :30
VPN failover timeout (secs) :180
Internet check timeout (secs) :10
Secs between test packets :30
332 | Uplink Configuration Aruba Instant 6.5.2.0 | User Guide
advertisement
Related manuals
advertisement