Setup Aruba Outdoor Point to Point Network
Tutorial on how to Setup Aruba Outdoor Point to Point Network
The Aruba Instant secure enterprise mesh solution is an effective way to expand network coverage for outdoor and indoor enterprise environments without any wires
Any provisioned IAP that has a valid uplink (wired or 3G) functions as a mesh portal, and the IAP without an Ethernet link functions as a mesh point.
Mesh IAPs detect the environment when they boot up, locate and associate with their nearest neighbor, to determine the best path to the mesh portal
-
Mesh Portals – A mesh portal (MPP) is a gateway between the wireless mesh network and the enterprise wired LAN. It will broadcasts a mesh services set identifier (MSSID/ mesh cluster name) to advertise the mesh network service to other mesh points in that Instant network and mesh points authenticate to the mesh portal and establish a link that is secured using Advanced Encryption Standard (AES) encryption.
-
Mesh Point – The mesh point establishes an all-wireless path to the mesh portal and support LAN Bridging
Steps to Setup Aruba Outdoor Point to Point Network
Components used in this lab
- 2 x Aruba AP 275 with 8.6.0.4 firmware
- No conection between 2 AP 275 during deployment as we are going to use Standalone Mesh Mode
- Console Cable to be connected to Console Port
Reset to Factory Default
Reset both AP 275 to Factory Default and Reboot
b4:5d:50:c8:e7:0a# write erase all
Are you sure you want to erase the configuration? (y/n): y
Erase configuration all.
Convert to Standalone Mode
Interrupt AP boot by pressing enter and convert both AP 275 to Standalone Mode
When an Instant AP is converted to function in stand-alone mode, it cannot join a cluster of Instant APs even if the Instant AP is in the same VLAN
apboot> setenv standalone_mode 1
apboot> setenv uap_controller_less 1
Name & Static IP Address for AP
Configure Static IP Address & Name for both AP 275
apboot> setenv name AP-HQ
apboot> setenv ipaddr 192.168.1.42
apboot> setenv netmask 255.255.255.0
apboot> setenv gatewayip 192.168.1.1
Verify the parameter configured with printenv, save the config with saveenv and boot up ArubaOS
apboot> printenv
apboot> saveenv
apboot> boot
Basic Configuration
Login with default username = admin, and password = admin and verify the AP 275 is running on Standalone Mode
AP-HQ# show swarm mode
Swarm Mode :Standalone
Reason :Manual provision
Configure Country Code, time zone and disabled Extended-SSID to reduce the support for only 6 x WLAN SSIDs
Extended-SSID MUST to be disabled for Point to Point link
AP-HQ# conf t
AP-HQ (config) # virtual-controller-country MY
AP-HQ (config) # name AP-HQ
AP-HQ (config) # no extended-ssid
AP-HQ (config) # clock timezone Kuala-Lumpur 08 00
Change the default admin password
AP-HQ (config) # hash-mgmt-user admin password cleartext P@ssw0rd!@#$
Delete the default SSID Profile – SetMeUp
AP-HQ (config) # no wlan ssid-profile SetMeUp
Mesh Cluster Name & Key
Configure the same Cluster Name = PointToPoint & Cluster Key = P@ssw0rd on both AP 275
AP-HQ# no mesh-disable
AP-HQ# mesh-cluster-name PointToPoint
AP-HQ# mesh-cluster-key $$P@di$$
Verify the Mesh Cluster Name & Key are configured successfully
AP-HQ# sh ap-env
Antenna Type:Internal
Need USB field:No
standalone_mode:1
mesh-cluster-name:PointToPoint
mesh-cluster-key:d73609e6a44a663267e13fffdf1660b2485567cb83af74c2
Bridge Mode on Mesh Point (Remote AP) only
Change the port to trusted and bring up the uplink in default_wired_port_profile
AP-SITE (config) # wired-port-profile default_wired_port_profile
AP-SITE (wired ap profile default_wired_port_profile) # trusted
AP-SITE (wired ap profile default_wired_port_profile) # no shutdown
Enable bridge mode on the uplink port
AP-SITE# enet0-bridging
Save Configuration and Reboot
Save the configuration and reboot both AP 275
AP-SITE# wri mem
AP-SITE# reload
Laptop connected to AP-SITE should be able to ping to the Firewall IP via Point to Point Link once both AP 275 is up, and Mesh Link is established successfully
Verification of Mesh Cluster and Links
Verify the status of Mesh Cluster
AP-HQ# sh ap mesh cluster status
Mesh cluster :Enabled
Mesh cluster name :PointToPoint
Mesh role :Mesh Portal
Mesh mobility :Disabled
Verify the Mesh Cluster Topology
AP-HQ# sh ap mesh cluster topology
Mesh Cluster name: PointToPoint
-------------------------------
Name AP Type Mesh Role Parent IP Address Path Cost Node Cost Link Cost Hop Count Rate Tx/Rx RSSI Last Update Uplink Age Children Portal AP Children List
---- ------- --------- ------ ---------- --------- --------- --------- --------- ---------- ---- ----------- ---------- -------- --------- -------------
AP-HQ AP-275 Portal (AC) - 192.168.1.52 0 1 0 0 - 0 2m:20s 2h:46m:1s 1 AP-HQ AP-SITE
Total APs: 1
(N): 11N Enabled. (AC): 11AC Enabled. (AD): 11AD Enabled. (AX): 11AX Enabled. For Portals 'Uplink Age' equals uptime.
Verify the Mesh Link is established successfully
AP-HQ# sh ap mesh link
Neighbor list
-------------
MAC Portal Channel Age Hops Cost Relation Flags RSSI Rate Tx/Rx A-Req A-Resp A-Fail HT-Details Cluster ID
--- ------ ------- --- ---- ---- ----------------- ----- ---- ---------- ----- ------ ------ ---------- ----------
b4:5d:50:0e:70:b0 b4:5d:50:0f:61:91 36E 0 1 1.00 C 2h:23m:56s VLK 68 1300/1300 2 2 0 VHT-80MHzsgi-3ss cabf254f8195fce8d901b3cce7092ea
Total count: 1, Children: 1
Relation: P = Parent; C = Child; N = Neighbor; B = Blacklisted-neighbor
Flags: R = Recovery-mode; S = Sub-threshold link; D = Reselection backoff; F = Auth-failure; H = High Throughput; V = Very High Throughput, E= High efficient, L = Legacy allowed
K = Connected; U = Upgrading; G = Descendant-upgrading; Z = Config pending; Y = Assoc-resp/Auth pending
a = SAE Accepted; b = SAE Blacklisted-neighbour; e = SAE Enabled; u = portal-unreachable; o = opensystem
Verify the status of Mesh Cluster
AP-SITE# sh ap mesh cluster status
Mesh cluster :Enabled
Mesh cluster name :PointToPoint
Mesh role :Mesh Point
Mesh mobility :Disabled
Verify the Mesh Cluster Topology
AP-SITE# sh ap mesh cluster topology
Mesh Cluster name: PointToPoint
-------------------------------
Name AP Type Mesh Role Parent IP Address Path Cost Node Cost Link Cost Hop Count Rate Tx/Rx RSSI Last Update Uplink Age Children Portal AP Children List
---- ------- --------- ------ ---------- --------- --------- --------- --------- ---------- ---- ----------- ---------- -------- --------- -------------
AP-SITE AP-275 Point (AC) AP-HQ 192.168.1.54 1 0 0 1 6/1300 56 2m:5s 2h:17m:48s 0 AP-HQ -
Total APs: 1
(N): 11N Enabled. (AC): 11AC Enabled. (AD): 11AD Enabled. (AX): 11AX Enabled. For Portals 'Uplink Age' equals uptime.
Verify the Mesh Link is established successfully
AP-SITE# sh ap mesh link
Neighbor list
-------------
MAC Portal Channel Age Hops Cost Relation Flags RSSI Rate Tx/Rx A-Req A-Resp A-Fail HT-Details Cluster ID
--- ------ ------- --- ---- ---- ----------------- ----- ---- ---------- ----- ------ ------ ---------- ----------
b4:5d:50:0f:61:91 Yes 36E 0 0 1.00 P 2h:21m:33s VLK 57 1300/1300 2 2 0 VHT-80MHzsgi-3ss cabf254f8195fce8d901b3cce7092ea
Total count: 1, Children: 0
Relation: P = Parent; C = Child; N = Neighbor; B = Blacklisted-neighbor
Flags: R = Recovery-mode; S = Sub-threshold link; D = Reselection backoff; F = Auth-failure; H = High Throughput; V = Very High Throughput, E= High efficient, L = Legacy allowed
K = Connected; U = Upgrading; G = Descendant-upgrading; Z = Config pending; Y = Assoc-resp/Auth pending
a = SAE Accepted; b = SAE Blacklisted-neighbour; e = SAE Enabled; u = portal-unreachable; o = opensystem
Appendix
Verify the POE Source
PoE+ is required for Aruba AP 275 to function properly
Verify the Power Source is showing POE-AT (PoE+)
AP-SITE# show ap debug system-status | begin "Power Status"
Power Status
------------
Item Value
---- -----
Power Supply : POE-AT
LLDP Power : Successfully negotiated at 25.5W
Current Operational State : No restrictions (Overridden by LLDP)
HW POE status : POE-AF