Day out with Aruba Controller 620 – Initial Configuration – Part 1

Networking 6 Minutes

Playing around with my new toy 🙂

Just trying to find out what the Controller supports:

Number of APs supported

(Aruba620) #show license-usage ap

AP Licenses
-----------
Type Number
---- ------
AP Licenses 4
Overall AP License Limit 4

AP Usage
--------
Type Count
---- -----
CAPs 0
RAPs 0
Tunneled nodes 0
Total APs 0

Remaining AP Capacity
---------------------
Type Number
---- ------
CAPs 4
RAPs 4

Number of Users supported:

(Aruba620) #show license-usage user

User License Usage
------------------
Name Value
---- -----
License Limit 256
License Usage 0
License Exceeded 0
License Platform 256

Interesting commands that I know not yet 🙂

(Aruba620) #show license-usage xsec

xSec License Usage
------------------
Name Value
---- -----
License Limit 0
License Usage 0
License Exceeded 0
xSec users 0
xSec tunnel 0

(Aruba620) #show license-usage acr

ACR License Usage
-----------------
Name Value
---- -----
License Limit 0
License Usage 0
License Exceeded 0
802.1x ACR users 0
IPSEC ACR tunnels 0

Install PoE Licence

Configuration -> Wizards -> Licence Wizard.

Image

Disable Control Plane Security so as to allow APs to connect to the Controller automatically. If the feature is Enabled, one has to manually add each of the APs.  For a lab setup – we will disable the feature to save time. Disabling this feature allows APs to automatically connect to the Controller.

Configuration > Network > Controller >Control Plane Security

Image

Next we configure VLANs on the controller. We will create the following VLANs:

  • VLAN for the APs and Controller Services = Vlan 1 (10.2.221.0/24)
  • VLAN for Voice = Vlan 100 (10.10.100.0/24)
  • VLAN for the Employee SSID = Vlan 200 (10.10.200.0/24)
  • VLAN for the Guest SSID = Vlan 300 (10.10.300.0/24)

Configuration > Network > VLAN > Add New VLAN

Vlan Voice

Image

Employee Vlan

Image

Guest Vlan

Image

Voice, Guest and Management VLANs need DHCP. Enable DHCP and add the pools

Image

Image

Image

ip dhcp pool "Voice-Vlan"
  default-router 10.10.100.254
  lease 1 0 0 0
  network 10.10.100.0 255.255.255.0
!

Image

ip dhcp pool "Guest-Vlan"
  default-router 10.10.30.254
 dns-server 4.4.4.4
  lease 0 5 0 0
  network 10.10.30.0 255.255.255.0
!

Image

ip dhcp pool "AP-Management"
  default-router 10.2.221.100
 dns-server 8.8.8.8
  lease 1 0 0 0
  network 10.2.221.0 255.255.255.0
!

Image

All the Vlans will use Contoller as the default gateway. we need to add the Controller’s IP addresses.

IP address for the VOIP Subnet

Network > IP > IP Interface

Image

Guest Vlan requires both DHCP and NAT so as to access the internet

Image

interface vlan 300
interface vlan 300 ip address 10.10.30.254 255.255.255.0
      !
interface vlan 300 ip nat inside
      !
interface vlan 300 no bcmc-optimization

Optimally, we would provide a DHCP Server in the Employee network to do the dishing out of IP addresses to the employess, but since I would like to Isolate my Test-Lab, lets also create a DHCP Pool for the Employee Vlan and add IP address to the Interface.

Image

ip dhcp pool "Employee-Vlan"
  default-router 10.10.200.254
 dns-server 10.10.200.2
  lease 1 0 0 0
  network 10.10.200.0 255.255.255.0
!

Image

Image

interface vlan 200
interface vlan 200 ip address 10.10.200.254 255.255.255.0
      !
interface vlan 200 ip nat inside
      !
interface vlan 200 no bcmc-optimization

Next AP Initial setup wizard.

All APs are in the Local LAN

Image

Image

Image

Image

Image

Hmm, we only found one AP to configure yet there are 4 connected APs.

Consoled into the AP-105 to find out what the issue was. Since my knowledge of Aruba products is close to zero at this point, it took me a while to figure out what exactly i needed to change so as to have the AP associate with the Controller. Anyway, found the catch :).  Click the

Maintenance tab > Convert > Campus AP managed by controller

Add the IP address of our contoller

Image

And Walaaah! I see the AP-105 now 🙂

Image

Moving on to the next AP…Console…Connect to Computer …Convert :). Aruba 93..Make me proud 😉

Was able to console using admin/admin

User: admin
Password:

aruba_ap93# write erase
Are you sure you want to erase the configuration? (y/n): y

Warning: configuration via CLI is not supported!
aruba_ap93 (config) #
aruba_ap93 (SSID Profile "instant") #
aruba_ap93 (SSID Profile "instant") #
aruba_ap93 (SSID Profile "instant") #
aruba_ap93 (SSID Profile "instant") #
aruba_ap93#
Warning: configuration via CLI is not supported!
aruba_ap93 (config) #
aruba_ap93 (Access Rule "instant") #
aruba_ap93 (Access Rule "instant") #
aruba_ap93 (Access Rule "instant") #
aruba_ap93 (Access Rule "instant") #
aruba_ap93 (Access Rule "instant") #
aruba_ap93#
Warning: configuration via CLI is not supported!
aruba_ap93 (config) #
aruba_ap93 (config) #
aruba_ap93 (config) #
aruba_ap93 (config) #
aruba_ap93 (ARM) #
aruba_ap93 (ARM) #
aruba_ap93 (ARM) #
aruba_ap93# Erase configuration.
aruba_ap93#

Not all is well! AP came up without an IP address and I cannot see the instant wifi so as to configure it 😦

DHCP timed out.
Installing default ip.
Default IP comes up.
ip_time_handler: Got ip and packets on bond0 Started master election 124-0
DHCP timed out.
DHCP got ip address.
169.254.212.156 255.255.0.0
Compressing all files in the /etc/httpd directory...
Dec 31 16:03:39 udhcpc[864]: send_discover: pkt num 0, secs 0
Dec 31 16:03:39 udhcpc[864]: Sending discover...
Done.
Starting Webserver
bind: Transport endpoint is not connected
bind: Transport endpoint is not connected
bind: Transport endpoint is not connected
bind: Transport endpoint is not connected
NTP Server not saved in flash... using default
Jan 1 00:03:41 udhcpc[864]: send_discover: pkt num 1, secs 2
ath_hal: module license 'Proprietary' taints kernel.
Jan 1 00:03:41 udhcpc[864]: Senath_hal: 0.9.17.1 (ding discover...AR5416
, AR9380, REGOPS_FUNC, PRIVATE_DIAG, WRITE_EEPROM, 11D)
ath_rate_atheros: Copyright (c) 2001-2005 Atheros Communications, Inc, All Rights Reserved
ath_rate_atheros: Aruba Networks Rate Control Algorithm
ath_dfs: Version 2.0.0
Copyright (c) 2005-2006 Atheros Communications, Inc. All Rights Reserved
ath_spectrum: Version 2.0.0
Copyright (c) 2005-2006 Atheros Communications, Inc. All Rights Reserved
ath_dev: Copyright (c) 2001-2007 Atheros Communications, Inc, All Rights Reserved
ath_ahb: 0.9.4.5 (Atheros/multi-bss)
ath_pci: 0.9.4.5 (Atheros/multi-bss)
wifi0: Base BSSID 24:de:c6:91:ad:c0, 16 available BSSID(s)
bond0 address=24:de:c6:c1:1a:dc
br0 address=24:de:c6:c1:1a:dc
wifi0: AP type AP-93, radio 0, max_bssids 16
wifi0: Atheros 9280: mem=0x10000000, irq=48 hw_base=0xb0000000

Starting FIPS KAT ... Completed FIPS KAT

AP rebooted Sat Jan 1 21:07:45 UTC 2000; User reboot
shutting down watchdog process (nanny will restart it)...
Jan 1 00:03:43 udhcpc[864]: send_discover: pkt num 2, secs 4
Jan 1 00:03:43 udhcpc[864]: Sending discover...

<<<<< Welcome to the Access Point >>>>>

process `snmpd' is using obsolete setsockopt SO_BSDCOMPAT

i am master now
(00:04:12) !!! Init ---> Master
asap_send_elected_master: sent successfully
Useradmin
Password:
User: admin
Password:

Trying a write erase all

aruba_ap93# write erase all
Are you sure you want to erase the configuration? (y/n): y

Warning: configuration via CLI is not supported!
aruba_ap93 (config) #
aruba_ap93 (SSID Profile "instant") #
aruba_ap93 (SSID Profile "instant") #
aruba_ap93 (SSID Profile "instant") #
aruba_ap93 (SSID Profile "instant") #
aruba_ap93#
Warning: configuration via CLI is not supported!
aruba_ap93 (config) #
aruba_ap93 (Access Rule "instant") #
aruba_ap93 (Access Rule "instant") #
aruba_ap93 (Access Rule "instant") #
aruba_ap93 (Access Rule "instant") #
aruba_ap93 (Access Rule "instant") #
aruba_ap93#
Warning: configuration via CLI is not supported!
aruba_ap93 (config) #
aruba_ap93 (config) #
aruba_ap93 (config) #
aruba_ap93 (config) #
aruba_ap93 (ARM) #
aruba_ap93 (ARM) #
aruba_ap93 (ARM) #
aruba_ap93# Erase configuration.
aruba_ap93# reload

Same thing 😦

Update: Crap! so I have spent the whole morning wondering why nothing seems to work so I have decided to try reset the AP…I really do not understand why it is not acquiring an IP address from the Controller yet the AP 105 and 135 had no problem with DHCP!

Flash: 16 MB
PCI: scanning bus 0 ...
dev fn venID devID class rev MBAR0 MBAR1 MBAR2 MBAR3
00 00 168c 002a 00002 01 10000004 00000000 00000000 00000000
Net: eth0
Radio: ar9280#0

Hit <Enter> to stop autoboot: 0
apboot> purge
Un-Protected 1 sectors
.done
Erased 1 sectors
Writing
apboot> save
Saving Environment to Flash...
Un-Protected 1 sectors
.done
Erased 1 sectors
Writing
apboot> boot
Checking image @ 0xbf100000

And BANG!!! The AP obtained an IP address 🙂

Getting an IP address...
Dec 31 16:01:03 udhcpc[770]: udhcpc (v0.9.9-pre) started
Dec 31 16:01:03 udhcpc[770]: send_discover: pkt num 0, secs 0
Dec 31 16:01:03 udhcpc[770]: Sending discover...
Dec 31 16:01:05 udhcpc[770]: send_discover: pkt num 1, secs 2
Dec 31 16:01:05 udhcpc[770]: Sending discover...
Dec 31 16:01:07 udhcpc[770]: send_discover: pkt num 2, secs 4
Dec 31 16:01:07 udhcpc[770]: Sending discover...
Dec 31 16:01:09 udhcpc[770]: No lease, forking to background.
Dec 31 16:01:29 udhcpc[860]: send_discover: pkt num 0, secs 0
Dec 31 16:01:29 udhcpc[860]: Sending discover...
Dec 31 16:01:30 udhcpc[860]: send_selecting: pkt num 0, secs 0
Dec 31 16:01:30 udhcpc[860]: Sending select for 10.2.221.254...
Dec 31 16:01:30 udhcpc[860]: Lease of 10.2.221.254 obtained, lease time 86400
Dec 31 16:01:30 udhcpc[860]: DHCP OPT 43, len: 12, buf: 10.2.221.100

Dec 31 16:01:30 udhcpc[860]: DHCP OPT 43 deleted airwave config

ip_time_handler: Got ip and packets on bond0 Started master election 5-0
10.2.221.254 255.255.255.0 10.2.221.100
Compressing all files in the /etc/httpd directory...
Done.

Converted the AP 93 to connect to the Controller like the rest of the APs.

Image

And Hurray!

ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
10.2.221.254 255.255.255.0 10.2.221.100
Running ADP...Done. Master is 10.2.221.100
ath_hal: module license 'Proprietary' taints kernel.
ath_hal: 0.9.17.1 (AR5416, AR9380, REGOPS_FUNC, PRIVATE_DIAG, WRITE_EEPROM, 11D)
ath_rate_atheros: Copyright (c) 2001-2005 Atheros Communications, Inc, All Rights Reserved
ath_rate_atheros: Aruba Networks Rate Control Algorithm
ath_dfs: Version 2.0.0
Copyright (c) 2005-2006 Atheros Communications, Inc. All Rights Reserved
ath_spectrum: Version 2.0.0
Copyright (c) 2005-2006 Atheros Communications, Inc. All Rights Reserved
ath_dev: Copyright (c) 2001-2007 Atheros Communications, Inc, All Rights Reserved
ath_pci: 0.9.4.5 (Atheros/multi-bss)
wifi0: Base BSSID 24:de:c6:91:ad:c0, 16 available BSSID(s)
bond0 address=24:de:c6:c1:1a:dc
br0 address=24:de:c6:c1:1a:dc
wifi0: AP type AP-93, radio 0, max_bssids 16
wifi0: Atheros 9280: mem=0x10000000, irq=48 hw_base=0xb0000000

Starting FIPS KAT ... Completed FIPS KAT

AP rebooted Sat Jan 1 00:08:38 UTC 2000; Image Upgrade Successful
shutting down watchdog process (nanny will restart it)...

<<<<< Welcome to the Access Point >>>>>

~ #
~ #

3 down! One more to go!

Image

Next RAP-3WNP

Published by CyberSecFaith

Published

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s