4/14/10

How to deploy an Aruba Remote Access Point (RAP) Part 2

So in part one I gave the back-story so now it’s onto getting this going. I’m using Aruba OS 5 on an Aruba 650 Controller with AP-61 access points. Your mileage may very.

If your running Aruba OS 5, you don’t need any RAP licenses with is great. Not so great if you bought them before OS 5 came out though. Good news is, they get turned into AP licenses when you upgrade to OS 5.

One more thing, since you will be deploying these access points in RAP mode, you won’t have some features. You won’t be able to tell how many people are on your system from that location so I wouldn’t go more than a few AP’s. You can’t blacklist someone. I don’t think you can do heat maps (I’ll have to try this though). Also, because we are setting these AP’s up in bridge mode, they will use the local DHCP server and if you have more than one AP, they need to be on the same Vlan. You will also have to take care of any extra security by using a local ACL on a switch or router.

Step One, log into your controller by going to https://aruba-master just to check that you have your DNS set up properly.

Step Two, navigate to Configuration –> Wireless –> AP Configuration.
image
Create a new AP Group by clicking on the New button. I’m giving it the name “RAP”. Click “Add” and then “Edit”.
image
Now, you will have to drill down to Wireless LAN –> Virtaul AP and create a new Virtual AP. Click the drop down and select –NEW – at the bottom of the list. Then, give it a name. I’m going to use “test-vap_prof” which is one I use for testing. After you click “Add”, you have to select the AAA profile and the SSID profile. You can use the same ones you used for your campus profile since you won’t change them. I’m going to use some test ones though. After you select the ones you want to use, click “Apply” in the lower right.
imageNow, drill down one level to the Virtual AP you just set up. The only setting you want to change is the “Forward mode” from “Tunnel” to “Bridge” and click “Apply”

Step Three, Set up the VPN. This is the step that kept throwing me off. Why do I need to set up a VPN connection between the AP and the controller if I’m on the local LAN? That’s just the way it is. If you don’t, the AP will never become a RAP on your AP Installation screen. This step is also what makes the controller push out the new RAP firmware to the AP. Navigate to Configuration –> Advanced Services –> VPN Services.

So, now that your on the VPN Services screen, You need to add an Address Pool. Just click “Add” under Address Pools. These addresses don’t have to be routable on your network. It’s probably better to pick ones that aren’t so you don’t have any confusion too.
image
Click “Done”.

Now you need to set up the IKE Secret. Under IKE Shared Secrets, click “Add”. You can keep the Subnet and Subnet Mask as quad zero (0.0.0.0) if you don’t have any other PSK’s. Enter the IKE and then confirm it.
image
Click “Apply” in the lower right.

Step Four, navigate to Configuration –> Security –> Authentication to setup an internal user. Click on Internal DB on the left. Now you will see a section titled “Users” You want to add one. Click “Add User”. It will auto generate a username and password for you, but you will probably want to change to something more meaningful.
image You can leave the rest of the fields blank and click “Apply”.

Step Five. You are now ready to deploy the AP using the profile you created in step 2 and the VPN information you created in steps Three and Four. Navigate to Configuration –> Wireless –> AP Installation. Click the AP you wish to deploy as a remote AP and click “Provision”.
Now, in the AP Group filed, select from the dropdown, the AP group you set up in step Two.

In the Authentication Method section, select that you will be deploying a Remote AP by clicking the “Yes” radio button. When you do, it will allow you to fill in the IKE PSK and your user credentials you created in step Four. Make sure to uncheck the “Use Automatic Generation” box or you won’t be able to enter your username and password.
image

After you have that info entered, you can move on down to select the campus this AP will be deployed to (there is documentation on how to set these up in the user guide). Then, name it something meaningful, and click the “Apply and Reboot” button. The reboot will take a few minutes because that AP will get a new image pushed out to it.
image If you have done things right, you should see your new AP’s deployed and in the correct group, and have an “R” in the flag section signifying that it is a “Remote Access Point”. I’ve blotted out the IP address for the remote AP, but it will be something in the range that you setup in Step Two.

Well I hope this helps someone out there who is struggling though getting some remote access points up with their Aruba gear. This is the first enterprise class wireless system I have worked with and for the most part, it is a pretty good system. There are ones out there that make it a whole lot easier to do some of these more advanced features though.

10 comments:

Anonymous said...

Hi its Anubhav i m going to try this by tomarrow and i dont know how it is going to work can u plz send me some more details at
anubhav831@gmail.com

Jeremy Good said...

I hope your setup went well Anubhav. I don't have any other information that what I posted on my blog. It should work for you though.

Soundar said...

Hi,I am trying to configure the Aruba Aps as a standalone APs, without connecting them to the controller. My setup is like
AP-->Linux Server. I just need the Ap to connect my wireless devices to the server. I tried the steps that you had listed in your wonderful blog, but the Aps were not booting up after the configuration. Will you steps work for my scenario too?

Appreciate your help.

Thanks
Soundar

BRU said...

Hi there I was wondering if you could shed some light on something for me. First of all let me introduce myself my name is Ryan and I am a bit of a novice when it comes to wireless devices.
Right so here is my question- I recently signed up to a broadband provider and they sent me out a wireless router it’s a (D-link DSL2680) the thing is I don’t have a problem with it in fact it works quite well the only problem is when I move around the house the its range can somewhat be affected. An example, the router is located downstairs roughly in the middle of the house so I can get even coverage where ever I go but as soon as I go upstairs I almost loose signal totally.
A colleague of mine recently upgraded a company wireless net working system using the new Aruba AP105 things and gave me an AP61 he said to me you should have no problem setting it up its very simple?? I have no idea what it does or how it works but he assures me I can use it to increase the range of my wireless signal is this true and if so how the * do I go about setting it up or even using it. Or should I just bin it?
Any info you could help me out with would be very much appreciated.

Many thanks
Ryan

BRU said...

Hi there I was wondering if you could shed some light on something for me. First of all let me introduce myself my name is Ryan and I am a bit of a novice when it comes to wireless devices.
Right so here is my question- I recently signed up to a broadband provider and they sent me out a wireless router it’s a (D-link DSL2680) the thing is I don’t have a problem with it in fact it works quite well the only problem is when I move around the house the its range can somewhat be affected. An example, the router is located downstairs roughly in the middle of the house so I can get even coverage where ever I go but as soon as I go upstairs I almost loose signal totally.
A colleague of mine recently upgraded a company wireless net working system using the new Aruba AP105 things and gave me an AP61 he said to me you should have no problem setting it up its very simple?? I have no idea what it does or how it works but he assures me I can use it to increase the range of my wireless signal is this true and if so how the * do I go about setting it up or even using it. Or should I just bin it?
Any info you could help me out with would be very much appreciated.

Many thanks
Ryan

portable wireless router said...

great, it really helps someone like me who is not a very computer literate person.

parwinder said...

hello, i have one query that , we have aruba 3200 series controller deployed and a broadband router of ISP is connected to it from which our traffic is acessing internet. Now service provider gave us two public ip address ,earlier we were using only one ip address with configuration static on broadband router of isp. but now we have used one ip for another server to go to internet andchanged config from static to bridge in broadband router. for second ip from which we are accesing internet for wifi traffic,isp asked to put static route in controller but its not working plz suggest.....thnks

Unknown said...

Đồ noi that hoa phat là sản phẩm phổ thông và được sử dụng nhiều nhất trong tất cả các văn phòng, trường học, gia đình,...Mỗi sản phẩm của hòa phát đều được gắn thương hiệu trên từng sản phẩm. Hiện nay trên thị trường có rất nhiều cửa hàng treo biển bán sản phẩm nội thất hòa phát với giá rất rẻ. Vì vậy khách hàng thường nhầm tưởng giữa sản phẩm nội thất hòa phát chính hãng và sản phẩm nội thất trôi nổi. Cùng chúng tôi đến công ty mua bàn làm việc tphcm chính hãng có đảm bảo chất lượng và bảo hành sản phẩm cho khách hàng. ban van phong hoa phat có rất nhiều kiểu dáng khác nhau, cùng phối hợp các màu sáng đẹp, tạo nên một sản phẩm bàn làm việc hiện đại. Bàn làm việc văn phòng gỗ được sử dụng nhiều nhất là mau ban lam viec van phong có hộc CPU rộng và ngăn bàn để bàn phím máy tính, ngăn bàn nhỏ đựng tài liệu và 1 ngăn kéo ra kéo vào đựng tài liệu quan trọng, hay các loại bàn làm việc chân sắt với thiết kế đơn giản, nhanh gọn nhẹ vói chân sắt sơn tĩnh điện mặt bàn phẳng rộng thích hợp cho mọi văn phòng làm việc.

Unknown said...
This comment has been removed by the author.
julie said...

hi jeremy,

i have one master and one local controller, i have given static master ip as local controller's ip to RAP, its working properly, the RAP terminated to local controller,its working fine. Just i was checked, i am rebooting my RAP on meanwhile i made master controller down.
After that, my master is down but my RAP is not coming up in local controller, it shows down.
i checked wirehark, my RAP is keep on sending ISAKMP to local controller. But its not coming up. please guide and refer me