Deploying APs

Aruba APs and AMs are designed to require only minimal setup to make them operational in an user-centric network. Once APs have established communication with the controller, you can apply advanced configuration to individual APs or groups of APs in the network using the WebUI on the controller.

Deploy APs on your network using the following steps:

1. Prior to installation, configure firewall settings and enable controller discovery so the APs can locate and identify the controller.
2. Ensure that APs will be able to obtain an IP address once they are connected to the network.


If you are deploying APs in a mesh networking environment, best practices are to define the mesh cluster profile and mesh radio profiles before you install and provision the AP as a mesh portal or mesh point. Note that this step is required only if you are configuring a mesh node. For further information on configuring a Mesh network, see Secure Enterprise Mesh

3. Install the APs by connecting the AP to an Ethernet port on the controller. If the AP does not use Power over Ethernet (PoE) is not used, connect the AP to a power source.
4. On the controller, provision the installed APs.

The following sections explain each of the above steps.

Verifying that APs Can Connect to the Controller

Before you install APs in a network environment, you must ensure that the APs are able to locate and connect to the controller. Specifically, you must ensure the following:

When connected to the network, each AP is assigned a valid IP address
APs are able to locate the controller


In a network with a master and local controllers, an AP will initially connect to the master controller. Alternatively, you can instruct your AP to download its configuration (and ArubaOS) from a local controller (see  Adding Local Controllers for details).

Configuring Firewall Settings

APs use Trivial File Transfer Protocol (TFTP) during their initial boot to grab their software image and configuration from the controller. After the initial boot, the APs use FTP to grab their software images and configurations from the controller.

In many deployment scenarios, an external firewall is situated between various Aruba devices. “External Firewall Configuration” on page 1 describes the network ports that must be configured on the external firewall to allow proper operation of the network.

Enabling Controller Discovery

An AP can discover the IP address of the controller in the following ways:

From a DNS server
From a DHCP server
Using the Aruba Discovery Protocol (ADP)

At boot time, the AP builds a list of controller IP addresses and then tries these addresses in order until a controller is reached successfully. The list of controller addresses is constructed as follows:

1. If the master provisioning parameter is set to a DNS name, that name is resolved and all resulting addresses are put on the list. If master is set to an IP address, that address is put on the list.
2. If the master provisioning parameter is not set and a controller address was received in DHCP Option 43, that address is put on the list.
3. If the master provisioning parameter is not set and no address was received via DHCP option 43, ADP is used to discover a controller address and that address is put on the list.
4. Controller addresses derived from the server-name and server-ip provisioning parameters and the default controller name aruba-master are added to the list. Note that if a DNS name resolves to multiple addresses, all addresses are added to the list.

This list of controller IP addresses provides an enhanced redundancy scheme for controllers that are located in multiple data centers separated across Layer-3 networks.

Configuring DNS Resolution

APs are factory-configured to use the host name aruba-master for the master controller. For the DNS server to resolve this host name to the IP address of the master controller, you must configure an entry on the DNS server for the name aruba-master.

For information on how to configure a host name entry on the DNS server, refer to the vendor documentation for your server.



Aruba recommends using a DNS server to provide APs with the IP address of the master controller because it involves minimal changes to the network and provides the greatest flexibility in the placement of APs.

When using DNS, the AP can learn multiple IP addresses to associate with a controller. If the primary controller is unavailable or does not respond, the AP continues through the list of learned IP addresses until it establishes a connection with an available controller. This takes approximately 3.5 minutes per controller.

Configuring DHCP Server Communication with APs

You can configure a DHCP server to provide the master controller’s IP address. You must configure the DHCP server to send the controller’s IP address using the DHCP vendor-specific attribute option 43. APs identify themselves with a vendor class identifier set to ArubaAP in their DHCP request. When the DHCP server responds to the request, it will send the controller’s IP address as the value of option 43.

When using DHCP option 43, the AP accepts only one IP address. If the IP address of the controller provided by DHCP is not available, the AP can use the other IP addresses provisioned or learned by DNS to establish a connection.

For more information on how to configure vendor-specific information on a DHCP server, see “DHCP with Vendor-Specific Options” on page 1 or refer to the documentation included with your server.

Using the Aruba Discovery Protocol (ADP)

ADP is enabled by default on all Aruba APs and controllers. To use ADP, all APs and controllers must be connected to the same Layer-2 network. If the devices are on different networks, a Layer-3 compatible discovery mechanism, such as DNS, DHCP, or IGMP forwarding, must be used instead.

With ADP, APs send out periodic multicast and broadcast queries to locate the master controller. You might need to perform additional network configuration, depending on whether the APs are in the same broadcast domain as the controller:

If the APs are in the same broadcast domain as the master controller, the controller automatically responds to the APs’ queries with its IP address.
If the APs are not in the same broadcast domain as the master controller, you must enable multicast on the network (ADP multicast queries are sent to the IP multicast group address for the controller to respond to the APs’ queries. You also must make sure that all routers are configured to listen for Internet Group Management Protocol (IGMP) join requests from the controller and can route these multicast packets.

To verify that ADP and IGMP join options are enabled on the controller, use the following CLI command:

(host) #show adp config

ADP Configuration


key         value

---         -----

discovery  enable

igmp-join  enable

If ADP or IGMP join options are not enabled, use the following CLI commands:

(host) (config) #adp discovery enable

(host) (config) #adp igmp-join enable

Verifying that APs Are Receiving IP Addresses

Each AP requires a unique IP address on a subnetwork that has connectivity to a controller. Aruba recommends using the Dynamic Host Configuration Protocol (DHCP) to provide IP addresses for APs; the DHCP server can be an existing network server or an controller configured as a DHCP server.

You can use an existing DHCP server in the same subnetwork as the AP to provide the AP with its IP information. You can also configure a device in the same subnetwork to act as a relay agent for a DHCP server on a different subnetwork. (Refer to the vendor documentation for the DHCP Server or relay agent for information.)

If an AP is on the same subnetwork as the master controller, you can configure the controller as a DHCP server to assign an IP address to the AP. The controller must be the only DHCP server for this subnetwork.

In the WebUI

1. Navigate to the Configuration > Network > IP > DHCP Server window.
2. Select the Enable DHCP Server checkbox.
3. In the Pool Configuration section, click Add.
4. Enter information about the subnetwork for which IP addresses are to be assigned. Click Done.
5. If there are addresses that should not be assigned in the subnetwork:
a. Click Add in the Excluded Address Range section.
b. Enter the address range in the Add Excluded Address section.
c. Click Done.
6. Click Apply at the bottom of the window.

In the CLI

(host)(config)# ip dhcp excluded-address ipaddripaddr2

(host)(config)# ip dhcp pool name

   default-router ipaddr

   dns-server ipaddr

   domain-name name

   network ipaddrmask

(host)(config)# service dhcp

Provisioning APs for Mesh

The information in this section applies only if you are configuring and deploying APs in a mesh networking environment. If you are not, proceed to Installing APs on the Network.

Before you install APs in a mesh networking environment, you must do the following:

Define and configure the mesh cluster profile and mesh radio profile before configuring an AP to operate as a mesh node. An AP configured for mesh is also known as a mesh node.
Provision one of the following mesh roles on the AP:
Mesh portal—The gateway between the wireless mesh network and the enterprise wired LAN.
Mesh point—APs that can provide traditional Aruba WLAN services (such as client connectivity, intrusion detection system (IDS) capabilities, user roles association, LAN-to-LAN bridging, and Quality of Service (QoS) for LAN-to-mesh communication) to clients on one radio and perform mesh backhaul/network connectivity on the other radio. Mesh points can also provide LAN-to-LAN bridging through their Ethernet interfaces and provide WLAN services on the backhaul radio
Remote Mesh Portal: The Remote Mesh Portal feature allows you to configure a remote AP at a branch office to operate as a mesh portal for a mesh cluster.

For detailed provisioning guidelines, caveats, and instructions, see Secure Enterprise Mesh.

Provisioning 802.11n APs for Single-Chain Transmission

Radios on AP‑92, AP‑120, AP‑124, AP‑134 and AP‑175 access points can be configured in single-chain mode, allowing those APs to transmit and receive data using only legacy rates and single-stream HT rates up to MCS 7. This feature is disabled by default.

Table 1 shows the antenna port used by APs in single-chain mode.

Table 1: Antenna Interfaces for Single-Chain Mode

AP Model

Freqency Band

Antenna Port


2.4GHz or 5GHz


AP‑120 and AP‑124



Upper Left


Upper Right


2.4GHz or 5GHz








Installing APs on the Network

You can either connect the AP directly to a port on the controller, or connect the AP to another switch or router that has layer-2 or layer-3 connectivity to the controller.

If the Ethernet port on the controller is an 802.3af Power over Ethernet (PoE) port, the AP automatically uses it to power up. If a PoE port is not available, you must get an AC adapter for the AP. For more information, see the Installation Guide for the specific AP.

Once an AP is connected to the network and powered up, it attempts to locate the master controller using one of the methods described in Enabling Controller Discovery.

On the master controller, you can view the APs that have connected to the controller in the WebUI. Navigate to the Configuration > Wireless > AP Installation window. Figure 1 shows an example of this window.

Figure 1  APs Connected to Controller