AP Discovery Logic
In the earlier versions of ArubaOS, APs are predefined as either controller-based Campus APsCampus APs are used in private networks where APs connect over private links (LAN, WLAN, WAN or MPLS) and terminate directly on controllers. Campus APs are deployed as part of the indoor campus solution in enterprise office buildings, warehouses, hospitals, universities, and so on. or controller-less Instant APs. Each Campus APCampus APs are used in private networks where APs connect over private links (LAN, WLAN, WAN or MPLS) and terminate directly on controllers. Campus APs are deployed as part of the indoor campus solution in enterprise office buildings, warehouses, hospitals, universities, and so on. is shipped with the ArubaOS manufacturing image and must connect to a controller in order to receive configurations. Campus APsCampus APs are used in private networks where APs connect over private links (LAN, WLAN, WAN or MPLS) and terminate directly on controllers. Campus APs are deployed as part of the indoor campus solution in enterprise office buildings, warehouses, hospitals, universities, and so on. can only run the ArubaOS image and cannot be converted into Instant APs. Each Instant AP is shipped with the Instant manufacturing image and must join an Instant AP cluster in order to receive configurations from a virtual controller. Instant APs run the Instant image and can also be converted into Campus APsCampus APs are used in private networks where APs connect over private links (LAN, WLAN, WAN or MPLS) and terminate directly on controllers. Campus APs are deployed as part of the indoor campus solution in enterprise office buildings, warehouses, hospitals, universities, and so on..
Starting from ArubaOS 8.2.0.0, selected APs can run in both controller-based mode and controller-less mode. Based on the selected mode, the AP runs a different image:
Controller-based APs run an ArubaOS image.
Controller-less APs run an Instant image.
The following APs support both controller-based mode and controller-less mode:
AP-203H
AP-203R and AP-203RP
AP-303H
AP-365 and AP-367 access points
Each AP is shipped with a manufacturing image based on the Instant image, but containing reduced functions. When the AP is booted up with the manufacturing image, it enters the managed device and Instant discovery process to determine if it will be upgraded to the controller-based mode (ArubaOS image) or controller-less mode (Instant image). After the managed device, Instant virtual controller, or Activate/AirWave/Central is discovered, the AP image is upgraded accordingly.
By default, controller discovery has a higher priority than Instant discovery. APs can discover the IP address of a managed device through one of the following methods. See “Enable Controller Discovery” on page 1 for more details on the different controller discovery options.
Static controller discovery
Important Points to Remember
APs can support up to 12 managed device IP addresses via DHCPDynamic Host Configuration Protocol. A network protocol that enables a server to automatically assign an IP address to an IP-enabled device from a defined range of numbers configured for a given network. /DNSDomain Name System. A DNS server functions as a phone book for the intranet and Internet users. It converts human-readable computer host names into IP addresses and IP addresses into host names. It stores several records for a domain name such as an address 'A' record, name server (NS), and mail exchanger (MX) records. The Address 'A' record is the most important record that is stored in a DNS server, because it provides the required IP address for a network peripheral or element. discovery. APs attempt to connect to each managed device 10 times before switching to the next managed device.
An AP can only be converted into a controller-based AP if the managed device to which it connects is running ArubaOS 8.2.0.0.
If the AP cannot locate any managed device during the controller discovery process, it enters Instant discovery.
Preference Role
Users can predefine the AP mode by configuring the preference role. APs with the default preference role follow the standard discovery logic by attempting controller discovery before initiating Instant discovery. APs with the -less preference role bypass controller discovery and immediately initiate Instant discovery.
In the WebUI
To set the AP preference role to -less in the WebUI:
| 1. | Navigate to in the WebUI. |
| 2. | Select the AP on which you want to set the preference role to controller-less. |
| 3. | Click . |
In the CLI
To set the AP preference role to -less in the CLICommand-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions., execute the following commands:
(host) [mynode] #ap redeploy controller-less
all
ap-group
ap-name
ip-addr
ip6-addr
wired-mac
|
|
The command works only for UAPs and is applicable to AP-203H, AP-203R, AP-203RP, AP-303H, AP-365, and AP-367 access points only. |
AP Deployment Policy
Starting from ArubaOS 8.2.0.0, users can predefine the AP deployment mode using the AP deployment policy. The AP deployment policy redirects the specified APs to the Instant discovery process, ensuring that the APs run only in controller-less mode.
The AP deployment policy can be configured on:
APs in the specified IP address ranges—Policy is applied to the APs in the specified IPv4 or IPv6 address range. You can define up to 128 IPv4 and IPv6 address ranges for the AP deployment policy
APs in the default AP group—Policy is applied to the APs in the default AP group.
APs whose MACMedia Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. address are included in the blacklist table—Policy is applied to the APs whose MACMedia Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. addresses are included in the UAP blacklist table when the blacklist policy is enabled on the AP deploy profile.
|
|
You must enable the AP deploy profile to enforce the policies configured in the profile. |
When the policy is enforced, the managed device automatically identifies the targeted AP, rejects the AP termination, and redirects the AP to upgrade to controller-less mode.
In the CLI
To enable the AP deploy profile, execute the following commands:
(host) [mynode] (config) #ap deploy-profile
(host) [mynode] (ap deploy-profile) #enable
To apply the AP deployment policy to the default AP group, execute the following commands:
(host) [mynode] (config) #ap deploy-profile
(host) [mynode] (ap deploy-profile) #default-ap-group
To apply the AP deployment policy to an IPv4 address range, execute the following commands:
(host) [mynode] (config) #ap deploy-profile
(host[mynode] (ap deploy-profile) #ip-range <start> <end>
To apply the AP deployment policy to an IPv6 address range, execute the following commands:
(host) [mynode] (config) #ap deploy-profile
(host) [mynode] (ap deploy-profile) #ipv6-range <start> <end>
To include AP MACMedia Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. address to the UAP blacklist table, execute the following command:
(host) [mynode] (config) #uap-blacklist add mac-address <address> description <description>
To apply the AP deployment policy to the blacklisted APs, execute the following commands:
(host) [mynode] (config) #ap deploy-profile
(host) [mynode] (ap deploy-profile) #blacklist
To remove the IP address range or default AP group from the profile, execute the following command:
(host) [mynode] (config) #no ap deploy-profile
To view the complete list of IP address ranges to which the AP deployment policy is applied, execute the following command:
(host) [mynode] #show ap deploy-profile
Discovery Logic Workflow
The following steps describe the AP discovery logic:
Figure 1 AP Discovery Logic
| 1. | The AP boots up with the manufacturing image in unprovisioned mode. |
If a managed device is discovered, the AP receives the managed device’s IP address or domain assignment. The AP connects to the managed device and downloads the ArubaOS image. After the image is downloaded, the AP reboots. The configuration synchronizes, and the AP runs in controller-based mode.
If a managed device is discovered, but the AP deployment policy is applied to this AP, the AP connects to the managed device and downloads the ArubaOS image. The managed device rejects the AP termination and redirects the AP to the Instant discovery process.
If the AP cannot locate any managed device (for example, if the managed device is powered off or becomes unreachable), it enters Instant discovery.
| 3. | The AP enters the Instant discovery process to locate an Instant virtual controller, Activate, AirWave, or Central. |
If a virtual controller is discovered, the AP joins the existing Instant AP cluster and downloads the Instant image from the cluster. After the image is downloaded, the AP reboots. The configuration synchronizes, and the AP runs in controller-less mode.
If the AP cannot locate a virtual controller in an existing Instant AP cluster, the AP attempts to locate Activate, AirWave, or Central to upgrade the image and form a new Instant AP cluster.
|
|
APs running the manufacturing image cannot form an Instant AP cluster. |
If the AP locates Activate, it receives pre-configured provisioning rules to connect to AirWave, or Central or convert into a Campus APCampus APs are used in private networks where APs connect over private links (LAN, WLAN, WAN or MPLS) and terminate directly on controllers. Campus APs are deployed as part of the indoor campus solution in enterprise office buildings, warehouses, hospitals, universities, and so on. or Remote APRemote APs extend corporate network to the users working from home or at temporary work sites. Remote APs are deplyed at branch office sites and are connected to the central network on a WAN link..
|
|
APs that connect to Activate are automatically upgraded from the manufacturing image to the latest Instant or ArubaOS image. Refer to the latest Aruba Activate User Guide for details on configuring provisioning rules. |
If the AP locates AirWave, it can be upgraded to the Instant image. If an enforced image upgrade rule is configured in AirWave, the AP is upgraded to the Instant image configured for the enforced upgrade rule. If no enforced upgrade rule is configured, the AP is upgraded to the latest Instant image in AirWave. After the AP is upgraded, it reboots in controller-less mode and forms a new Instant AP cluster. The AP converts into the master, and other un-deployed APs can join the cluster to upgrade to the Instant image. Refer to the latest AirWave 8.x User Guide for details on AP image upgrade.
|
|
All firmware must be uploaded to AirWave before the AP connects and downloads the Instant image. Refer to the latest AirWave 8.x Aruba Instant Deployment Guide for details on firmware upload. |
If the AP locates Central, it can be upgraded to the Instant image through the page in the Central WebUI. After the AP is upgraded, it reboots in controller-less mode and forms a new InstantAP cluster. The AP converts into the master, and other un-deployed APs can join the cluster to upgrade to the Instant image. Refer to the latest Aruba Central User Guide for more details on AP image upgrade.
|
|
Central synchronizes with Aruba Activate to retrieve the latest Instant image. |
If the AP cannot locate Activate, AirWave, or Central, it continues to run in unprovisioned mode until the image is upgraded.
If the AP is not upgraded to the ArubaOS or Instant image, it enters a 15 minute reboot period. If there is no keyboard input or WebUI session (manual upgrade) within the 15 minutes, the AP reboots.
Manual Upgrade
APs running in unprovisioned mode broadcast a special provisioning SSIDService Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network. to which users can connect to upgrade the AP manually. Upon connecting, users can access a local provisioning page in the WebUI to upgrade the AP to an ArubaOS or Instant image. See “Controller-based AP via Manual Campus AP/Remote AP Conversion” on page 1 and “Controller-less AP via Manual Instant AP Conversion” on page 1 for more details on upgrading APs manually.
Deployment Scenarios
This section describes various AP deployment scenarios in controller, Instant, remote, and hybrid networks.
Controller-based AP Deployments
The following sections describe controller-based AP deployment scenarios.
|
|
Managed devices and APs are deployed in the same Layer 2 subnetSubnet is the logical division of an IP network.. |
Controller-based AP with AP Console Access
Users can deploy controller-based APs with console access, which allows them to modify the AP’s provisioning settings through a direct console connection to the AP. This deployment scenario is typically used for troubleshooting in development/test networks and master controller assignment for static controller discovery. See “Managing AP Console Settings” on page 1 for more information on provisioning APs through a console connection.
To deploy a controller-based AP using an AP console connection:
| 1. | Establish a console connection to the AP. See “Managing AP Console Settings” on page 1 for more details. |
| 2. | To access the AP console command prompt, press when the AP displays the “Hit <Enter> to stop autoboot” message. |
| 3. | Enter the AP console password. |
| 4. | Execute one of the following commands to assign an IP address from which the AP can download the ArubaOS image: |
: IP address of a TFTPTrivial File Transfer Protocol. The TFTP is a software utility for transferring files from or to a remote host. server.
| a. | (Optional) To upgrade the image directly in partition from , execute the command. |
| b. | After the server IP address is assigned, enter to save your settings. |
| c. | Reboot the AP using the or command. The AP boots up with the ArubaOS image. |
: IP address of a managed device. This option is used for static controller discovery.
| a. | After the managed device is assigned, enter to save your settings. |
| b. | Reboot the AP using the command. The AP boots up with the manufacturing image. |
| c. | The AP enters the static controller discovery process. |
| d. | If the assigned managed device is discovered, the AP connects to the managed device and downloads the ArubaOS image. |
| e. | After the image is downloaded, the AP reboots. |
| f. | The configuration synchronizes, and the AP runs in controller-based mode. |
Controller-based AP in a Test Network
Users can provision controller-based APs in a test network before deploying the APs in a working network.
|
|
Managed devices in a test network can only be discovered using the ADPAruba Discovery Protocol. ADP is an Aruba proprietary Layer 2 protocol. It is used by the APs to obtain the IP address of the TFTP server from which it downloads the AP boot image.. |
APs are upgraded to the ArubaOS image via ADPAruba Discovery Protocol. ADP is an Aruba proprietary Layer 2 protocol. It is used by the APs to obtain the IP address of the TFTP server from which it downloads the AP boot image. through the following steps:
| 1. | The AP boots up with the manufacturing image in unprovisioned mode. |
| 2. | The AP enters the controller discovery process using ADPAruba Discovery Protocol. ADP is an Aruba proprietary Layer 2 protocol. It is used by the APs to obtain the IP address of the TFTP server from which it downloads the AP boot image.. |
| 3. | When a managed device is discovered, the AP connects to the managed device and downloads the ArubaOS image. |
If the AP cannot locate a managed device, it enters the Instant discovery process. To prevent the AP from upgrading to controller-less mode, you must make sure Instant virtual controllers, Activate, AirWave, and Central are not available to the AP. If the AP is not upgraded and there are no configuration changes with 15 minutes, the AP reboots and restarts the discovery process (step 1).
| 4. | After the image is downloaded, the AP reboots. |
| 5. | The configuration synchronizes, and the AP runs in controller-based mode. |
Controller-based AP in a New Controller-based Network
Users can deploy APs directly into a brand new controller-based network. APs are upgraded to the ArubaOS image using static/ADPAruba Discovery Protocol. ADP is an Aruba proprietary Layer 2 protocol. It is used by the APs to obtain the IP address of the TFTP server from which it downloads the AP boot image./DHCPDynamic Host Configuration Protocol. A network protocol that enables a server to automatically assign an IP address to an IP-enabled device from a defined range of numbers configured for a given network. /DNSDomain Name System. A DNS server functions as a phone book for the intranet and Internet users. It converts human-readable computer host names into IP addresses and IP addresses into host names. It stores several records for a domain name such as an address 'A' record, name server (NS), and mail exchanger (MX) records. The Address 'A' record is the most important record that is stored in a DNS server, because it provides the required IP address for a network peripheral or element. based controller discovery. See “Enable Controller Discovery” on page 1 for more details on the different controller discovery options.
APs are upgraded to the ArubaOS image via DHCPDynamic Host Configuration Protocol. A network protocol that enables a server to automatically assign an IP address to an IP-enabled device from a defined range of numbers configured for a given network. /DNSDomain Name System. A DNS server functions as a phone book for the intranet and Internet users. It converts human-readable computer host names into IP addresses and IP addresses into host names. It stores several records for a domain name such as an address 'A' record, name server (NS), and mail exchanger (MX) records. The Address 'A' record is the most important record that is stored in a DNS server, because it provides the required IP address for a network peripheral or element. through the following steps:
| 1. | The AP boots up with the manufacturing image in unprovisioned mode. |
| 3. | When a managed device is discovered, the AP connects to the managed device and downloads the ArubaOS image. |
APs attempt to connect to each managed device 10 times. If the AP fails to reach a managed device after 10 attempts, it reboots and restarts the discovery process (step 1).
| 4. | After the image is downloaded, the AP reboots. |
| 5. | The configuration synchronizes, and the AP runs in controller-based mode. |
See “Controller-based AP in a Test Network” on page 1 for details on ADPAruba Discovery Protocol. ADP is an Aruba proprietary Layer 2 protocol. It is used by the APs to obtain the IP address of the TFTP server from which it downloads the AP boot image.-based controller discovery.
Controller-based AP in an Existing Controller-based Network
Users can replace or add additional APs to existing controller-based networks. Newly deployed APs are be upgraded to the ArubaOS image using static/ADPAruba Discovery Protocol. ADP is an Aruba proprietary Layer 2 protocol. It is used by the APs to obtain the IP address of the TFTP server from which it downloads the AP boot image./DHCPDynamic Host Configuration Protocol. A network protocol that enables a server to automatically assign an IP address to an IP-enabled device from a defined range of numbers configured for a given network. /DNSDomain Name System. A DNS server functions as a phone book for the intranet and Internet users. It converts human-readable computer host names into IP addresses and IP addresses into host names. It stores several records for a domain name such as an address 'A' record, name server (NS), and mail exchanger (MX) records. The Address 'A' record is the most important record that is stored in a DNS server, because it provides the required IP address for a network peripheral or element. based controller discovery. See “Enable Controller Discovery” on page 1 for more details on the different controller discovery options.
See “Controller-based AP in a Test Network” on page 1 for details on ADPAruba Discovery Protocol. ADP is an Aruba proprietary Layer 2 protocol. It is used by the APs to obtain the IP address of the TFTP server from which it downloads the AP boot image.-based controller discovery. See “Controller-based AP in a New Controller-based Network” on page 1 for details on DHCPDynamic Host Configuration Protocol. A network protocol that enables a server to automatically assign an IP address to an IP-enabled device from a defined range of numbers configured for a given network. /DNSDomain Name System. A DNS server functions as a phone book for the intranet and Internet users. It converts human-readable computer host names into IP addresses and IP addresses into host names. It stores several records for a domain name such as an address 'A' record, name server (NS), and mail exchanger (MX) records. The Address 'A' record is the most important record that is stored in a DNS server, because it provides the required IP address for a network peripheral or element. based controller discovery.
Controller-based AP in a Remote Deployment
Users can deploy controller-based APs in remote networks. APs in remote locations (Remote APsRemote APs extend corporate network to the users working from home or at temporary work sites. Remote APs are deplyed at branch office sites and are connected to the central network on a WAN link.) connect to the Aruba controller over the Internet using XAuthExtended Authentication. XAuth provides a mechanism for requesting individual authentication information from the user, and a local user database or an external authentication server. It provides a method for storing the authentication information centrally in the local network. and IPsecInternet Protocol security. IPsec is a protocol suite for secure IP communications that authenticates and encrypts each IP packet in a communication session.. See “Remote Access Points” on page 1 for more information on Remote APsRemote APs extend corporate network to the users working from home or at temporary work sites. Remote APs are deplyed at branch office sites and are connected to the central network on a WAN link..
To deploy a controller-based AP in a remote site:
| 1. | Login to the Mobility Master to add the AP to the managed device’s Remote APRemote APs extend corporate network to the users working from home or at temporary work sites. Remote APs are deplyed at branch office sites and are connected to the central network on a WAN link. whitelist. See “Managing AP Whitelists” on page 1 for more details on adding APs to a Remote APRemote APs extend corporate network to the users working from home or at temporary work sites. Remote APs are deplyed at branch office sites and are connected to the central network on a WAN link. whitelist. |
| 2. | Place the AP in a remote site. The AP boots up with the manufacturing image in unprovisioned mode. |
| 3. | On your device, connect to the following provisioning SSIDService Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network. broadcasted by the unprovisioned AP: |
| 4. | Open a web browser, and then navigate to the following URLUniform Resource Locator. URL is a global address used for locating web resources on the Internet.: |
https://setmeup.arubanetworks.com
| 5. | Under , select . |
| 6. | Enter the IP address or host name of the managed device to which the Remote APRemote APs extend corporate network to the users working from home or at temporary work sites. Remote APs are deplyed at branch office sites and are connected to the central network on a WAN link. will be connected. |
| 7. | Click . |
After the image is downloaded from the managed device, the AP reboots. The configuration synchronizes, and the AP becomes a Remote APRemote APs extend corporate network to the users working from home or at temporary work sites. Remote APs are deplyed at branch office sites and are connected to the central network on a WAN link..
APs can also be converted into Remote APsRemote APs extend corporate network to the users working from home or at temporary work sites. Remote APs are deplyed at branch office sites and are connected to the central network on a WAN link. using Aruba ActivateAruba Activate is a cloud-based service that helps provision your Aruba devices and maintain your inventory. Activate automates the provisioning process, allowing a single IT technician to easily and rapidly deploy devices throughout a distributed enterprise network.. For more details, see “Controller-based AP via Aruba Activate” on page 1.
Controller-based AP via Aruba Activate
If the AP cannot locate any managed device during the controller discovery process, the AP enters Instant discovery. During the Instant discovery process, the AP attempts to connect through Activate if it cannot locate an Instant virtual controller. If Activate is provisioned to convert APs to controller-based Campus APsCampus APs are used in private networks where APs connect over private links (LAN, WLAN, WAN or MPLS) and terminate directly on controllers. Campus APs are deployed as part of the indoor campus solution in enterprise office buildings, warehouses, hospitals, universities, and so on. or Remote APsRemote APs extend corporate network to the users working from home or at temporary work sites. Remote APs are deplyed at branch office sites and are connected to the central network on a WAN link., any AP that connects to Activate is converted into a Campus APCampus APs are used in private networks where APs connect over private links (LAN, WLAN, WAN or MPLS) and terminate directly on controllers. Campus APs are deployed as part of the indoor campus solution in enterprise office buildings, warehouses, hospitals, universities, and so on. or Remote APRemote APs extend corporate network to the users working from home or at temporary work sites. Remote APs are deplyed at branch office sites and are connected to the central network on a WAN link.. Refer to the latest Aruba Activate User Guide for details on configuring provisioning rules.
APs are upgraded to the ArubaOS image via Activate through the following steps:
| 1. | The AP boots up with the manufacturing image in unprovisioned mode. |
| 3. | If the AP cannot locate any managed device, it enters the Instant discovery process to locate an Instant virtual controller, Activate, AirWave, or Central. |
| 4. | The AP attempts to locate a virtual controller in an existing Instant AP cluster. If the AP cannot locate any virtual controllers, it attempts to connect through Activate. |
|
|
APs that connect to Activate are automatically upgraded from the manufacturing image to the latest ArubaOS image. Refer to the latest Aruba Activate User Guide for details on configuring provisioning rules. |
If the AP converts into a Campus APCampus APs are used in private networks where APs connect over private links (LAN, WLAN, WAN or MPLS) and terminate directly on controllers. Campus APs are deployed as part of the indoor campus solution in enterprise office buildings, warehouses, hospitals, universities, and so on., it retrieves the IP address of the managed device. The AP connects to the managed device and downloads the ArubaOS image. After the image is downloaded, the AP reboots. The configuration syncs, and the AP becomes a Campus APCampus APs are used in private networks where APs connect over private links (LAN, WLAN, WAN or MPLS) and terminate directly on controllers. Campus APs are deployed as part of the indoor campus solution in enterprise office buildings, warehouses, hospitals, universities, and so on..
If the AP converts into a Remote APRemote APs extend corporate network to the users working from home or at temporary work sites. Remote APs are deplyed at branch office sites and are connected to the central network on a WAN link., it retrieves the IP address of a managed device that has included the AP in its Remote APRemote APs extend corporate network to the users working from home or at temporary work sites. Remote APs are deplyed at branch office sites and are connected to the central network on a WAN link. whitelist. The AP connects to the managed device through an IPsecInternet Protocol security. IPsec is a protocol suite for secure IP communications that authenticates and encrypts each IP packet in a communication session. tunnel and downloads the ArubaOS image. After the image is downloaded, the AP reboots. The configuration synchronizes, and the AP becomes a Remote APRemote APs extend corporate network to the users working from home or at temporary work sites. Remote APs are deplyed at branch office sites and are connected to the central network on a WAN link.. For more information on Remote APsRemote APs extend corporate network to the users working from home or at temporary work sites. Remote APs are deplyed at branch office sites and are connected to the central network on a WAN link., see “Remote Access Points” on page 1.
|
|
The AP must be added to the managed device's Remote APRemote APs extend corporate network to the users working from home or at temporary work sites. Remote APs are deplyed at branch office sites and are connected to the central network on a WAN link. whitelist before it can retrieve the IP address of the managed device. For more details on adding APs to a Remote APRemote APs extend corporate network to the users working from home or at temporary work sites. Remote APs are deplyed at branch office sites and are connected to the central network on a WAN link. whitelist, see “Managing AP Whitelists” on page 1. |
Controller-based AP via Manual Campus AP/Remote AP Conversion
If the AP cannot be converted into a Campus APCampus APs are used in private networks where APs connect over private links (LAN, WLAN, WAN or MPLS) and terminate directly on controllers. Campus APs are deployed as part of the indoor campus solution in enterprise office buildings, warehouses, hospitals, universities, and so on. or Remote APRemote APs extend corporate network to the users working from home or at temporary work sites. Remote APs are deplyed at branch office sites and are connected to the central network on a WAN link. through Activate, users can connect to a special provisioning SSIDService Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network. broadcasted by the unprovisioned AP to manually convert the AP to a Campus APCampus APs are used in private networks where APs connect over private links (LAN, WLAN, WAN or MPLS) and terminate directly on controllers. Campus APs are deployed as part of the indoor campus solution in enterprise office buildings, warehouses, hospitals, universities, and so on. or Remote APRemote APs extend corporate network to the users working from home or at temporary work sites. Remote APs are deplyed at branch office sites and are connected to the central network on a WAN link. through the WebUI. See “Controller-based AP via Aruba Activate” on page 1 for details on converting an AP into a Campus APCampus APs are used in private networks where APs connect over private links (LAN, WLAN, WAN or MPLS) and terminate directly on controllers. Campus APs are deployed as part of the indoor campus solution in enterprise office buildings, warehouses, hospitals, universities, and so on. or Remote APRemote APs extend corporate network to the users working from home or at temporary work sites. Remote APs are deplyed at branch office sites and are connected to the central network on a WAN link. through Activate.
To manually convert an AP to a Campus APCampus APs are used in private networks where APs connect over private links (LAN, WLAN, WAN or MPLS) and terminate directly on controllers. Campus APs are deployed as part of the indoor campus solution in enterprise office buildings, warehouses, hospitals, universities, and so on. or Remote APRemote APs extend corporate network to the users working from home or at temporary work sites. Remote APs are deplyed at branch office sites and are connected to the central network on a WAN link. in the WebUI:
| 1. | On your device, connect to the following provisioning SSIDService Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network. broadcasted by the unprovisioned AP: |
| 2. | Open a web browser. You will automatically be redirected to a special provisioning page in the WebUI to convert the AP. |
| 3. | Under Convert to, select or . |
| 5. | Click . |
After the AP is upgraded, it reboots as a Campus APCampus APs are used in private networks where APs connect over private links (LAN, WLAN, WAN or MPLS) and terminate directly on controllers. Campus APs are deployed as part of the indoor campus solution in enterprise office buildings, warehouses, hospitals, universities, and so on. or Remote APRemote APs extend corporate network to the users working from home or at temporary work sites. Remote APs are deplyed at branch office sites and are connected to the central network on a WAN link..
Controller-less AP Deployments
The following sections describe controller-less AP deployment scenarios.
Controller-less AP in an Instant Network
Users can deploy APs directly into a running Instant network, which is comprised of an Instant AP cluster and a virtual controller that manages the network. A virtual controller must be available before any AP can be upgraded through this deployment scenario. See in the latest Aruba Instant User Guide for more details on electing a master in an Instant network.
APs are upgraded to the Instant image via a virtual controller through the following steps:
| 1. | The AP boots up with the manufacturing image in unprovisioned mode. |
If the preference role is set to -less, the AP bypasses controller discovery and immediately enters Instant discovery (skip to step 3).
If a managed device is discovered, but the AP deployment policy is applied to this AP, the AP connects to the managed device and downloads the ArubaOS image. The managed device rejects the AP termination and redirects the AP to the Instant discovery process.
| 3. | If the AP cannot locate any managed device, it enters the Instant discovery process to locate an Instant virtual controller, Activate, AirWave, or Central. |
| 4. | The AP attempts to discover a virtual controller in an existing Instant AP cluster. |
| 5. | If a virtual controller is discovered, the AP joins the existing Instant AP cluster and downloads the Instant image from the cluster. |
| 6. | After the image is downloaded, the AP reboots. |
| 7. | The configuration synchronizes, and the AP runs in controller-less mode. |
Controller-less AP via Activate, AirWave, or Central
If the AP cannot locate a virtual controller in an existing Instant AP cluster, the AP attempts to connect to Activate, AirWave, or Central to upgrade the AP to the Instant image and form a new Instant AP cluster.
|
|
In this deployment scenario, Activate, AirWave, or Central must be accessible to the AP. |
APs are upgraded to the Instant image via Activate, AirWave, or Central through the following steps:
| 1. | The AP boots up with the manufacturing image in unprovisioned mode. |
If the preference role is set to , the AP bypasses controller discovery and immediately enters Instant discovery (skip to step 3).
If a managed device is discovered, but the AP deployment policy is applied to this AP, the AP connects to the managed device and downloads the ArubaOS image. The managed device rejects the AP termination and redirects the AP to the Instant discovery process.
| 3. | If the AP cannot locate any managed device, it enters the Instant discovery process to locate an Instant virtual controller, Activate, AirWave, or Central. |
| 4. | The AP attempts to discover a virtual controller in an existing Instant AP cluster. |
| 5. | If the AP cannot locate a virtual controller in an existing Instant AP cluster, the AP attempts to locate Activate, AirWave, or Central to upgrade the image and form a new Instant AP cluster. |
|
|
APs running the manufacturing image cannot form an Instant AP cluster. |
If the AP locates Activate, it receives pre-configured provisioning rules to connect to AirWave or Central or convert into a Campus APCampus APs are used in private networks where APs connect over private links (LAN, WLAN, WAN or MPLS) and terminate directly on controllers. Campus APs are deployed as part of the indoor campus solution in enterprise office buildings, warehouses, hospitals, universities, and so on. or Remote APRemote APs extend corporate network to the users working from home or at temporary work sites. Remote APs are deplyed at branch office sites and are connected to the central network on a WAN link..
|
|
APs that connect to Activate are automatically upgraded from the manufacturing image to the latest Instant/ArubaOS image. Refer to the latest Aruba Activate User Guide for more details on configuring provisioning rules. |
If the AP locates AirWave, it can be upgraded to the Instant image. If an enforced image upgrade rule is configured in AirWave, the AP is upgraded to the Instant image configured for the enforced upgrade rule. If no enforced upgrade rule is configured, the AP is upgraded to the latest Instant image in AirWave. After the AP is upgraded, it reboots in controller-less mode. Refer to the latest AirWave 8.x User Guide for details on AP image upgrade.
|
|
All firmware must be uploaded to AirWave before the AP connects and downloads the Instant image. Refer to the latest AirWave 8.x Aruba Instant Deployment Guide for details on firmware upload. |
If the AP locates Central, it can be upgraded to the Instant image through the page in the CentralUIUser Interface.. After the AP is upgraded, it reboots in controller-less mode. Refer to the latest Aruba Central User Guide for more details on AP image upgrade.
|
|
Central syncs with Aruba Activate to retrieve the latest Instant image. |
After the AP is upgraded to controller-less mode, it forms a new Instant AP cluster and converts into the master. Other un-deployed APs can join the cluster and upgrade to the Instant image.
Controller-less AP via Manual Instant AP Conversion
If the AP cannot be upgraded into an Instant AP through a virtual controller, Activate, AirWave, or Central, users can connect to a special provisioning SSIDService Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network. broadcasted by the unprovisioned AP to manually convert the AP to an Instant AP through the WebUI. See “Controller-less AP in an Instant Network” on page 1 and “Controller-less AP via Activate, AirWave, or Central” on page 1 for details on upgrading an AP to the Instant image using a virtual controller, Activate, AirWave, or Central.
To manually convert an AP to an Instant AP in the WebUI:
| 1. | Login to your virtual controller. |
| 2. | Connect to the following provisioning SSIDService Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network. broadcasted by the unprovisioned AP: |
| 3. | Open a web browser. You will automatically be redirected to a special provisioning page in the WebUI to convert the AP. |
| 4. | Under , select or to upload the Instant image. |
If you select , click to locate and select an Instant image file from your local file explorer.
If you select , enter the web address of the Instant image under .
| 5. | Click . |
After the AP is upgraded, it reboots in controller-less mode.
AP Deployments in Hybrid Controller-Instant Networks
Users can deploy APs into hybrid networks, which contain both controller-based and controller-less APs. APs in hybrid networks are upgraded to the ArubaOS or Instant image using the same methods as APs in pure controller or Instant networks. However, the following items must be in place before deploying APs in a hybrid network:
Controller-based APs and controller-less APs must run on different subnetsSubnet is the logical division of an IP network. (for example, a controller-based AP subnetSubnet is the logical division of an IP network. and a separate controller-less AP subnetSubnet is the logical division of an IP network.).
Different discovery methods should be used for controller-based APs and controller-less APs, as the controller discovery process and Instant AirWave discovery process share the same DHCPDynamic Host Configuration Protocol. A network protocol that enables a server to automatically assign an IP address to an IP-enabled device from a defined range of numbers configured for a given network. /DNSDomain Name System. A DNS server functions as a phone book for the intranet and Internet users. It converts human-readable computer host names into IP addresses and IP addresses into host names. It stores several records for a domain name such as an address 'A' record, name server (NS), and mail exchanger (MX) records. The Address 'A' record is the most important record that is stored in a DNS server, because it provides the required IP address for a network peripheral or element. discovery methods. For example, controller-based APs can use a DHCPDynamic Host Configuration Protocol. A network protocol that enables a server to automatically assign an IP address to an IP-enabled device from a defined range of numbers configured for a given network. server to discover a managed device, while controller-less APs can use a DNSDomain Name System. A DNS server functions as a phone book for the intranet and Internet users. It converts human-readable computer host names into IP addresses and IP addresses into host names. It stores several records for a domain name such as an address 'A' record, name server (NS), and mail exchanger (MX) records. The Address 'A' record is the most important record that is stored in a DNS server, because it provides the required IP address for a network peripheral or element. server on AirWave.
If the same discovery method must be used for both controller-based APs and controller-less APs, Aruba recommends that you use DHCPDynamic Host Configuration Protocol. A network protocol that enables a server to automatically assign an IP address to an IP-enabled device from a defined range of numbers configured for a given network. -based discovery. DHCPDynamic Host Configuration Protocol. A network protocol that enables a server to automatically assign an IP address to an IP-enabled device from a defined range of numbers configured for a given network. servers can respond to DHCPDynamic Host Configuration Protocol. A network protocol that enables a server to automatically assign an IP address to an IP-enabled device from a defined range of numbers configured for a given network. requests based on the AP’s subnetSubnet is the logical division of an IP network. and vendor ID. DNSDomain Name System. A DNS server functions as a phone book for the intranet and Internet users. It converts human-readable computer host names into IP addresses and IP addresses into host names. It stores several records for a domain name such as an address 'A' record, name server (NS), and mail exchanger (MX) records. The Address 'A' record is the most important record that is stored in a DNS server, because it provides the required IP address for a network peripheral or element. servers do not have a subnetSubnet is the logical division of an IP network. limit, which can cause the APs that share a DNSDomain Name System. A DNS server functions as a phone book for the intranet and Internet users. It converts human-readable computer host names into IP addresses and IP addresses into host names. It stores several records for a domain name such as an address 'A' record, name server (NS), and mail exchanger (MX) records. The Address 'A' record is the most important record that is stored in a DNS server, because it provides the required IP address for a network peripheral or element. server to be upgraded on the wrong AP subnetSubnet is the logical division of an IP network..
Troubleshooting the AP Discovery Logic
The following sections describe troubleshooting scenarios users may encounter in the AP discovery logic.
Identifying the controller discovery method
APs can obtain the IP address of a managed device through one of the following methods:
Static controller discovery
Execute the command on the AP to determine which controller discovery method was used to upgrade the AP to the ArubaOS image.
The AP is unable to upgrade to the ArubaOS image
There are several reasons why an AP may not be able to upgrade to the ArubaOS image, even when a managed device is configured.
ADP is disabled
If the ADPAruba Discovery Protocol. ADP is an Aruba proprietary Layer 2 protocol. It is used by the APs to obtain the IP address of the TFTP server from which it downloads the AP boot image. is disabled on the managed device, the AP will not be able to locate any managed device on its own. Execute the command in the CLICommand-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. to enable ADPAruba Discovery Protocol. ADP is an Aruba proprietary Layer 2 protocol. It is used by the APs to obtain the IP address of the TFTP server from which it downloads the AP boot image..
The AP preference role is set to controller-less
If the AP preference role is set to controller-less, the AP bypasses controller discovery and immediately initiates Instant discovery. Use one of the following methods to check if the AP preference role has been set to controller-less:
Execute the command on the AP console to view the current environment variable settings. The field indicates if the preference role is set to controller-less:
: The controller-less preference role is enabled.
: The controller-less preference role is disabled.
See “Managing AP Console Settings” on page 1 for more details on APBoot commands.
Check the boot up log from the AP console. If the preference role is set to controller-less, the “ADP is disabled by uap_controller_less” message appears.
Execute the command on the AP console to view the AP provisioning logs. If the preference role is set to controller-less, the “Controller discovery is disabled by ap-env uap_controller_less” message appears.
The AP is not factory default
If the AP is not set to factory default (manufacturing image in unprovisioned mode), it cannot enter the controller discovery process. Use one of the following methods to check if the AP is factory default:
Check the boot up log from the AP console. If the AP is not factory default, the “Not factory_default ap. Do not run ADP.” message appears.
Execute the command on the AP. If the AP is not factory default, the “Controller discovery is disabled since UAP is not factory default status” message appears.
APs remain in unprovisioned mode after failing both controller and Instant discovery. If the AP is unable to upgrade to the ArubaOS or Instant image through the controller and Instant discovery process, it can be upgraded manually using the provisioning SSIDService Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network.. Execute the command on the AP to check if the AP is connected to the provisioning SSIDService Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network.. If the AP is connected to a different SSIDService Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network., it is not factory default.
The managed device is not running the correct image version
An AP can only be converted into a controller-based AP if the managed device to which it connects is running ArubaOS 8.2.0.0. Managed devices that run a different version of ArubaOS do not support the AP discovery logic and cannot convert the AP to controller-based mode.
The AP is attempting to connect to a fake controller
If the AP fails to convert into a controller-based AP, the managed device to which it attempted to connect may be fake. Execute the command on the managed device to check if the AP failed to connect after 10 attempts.
FTP or TFTP permission is denied on the managed device
In order to download the ArubaOS image from the managed device, the AP must establish a FTPFile Transfer Protocol. A standard network protocol used for transferring files between a client and server on a computer network. or TFTPTrivial File Transfer Protocol. The TFTP is a software utility for transferring files from or to a remote host. connection to the managed device. If FTPFile Transfer Protocol. A standard network protocol used for transferring files between a client and server on a computer network. or TFTPTrivial File Transfer Protocol. The TFTP is a software utility for transferring files from or to a remote host. permission is denied on the managed device, the connection attempt is dropped, and the AP cannot download the ArubaOS image.
Use one of the following methods to check if FTPFile Transfer Protocol. A standard network protocol used for transferring files between a client and server on a computer network. or TFTPTrivial File Transfer Protocol. The TFTP is a software utility for transferring files from or to a remote host. permission is denied on the managed device:
Execute the command on the AP. If FTPFile Transfer Protocol. A standard network protocol used for transferring files between a client and server on a computer network. or TFTPTrivial File Transfer Protocol. The TFTP is a software utility for transferring files from or to a remote host. permission is denied, the AP fails to connect to the managed device, and the following messages appear in the upgrade log:
Access controls can be applied to a managed device port to filter traffic between the managed device and the APs. Traffic must meet all criteria on the ACLAccess Control List. ACL is a common way of restricting certain types of traffic on a physical port. in order to reach the managed device or AP. If it does not meet the criteria, the connection is dropped.
Execute the command to view the ACLsAccess Control List. ACL is a common way of restricting certain types of traffic on a physical port. that have been applied to the port.
Execute the command on the controller to view the detailed configuration for the ACLAccess Control List. ACL is a common way of restricting certain types of traffic on a physical port. that has been applied to the port.
Execute the command to apply an ACLAccess Control List. ACL is a common way of restricting certain types of traffic on a physical port. to a port.
Execute the command to remove an ACLAccess Control List. ACL is a common way of restricting certain types of traffic on a physical port. from a port.
Execute the command to reject traffic for a specific protocol. If you reject traffic for the UDPUser Datagram Protocol. UDP is a part of the TCP/IP family of protocols used for data transfer. UDP is typically used for streaming media. UDP is a stateless protocol, which means it does not acknowledge that the packets being sent have been received., TFTPTrivial File Transfer Protocol. The TFTP is a software utility for transferring files from or to a remote host. traffic is dropped. If you reject traffic for the TCPTransmission Control Protocol. TCP is a communication protocol that defines the standards for establishing and maintaining network connection for applications to exchange data. , FTPFile Transfer Protocol. A standard network protocol used for transferring files between a client and server on a computer network. traffic is dropped.
Execute the command to allow traffic for a specific protocol. If you allow traffic for the UDPUser Datagram Protocol. UDP is a part of the TCP/IP family of protocols used for data transfer. UDP is typically used for streaming media. UDP is a stateless protocol, which means it does not acknowledge that the packets being sent have been received., TFTPTrivial File Transfer Protocol. The TFTP is a software utility for transferring files from or to a remote host. traffic can reach the managed device or AP. If you allow traffic for the TCPTransmission Control Protocol. TCP is a communication protocol that defines the standards for establishing and maintaining network connection for applications to exchange data. , FTPFile Transfer Protocol. A standard network protocol used for transferring files between a client and server on a computer network. traffic can reach the managed device or AP.
The AP is unable to upgrade to the Instant image
If the AP is marked as , it cannot be upgraded to the Instant image. APs can only be upgraded to the ArubaOS image.
Execute the command on the AP to check if your AP is . If your AP is , the message appears.
The SetMeUp provisioning SSID is not showing up on the device
The provisioning SSIDService Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network. used for manual AP upgrade only appears on a device if an AP fails to upgrade to the ArubaOS or Instant image during the controller and Instant discovery process.
APs can support up to 12 managed device IP addresses for ArubaOS image upgrade. During the controller discovery process, the AP attempts to connect to each managed device 10 times until it reaches one successfully. Each connection attempt takes one minute. Depending on the number of managed devices that are located by the AP, it can take up to 120 minutes just to complete the controller discovery process.
Execute the command on the AP to track the progress of the controller discovery process. The provisioning log displays the total number of controller IPv4 and IPv6 addresses that have been detected by the AP, and the current stage of the discovery process.
The AP does not reboot after an upgrade failure
If an AP fails to upgrade to the ArubaOS or Instant image during the controller and Instant discovery process, it enters a 15 minute reboot period. After the AP is rebooted, it restarts the discovery process. However, there are several conditions that can prevent the AP from completing the reboot:
Keyboard input from the user.
WebUI session connected to the AP (manual image upgrade).
Pending image upgrade.
Discovery of an AMPAirWave Management Platform. AMP is a network management system for configuring, monitoring, and upgrading wired and wireless devices on your network. server.
Discovery of a Central server.
Execute the command on the AP to determine why the AP has not rebooted. The provisioning log displays one of the following messages:
The operational state of an AP Ethernet port goes down while using a PoE injector
Sometimes, while using a PoEPower over Ethernet. PoE is a technology for wired Ethernet LANs to carry electric power required for the device in the data cables. The IEEE 802.3af PoE standard provides up to 15.4 W of power on each port. injector, the output of the command indicates that the operational state of an EthernetEthernet is a network protocol for data transmission over LAN. port is down.
(host) [mynode] #show ap debug port status ap-name test-ap-225
AP "test-ap-225" Port Status
-----------------------------
Port MAC Type Forward Mode Admin Oper Speed Duplex 802.3az PoE
---- --- ---- ------------ ----- ---- ----- ------ ------- ---
0 9c:1c:12:c0:ab:40 GE N/A enabled up 1 Gb/s full disabled N/A
1 9c:1c:12:c0:ab:41 GE tunnel enabled down N/A N/A N/A N/A
STP Portfast TX-Packets TX-Bytes RX-Packets RX-Bytes
--- -------- ---------- -------- ---------- --------
N/A N/A 69707 37468577 107570 11707191
N/A N/A 0 0 0 0
Execute the following command to verify if the AP is powered up using an 802.3af802.3af is an IEEE standard for Power over Ethernet (PoE) version that supplies up to 15.4W of DC power. See PoE. Power Sourcing Equipment.
(host) [mynode] #show ap debug system-status ap-name <ap-name> | include POE
Power Supply : POE-AF
The power supply, indicates that a pre-standard PoEPower over Ethernet. PoE is a technology for wired Ethernet LANs to carry electric power required for the device in the data cables. The IEEE 802.3af PoE standard provides up to 15.4 W of power on each port. injector is being used to power up the AP. This causes the operational state of the EthernetEthernet is a network protocol for data transmission over LAN. port to go down. To resolve this issue, enable the parameter from the respective provisioning profile of the AP:
(host) [mynode] (config) #ap provisioning-profile <profile-name>
(host) [mynode] (Provisioning profile "<profile-name>") #ap2xx-prestandard-poe-detection
|
|
This parameter is applicable only for the 200 Series, 210 Series, 220 Series, 270 Series, or AP-203R access points and AP-203H, AP-205H, or AP-228. |
Accessing the CLI after an image upgrade
After the AP image is upgraded, users cannot access the CLICommand-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. for the first 180 seconds of uptime. The following message appears when a user attempts to login to the CLICommand-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. during the initial 180 second uptime period:
login as: admin
System uptime is 147 seconds and CLI is not ready yet, please try again later.