Configuring a VLAN to Connect to the Network
You must follow the instructions in this section only if you need to configure a trunk port between the managed device and another Layer-2 switch (shown in Deployment Scenario #3: APs on Multiple Different Subnets from Managed Devices).
This section shows how to use both the WebUI and CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. for the following configurations (subsequent steps show how to use the WebUI only):
- Create a VLAN Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. on the managed device and assign it an IP address.
- Optionally, create a VLAN Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. pool. A VLAN Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. pool consists of two more VLAN Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. IDs which are grouped together to efficiently manage multi-managed device networks from a single location. For example, policies and virtual application configurations map users to different VLANs Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. which may exist at a different managed device. This creates redundancy where one managed device has to back up many other managed devices. With the VLAN Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. pool feature you can control your configuration globally.
VLAN Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. pooling should not be used with static IP addresses.
- Assign to the VLAN Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. the ports that you will use to connect the managed device to the network. (For example, the uplink ports connected to a router are usually Gigabit ports.) In the example configurations shown in this section, a managed device is connected to the network through its Gigabit Ethernet Ethernet is a network protocol for data transmission over LAN. port 1/25.
- Configure the port as a trunk port.
- Configure a default gateway Gateway is a network node that allows traffic to flow in and out of the network. for the managed device.
The following sections provides step-by-step instructions to configure a VLAN Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. and connect to the network.
Creating, Updating, and Viewing VLANs and Associated IDs
You can create and update a single VLAN Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. or bulk VLANs Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. using the WebUI or the CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions.. See Configuring VLANs.
In the WebUI configuration windows, clicking the Pending Changes button saves configuration changes so that they are retained after the managed device is rebooted. Clicking the or button saves changes to the running configuration but the changes are not retained when the managed device is rebooted. A good practice is to use the or Apply button to save changes to the running configuration and, after ensuring that the system operates as desired, click Pending Changes.
To view VLAN Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. IDs in the CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions..
(host) [mynode] #show vlan
Creating, Updating, and Deleting VLAN Pools
VLAN Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. pooling should not be used with static IP addresses.
You can create, update, and delete a VLAN Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. pool using the WebUI or the CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions.. See Configuring VLANs.
Use the CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. to add existing VLAN Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. IDs to a pool.
(host)[mynode](config) #vlan-name <name>
(host)[mynode](config) #vlan mygroup <vlan-ids>
To confirm the VLAN Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. pool status and mappings assignments, use the command:
(host)[mynode] #show vlan mapping
Assigning and Configuring the Trunk Port
The following procedure describes how to configure a Gigabit Ethernet Ethernet is a network protocol for data transmission over LAN. port:
- In the node hierarchy, navigate to the tab.
- In the managed device to the network. section, click the port that will connect the
- Select from the drop-down list.
- Select a VLAN Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. from the drop-down list.
- Click .
- Click .
- In the window, select the check box and click .
The following CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. commands configure a Gigabit Ethernet Ethernet is a network protocol for data transmission over LAN. port:
(host)[mynode](config) #interface gigabitethernet <slot>/<module>/<port>
(host)[mynode](config-submode) #switchport mode trunk
(host)[mynode](config-submode) #switchport trunk native vlan <id>
To confirm the port assignments, use the
command:(host)[mynode] #show vlan
Configuring the Default Gateway
The following procedure describes how to configure the default gateway Gateway is a network node that allows traffic to flow in and out of the network.:
- In the node hierarchy, navigate to the tab.
- Click the accordion menu.
- To add a new static gateway Gateway is a network node that allows traffic to flow in and out of the network., click the button below the static IP address list.
- Select or from the drop-down list.
- In the field, enter an IP address with dot separators.
- In the field, enter a value for the path cost.
- Click .
- You can define a dynamic gateway Gateway is a network node that allows traffic to flow in and out of the network. with the DHCP Dynamic Host Configuration Protocol. A network protocol that enables a server to automatically assign an IP address to an IP-enabled device from a defined range of numbers configured for a given network. , PPPOE, or Cellular option by clicking the accordion menu.
- In the gateway Gateway is a network node that allows traffic to flow in and out of the network. type. If you selected more than one dynamic gateway Gateway is a network node that allows traffic to flow in and out of the network. type, you must also define the cost for each gateway Gateway is a network node that allows traffic to flow in and out of the network. route. The managed device will first attempt to obtain a gateway Gateway is a network node that allows traffic to flow in and out of the network. IP address using the option with the lowest cost. If the managed device is unable to obtain a gateway Gateway is a network node that allows traffic to flow in and out of the network. IP address, it will then attempt to obtain a gateway Gateway is a network node that allows traffic to flow in and out of the network. IP address using the option with the next-lowest path cost. section, select the , or check box to enable the corresponding dynamic
- Click .
- Click .
- In the window, select the check box and click .
The following CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. command configures the default gateway Gateway is a network node that allows traffic to flow in and out of the network.:
(host)[mynode](config) #ip default-gateway <ipaddr>|{import cell|dhcp|pppoe}|{ipsec <name>} <cost> | mgmt | <nexthop>
Configuring the Loopback IP Address for the Managed Device
You must configure a loopback address if you are not using a VLAN Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. ID address to connect the managed device to the network (see Deployment Scenario #3: APs on Multiple Different Subnets from Managed Devices).
After you configure or modify a loopback address, you must reboot the managed device.
If configured, the loopback address is used as the managed device’s IP address. If you do not configure a loopback address for the managed device, the IP address assigned to the first configured VLAN Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. interface IP address is considered. Generally, VLAN Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. 1 is configured first and is used as the managed device’s IP address. ArubaOS allows the loopback address to be part of the IP address space assigned to a VLAN Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. interface. For example, if VLAN Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. 5 interface on the managed device was configured with the IP address 10.3.22.20/24, the loopback IP address can be configured as 10.3.22.220.
You configure the loopback address as a host address with a 32-bit netmask Netmask is a 32-bit mask used for segregating IP address into subnets. Netmask defines the class and range of IP addresses.. The loopback address should be routable from all external networks.
STP Spanning Tree Protocol. STP is a network protocol that builds a logical loop-free topology for Ethernet networks. is disabled by default on the managed device. STP Spanning Tree Protocol. STP is a network protocol that builds a logical loop-free topology for Ethernet networks. ensures a single active path between any two network nodes, thus avoiding bridge loops. Disable STP Spanning Tree Protocol. STP is a network protocol that builds a logical loop-free topology for Ethernet networks. on the managed device if you are not employing STP Spanning Tree Protocol. STP is a network protocol that builds a logical loop-free topology for Ethernet networks. in your network.
The following procedure describes how to configure a loopback IP address:
- In the node hierarchy, navigate to the tab.
- Click the accordion menu.
- Enter the and/or the in the corresponding text boxes.
- Click .
- In the node hierarchy, navigate to the tab.
- Click and expand .
- Click the toggle switch to enable this setting. By default, spanning tree is disabled.
- Click .
- Click .
- In the window, select the check box and click .
- In the node hierarchy, navigate to the tab.
- Select the check box.
- Click .
You must reboot the managed device for the new IP address to take effect.
The following CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. commands configure a loopback IP address:
(host)[mynode](config) #interface loopback ip address <A.B.C.D>
(host)[mynode](config) #no spanning-tree
(host)[mynode](config) #write memory
(host)[mynode](config) #reload
The managed device returns the following messages:
Do you really want to reset the system(y/n):
Enter managed device or to cancel.
to reboot theSystem will now restart!
...
Restarting system.
To verify that the managed device is accessible on the network, ping the loopback address from a workstation on the network.
Configuring the System Clock
You can manually set the clock on the managed device, or configure the managed device to use a NTP Network Time Protocol. NTP is a protocol for synchronizing the clocks of computers over a network. server to synchronize its system clock with a central time source. For more information about setting the managed device’s clock, see Setting System Clock.
Configuring the License Management with ASP
Starting from ArubaOS 8.4.0.0, ArubaOS License automation feature is supported where the Mobility Master obtains the licenses from Aruba Support Portal (ASP) or License Management Server automatically. The users need not manually add the licenses on the Mobility Master.
For the Mobility Master to obtain licenses, the users have to enter the ASP credentials using Mobility Master WebUI or the CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. only once.
The user can also assign new licenses to the Mobility Master using the WebUI instead of through Aruba Support Portal.
On-boarding ASP Licenses
Before signing on to ASP from Mobility Master, user must on-board the account from ASP, asp.arubanetworks.com.
Configuring license Management with Aruba Support Portal
The following procedure describes how to enable the ASP options:
- In the node hierarchy, navigate to > > tab.
- Expand the section.
- Enable the option.
- Enter the and to sign into Aruba Support Portal.
- Click .
- Click .
- To view the ASP license keys allotted to the Mobility Master, navigate to > > .
You can also enable the ASP option using the following steps:
- In the node hierarchy, navigate to > >
- Select option for .
- Enter the and to sign in to Aruba Support Portal.
- Click .
- To view the ASP license keys allotted to the Mobility Master, navigate to > > .
The following command creates, enables, and views the ASP profile:
Creating default ASP Profile
(host) [mm] (config) #asp-profile (can be executed in mm node only)
(host) [mm] (Aruba Support Portal Profile) #asp-enable
(host) [mm] (Aruba Support Portal Profile) #asp-licensing-enable
Signing On to ASP
(host) [mm] (config) #asp signon username <username>
Verifying the ASP sign-on status
(host) [mm] #show asp status
(host) [mm] #show asp standby status
Checking the ASP account used to login
(host) [mm] #show asp account-info
Registering or Claiming a license purchase and verify available licenses
(host) [mm] #license asp register-order <confirmationnumber> <ordernumber>
(host) [mm] #show license asp unallocated-lic
Allocating licenses
(host) [mm] #license asp allocate-lic ap <ap-num>
Allocation can be done for all license types at once or one by one
Verifying the PEFV licenses installed in Controllers
(host) [mm] #show license md-pefv-lic
Checking the total number of licenses allocated using ASP and Manual Licensing
(host) [mm] #show license summary
The following sections describe how to synchronize, view, allocate, and claim licenses:
Synchronizing Licenses between ASP and Mobility Master
Every successful sign-on attempt and also every time the Mobility Master is rebooted, the licenses between Aruba Support portal and Mobility Master are synchronized seamlessly.
Mobility Master synchronizes licenses from Aruba Support portal every 24 hours.
The following procedure describes how to synchronize the licenses from ASP to Mobility Master:
- In the node hierarchy, navigate to > >
- Select .
- Click tab.
- Click Mobility Master. to synchronize the activated licenses from ASP to
The following CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. commands configure:
(host) [mm] #license asp get-allocated-lic
(host) [mm] #license asp get-md-pefv-lic
Viewing, Allocating, and Claiming Licenses
The following procedure describes how to view, allocate, or claim the license inventory:
- In the node hierarchy, navigate to > >
- Click .
- The
- Type of License - the different type of licenses like AP, PEFNG Policy Enforcement Firewall. PEF also known as PEFNG provides context-based controls to enforce application-layer security and prioritization. The customers using Aruba mobility controllers can avail PEF features and services by obtaining a PEF license. PEF for VPN users—Customers with PEF for VPN license can apply firewall policies to the user traffic routed to a controller through a VPN tunnel., WEBCC, and so on.
- Description - the description of each type of license.
- Status - the status of the each type of license. For example, active license, not licensed, never licensed, and so on.
- Expiration - the expiration type of each license type.
- Total Activated - the sum of licenses allocated using ASP licensing method and licenses installed using Manual method.
- Available - the licenses which are successfully claimed or registered to ASP account using an Order or Confirmation Number.
tab lists detailed information about all the licenses used. It provides the following information: - To claim or register licenses, click and enter and and click . The order Number and confirmation number is received through an email from Aruba Sales team after a successful license purchase.
- To allocate or activate licenses, click and enter the number of licenses count for the license types in column and click .
For more information on licenses installation, refer to the Aruba Mobility Master Licensing Guide.
Offline Licensing feature
When a Mobility Controller Virtual Appliance stand-alone controller fails in a remote deployment, the backup stand-alone is brought up by deploying the OVA Open Virtualization Archive. OVA contains a compressed installable version of a virtual machine. file but for the backup stand-alone controller should work with the same capacity and features of the failed stand-alone controller, it requires the same licenses.
This feature is supported only for Mobility Controller Virtual Appliance configured as a stand-alone controller.
In a scenario where the remote deployment has lost internet access or connection to the base, the user cannot activate the new license required for the backup standalone controller. In such a case, the offline licensing feature is used to activate new license using a Master Token Key (MTK).
The Master Token Key is generated by the user through LMS Local Management Switch. In multi-controller networks, each controller acts as an LMS and terminates user traffic from the APs, processes, and forwards the traffic to the wired network. and this MTK is then, sealed in an envelope and provided to the user on a need basis. The MTK supports installing and activating MC-VA-XX licensing type, AP, PEF Policy Enforcement Firewall. PEF also known as PEFNG provides context-based controls to enforce application-layer security and prioritization. The customers using Aruba mobility controllers can avail PEF features and services by obtaining a PEF license. PEF for VPN users—Customers with PEF for VPN license can apply firewall policies to the user traffic routed to a controller through a VPN tunnel., and RFP licenses.
Webcc and ACR licenses cannot be installed through MTK.
For more information, see Aruba Mobility Master licensing guide.
Connecting the Managed Device to the Network
Connect the ports on the managed device to the appropriately-configured ports on an L2 switch or router. Make sure that you have the correct cables and that the port LEDs indicate proper connections. Refer to the Aruba Virtual Appliance Installation Guide for details on the managed device for port LED Light Emitting Diode. LED is a semiconductor light source that emits light when an electric current passes through it. and cable descriptions.
In many deployment scenarios, an external firewall Firewall is a network security system used for preventing unauthorized access to or from a private network. is situated between various Aruba devices. External Firewall Configuration describes the network ports that must be configured on the external firewall Firewall is a network security system used for preventing unauthorized access to or from a private network. to allow proper operation of the network.
To verify that the managed device is accessible on the network:
- If you are using VLAN Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. 1 to connect the managed device to the network (Deployment Scenario #1: Managed Device and APs on Same Subnet and Deployment Scenario #2: APs All on One Subnet Different from Managed Device Subnet), ping the VLAN Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. 1 IP address from a workstation on the network.
- If you created and configured a new VLAN Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. (Deployment Scenario #3: APs on Multiple Different Subnets from Managed Devices), ping the IP address of the new VLAN Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. from a workstation on the network.