Configuring a VLAN to Connect to the Network

You must follow the instructions in this section only if you need to configure a trunk port between the managed device and another Layer-2 switch (shown in Deployment Scenario #3: APs on Multiple Different Subnets from Managed Devices).

This section shows how to use both the WebUI and CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. for the following configurations (subsequent steps show how to use the WebUI only):

The following sections provides step-by-step instructions to configure a VLAN Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. and connect to the network.

Creating, Updating, and Viewing VLANs and Associated IDs

You can create and update a single VLAN Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. or bulk VLANs Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. using the WebUI or the CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions.. See Configuring VLANs.

In the WebUI configuration windows, clicking the Pending Changes button saves configuration changes so that they are retained after the managed device is rebooted. Clicking the Submit or Apply button saves changes to the running configuration but the changes are not retained when the managed device is rebooted. A good practice is to use the Submit or Apply button to save changes to the running configuration and, after ensuring that the system operates as desired, click Pending Changes.

To view VLAN Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. IDs in the CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions..

(host) [mynode] #show vlan

Creating, Updating, and Deleting VLAN Pools

You can create, update, and delete a VLAN Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. pool using the WebUI or the CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions.. See Configuring VLANs.

Use the CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. to add existing VLAN Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. IDs to a pool.

(host)[mynode](config) #vlan-name <name>

(host)[mynode](config) #vlan mygroup <vlan-ids>

To confirm the VLAN Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. pool status and mappings assignments, use the show vlan mapping command:

(host)[mynode] #show vlan mapping

Assigning and Configuring the Trunk Port

The following procedure describes how to configure a Gigabit Ethernet Ethernet is a network protocol for data transmission over LAN. port:

  1. In the Managed Network node hierarchy, navigate to the Configuration > Interfaces > Ports tab.
  2. In the Ports section, click the port that will connect the managed device to the network.
  3. Select Trunk from the Mode drop-down list.
  4. Select a VLAN Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. from the Native VLAN drop-down list.
  5. Click Submit.
  6. Click Pending Changes.
  7. In the Pending Changes window, select the check box and click Deploy changes.

The following CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. commands configure a Gigabit Ethernet Ethernet is a network protocol for data transmission over LAN. port:

(host)[mynode](config) #interface gigabitethernet <slot>/<module>/<port>

(host)[mynode](config-submode) #switchport mode trunk

(host)[mynode](config-submode) #switchport trunk native vlan <id>

To confirm the port assignments, use the show vlan command:

(host)[mynode] #show vlan

Configuring the Default Gateway

The following procedure describes how to configure the default gateway Gateway is a network node that allows traffic to flow in and out of the network.:

  1. In the Managed Network node hierarchy, navigate to the Configuration > Interfaces > IP Routes tab.
  2. Click the Static Default Gateway accordion menu.
  3. To add a new static gateway Gateway is a network node that allows traffic to flow in and out of the network., click the + button below the static IP address list.
    1. Select IPv4 or IPv6 from the IP version drop-down list.
    2. In the IP Address field, enter an IP address with dot separators.
    3. In the Cost field, enter a value for the path cost.
    4. Click Submit.
  4. You can define a dynamic gateway Gateway is a network node that allows traffic to flow in and out of the network. with the DHCP Dynamic Host Configuration Protocol. A network protocol that enables a server to automatically assign an IP address to an IP-enabled device from a defined range of numbers configured for a given network. , PPPOE, or Cellular option by clicking the Dynamic Default Gateway accordion menu.
    1. In the Dynamic Default Gateway section, select the DHCP, PPPoE or Cellular check box to enable the corresponding dynamic gateway Gateway is a network node that allows traffic to flow in and out of the network. type. If you selected more than one dynamic gateway Gateway is a network node that allows traffic to flow in and out of the network. type, you must also define the cost for each gateway Gateway is a network node that allows traffic to flow in and out of the network. route. The managed device will first attempt to obtain a gateway Gateway is a network node that allows traffic to flow in and out of the network. IP address using the option with the lowest cost. If the managed device is unable to obtain a gateway Gateway is a network node that allows traffic to flow in and out of the network. IP address, it will then attempt to obtain a gateway Gateway is a network node that allows traffic to flow in and out of the network. IP address using the option with the next-lowest path cost.
    2. Click Submit.
  5. Click Pending Changes.
  6. In the Pending Changes window, select the check box and click Deploy changes.

The following CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. command configures the default gateway Gateway is a network node that allows traffic to flow in and out of the network.:

(host)[mynode](config) #ip default-gateway <ipaddr>|{import cell|dhcp|pppoe}|{ipsec <name>} <cost> | mgmt | <nexthop>

Configuring the Loopback IP Address for the Managed Device

You must configure a loopback address if you are not using a VLAN Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. ID address to connect the managed device to the network (see Deployment Scenario #3: APs on Multiple Different Subnets from Managed Devices).

After you configure or modify a loopback address, you must reboot the managed device.

If configured, the loopback address is used as the managed device’s IP address. If you do not configure a loopback address for the managed device, the IP address assigned to the first configured VLAN Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. interface IP address is considered. Generally, VLAN Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. 1 is configured first and is used as the managed device’s IP address. ArubaOS allows the loopback address to be part of the IP address space assigned to a VLAN Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. interface. For example, if VLAN Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. 5 interface on the managed device was configured with the IP address 10.3.22.20/24, the loopback IP address can be configured as 10.3.22.220.

You configure the loopback address as a host address with a 32-bit netmask Netmask is a 32-bit mask used for segregating IP address into subnets. Netmask defines the class and range of IP addresses.. The loopback address should be routable from all external networks.

STP Spanning Tree Protocol. STP is a network protocol that builds a logical loop-free topology for Ethernet networks. is disabled by default on the managed device. STP Spanning Tree Protocol. STP is a network protocol that builds a logical loop-free topology for Ethernet networks. ensures a single active path between any two network nodes, thus avoiding bridge loops. Disable STP Spanning Tree Protocol. STP is a network protocol that builds a logical loop-free topology for Ethernet networks. on the managed device if you are not employing STP Spanning Tree Protocol. STP is a network protocol that builds a logical loop-free topology for Ethernet networks. in your network.

The following procedure describes how to configure a loopback IP address:

  1. In the Managed Network node hierarchy, navigate to the Configuration > System > General tab.
  2. Click the Loopback Interface accordion menu.
  3. Enter the IPv4 address and/or the IPv6 address in the corresponding text boxes.
  4. Click Submit.
  5. In the Managed Network node hierarchy, navigate to the Configuration > System > More tab.
  6. Click and expand Spanning Tree.
  7. Click the Spanning tree toggle switch to enable this setting. By default, spanning tree is disabled.
  8. Click Submit.
  9. Click Pending Changes.
  10. In the Pending Changes window, select the check box and click Deploy changes.
  11. You must reboot the managed device for the new IP address to take effect.

  12. In the Mobility Master > host node hierarchy, navigate to the Maintenance > Software Management > Reboot tab.
  13. Select the Save Current Configuration Before Reboot check box.
  14. Click Reboot.

The following CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. commands configure a loopback IP address:

(host)[mynode](config) #interface loopback ip address <A.B.C.D>

(host)[mynode](config) #no spanning-tree

(host)[mynode](config) #write memory

(host)[mynode](config) #reload

The managed device returns the following messages:

Do you really want to reset the system(y/n):

Enter y to reboot the managed device or n to cancel.

System will now restart!

...

Restarting system.

To verify that the managed device is accessible on the network, ping the loopback address from a workstation on the network.

Configuring the System Clock

You can manually set the clock on the managed device, or configure the managed device to use a NTP Network Time Protocol. NTP is a protocol for synchronizing the clocks of computers over a network. server to synchronize its system clock with a central time source. For more information about setting the managed device’s clock, see Setting System Clock.

Configuring the License Management with ASP

Starting from ArubaOS 8.4.0.0, ArubaOS License automation feature is supported where the Mobility Master obtains the licenses from Aruba Support Portal (ASP) or License Management Server automatically. The users need not manually add the licenses on the Mobility Master.

For the Mobility Master to obtain licenses, the users have to enter the ASP credentials using Mobility Master WebUI or the CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. only once.

The user can also assign new licenses to the Mobility Master using the WebUI instead of through Aruba Support Portal.

On-boarding ASP Licenses

Before signing on to ASP from Mobility Master, user must on-board the account from ASP, asp.arubanetworks.com.

Configuring license Management with Aruba Support Portal

The following procedure describes how to enable the ASP options:

  1. In the Mobility Master node hierarchy, navigate to Configuration > System > General tab.
  2. Expand the Aruba Support Portal (ASP) section.
  3. Enable the Connect to ASP option.
  4. Enter the Username and Password to sign into Aruba Support Portal.
  5. Click Sign In.
  6. Click Submit.
  7. To view the ASP license keys allotted to the Mobility Master, navigate to Configuration > Licensing > License Inventory.

You can also enable the ASP option using the following steps:

  1. In the Mobility Master node hierarchy, navigate to Mobility Master > Configuration > Licensing.
  2. Select Aruba Support Portal (ASP) option for License management.
  3. Enter the Username and Password to sign in to Aruba Support Portal.
  4. Click Sign In.
  5. To view the ASP license keys allotted to the Mobility Master, navigate to Configuration > Licensing > License Inventory.

The following command creates, enables, and views the ASP profile:

Creating default ASP Profile

(host) [mm] (config) #asp-profile (can be executed in mm node only)

(host) [mm] (Aruba Support Portal Profile) #asp-enable

(host) [mm] (Aruba Support Portal Profile) #asp-licensing-enable

Signing On to ASP

(host) [mm] (config) #asp signon username <username>

Verifying the ASP sign-on status

(host) [mm] #show asp status

(host) [mm] #show asp standby status

Checking the ASP account used to login

(host) [mm] #show asp account-info

Registering or Claiming a license purchase and verify available licenses

(host) [mm] #license asp register-order <confirmationnumber> <ordernumber>

(host) [mm] #show license asp unallocated-lic

Allocating licenses

(host) [mm] #license asp allocate-lic ap <ap-num>

Allocation can be done for all license types at once or one by one

Verifying the PEFV licenses installed in Controllers

(host) [mm] #show license md-pefv-lic

Checking the total number of licenses allocated using ASP and Manual Licensing

(host) [mm] #show license summary

The following sections describe how to synchronize, view, allocate, and claim licenses:

Synchronizing Licenses between ASP and Mobility Master

Every successful sign-on attempt and also every time the Mobility Master is rebooted, the licenses between Aruba Support portal and Mobility Master are synchronized seamlessly.

Mobility Master synchronizes licenses from Aruba Support portal every 24 hours.

The following procedure describes how to synchronize the licenses from ASP to Mobility Master:

  1. In the Mobility Master node hierarchy, navigate to Mobility Master > Configuration > Licensing.
  2. Select Aruba Support Portal (ASP).
  3. Click License Inventory tab.
  4. Click Update now to synchronize the activated licenses from ASP to Mobility Master.

The following CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. commands configure:

(host) [mm] #license asp get-allocated-lic

(host) [mm] #license asp get-md-pefv-lic

Viewing, Allocating, and Claiming Licenses

The following procedure describes how to view, allocate, or claim the license inventory:

  1. In the Mobility Master node hierarchy, navigate to Mobility Master > Configuration > Licensing.
  2. Click License Inventory.
  3. The License Inventory tab lists detailed information about all the licenses used. It provides the following information:
  4. To claim or register licenses, click Claim and enter Order # and Confirmation # and click Submit. The order Number and confirmation number is received through an email from Aruba Sales team after a successful license purchase.
  5. To allocate or activate licenses, click Allocate and enter the number of licenses count for the license types in ALLOCATE column and click Submit.

For more information on licenses installation, refer to the Aruba Mobility Master Licensing Guide.

Offline Licensing feature

When a Mobility Controller Virtual Appliance stand-alone controller fails in a remote deployment, the backup stand-alone is brought up by deploying the OVA Open Virtualization Archive. OVA contains a compressed installable version of a virtual machine. file but for the backup stand-alone controller should work with the same capacity and features of the failed stand-alone controller, it requires the same licenses.

This feature is supported only for Mobility Controller Virtual Appliance configured as a stand-alone controller.

In a scenario where the remote deployment has lost internet access or connection to the base, the user cannot activate the new license required for the backup standalone controller. In such a case, the offline licensing feature is used to activate new license using a Master Token Key (MTK).

The Master Token Key is generated by the user through LMS Local Management Switch. In multi-controller networks, each controller acts as an LMS and terminates user traffic from the APs, processes, and forwards the traffic to the wired network. and this MTK is then, sealed in an envelope and provided to the user on a need basis. The MTK supports installing and activating MC-VA-XX licensing type, AP, PEF Policy Enforcement Firewall. PEF also known as PEFNG provides context-based controls to enforce application-layer security and prioritization. The customers using Aruba mobility controllers can avail PEF features and services by obtaining a PEF license. PEF for VPN users—Customers with PEF for VPN license can apply firewall policies to the user traffic routed to a controller through a VPN tunnel., and RFP licenses.

Webcc and ACR licenses cannot be installed through MTK.

For more information, see Aruba Mobility Master licensing guide.

Connecting the Managed Device to the Network

Connect the ports on the managed device to the appropriately-configured ports on an L2 switch or router. Make sure that you have the correct cables and that the port LEDs indicate proper connections. Refer to the Aruba Virtual Appliance Installation Guide for details on the managed device for port LED Light Emitting Diode. LED is a semiconductor light source that emits light when an electric current passes through it. and cable descriptions.

In many deployment scenarios, an external firewall Firewall is a network security system used for preventing unauthorized access to or from a private network. is situated between various Aruba devices. External Firewall Configuration describes the network ports that must be configured on the external firewall Firewall is a network security system used for preventing unauthorized access to or from a private network. to allow proper operation of the network.

To verify that the managed device is accessible on the network: