Uplink Monitoring and Load Balancing

ArubaOS 8.5.0.0 and later versions do not support the uplink load balancing feature.

Wi-Fi Uplink

Starting from ArubaOS 8.5.0.0, Wi-Fi Wi-Fi is a technology that allows electronic devices to connect to a WLAN network, mainly using the 2.4 GHz and 5 GHz radio bands. Wi-Fi can apply to products that use any 802.11 standard. uplink is introduced to provide connectivity of AP to an external wireless network. The 3G Third Generation of Wireless Mobile Telecommunications Technology. See W-CDMA./4G Fourth Generation of Wireless Mobile Telecommunications Technology. See LTE. cellular uplink and the Wi-Fi Wi-Fi is a technology that allows electronic devices to connect to a WLAN network, mainly using the 2.4 GHz and 5 GHz radio bands. Wi-Fi can apply to products that use any 802.11 standard. uplink can be used to extend the connectivity to places where a wired uplink cannot be configured.

Wi-Fi Wi-Fi is a technology that allows electronic devices to connect to a WLAN network, mainly using the 2.4 GHz and 5 GHz radio bands. Wi-Fi can apply to products that use any 802.11 standard. uplink allows an AP running ArubaOS to connect to an external wireless network or a managed device by using a third-party AP, such as a Mi-Fi device or a smart phone running a hotspot Hotspot refers to a WLAN node that provides Internet connection and virtual private network (VPN) access from a given location. A business traveler, for example, with a laptop equipped for Wi-Fi can look up a local hotspot, contact it, and get connected through its network to reach the Internet.. This requires the Aruba AP running ArubaOS to work as a standard Wi-Fi Wi-Fi is a technology that allows electronic devices to connect to a WLAN network, mainly using the 2.4 GHz and 5 GHz radio bands. Wi-Fi can apply to products that use any 802.11 standard. client. When the standard Wi-Fi Wi-Fi is a technology that allows electronic devices to connect to a WLAN network, mainly using the 2.4 GHz and 5 GHz radio bands. Wi-Fi can apply to products that use any 802.11 standard. client is used as an uplink, the AP requires MAC Media Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. Address Translation (MAT) to bridge the traffic between wireless or wired users of the AP and the uplink network. Wi-Fi Wi-Fi is a technology that allows electronic devices to connect to a WLAN network, mainly using the 2.4 GHz and 5 GHz radio bands. Wi-Fi can apply to products that use any 802.11 standard. uplink can also be used to connect the AP to another Wi-Fi Wi-Fi is a technology that allows electronic devices to connect to a WLAN network, mainly using the 2.4 GHz and 5 GHz radio bands. Wi-Fi can apply to products that use any 802.11 standard. service, such as a hospital wireless network.

It is recommended to use Aruba mesh between one uplink Aruba AP and another Aruba AP. Wi-Fi Wi-Fi is a technology that allows electronic devices to connect to a WLAN network, mainly using the 2.4 GHz and 5 GHz radio bands. Wi-Fi can apply to products that use any 802.11 standard. uplink is used only when mesh is not suitable.

The ArubaOS AP must be provisioned with the necessary Wi-Fi Wi-Fi is a technology that allows electronic devices to connect to a WLAN network, mainly using the 2.4 GHz and 5 GHz radio bands. Wi-Fi can apply to products that use any 802.11 standard. uplink client parameters. After the AP reboots, it works as a standard client with the provisioned client parameters and connects with a Mi-Fi device or another AP to reach the managed device. The provisioned AP acts as both client and AP when it receives configurations from the managed device, which allows other wireless and wired clients to connect to the Aruba AP.

 

The following sections describe how to configure a Wi-Fi Wi-Fi is a technology that allows electronic devices to connect to a WLAN network, mainly using the 2.4 GHz and 5 GHz radio bands. Wi-Fi can apply to products that use any 802.11 standard. Uplink profile and provision an AP with Wi-Fi Wi-Fi is a technology that allows electronic devices to connect to a WLAN network, mainly using the 2.4 GHz and 5 GHz radio bands. Wi-Fi can apply to products that use any 802.11 standard. uplink:

Configuring a Wi-Fi Uplink Profile

The following configuration conditions apply to Wi-Fi Wi-Fi is a technology that allows electronic devices to connect to a WLAN network, mainly using the 2.4 GHz and 5 GHz radio bands. Wi-Fi can apply to products that use any 802.11 standard. uplink:

The following procedure describes how to configure an AP with Wi-Fi Wi-Fi is a technology that allows electronic devices to connect to a WLAN network, mainly using the 2.4 GHz and 5 GHz radio bands. Wi-Fi can apply to products that use any 802.11 standard. uplink profile:

  1. In the Managed Network node hierarchy, navigate to the Configuration > System > Profiles tab.
  2. Expand the AP accordion.
  3. Select WiFi uplink.
  4. Select the Wi-Fi Wi-Fi is a technology that allows electronic devices to connect to a WLAN network, mainly using the 2.4 GHz and 5 GHz radio bands. Wi-Fi can apply to products that use any 802.11 standard. uplink profile that you want to edit or click + and enter a name into the Profile Name dialog box to create a new profile.
  1. Configure the Wi-Fi Wi-Fi is a technology that allows electronic devices to connect to a WLAN network, mainly using the 2.4 GHz and 5 GHz radio bands. Wi-Fi can apply to products that use any 802.11 standard. uplink profile settings described in Table 1.

Table 1: Wi-Fi Uplink Profile Parameters

Parameter

Description

General

ESSID Extended Service Set Identifier. ESSID refers to the ID used for identifying an extended service set.

Enter the required ESSID Extended Service Set Identifier. ESSID refers to the ID used for identifying an extended service set. to which the client is associated.

BSSID Basic Service Set Identifier. The BSSID identifies a particular BSS within an area. In infrastructure BSS networks, the BSSID is the MAC address of the AP. In independent BSS or ad hoc networks, the BSSID is generated randomly.

(Optional) Enter the required BSSID Basic Service Set Identifier. The BSSID identifies a particular BSS within an area. In infrastructure BSS networks, the BSSID is the MAC address of the AP. In independent BSS or ad hoc networks, the BSSID is generated randomly. to which the client is associated.

Allowed band Band refers to a specified range of frequencies of electromagnetic radiation.

Select one of the following radio band Band refers to a specified range of frequencies of electromagnetic radiation.(s) on which the Wi-Fi Wi-Fi is a technology that allows electronic devices to connect to a WLAN network, mainly using the 2.4 GHz and 5 GHz radio bands. Wi-Fi can apply to products that use any 802.11 standard. uplink is used:

Default: all

Security

Encryption

Select one of the following data encryption types:

Default: opensystem.

WEP Wired Equivalent Privacy. WEP is a security protocol that is specified in 802.11b and is designed to provide a WLAN with a level of security and privacy comparable to what is usually expected of a wired LAN.  Key 1

Enter the first static WEP Wired Equivalent Privacy. WEP is a security protocol that is specified in 802.11b and is designed to provide a WLAN with a level of security and privacy comparable to what is usually expected of a wired LAN. key associated with this key index. Can be 10 or 26 hex characters in length.

Re-enter the key in the Retype text box.

WEP Wired Equivalent Privacy. WEP is a security protocol that is specified in 802.11b and is designed to provide a WLAN with a level of security and privacy comparable to what is usually expected of a wired LAN.  Key 2

Enter the second static WEP Wired Equivalent Privacy. WEP is a security protocol that is specified in 802.11b and is designed to provide a WLAN with a level of security and privacy comparable to what is usually expected of a wired LAN. key associated with this key index. Can be 10 or 26 hex characters in length.

Re-enter the key in the Retype text box.

WEP Wired Equivalent Privacy. WEP is a security protocol that is specified in 802.11b and is designed to provide a WLAN with a level of security and privacy comparable to what is usually expected of a wired LAN.  Key 3

Enter the third static WEP Wired Equivalent Privacy. WEP is a security protocol that is specified in 802.11b and is designed to provide a WLAN with a level of security and privacy comparable to what is usually expected of a wired LAN. key associated with this key index. Can be 10 or 26 hex characters in length.

Re-enter the key in the Retype text box.

WEP Wired Equivalent Privacy. WEP is a security protocol that is specified in 802.11b and is designed to provide a WLAN with a level of security and privacy comparable to what is usually expected of a wired LAN.  Key 4

Enter the fourth static WEP Wired Equivalent Privacy. WEP is a security protocol that is specified in 802.11b and is designed to provide a WLAN with a level of security and privacy comparable to what is usually expected of a wired LAN. key associated with this key index. Can be 10 or 26 hex characters in length.

Re-enter the key in the Retype text box.

WEP Wired Equivalent Privacy. WEP is a security protocol that is specified in 802.11b and is designed to provide a WLAN with a level of security and privacy comparable to what is usually expected of a wired LAN. Transmit Key Index

Enter the key index to specify which static WEP Wired Equivalent Privacy. WEP is a security protocol that is specified in 802.11b and is designed to provide a WLAN with a level of security and privacy comparable to what is usually expected of a wired LAN. key is to be used. Can be 1, 2, 3, or 4.

WPA Wi-Fi Protected Access. WPA is an interoperable wireless security specification subset of the IEEE 802.11 standard. This standard provides authentication capabilities and uses TKIP for data encryption. Hexkey

Configure a WPA Wi-Fi Protected Access. WPA is an interoperable wireless security specification subset of the IEEE 802.11 standard. This standard provides authentication capabilities and uses TKIP for data encryption. Pre-Shared Key (PSK Pre-shared key. A unique shared secret that was previously shared between two parties by using a secure channel. This is used with WPA security, which requires the owner of a network to provide a passphrase to users for network access. ). This key must be of 64 hexadecimal characters. Re-enter the key in the Retype text box.

WPA Wi-Fi Protected Access. WPA is an interoperable wireless security specification subset of the IEEE 802.11 standard. This standard provides authentication capabilities and uses TKIP for data encryption. Passphrase

Configure the WPA Wi-Fi Protected Access. WPA is an interoperable wireless security specification subset of the IEEE 802.11 standard. This standard provides authentication capabilities and uses TKIP for data encryption. password that generates the PSK Pre-shared key. A unique shared secret that was previously shared between two parties by using a secure channel. This is used with WPA security, which requires the owner of a network to provide a passphrase to users for network access. . The passphrase must be between 8–63 characters, inclusive. Re-enter the password in the Retype text box.

The following CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. commands configure an AP with a Wi-Fi Wi-Fi is a technology that allows electronic devices to connect to a WLAN network, mainly using the 2.4 GHz and 5 GHz radio bands. Wi-Fi can apply to products that use any 802.11 standard. uplink profile:

(host)[mynode](config)# ap wifi-uplink-profile test-uplink

(host)[mynode](WiFi uplink profile "test-uplink")# essid uplink-new

(host)[mynode](WiFi uplink profile "test-uplink")# wpa-passphrase ********

(host)[mynode](WiFi uplink profile "test-uplink")# opmode personal

(host)[mynode](WiFi uplink profile "test-uplink")# exit

Provisioning an AP with Wi-Fi Uplink

The following procedure describes how to provision an Aruba AP with the Wi-Fi Wi-Fi is a technology that allows electronic devices to connect to a WLAN network, mainly using the 2.4 GHz and 5 GHz radio bands. Wi-Fi can apply to products that use any 802.11 standard. uplink:

  1. In a Managed Network node hierarchy, navigate to Configuration > Access Points.
  2. In the Campus APs tab, select the new AP from the Campus APs list, then click Provision.
  3. In the AP provisioning section, click the AP Group drop-down list and select the AP group to which the Aruba AP should be assigned.
  4. In Controller discovery, select Use AP discovery protocol (ADP) if you want to provide the AP with its managed device IP address, or select Static to manually define the managed device IP for that AP. If you select the Static option, you are prompted to enter the managed device's DNS Domain Name System. A DNS server functions as a phone book for the intranet and Internet users. It converts human-readable computer host names into IP addresses and IP addresses into host names. It stores several records for a domain name such as an address 'A' record, name server (NS), and mail exchanger (MX) records. The Address 'A' record is the most important record that is stored in a DNS server, because it provides the required IP address for a network peripheral or element. name or IP address.
  5. In IP, select DHCP if you have configured a DHCP Dynamic Host Configuration Protocol. A network protocol that enables a server to automatically assign an IP address to an IP-enabled device from a defined range of numbers configured for a given network.  server to provide the AP with the AP IP address, or select Static to manually define the AP IP address. If you select the Static option, you are prompted to enter the following information for the selected AP:
  6. Select the WiFi uplink check box to enable Wi-Fi Wi-Fi is a technology that allows electronic devices to connect to a WLAN network, mainly using the 2.4 GHz and 5 GHz radio bands. Wi-Fi can apply to products that use any 802.11 standard. uplink on the AP.
  1. Click Submit.
  2. Click Pending Changes.
  3. In the Pending Changes window, select the check box and click Deploy Changes to re-provision the AP.

 

You must re-provision the AP to enable Wi-Fi Wi-Fi is a technology that allows electronic devices to connect to a WLAN network, mainly using the 2.4 GHz and 5 GHz radio bands. Wi-Fi can apply to products that use any 802.11 standard. uplink profile on the AP. Re-provisioning the AP causes it to automatically reboot.

The following animation displays how to provision an Aruba AP with Wi-Fi Wi-Fi is a technology that allows electronic devices to connect to a WLAN network, mainly using the 2.4 GHz and 5 GHz radio bands. Wi-Fi can apply to products that use any 802.11 standard. Uplink when you manually define the managed device IP for the AP in the WebUI:

The following CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. commands configure the Wi-Fi Wi-Fi is a technology that allows electronic devices to connect to a WLAN network, mainly using the 2.4 GHz and 5 GHz radio bands. Wi-Fi can apply to products that use any 802.11 standard. uplink profile in the AP group:

(host)[mynode](config)# ap-group wfu-test

Warning: WiFi uplink profile will not take effect until an AP is reprovisioned

(host)[mynode](AP group "wfu-test")# wifi-uplink-profile test-uplink priority 1

The following CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. commands provision the AP with Wi-Fi Wi-Fi is a technology that allows electronic devices to connect to a WLAN network, mainly using the 2.4 GHz and 5 GHz radio bands. Wi-Fi can apply to products that use any 802.11 standard. uplink profile:

(host)[mynode](config)# provision-ap

(host)[mynode](config-submode)# read-bootinfo ip-addr 192.168.244.2

(host)[mynode](config-submode)# link-priority-wifi 10

(host)[mynode](config-submode)# ap-group wfu-test

(host)[mynode](config-submode)# wifi-uplink

(host)[mynode](config-submode)# reprovision ip-addr 192.168.244.2

Uplink Load Balancing

WAN Wide Area Network. WAN is a telecommunications network or computer network that extends over a large geographical distance. traffic can be balanced across two or more active uplinks from a managed device to a VPN Virtual Private Network. VPN enables secure access to a corporate network when located remotely. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security, and management policies of the private network. This is done by establishing a virtual point-to-point connection through the use of dedicated connections, encryption, or a combination of the two. concentrator. The uplink load balancing feature supports both active and standby uplinks, so the traffic load is balanced across two wired uplinks, while the backup cellular uplink remains idle.

When a managed device has multiple active uplinks, uplink load balancing can modify the IKE Internet Key Exchange. IKE is a key management protocol used with IPsec protocol to establish a secure communication channel. IKE provides additional feature, flexibility, and ease of configuration for IPsec standard. parameters for the managed device to create multiple managed device/VPN Virtual Private Network. VPN enables secure access to a corporate network when located remotely. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security, and management policies of the private network. This is done by establishing a virtual point-to-point connection through the use of dedicated connections, encryption, or a combination of the two. concentrator IPsec Internet Protocol security. IPsec is a protocol suite for secure IP communications that authenticates and encrypts each IP packet in a communication session. tunnels, one on each uplink. Once multiple uplinks and IPsec Internet Protocol security. IPsec is a protocol suite for secure IP communications that authenticates and encrypts each IP packet in a communication session. tunnels are up, Layer-3 traffic can be load-balanced across these uplinks using specially created internal routing ACLs Access Control List. ACL is a common way of restricting certain types of traffic on a physical port. and nexthop lists.

Load Balancing ACLs

When uplink load balancing is enabled, any Layer-3 traffic session that is not associated to a manually defined routing ACL Access Control List. ACL is a common way of restricting certain types of traffic on a physical port. will be managed by two specially created, internal ACLs Access Control List. ACL is a common way of restricting certain types of traffic on a physical port. placed at the bottom of the routing ACL Access Control List. ACL is a common way of restricting certain types of traffic on a physical port. table; the editable ACL Access Control List. ACL is a common way of restricting certain types of traffic on a physical port. uplink-lb-cfg-racl, followed by the non-editable ACL Access Control List. ACL is a common way of restricting certain types of traffic on a physical port. uplink-lb-sys-racl.

Load Balancing Nexthop Lists

The uplink load balancing feature uses three special internally created nexthop lists:

Load-balance-gateways is used for load-balancing internet-bound traffic, and load-balance-ipsecs for managing encrypted traffic headed to the corporate headquarters. These nexthop lists include information about one nexthop gateway Gateway is a network node that allows traffic to flow in and out of the network. and one managed device / VPN Virtual Private Network. VPN enables secure access to a corporate network when located remotely. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security, and management policies of the private network. This is done by establishing a virtual point-to-point connection through the use of dedicated connections, encryption, or a combination of the two. concentrator IPsec Internet Protocol security. IPsec is a protocol suite for secure IP communications that authenticates and encrypts each IP packet in a communication session. tunnel for each uplink, which are added to these lists so all nexthops are considered active and are available for routing.

The third nexthop list created by this feature is traditional-ipsecs, which is created by the load balancing feature, and used by uplinks in active-standby mode to send control plane traffic from the managed device to the VPN Virtual Private Network. VPN enables secure access to a corporate network when located remotely. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security, and management policies of the private network. This is done by establishing a virtual point-to-point connection through the use of dedicated connections, encryption, or a combination of the two. concentrator.

Configuring the Uplink Manager

The following procedure describes how to disable or enable the uplink manager, and manage priorities for the wired and cellular connections. The uplink managed is enabled by default on managed device uplinks.

  1. In the Managed Network node hierarchy, navigate to the Configuration> Services > WAN tab
  2. Expand the Uplink accordion.
  3. Select the Compression check-box to enable WAN Wide Area Network. WAN is a telecommunications network or computer network that extends over a large geographical distance. compression .
  4. Select one of the following options from Loadbalancing Mode drop-down list.
    • Hash based: Hash-based load balancing uses information from the packets being sent (for example, the source IP address, destination IP address, protocol and port numbers to determine how to load balance that traffic).
    • Round Robin: Traffic is equally distributed to all the active uplinks.
    • Session Count: Traffic is balanced between the uplinks based upon the number of sessions managed by each link, so that the load for each active uplink stays within 5% of the other active uplinks.
  5. Click + in the Uplink VLANs table and enter the following values to define a uplink VLAN Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. for an uplink interface on the managed device.
  6. Click Submit.
  7. Click Pending Changes.
  8. In the Pending Changes window, select the check box and click Deploy Changes.

The following examples configure an uplink load-balancing solution using the Mobility Master command-line interface.

Step 1: Configure the VPN Virtual Private Network. VPN enables secure access to a corporate network when located remotely. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security, and management policies of the private network. This is done by establishing a virtual point-to-point connection through the use of dedicated connections, encryption, or a combination of the two. concentrator

If a managed device terminates a secure tunnel on a VPN Virtual Private Network. VPN enables secure access to a corporate network when located remotely. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security, and management policies of the private network. This is done by establishing a virtual point-to-point connection through the use of dedicated connections, encryption, or a combination of the two. concentrator, you can issue the vpn-peer peer-mac command on the VPN Virtual Private Network. VPN enables secure access to a corporate network when located remotely. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security, and management policies of the private network. This is done by establishing a virtual point-to-point connection through the use of dedicated connections, encryption, or a combination of the two. concentrator configuration to enable load balancing on secure uplinks between the VPN Virtual Private Network. VPN enables secure access to a corporate network when located remotely. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security, and management policies of the private network. This is done by establishing a virtual point-to-point connection through the use of dedicated connections, encryption, or a combination of the two. concentrator and a managed device.

The following CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. example enables uplinks between a managed device with the MAC Media Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. address 01:00:5E:00:00:FF and a VPN Virtual Private Network. VPN enables secure access to a corporate network when located remotely. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security, and management policies of the private network. This is done by establishing a virtual point-to-point connection through the use of dedicated connections, encryption, or a combination of the two. concentrator, this automatically enables load balancing:

(host)[node](config) #vpn-peer peer-mac 01:00:5E:00:00:FF cert-auth factory-cert

Step 2: Configure Wired and Cellular Uplinks

The following CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. commands configure the wired and cellular uplinks in the uplink manager:

(host) [node] (config) #uplink cellular uplink-id

(host) [node] (config) #uplink wired vlan

The uplink manager and load-balancing settings are enabled automatically when you configure the cellular or wired uplinks.

Step 3: (Optional) Configure Load Balancing Settings

The following CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. commands configure additional uplink load-balancing settings.

(host) [node] (config) #uplink load-balance ?

mode Configure load-balancing mode

threshold-limits Set threshold limits for load balancing