Legal Disclaimer: The resource assets in this website may include abbreviated and/or legacy terminology for HPE Aruba Networking products. See www.arubanetworks.com for current and complete HPE Aruba Networking product lines and names.
Configuring Mesh IAPs
Mesh Network Overview
The mesh solution effectively expands and configures network coverage for outdoor and indoor enterprises in a wireless environment. The mesh network automatically reconfigures broken or blocked paths when traffic traverses across mesh Instant AP (IAP). This feature provides increased reliability by allowing the network to continue operating even when an IAP is non-functional or if the device fails to connect to the network.
A mesh network requires at least one valid wired or 3G Third Generation of Wireless Mobile Telecommunications Technology. See W-CDMA. uplink connection. The mesh network must be provisioned by plugging into the wired network for the first time.
Mesh IAPs
The IAPs that are configured for mesh can either operate as mesh portals or as mesh points based on the uplink type.
IAP as Mesh Portal
Any provisioned IAP that has a valid wired or 3G uplink connection functions as a mesh portal. A mesh portal acts as a gateway between the wireless mesh network and the enterprise wired LAN Local Area Network. A LAN is a network of connected devices within a distinct geographic area such as an office or a commercial establishment and share a common communications line or wireless link to a server.. The mesh roles are automatically assigned based on the IAP configuration. The mesh portal can also act as a virtual controller.
The mesh portal reboots after 5 minutes, when it loses its uplink connectivity to a wired network.
IAP as Mesh Point
The IAP without an ethernet link functions as a mesh point. The mesh point establishes an all-wireless path to the mesh portal and provides traditional WLAN Wireless Local Area Network. WLAN is a 802.11 standards-based LAN that the users access through a wireless connection. services such as client connectivity, IDS Intrusion Detection System. IDS monitors a network or systems for malicious activity or policy violations and reports its findings to the management system deployed in the network. capabilities, user role association, and QoS Quality of Service. It refers to the capability of a network to provide better service and performance to a specific network traffic over various technologies. for LAN-to-mesh communication to the clients, and performs mesh backhaul or network connectivity. The mesh points authenticate to the mesh portal and establish a secured link using AES Advanced Encryption Standard. AES is an encryption standard used for encrypting and protecting electronic data. The AES encrypts and decrypts data in blocks of 128 bits (16 bytes), and can use keys of 128 bits, 192 bits, and 256 bits. encryption.
- A mesh point also supports LAN bridging by connecting any wired device to the downlink port of the mesh point. In the case of single ethernet port platforms, you can convert the Eth0 uplink port to a downlink port by enabling Eth0 Bridging.
- Redundancy is observed in a mesh network when two Instant APs have valid uplink connections, and most mesh points try to mesh directly with one of the two portals.
There can be a maximum of eight mesh points per mesh portal in a mesh network. When mesh IAPs boot up, they detect the environment to locate and associate with their nearest neighbor. The mesh IAPs determine the best path to the mesh portal ensuring a reliable network connectivity.
In a dual-radio IAP, the 2.4 GHz Gigahertz. radio is always used for client traffic, and the 5 GHz radio is always used for both mesh-backhaul and client traffic.
Automatic Mesh Role Assignment
HPE Aruba Networking Central supports enhanced role detection during IAP boot-up and IAP running time. When a mesh point discovers that the Ethernet Ethernet is a network protocol for data transmission over LAN. 0 port link is up, it sends loop detection packets to check the availability of Ethernet 0 link. If the Ethernet 0 link is available, the mesh point reboots as a mesh portal. Else, the mesh point does not reboot.
Mesh Role Detection during System Boot-Up
If the ethernet link is down during Instant AP boot-up, the IAP acts as a mesh point. If the ethernet link is up, the IAP continues to detect if the network is reachable in the following scenarios:
- In a static IP address scenario, the IAP acts as a mesh portal if it successfully pings the gateway. Otherwise, it acts as a mesh point.
- In case of DHCP Dynamic Host Configuration Protocol. A network protocol that enables a server to automatically assign an IP address to an IP-enabled device from a defined range of numbers configured for a given network. , the IAP acts as a mesh portal when it obtains the IP address successfully. Otherwise, it acts as a mesh point.
- In case of IPv6, IAPs do not support the static IP address but only support DHCP for detection of network reachability.
If the IAP has a 3G or 4G Fourth Generation of Wireless Mobile Telecommunications Technology. See LTE. USB Universal Serial Bus. USB is a connection standard that offers a common interface for communication between the external devices and a computer. USB is the most common port used in the client devices. modem plugged, it always acts as a mesh portal. If the IAP is set to Ethernet 0 bridging, it always acts as a mesh point.
Mesh Role Detection during System Running Time
The mesh point uses the Loop Protection for Secure Jack Port feature to detect the loop when the ethernet is up. If the loop is detected, the IAP reboots. Otherwise, the IAP does not reboot and the mesh role continues to act as a mesh point.
Mesh Cluster Function
HPE Aruba Networking Central introduces the mesh cluster function for easy deployments of IAPs. You can configure the ID, password, and also provision IAPs to a specific mesh cluster.
In a cluster-based scenario, you can configure unlimited mesh profiles in a network. When an IAP boots up, it attempts to find a mesh cluster configuration. The IAP fetches a pre-existing mesh cluster configuration, if any. Otherwise, it uses the default mesh configuration in which the SSID Service Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network., password, and cluster name are generated by the virtual controller key.
IAPs that belong to the same mesh network can establish mesh links with each other. The IAPs can establish a mesh link in a standalone scenario also. However, the network role election does not take place in a standalone environment. Users can set the same mesh cluster configuration to establish mesh links with other networks. For more information on mesh cluster configuration, refer to the Mesh Instant AP Configuration chapter of Aruba Instant User Guide.
Setting up IAP Mesh Network
An IAP functioning as a mesh portal acts as a gateway between the wireless mesh network and the enterprise wired LAN. An IAP without an ethernet link functions as a mesh point and authenticates the mesh portal and establish a secured link using AES encryption. The best practice is to setup in a lab and test it before deploying and onboarding the APs. It is recommended to plug all the IAPs into the same VLAN Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. or subnet Subnet is the logical division of an IP network. to have Layer 2 communication.
To best practice to setup a wireless mesh link with bridged or trunk VLANs with a native VLAN other than VLAN 1 is to create a new group and assign the mesh APs into a separate group.
To set up is a wireless bridge between 2 locations with 3 VLANs and I want to remove the default VLAN 1 that is used on most switches.
-
Remove the default VLAN 1 that is assigned on most switches.
-
The DHCP server assigns the IP address to the APs.
-
The native VLAN and the device management VLAN will be 53.
-
The trunk VLAN for users will be 22.
VLAN 53 will be set on the wireless bridge SSID while creating the wireless network and will allow all VLANs on the wired interface. VLANs will be manually specified while configuring the wired interface properties. All the VLANs are used on the interface, but you can restrict to the necessary VLANs to stop unwanted traffic from traversing the wireless network. However, the VLAN is set to all interfaces as many customers would like to add VLANs across the interfaces once the network is in operation. When you set the VLAN to all the interfaces, it will be helpful in adding the VLANs on the switch interfaces as there is no need to re-configure the VLANs on the wireless bridge.
IAP Mesh Network Workflow
The provisioning of an IAP mesh network includes the following steps:
HPE Aruba Networking Central simplifies the configuration workflow for managed devices by allowing administrators to combine a set of devices into groups. A group in HPE Aruba Networking Central is the primary configuration element that functions as a container for device management, monitoring, and maintenance. UI groups refer to the device configuration that allows you to customize and manage configuration parameters using UI workflows. For more information on creating a group, see Creating a Group Persona with AOS-8 Architecture.
Move the IAPs from the default group or the unassigned groups to the mesh group. For more information on moving IAPs between groups, see Moving Instant Access Point(s) Between Groups.
Ensure to set up the username and password for the administrator. For more information on setting up the administrator credentials, see Modifying AP Administrator Credentials.
In the Access Points > System > General page, configure the following parameters:
-
Set Country code for group.
-
Timezone
-
Uplink switch native VLAN—Set the native VLAN to 53.
-
Extended SSID
For more information, see Configuring System Parameters for an IAP
To ensure that the IAPs are in the mesh group, set the filter in the WebUI to the newly created mesh group, and check the status of the device in the Access Points > List page. Also, check the synchronization status of the devices in the Access Points > Config Status page.
An SSID allows the devices to communicate via the wireless network. It is recommended to configure WPA3 for security. For more information, see Configuring Wireless Network Profiles on IAPs.
To ensure that the IAPs are in the mesh group after creating the WLAN SSID, set the filter in the WebUI to the newly created mesh group, and check the status of the device in the Access Points > List page. Also, check the synchronization status of the devices in the Access Points > Config Status page.
In the Access Points > Interfaces > Wired > Add Port Profile page, configure the following parameters:
-
In the General page, set the ports to Ethernet 0/0.
-
In the VLAN page, set the Mode as Trunk and Native VLAN as 53.
-
In the Security page, enable the Port Type Trusted toggle switch.
For more information, see Configuring Wired Networks on IAPs.
To set the mesh point AP as downlink, set the Eth0 mode to Downlink and the Uplink Management VLAN to 0. This sets the sets the far end AP to the mesh point as it searches for the WLAN interface as its uplink instead of its wired interface. For more information, see Configuring Access Points Parameters.
Ensure that the configuration status of the devices is in synchronized state, and then unplug the mesh point and plug it to the far end switch.