Aruba 7010 User guide

ArubaOS 8.11.2.0 User Guide

Copyright Information

This product includes code licensed under certain open source licenses which require source

compliance. The corresponding source for these components is available upon request. This

offer is valid to anyone in receipt of this information and shall expire three years following the

date of the final distribution of this product version by Hewlett Packard Enterprise Company. To

obtain such source code, please check if the code is available in the HPE Software Center at

https://myenterpriselicense.hpe.com/cwp-ui/software but, if not, send a written request for

specific software version and product for which you want the open source code. Along with the

request, please send a check or money order in the amount of US $10.00 to:

Hewlett Packard Enterprise Company

Attn: General Counsel

WW Corporate Headquarters

1701 E Mossy Oaks Rd Spring, TX 77389

United States of America.

Contents

Contents 3

Revision History 14

About this Guide 15

What's New In ArubaOS 8.11.2.0 15

Fundamentals 17

JSON APIs 20

System Requirements 20

Supported Browsers 21

Related Documents 21

Conventions 21

Terminology Change 22

Contacting Support 23

Mobility Conductor Configuration Hierarchy 24

Understanding Configuration Hierarchy 24

Centralized Configuration 27

Configuration Validation 31

Serviceability 32

Mobility Conductor User Interface 33

MultiVersion Support 38

Important Points to Note 38

WebUI Support for Multiversion 38

The Basic User-Centric Networks 40

Understanding Basic Deployment and Configuration Tasks 40

Managed Devices Configuration Workflow 44

7200 Series Controllers Port Behavior 46

Using the LCD Screen 47

Configuring a VLAN to Connect to the Network 49

Configuring User-Centric Network 56

Replacing a Controller 57

Control Plane Security 62

Control Plane Security Overview 62

Configuring Control Plane Security 63

Managing AP Allowlists 64

Allowlist DB Optimization 71

Configuring Networks with a Backup Mobility Conductor 72

Replacing a Controller on a Multi-Controller Network 72

Troubleshooting Control Plane Security 73

Network Configuration Parameters 75

Campus WLAN Workflow 75

Understanding VLAN Assignments 76

ArubaOS 8.11.2.0 User Guide 3

Contents | 4

Configuring VLANs 78

Trusted and Untrusted Ports and VLANs 87

Assign an IPAddress to a VLAN 88

Configuring Trusted or Untrusted Ports and VLANs 92

Configuring the Mobility Conductor IP Address 93

Configuring the Loopback IP Address 94

Configuring Static IP Routes 95

GRE Tunnels 96

GRE Tunnel Groups 103

Jumbo Frame Support 105

PVST+ 107

RSTP 108

PortFast and BPDU Guard for Spanning Tree 110

LLDP 112

Port Channel Link Aggregation Control Protocol 116

Configuring Port Channel LACP 116

LACP Best Practices and Exceptions 117

LACP Sample Configuration 118

IPv6 Support 119

Native IPv6 Support 119

Supported Applications 121

Important Point to Remember 121

Enabling IPv6 122

Enabling IPv6 Support for Mobility Conductor and APs 122

Filtering an IPv6 Extension Header 132

Configuring a Captive Portal over IPv6 132

Working with IPv6 RAs 132

Centralized Licensing Support for IPv6 137

IPsec Support 140

RADIUS Over IPv6 150

TACACS Over IPv6 151

DHCPv6 Server 152

Understanding ArubaOS Supported Network Configuration for IPv6 Clients 158

Understanding Authentication and Firewall Features that Support IPv6 159

Understanding IPv6 Exceptions and Best Practices 164

OSPFv2 166

Important Points to Remember 166

Understanding OSPFv2 by Example using a WLAN Scenario 167

Understanding OSPFv2 by Example using a Branch Scenario 168

Configuring OSPF 169

Exporting VPN Client Addresses to OSPF 169

Sample Topology and Configuration 170

Tunneled Nodes 182

Understanding Tunneled Node Configuration 182

Configuration Procedures 183

Dynamic Segmentation 184

Authentication Servers 190

Configuring Authentication Servers and Server Groups 190

Understanding Authentication Server Best Practices and Exceptions 190

Understanding Servers and Server Groups 190

Configuring Authentication Servers 191

Configuring an LDAP Server 202

ArubaOS 8.11.2.0 User Guide 5

Configuring a TACACS+ Server 204

Configuring a Windows Server 205

Managing the Internal Database 206

Configuring Server Groups 206

Assigning Server Groups 213

Configuring Authentication Timers 217

Authentication Server Load Balancing 219

Testing a Configured Authentication Server 219

MAC-Based Authentication 221

Configuring MAC-Based Authentication 221

Configuring Clients 222

Multi Pre-Shared Key 223

Managed Devices at Branch Offices 224

Learn more about Managed Device Optimization 224

Managed Device Feature Overview 224

Zero-Touch Provisioning Overview 226

WAN Authentication Survivability Overview 230

Managed Device WAN Dashboard 235

Using ZTPto Provision a Managed Device 236

Using ZTPwith DHCPto Provision a Managed Device 241

Health Check Services for Managed Devices 242

WAN Optimization Through IP Payload Compression 243

WAN Interface Bandwidth Priorities 244

Uplink Monitoring and Load Balancing 245

Wi-Fi Uplink 245

Hub and Spoke VPN Configuration 248

IPRoutes Configuration 251

Uplink Routing using Next Hop Lists 252

Policy Based Routing 253

Address Pool Management 256

Configuring WAN Authentication Survivability 261

Preventing WANLink Failure on Virtual APs 262

Managed Node Integration with a Palo Alto Networks Portal 263

802.1X Authentication 266

Understanding 802.1X Authentication 266

Configuring 802.1X Authentication 269

Configuring and Using Certificates with AAA FastConnect 275

Configuring User and Machine Authentication 276

Working with Role Assignment with Machine Authentication Enabled 276

Enabling 802.1X Supplicant Support on an AP 278

Example Configurations 279

Performing Advanced Configuration Options for 802.1X 297

Application Single Sign-On Using L2 Authentication 298

Device Name as User Name for Non-802.1X Authentication 301

Enhanced Open Security 301

Support for WPA3 304

Stateful and WISPr Authentication 310

Stateful Authentication 310

WISPr Authentication 311

Stateful Authentication Best Practices 311

Configuring Stateful 802.1X Authentication 312

Configuring Stateful NT LAN Manager Authentication 313

Contents | 6

Configuring Stateful Kerberos Authentication 314

Configuring WISPr Authentication 316

Certificate Revocation 319

Understanding OCSP and CRL 319

Configuring the Mobility Conductor or Managed Device as an OCSP Client 320

Configuring the Mobility Conductor or Managed Device as a CRL Client 321

Configuring the Mobility Conductor or Managed Device as an OCSP Responder 323

Certificate Revocation Checking for SSH Pubkey Authentication 324

Captive Portal Authentication 327

Mobility Conductor-Managed Device 327

Stand-alone Controller 327

Understanding Captive Portal 327

Configuring Captive Portal in the Base Operating System 329

Configuring Captive Portal with a PEFNG License 331

Sample Authentication with Captive Portal 334

Configuring Guest VLANs 342

Configuring Captive Portal Authentication Profiles 343

Enabling Optional Captive Portal Configuration 348

Personalizing the Captive Portal Page 353

Creating and Installing an Internal Captive Portal 354

Creating Walled Garden Access 363

Enabling Captive Portal Enhancements 364

Configuring the Redirect-URL 365

Configuring the Login URL 365

Defining Netdestination Descriptions 365

Configuring a Allowlist 366

Viewing a Downloaded CPProfile 368

Bypassing Captive Portal Landing Page 369

Captive Portal Authentication in Bridge Mode 370

Controller Clustering 372

Requirements 372

Key Considerations 372

Support for Homogeneous Cluster 373

Support for Heterogeneous Cluster 373

Cluster Connection Types 374

Roles 375

Remote AP Support 376

IPv6 Cluster Support 376

Cluster Features 377

Authorization Server Interaction 379

APFailover to Different Cluster 381

Grouping Managed Devices Within a Cluster 382

APNode List 382

APmove 382

EST Support for Cluster 383

Remote AP Support with Cluster behind NAT 384

Deny Inter-User Bridging 385

VRRPIDand Passphrase 387

Cluster Configuration 388

Cluster Load Balancing 393

Cluster Deployment Scenarios 398

Upgrading Cluster 402

Troubleshooting Cluster 407

ArubaOS 8.11.2.0 User Guide 7

Dashboard Monitoring 413

Dashboard Pages 413

Overview 414

Infrastructure 424

Traffic Analysis 432

Security 443

Services 449

IoT Dashboard 452

WebUI Support for Users with ap-provisioning Role 454

MultiZone 457

Primary Zone and Data Zone 457

Functional Flow of a MultiZone AP 458

Important Points 458

Licenses for MultiZone 459

Hybrid CPsec, Mesh AP, and Mobility Controller Virtual Appliance Support for MultiZone 459

APLACPSupport for MultiZone 459

Client Match Support for MultiZone 459

Configuring MultiZone 460

Virtual Private Networks 463

Planning a VPN Configuration 463

Working with VPN Authentication Profiles 467

Configuring a Basic VPN for L2TP/IPsec 469

Configuring a VPN for L2TP/IPsec with IKEv2 475

Configuring a VPN with Postquantum Preshared Keys 480

Configuring a VPN for Smart Card Clients 481

Configuring a VPN for Clients with User Passwords 482

Configuring Remote Access VPNs for XAuth 484

Working with Remote Access VPNs for PPTP 485

Working with Site-to-Site VPNs 486

Session ACL on IPsec Map 495

Working with VPN Dialers 496

Roles and Policies 498

Firewall Policies 498

Creating a User Role 508

Workflow for Assigning a User Role 511

Understanding Global Firewall Parameters 517

AppRF 2.0 523

Workflow for configuring AppRF 2.0 523

Using an Exclude List 528

Debugging 530

Netdestination and Netservice Aliases 532

IPClassification-based Firewall 534

ClearPass Policy Manager Integration 537

Important Points to Remember 537

Enabling Downloadable Role on a Managed Device 538

Sample Configuration 539

Per-Command Authorization for Management Users 544

Include Domain Name for Username Based Policies 544

Configuring WLANs 545

Basic WLAN Configuration 545

WLAN Configuration Profiles 549

Contents | 8

Configuring the Virtual AP Profile 552

Manually Configuring the Virtual AP Profile 552

Modifying Profiles and Parameters Associated with AP Groups 558

Selective Multicast Streams 559

Changing a Virtual AP Forwarding Mode 559

Radio Resource (802.11k) and BSSTransition Management (802.11v) 560

Fast BSS Transition (802.11r) 568

WLAN SSIDProfiles 570

WLAN Authentication 578

RF Planning and Channel Management 581

RF Management for Mobility ConductorDeployments with Managed Devices 581

RF Management for Deployments with a Stand-alone Controller 581

AirMatch RF Management Overview 582

ClientMatch Overview 584

Configuring AirMatch 588

Configuring ClientMatch 591

RF Management for Stand-alone ControllerDeployments 593

802.11ad 598

ARM Coverage and Interference Metrics 598

Configuring ARM Profiles 600

Dynamic Bandwidth Switch 603

Zero-Wait Dynamic Frequency Selection 603

Troubleshooting ARM 604

Regulatory Domain Profile 605

Wireless Intrusion Prevention 607

Monitoring the Security Dashboard 607

Detecting Rogue APs 608

Working with Intrusion Detection 612

Configuring Intrusion Protection 623

Configuring the WLAN Management System 626

Understanding Client Denylisting 633

Working with WIP Advanced Features 636

Ghost Tunnel Attack Detection 641

Vendor Specific IE based Containment 643

Access Points 644

Before Deploying an AP 644

Duplicate Address Detection 649

Important Points to Remember 654

Basic Functions of an AP 655

AP Configuration Profiles 657

Converting APs to Instant APs 659

Configuring Installed APs 660

Validating and Optimizing AP Connectivity 663

APGroups 665

AP Image Preload 671

Enable and Configure AP Image Preload 672

View AP Preload Status 673

APDiscovery Logic 674

AP Channel Scanning 687

Managing AP Console Settings 689

Link Aggregation Support 693

2.4 GHz and 5 GHz Radio RF Management 697

Configuring 2.4 Ghz and 5 Ghz Radios 701

ArubaOS 8.11.2.0 User Guide 9

High-Throughput APs 714

High-Efficiency (HE) APs 721

HE Pooling and Automatic Tri-Radio 723

Loop Protection 727

Support for Port Bounce 729

AP Packet Capture 730

Green AP 731

Air Slice 733

Optional AP Configuration Settings 736

Important Points to Note 760

Disable AP Factory Reset 765

GPS Profile 766

6 GHz Radio 767

Important Points 767

Multiple BSSID 767

Channels in 6 GHz Radio 768

Configuring 6 GHz Radio 769

Secure Enterprise Mesh 787

Overview of Mesh Access Points 787

Overview of Mesh Links 791

Overview of Mesh Profiles 792

Overview of Remote Mesh Portals 796

Overview of AP Boot Sequence 797

Mesh Deployment Planning 798

Mesh Deployment Solutions 800

Mesh Configuration Procedures 802

Creating and Editing Mesh Radio Profiles 803

Creating and Editing Mesh High-Throughput SSID Profiles 808

Configuring Mesh Cluster Profiles 814

Configuring Mesh Clusters Associated with APGroups 818

Configuring Ethernet Ports for Mesh 822

Configuring a Mesh Access List 825

Provisioning Mesh Nodes 826

Radio Selection for Mesh Links 827

Verifying Your Mesh Network 828

Configuring Remote Mesh Portals 829

Increasing Network Uptime With Redundancy Services 832

Mobility Conductor Redundancy Methods 832

In the CLI 835

Verifying VRRPConfiguration 836

Logging and Debugging 837

In the WebUI 838

In the CLI 838

Verifying Conductor Redundancy 839

In the WebUI 839

In the CLI 840

APand User Redundancy Methods 847

Active/Active Deployment Model 849

1:1 Active/Standby Deployment Model 850

N:1 Active/Standby Deployment Model 850

Contents | 10

IP Mobility 863

Understanding Aruba Mobility Architecture 863

Configuring Mobility Domains 864

Tracking Mobile Users 866

Configuring Advanced Mobility Functions 868

Understanding Bridge Mode Mobility Deployments 877

Monitoring Network Traffic Using IP Flow Information Export 878

Enabling Mobility Multicast 881

External Firewall Configuration 886

Understanding Firewall Port Configuration in Aruba Devices 886

Enabling Network Access 887

Ports Used for VIA 887

Configuring Ports to Allow Other Traffic Types 888

Enhanced Security 889

Interoperability 889

Configuring PAPIEnhanced Security 889

Verifying PAPIEnhanced Security 890

Palo Alto Networks Firewall Integration 892

Pre-configuration on the PANFirewall 892

Configuring PAN Firewall Integration 894

Remote Access Points 899

About Remote Access Points 899

Configuring the Secure Remote AP Service 900

Deploying a Branch or Home Office Solution 907

Bringing up Certificate-Based Remote AP in VMC 913

Remote AP Advanced Configuration Options 914

Understanding Split Tunneling 929

Understanding Bridge 937

Provisioning Wi-Fi Multimedia 941

Reserving Uplink Bandwidth 942

Provisioning 4G USB Modems on Remote APs 943

Provisioning Remote AP at Home 946

Converting an Instant AP to Remote AP or Campus AP 950

Enabling Bandwidth Contract Support for Remote APs 951

Applying Contracts Per-Role 952

Applying Contracts Per-User 952

Virtual Intranet Access 955

License Requirements 955

Marking Outgoing Packets with ToS Bits 956

VIA Client Audit 956

VIA VPNClient Visibility 956

VIA VPN Client Capability 956

VIA Unique Identifier 957

VIA VPN Client Authentication 957

VIA Tunneled Network Limit 957

VIA VPN Sessions 957

Spectrum Analysis 959

Understanding Spectrum Analysis 959

Creating Spectrum Monitors and Hybrid APs 964

Spectrum Analysis Tasks 966

ArubaOS 8.11.2.0 User Guide 11

Configuring Spectrum Analysis Dashboards 970

Customizing Spectrum Analysis Graphs 972

Working with Non-Wi-Fi Interferers 986

Understanding Spectrum Analysis Session Log 987

Viewing Spectrum Analysis Data 987

Recording Spectrum Analysis Data 988

Automatic Reporting (PhoneHome) 992

Registering with Activate 992

Configuring PhoneHome Automatic Reporting 993

Sending Reports to Activate vs. SMTP Servers 994

Sending an Individual Report 995

Viewing Report Status 996

PhoneHome-Lite 996

Management access 998

Configuring Certificate Authentication for WebUI Access 998

Secure Shell 999

Enabling RADIUS Server Authentication 1002

Connecting to AirWave Server 1009

Custom Certificate Support for Remote AP 1013

Implementing Specific Management Password Policy 1015

Configuring Centralized Image Upgrades 1018

Managing Certificates 1034

Certificate Enrollment Using EST 1041

Activate an ESTprofile using the CLI 1044

Configuring SNMP 1045

SNMP Parameters 1045

MIB Files 1048

Enabling Capacity Alerts 1048

Configuring Logging 1049

Syslog Files 1052

Enabling Guest Provisioning 1053

Username and Password Authentication Method 1058

Static Authentication Method 1058

Smart Card Authentication Method 1058

Username and Password Method 1059

Static Authentication Method 1059

Smart Card Authentication Method 1059

Creating Multiple Guest Entries in CSV File 1062

Importing CSV File into Database 1063

Printing Guest Account Information 1066

Managing Files on Managed Device 1068

SCP Server Support 1072

Setting System Clock 1074

ClearPass Policy Manager Profiling with IF-MAP 1077

Allowlist Synchronization 1078

Downloadable Regulatory Table 1078

Infrastructure for Supporting Database Upgrade 1080

Configuring Concurrent Sessions 1081

Implementing Management User Audits 1081

Implementing Password Validation 1082

Maintaining Standard Mandatory Notice and Consent Banner 1082

Zeroizing TPM Keys 1082

Contents | 12

Hotspot 2.0 1084

Hotspot Profile Configuration Tasks 1084

Access Network Query Protocol 1084

Hotspot Profile Types 1085

Configuring Hotspot 2.0 Profiles 1086

Configuring Hotspot Advertisement Profiles 1091

Configuring ANQP Venue Name Profiles 1093

Configuring ANQP Network Authentication Profiles 1095

Configuring ANQP Domain Name Profiles 1096

Configuring ANQP IPAddress Availability Profiles 1097

Configuring ANQPNAIRealm Profiles 1098

Configuring ANQP Roaming Consortium Profiles 1100

Configuring ANQP 3GPP Cellular Network Profiles 1101

Configuring H2QP Connection Capability Profiles 1102

Configuring H2QP Operator Friendly Name Profiles 1104

Configuring H2QP Operating Class Indication Profiles 1104

Configuring H2QP WAN Metrics Profiles 1105

SDN Controller 1107

Southbound Interface 1107

SDN Controller Configuration on Mobility Conductor 1108

SDN Platform Services 1109

Northbound API 1117

OpenFlow Agent 1131

Enabling SDN Controller on Mobility Conductor 1131

Configuring OpenFlow Agent on Managed devices 1132

Viewing OpenFlow Information 1134

Loadable Service Module 1135

Service Modules 1135

Service Packages 1135

Upgrading a Service Module 1135

Troubleshooting 1137

Voice and Video 1139

Voice and Video License Requirements 1139

Configuring Voice and Video 1139

Working with QoS for Voice and Video 1150

UCC 1156

Understanding Extended Voice and Video Features 1193

Microsoft Teams 1199

WebRTC Prioritization 1199

IoT 1208

IoT Concepts 1208

IoT Configuration 1221

IoTUser Case Sample Configuration 1243

IoT Dashboard 1255

AirGroup 1257

AirGroup Enhancements 1257

Zero Configuration Networking 1260

AirGroup Solution 1260

AirGroup in ArubaOS 1261

AirGroup Services 1261

ArubaOS 8.11.2.0 User Guide 13

AirGroup Modes 1262

AirGroup Deployment Models 1263

Deprecated AirGroup Features 1263

AirGroup Features 1264

AirGroup-ClearPass Policy Manager Behavior 1269

Prerequisites to Enable AirGroup 1274

Configuring AirGroup 1277

Best Practices and Limitations 1281

Troubleshooting and Log Messages 1284

External Services Interface 1287

Sample ESI Topology 1287

Understanding the ESI Syslog Parser 1289

Configuring ESI 1291

Sample Route-Mode ESI Topology 1300

Sample NAT-mode ESI Topology 1304

Understanding BRE Syntax 1308

External User Management 1311

Before you Begin 1311

How the ArubaOS XML API Works 1311

Configuring an XML Server 1311

Creating an XML Request 1312

XML Response 1315

Using the XML API Server 1318

Behavior and Defaults 1325

Understanding Mode Support 1325

Understanding Basic System Defaults 1327

Understanding Default Management User Roles 1334

Understanding Default Open Ports 1337

DHCP with Vendor-Specific Options 1341

Configuring a Windows-Based DHCP Server 1341

Enabling DHCP Relay Option-82 1343

Enabling DHCPv6 Relay Option 18 and Option 37 1347

Enabling Linux DHCP Servers 1350

802.1X Configuration for IAS and Windows Clients 1351

Configuring Microsoft IAS 1351

Configuring Management Authentication Using IAS 1353

Windows XP Wireless Client Sample Configuration 1356

Revision History | 14

Revision History

The following table lists the revisions of this document.

Revision Change Description

Revision 01 Initial release.

Table 1: Revision History

Chapter 1

About this Guide

This User Guide describes the features supported in ArubaOS 8.x and provides instructions and

examples to configure Mobility Conductor, managed devices, and access points. This guide is intended

for system administrators responsible for configuring and maintaining wireless networks and assumes

administrator knowledge in Layer 2 and Layer 3 networking technologies.

Throughout this document, branch controller and local controller are termed as a managed device.

This chapter covers the following topics:

nWhat's New In ArubaOS 8.11.2.0 on page 15

nFundamentals on page 17

nSystem Requirements on page 20

nSupported Browsers on page 21

nRelated Documents on page 21

nConventions on page 21

nContacting Support on page 23

What's New In ArubaOS 8.11.2.0

This section lists the new features, enhancements, or hardware platforms introduced in ArubaOS

8.11.2.0.

New Features

Enhancements Description

Wi-Fi Stats Enhancement Several 802.11ax performance metrics statistics have been enhanced in

this release.

Table 2: New Features in ArubaOS 8.11.2.0

Hardware Description

Support for AP-654 Access Points The AP-654 access point is the external antenna platform variant of the

650 Series, supporting two sets of antenna interfaces for 2.4 GHz and 5

GHz (A, left side) as well as 6 GHz (B, right side). The Aruba 650 Series

access points are high performance, multi-radio access points that can

Table 3: New Hardware Platforms in ArubaOS 8.11.2.0

Check with your local Aruba sales representative on new managed devices and access points availability in

your country.

ArubaOS 8.11.2.0 User Guide 15

About this Guide | 16

Hardware Description

be deployed in either controller-based (ArubaOS) or controller-less

(Aruba Instant) network environments. These APs deliver

comprehensive tri-band coverage across 2.4 GHz, 5 GHz, and 6 GHz

802.11ax Wi-Fi (Wi-Fi 6E) functionality with concurrent 4x4 MU-MIMO

radios for both uplink and downlink in the 5 GHz and 6 GHz bands,

while also supporting 802.11a, 802.11b, 802.11g, 802.11n, 802.11ac,

and 802.11ax wireless services.

Additional features include:

nUp to 7.8 Gbps combined peak datarate

nDual wired 5 Gbps Smart Rate ethernet ports for hitless failover

nOrthogonal Frequency Division Multiple Access (OFDMA)

nAruba Advanced Cellular Coexistence (ACC)

nIoT-ready (integrated Bluetooth 5 and 802.15.4 radio for Zigbee

support)

nUltra Tri-Band (UTB) filtering

nMaximum ratio combining (MRC)

nIntelligent Power Monitoring (IPM)

nDynamic frequency selection (DFS)

For complete technical details and installation instructions, see the

Aruba650 Series Access Points Installation Guide.

Support for AP-634 Access Points The AP-634 access point is the external antenna platform variant of the

630 Series, supporting two sets of antenna interfaces for 2.4 GHz and 5

GHz (A, left side) as well as 6 GHz (B, right side). The Aruba 630 Series

access points are high performance, multi-radio access points that can

be deployed in either controller-based (ArubaOS) or controller-less

(Aruba Instant) network environments. These APs deliver

comprehensive tri-band coverage across 2.4 GHz, 5 GHz, and 6 GHz

802.11ax Wi-Fi (Wi-Fi 6E) functionality with concurrent 2x2 MIMO radios

for both uplink and downlink in the 5 GHz and 6 GHz bands, while also

supporting 802.11a, 802.11b, 802.11g, 802.11n, 802.11ac, and 802.11ax

wireless services.

Additional features include:

nUp to 3.9 Gbps combined peak datarate

nDual wired 2.5 Gbps Smart Rate ethernet ports for hitless failover

nOrthogonal Frequency Division Multiple Access (OFDMA)

nAruba Advanced Cellular Coexistence (ACC)

nIoT-ready (integrated Bluetooth 5 and 802.15.4 radio for Zigbee

support)

Table 3: New Hardware Platforms in ArubaOS 8.11.2.0

Check with your local Aruba sales representative on new managed devices and access points availability in

your country.

ArubaOS 8.11.2.0 User Guide 17

Hardware Description

nUltra Tri-Band (UTB) filtering

nMaximum ratio combining (MRC)

nIntelligent Power Monitoring (IPM)

nDynamic frequency selection (DFS)

For complete technical details and installation instructions, see

theAruba630 Series Access Points Installation Guide.

Table 3: New Hardware Platforms in ArubaOS 8.11.2.0

Check with your local Aruba sales representative on new managed devices and access points availability in

your country.

Deprecated APs

The following APs are no longer supported from ArubaOS 8.11.0.0 onwards.

AP Family AP Model

200 Series AP-204, AP-205

203H Series AP-203H

203R Series AP-203R, AP-203RP

205H Series AP-205H

207 Series AP-207

210 Series AP-214, AP-215

220 Series AP-224, AP-225

228 Series AP-228

270 Series AP-274, AP-275, AP-277

320 Series AP-324, AP-325

330 Series AP-334, AP-335

340 Series AP-344, AP-345

AP-387 AP-387

Table 4: Deprecated AP Platforms

Fundamentals

Mobility Conductor can be accessed through three different interfaces for maximum visibility and

functionality:

About this Guide | 18

nWebUI on page 18

nCLI on page 18

nJSON APIs on page 20

WebUI

Mobility Conductor supports up to 320 simultaneous WebUI connections. The WebUI is accessible

through a standard Web browser from a remote management console or workstation. The WebUI

includes configuration tasks. The tasks are:

nProvision New APs— Campus AP or Remote AP configuration.

nCreate a New WLAN— Create and configure new WLAN(s) and associate with an APgroup.

nDefine WIP Policy— Define WIP policies and assign to AP groups.

nBulk Configuration Upload— The Bulk Edit template (in Excel sheet) on the managed device allows

you to specify the static IP assignment for individual managed devices.

nUpgrade Controllers— Upgrade the managed devices.

nReboot Controllers— Reboot the managed devices.

nShow Upgrade Status— Display the upgrade status of the managed devices.

In addition to the tasks, the WebUI includes a dashboard that provides enhanced visibility into your

wireless network’s performance and usage. This allows you to easily locate and diagnose WLAN issues.

For details on the WebUI Dashboard, see Dashboard Monitoring.

CLI

The CLI is a text-based interface accessible from a local console connected to the serial port on the

Mobility Conductor or managed device or through a Telnet or SSH session.

By default, you access the CLI from the serial port or from an SSH session. You must explicitly enable

Telnet on your Mobility Conductor in order to access the CLI via a Telnet session.

nWhen entering commands remember that:

ncommands are not case sensitive

nthe space bar completes your partial keyword

nthe backspace key erases your entry one letter at a time

nthe question mark ( ? ) lists available commands and options

Important Points to Remember

nThe Mobility Conductor architecture spawns a new CLI session every time a user logs in to the CLI

through Telnet, SSH, or Console. Since each CLI session is processed independently, multiple

sessions do not block one another.

nSee the ArubaOS CLI Reference Guide for more information on the new commands and parameters

that are introduced to support new functions.

nConfigurations must be performed in the context of a node in the configuration hierarchy. Users with

the necessary privileges can change the node context on the CLI prompt.

nUsers are required to commit configurations on Mobility Conductor before the configurations can be

pushed and applied to the device.

Remote Telnet or SSH Session from Mobility Conductor

ArubaOS 8.11.2.0 User Guide 19

An administrator can initiate a remote telnet or SSH session from the Mobility Conductor to a remote

host. The host can be a Mobility Conductor, managed device, or a non-Aruba host.

This feature is supported from the SSH session of the Mobility Conductor.

To initiate a telnet session from the Mobility Conductor to a remote host:

1. Initiate an SSH session to the Mobility Conductor.

2. Execute the telnet <host> [port <port-num>] command.

host: IPv4 or IPv6 address of the remote host.

port <port-num>: Telnet port number of the remote host. This is an optional parameter.

1. Once successfully connected, the remote host prompts the credentials. Enter the remote host

credentials.

To initiate an SSH session from the Mobility Conductor to a remote host:

1. Initiate an SSH session to the Mobility Conductor.

2. Execute the ssh <username> <ip_addr> command.

username: Username of the remote host.

<ip-addr>: IPv4 or IPv6 address of the remote host.

Once successfully connected, the remote host prompts the credentials.

3. Enter the remote host credentials.

To end the remote host session, execute the exit command. The remote host displays the following

message:

(host) [remote] #exit

Connection closed by foreign host.

(host)[mynode]#

Important Points to Remember

nThe Mobility Conductor architecture spawns a new CLI session every time a user logs in to the CLI

through Telnet, SSH, or Console. Since each CLI session is processed independently, multiple

sessions do not block one another.

nNew commands and parameters have been added to support new functions and provide increased

visibility. See the ArubaOS CLI Reference Guide for more details.

nConfigurations must be performed in the context of a node in the configuration hierarchy. Users with

the necessary privileges can change the node context on the CLI prompt.

nUsers are required to commit configurations on Mobility Conductor before the configurations can be

pushed and applied to the device.

Limitations

This feature has few limitations. They are:

nThis feature is supported from the SSH session of only the Mobility Conductor.

nThere is an inactivity timeout for the CLI sessions. When an administrator initiates a remote session

(inner) from the Mobility Conductor’s SSH session (outer), and the remote session takes more time

than the inactivity timeout session, the outer session times out although the inner session is active.

The administrator has to log back in to the outer session once logged off from the inner session.

nDesignated telnet client control keys do not work for remote telnet sessions. When an administrator

initiates a remote telnet session (inner) from the Mobility Conductor’s SSH session (outer), the

About this Guide | 20

designated telnet client control keys functions for the outer SSH session only. The administrator

should designate unique control keys for each remote telnet sessions.

Seamless Logon

The Seamless Logon feature enables you to login from the Mobility Conductor to a managed device

without entering a password. The user can remotely login from a centralized location (Mobility

Conductor) to any managed device and execute the show and action commands. To login to a managed

device, execute the logon <device-ip> command on the Mobility Conductor CLI:

(host) [mynode] #logon 192.0.2.22

Last login: Tue Jul 12 04:34:37 2016 from 192.0.2.81

(host-md) #

JSON APIs

JSON APIs are exposed for all configuration objects in Mobility Conductor and client location

information from the ALE. Configuration APIs allow users to send configurations to Mobility Conductor

and view those modifications through their own management system (CLI or WebUI). APIs in an

operational state are also exposed. ALE APIs return client location information through the ALEserver.

Though most of this data is structured in the JSON format, some data may be arranged in a pre-

formatted string. For more details on JSONAPIs, refer to the ArubaOS NBAPIGuide. For more

information about ALE APIs, refer to the Analytics and Location Engine APIGuide.

System Requirements

Listed below are the minimum Hypervisor host system requirements for ArubaOS to run as a guest VM

and the resources required for the VMto be functional:

It is not recommend to over subscribe the processors, memory, and NIC ports on the VM.

Host Requirements

Aruba Mobil-

ity Conductor

Virtual Appli-

ance

Virtual Mobility Controller

Quad-core Core i5 1.9 GHz CPUs or

Faster (hyper-threading enabled)

Minimum 3

cores (6 hyper-

threading cores)

Minimum 2 cores (4 hyper-

threading cores)

Memory 16 GB 8 GB

Physical NIC ports

NOTE: One NICport is shared with the

host management and the second is

reserved for datapath.

2 2

Disk space 64 GB 32 GB

Table 5: System Requirements

Other Specifications

The Mobility Conductor runs on a virtual machine that is deployed through an OVF/OVA file.

Page is loading ...

Aruba 7010 User guide

This manual is also suitable for

Aruba 7010 User guide