Aruba 7005 User guide

ArubaOS 8.11.1.0 User Guide

Copyright Information

This product includes code licensed under certain open source licenses which require source

compliance. The corresponding source for these components is available upon request. This

offer is valid to anyone in receipt of this information and shall expire three years following the

date of the final distribution of this product version by Hewlett Packard Enterprise Company. To

obtain such source code, please check if the code is available in the HPE Software Center at

https://myenterpriselicense.hpe.com/cwp-ui/software but, if not, send a written request for

specific software version and product for which you want the open source code. Along with the

request, please send a check or money order in the amount of US $10.00 to:

Hewlett Packard Enterprise Company

Attn: General Counsel

WW Corporate Headquarters

1701 E Mossy Oaks Rd Spring, TX 77389

United States of America.

Contents

Contents 3

Revision History 14

About this Guide 15

What's New In ArubaOS 8.11.1.0 15

Fundamentals 17

JSON APIs 19

System Requirements 19

Supported Browsers 20

Related Documents 20

Conventions 21

Terminology Change 22

Contacting Support 22

Mobility Conductor Configuration Hierarchy 23

Understanding Configuration Hierarchy 23

Centralized Configuration 26

Configuration Validation 30

Serviceability 31

Mobility Conductor User Interface 32

MultiVersion Support 37

Important Points to Note 37

WebUI Support for Multiversion 37

The Basic User-Centric Networks 39

Understanding Basic Deployment and Configuration Tasks 39

Managed Devices Configuration Workflow 43

7200 Series Controllers Port Behavior 45

Using the LCD Screen 45

Configuring a VLAN to Connect to the Network 48

Configuring User-Centric Network 55

Replacing a Controller 56

Control Plane Security 61

Control Plane Security Overview 61

Configuring Control Plane Security 62

Managing AP Allowlists 63

Allowlist DB Optimization 70

Configuring Networks with a Backup Mobility Conductor 71

Replacing a Controller on a Multi-Controller Network 71

Troubleshooting Control Plane Security 72

Network Configuration Parameters 74

Campus WLAN Workflow 74

Understanding VLAN Assignments 75

ArubaOS 8.11.1.0 User Guide 3

Contents | 4

Configuring VLANs 77

Trusted and Untrusted Ports and VLANs 86

Assign an IPAddress to a VLAN 87

Configuring Trusted or Untrusted Ports and VLANs 91

Configuring the Mobility Conductor IP Address 92

Configuring the Loopback IP Address 93

Configuring Static IP Routes 94

GRE Tunnels 95

GRE Tunnel Groups 102

Jumbo Frame Support 103

PVST+ 106

RSTP 107

PortFast and BPDU Guard for Spanning Tree 109

LLDP 111

Port Channel Link Aggregation Control Protocol 115

Configuring Port Channel LACP 115

LACP Best Practices and Exceptions 116

LACP Sample Configuration 117

IPv6 Support 118

Native IPv6 Support 118

Supported Applications 120

Important Point to Remember 120

Enabling IPv6 121

Enabling IPv6 Support for Mobility Conductor and APs 121

Filtering an IPv6 Extension Header 131

Configuring a Captive Portal over IPv6 131

Working with IPv6 RAs 131

Centralized Licensing Support for IPv6 136

IPsec Support 139

RADIUS Over IPv6 149

TACACS Over IPv6 150

DHCPv6 Server 151

Understanding ArubaOS Supported Network Configuration for IPv6 Clients 157

Understanding Authentication and Firewall Features that Support IPv6 158

Understanding IPv6 Exceptions and Best Practices 163

OSPFv2 165

Important Points to Remember 165

Understanding OSPFv2 by Example using a WLAN Scenario 166

Understanding OSPFv2 by Example using a Branch Scenario 167

Configuring OSPF 168

Exporting VPN Client Addresses to OSPF 168

Sample Topology and Configuration 169

Tunneled Nodes 181

Understanding Tunneled Node Configuration 181

Configuration Procedures 182

Dynamic Segmentation 183

Authentication Servers 189

Configuring Authentication Servers and Server Groups 189

Understanding Authentication Server Best Practices and Exceptions 189

Understanding Servers and Server Groups 189

Configuring Authentication Servers 190

Configuring an LDAP Server 201

ArubaOS 8.11.1.0 User Guide 5

Configuring a TACACS+ Server 203

Configuring a Windows Server 204

Managing the Internal Database 205

Configuring Server Groups 205

Assigning Server Groups 212

Configuring Authentication Timers 216

Authentication Server Load Balancing 218

Testing a Configured Authentication Server 218

MAC-Based Authentication 220

Configuring MAC-Based Authentication 220

Configuring Clients 221

Multi Pre-Shared Key 222

Managed Devices at Branch Offices 224

Learn more about Managed Device Optimization 224

Managed Device Feature Overview 224

Zero-Touch Provisioning Overview 226

WAN Authentication Survivability Overview 230

Managed Device WAN Dashboard 235

Using ZTPto Provision a Managed Device 236

Using ZTPwith DHCPto Provision a Managed Device 241

Health Check Services for Managed Devices 242

WAN Optimization Through IP Payload Compression 243

WAN Interface Bandwidth Priorities 244

Uplink Monitoring and Load Balancing 245

Wi-Fi Uplink 245

Hub and Spoke VPN Configuration 248

IPRoutes Configuration 251

Uplink Routing using Next Hop Lists 252

Policy Based Routing 253

Address Pool Management 256

Configuring WAN Authentication Survivability 261

Preventing WANLink Failure on Virtual APs 262

Managed Node Integration with a Palo Alto Networks Portal 263

802.1X Authentication 266

Understanding 802.1X Authentication 266

Configuring 802.1X Authentication 269

Configuring and Using Certificates with AAA FastConnect 275

Configuring User and Machine Authentication 276

Working with Role Assignment with Machine Authentication Enabled 276

Enabling 802.1X Supplicant Support on an AP 278

Example Configurations 279

Performing Advanced Configuration Options for 802.1X 297

Application Single Sign-On Using L2 Authentication 298

Device Name as User Name for Non-802.1X Authentication 301

Enhanced Open Security 301

Support for WPA3 304

Stateful and WISPr Authentication 310

Stateful Authentication 310

WISPr Authentication 311

Stateful Authentication Best Practices 311

Configuring Stateful 802.1X Authentication 312

Configuring Stateful NT LAN Manager Authentication 313

Contents | 6

Configuring Stateful Kerberos Authentication 314

Configuring WISPr Authentication 316

Certificate Revocation 319

Understanding OCSP and CRL 319

Configuring the Mobility Conductor or Managed Device as an OCSP Client 320

Configuring the Mobility Conductor or Managed Device as a CRL Client 321

Configuring the Mobility Conductor or Managed Device as an OCSP Responder 323

Certificate Revocation Checking for SSH Pubkey Authentication 324

Captive Portal Authentication 327

Mobility Conductor-Managed Device 327

Stand-alone Controller 327

Understanding Captive Portal 327

Configuring Captive Portal in the Base Operating System 329

Configuring Captive Portal with a PEFNG License 331

Sample Authentication with Captive Portal 334

Configuring Guest VLANs 342

Configuring Captive Portal Authentication Profiles 343

Enabling Optional Captive Portal Configuration 348

Personalizing the Captive Portal Page 353

Creating and Installing an Internal Captive Portal 354

Creating Walled Garden Access 363

Enabling Captive Portal Enhancements 364

Configuring the Redirect-URL 365

Configuring the Login URL 365

Defining Netdestination Descriptions 365

Configuring a Allowlist 366

Viewing a Downloaded CPProfile 368

Bypassing Captive Portal Landing Page 369

Captive Portal Authentication in Bridge Mode 369

Controller Clustering 372

Requirements 372

Key Considerations 372

Support for Homogeneous Cluster 373

Support for Heterogeneous Cluster 373

Cluster Connection Types 374

Roles 375

Remote AP Support 376

IPv6 Cluster Support 376

Cluster Features 377

Authorization Server Interaction 379

APFailover to Different Cluster 381

Grouping Managed Devices Within a Cluster 382

APNode List 382

APmove 382

EST Support for Cluster 383

Remote AP Support with Cluster behind NAT 384

Deny Inter-User Bridging 385

VRRPIDand Passphrase 387

Cluster Configuration 388

Cluster Load Balancing 393

Cluster Deployment Scenarios 398

Upgrading Cluster 402

Troubleshooting Cluster 407

ArubaOS 8.11.1.0 User Guide 7

Dashboard Monitoring 413

Dashboard Pages 413

Overview 414

Infrastructure 424

Traffic Analysis 432

Security 443

Services 449

IoT Dashboard 452

WebUI Support for Users with ap-provisioning Role 454

MultiZone 457

Primary Zone and Data Zone 457

Functional Flow of a MultiZone AP 458

Important Points 458

Licenses for MultiZone 459

Hybrid CPsec, Mesh AP, and Mobility Controller Virtual Appliance Support for MultiZone 459

APLACPSupport for MultiZone 459

Client Match Support for MultiZone 459

Configuring MultiZone 460

Virtual Private Networks 463

Planning a VPN Configuration 463

Working with VPN Authentication Profiles 467

Configuring a Basic VPN for L2TP/IPsec 469

Configuring a VPN for L2TP/IPsec with IKEv2 475

Configuring a VPN with Postquantum Preshared Keys 480

Configuring a VPN for Smart Card Clients 481

Configuring a VPN for Clients with User Passwords 482

Configuring Remote Access VPNs for XAuth 484

Working with Remote Access VPNs for PPTP 485

Working with Site-to-Site VPNs 486

Session ACL on IPsec Map 495

Working with VPN Dialers 496

Roles and Policies 498

Firewall Policies 498

Creating a User Role 508

Workflow for Assigning a User Role 511

Understanding Global Firewall Parameters 517

AppRF 2.0 523

Workflow for configuring AppRF 2.0 523

Using an Exclude List 528

Debugging 530

Netdestination and Netservice Aliases 532

IPClassification-based Firewall 534

ClearPass Policy Manager Integration 537

Important Points to Remember 537

Enabling Downloadable Role on a Managed Device 538

Sample Configuration 539

Per-Command Authorization for Management Users 544

Include Domain Name for Username Based Policies 544

Configuring WLANs 545

Basic WLAN Configuration 545

WLAN Configuration Profiles 549

Contents | 8

Configuring the Virtual AP Profile 552

Manually Configuring the Virtual AP Profile 552

Modifying Profiles and Parameters Associated with AP Groups 558

Selective Multicast Streams 559

Changing a Virtual AP Forwarding Mode 559

Radio Resource (802.11k) and BSSTransition Management (802.11v) 560

Fast BSS Transition (802.11r) 568

WLAN SSIDProfiles 570

WLAN Authentication 578

RF Planning and Channel Management 581

RF Management for Mobility ConductorDeployments with Managed Devices 581

RF Management for Deployments with a Stand-alone Controller 581

AirMatch RF Management Overview 582

ClientMatch Overview 584

Configuring AirMatch 588

Configuring ClientMatch 591

RF Management for Stand-alone ControllerDeployments 593

802.11ad 598

ARM Coverage and Interference Metrics 599

Configuring ARM Profiles 600

Dynamic Bandwidth Switch 603

Zero-Wait Dynamic Frequency Selection 603

Troubleshooting ARM 604

Regulatory Domain Profile 605

Wireless Intrusion Prevention 607

Monitoring the Security Dashboard 607

Detecting Rogue APs 608

Working with Intrusion Detection 612

Configuring Intrusion Protection 623

Configuring the WLAN Management System 626

Understanding Client Denylisting 633

Working with WIP Advanced Features 636

Ghost Tunnel Attack Detection 641

Vendor Specific IE based Containment 643

Access Points 644

Before Deploying an AP 644

Duplicate Address Detection 649

Important Points to Remember 654

Basic Functions of an AP 655

AP Configuration Profiles 657

Converting APs to Instant APs 659

Configuring Installed APs 660

Validating and Optimizing AP Connectivity 663

APGroups 665

AP Image Preload 671

Enable and Configure AP Image Preload 672

View AP Preload Status 673

APDiscovery Logic 674

AP Channel Scanning 687

Managing AP Console Settings 689

Link Aggregation Support 693

2.4 GHz and 5 GHz Radio RF Management 697

Configuring 2.4 Ghz and 5 Ghz Radios 700

ArubaOS 8.11.1.0 User Guide 9

High-Throughput APs 713

High-Efficiency (HE) APs 720

HE Pooling and Automatic Tri-Radio 722

Loop Protection 726

Support for Port Bounce 728

AP Packet Capture 729

Green AP 730

Air Slice 732

Optional AP Configuration Settings 735

Important Points to Note 759

Disable AP Factory Reset 764

GPS Profile 765

6 GHz Radio 766

Important Points 766

Multiple BSSID 766

Channels in 6 GHz Radio 767

Configuring 6 GHz Radio 768

Secure Enterprise Mesh 786

Overview of Mesh Access Points 786

Overview of Mesh Links 790

Overview of Mesh Profiles 791

Overview of Remote Mesh Portals 795

Overview of AP Boot Sequence 796

Mesh Deployment Planning 797

Mesh Deployment Solutions 799

Mesh Configuration Procedures 801

Creating and Editing Mesh Radio Profiles 802

Creating and Editing Mesh High-Throughput SSID Profiles 807

Configuring Mesh Cluster Profiles 813

Configuring Mesh Clusters Associated with APGroups 817

Configuring Ethernet Ports for Mesh 821

Configuring a Mesh Access List 824

Provisioning Mesh Nodes 825

Radio Selection for Mesh Links 826

Verifying Your Mesh Network 827

Configuring Remote Mesh Portals 828

Increasing Network Uptime With Redundancy Services 831

Mobility Conductor Redundancy Methods 831

In the CLI 834

Verifying VRRPConfiguration 835

Logging and Debugging 836

In the WebUI 837

In the CLI 837

Verifying Conductor Redundancy 838

In the WebUI 838

In the CLI 839

APand User Redundancy Methods 846

Active/Active Deployment Model 848

1:1 Active/Standby Deployment Model 849

N:1 Active/Standby Deployment Model 849

Contents | 10

IP Mobility 862

Understanding Aruba Mobility Architecture 862

Configuring Mobility Domains 863

Tracking Mobile Users 865

Configuring Advanced Mobility Functions 867

Understanding Bridge Mode Mobility Deployments 876

Monitoring Network Traffic Using IP Flow Information Export 877

Enabling Mobility Multicast 880

External Firewall Configuration 885

Understanding Firewall Port Configuration in Aruba Devices 885

Enabling Network Access 886

Ports Used for VIA 886

Configuring Ports to Allow Other Traffic Types 887

Enhanced Security 888

Interoperability 888

Configuring PAPIEnhanced Security 888

Verifying PAPIEnhanced Security 889

Palo Alto Networks Firewall Integration 891

Pre-configuration on the PANFirewall 891

Configuring PAN Firewall Integration 893

Remote Access Points 898

About Remote Access Points 898

Configuring the Secure Remote AP Service 899

Deploying a Branch or Home Office Solution 906

Bringing up Certificate-Based Remote AP in VMC 912

Remote AP Advanced Configuration Options 913

Understanding Split Tunneling 928

Understanding Bridge 935

Provisioning Wi-Fi Multimedia 940

Reserving Uplink Bandwidth 940

Provisioning 4G USB Modems on Remote APs 941

Provisioning Remote AP at Home 945

Converting an Instant AP to Remote AP or Campus AP 948

Enabling Bandwidth Contract Support for Remote APs 949

Applying Contracts Per-Role 950

Applying Contracts Per-User 950

Virtual Intranet Access 953

License Requirements 953

Marking Outgoing Packets with ToS Bits 954

VIA Client Audit 954

VIA VPNClient Visibility 954

VIA VPN Client Capability 954

VIA Unique Identifier 955

VIA VPN Client Authentication 955

VIA Tunneled Network Limit 955

VIA VPN Sessions 955

Spectrum Analysis 957

Understanding Spectrum Analysis 957

Creating Spectrum Monitors and Hybrid APs 962

Spectrum Analysis Tasks 964

ArubaOS 8.11.1.0 User Guide 11

Configuring Spectrum Analysis Dashboards 968

Customizing Spectrum Analysis Graphs 970

Working with Non-Wi-Fi Interferers 984

Understanding Spectrum Analysis Session Log 985

Viewing Spectrum Analysis Data 985

Recording Spectrum Analysis Data 986

Automatic Reporting (PhoneHome) 990

Registering with Activate 990

Configuring PhoneHome Automatic Reporting 991

Sending Reports to Activate vs. SMTP Servers 992

Sending an Individual Report 993

Viewing Report Status 994

PhoneHome-Lite 994

Management Access 996

Configuring Certificate Authentication for WebUI Access 996

Secure Shell 997

Enabling RADIUS Server Authentication 1000

Connecting to AirWave Server 1007

Custom Certificate Support for Remote AP 1011

Implementing Specific Management Password Policy 1013

Configuring Centralized Image Upgrades 1016

Managing Certificates 1032

Certificate Enrollment Using EST 1039

Activate an ESTprofile using the CLI 1042

Configuring SNMP 1043

SNMP Parameters 1043

MIB Files 1046

Enabling Capacity Alerts 1046

Configuring Logging 1047

Syslog Files 1050

Enabling Guest Provisioning 1051

Username and Password Authentication Method 1056

Static Authentication Method 1056

Smart Card Authentication Method 1056

Username and Password Method 1057

Static Authentication Method 1057

Smart Card Authentication Method 1057

Creating Multiple Guest Entries in CSV File 1060

Importing CSV File into Database 1061

Printing Guest Account Information 1064

Managing Files on Managed Device 1066

SCP Server Support 1070

Setting System Clock 1072

ClearPass Policy Manager Profiling with IF-MAP 1075

Allowlist Synchronization 1076

Downloadable Regulatory Table 1076

Infrastructure for Supporting Database Upgrade 1078

Configuring Concurrent Sessions 1079

Implementing Management User Audits 1079

Implementing Password Validation 1080

Maintaining Standard Mandatory Notice and Consent Banner 1080

Zeroizing TPM Keys 1080

Contents | 12

Hotspot 2.0 1082

Hotspot Profile Configuration Tasks 1082

Access Network Query Protocol 1082

Hotspot Profile Types 1083

Configuring Hotspot 2.0 Profiles 1084

Configuring Hotspot Advertisement Profiles 1089

Configuring ANQP Venue Name Profiles 1091

Configuring ANQP Network Authentication Profiles 1093

Configuring ANQP Domain Name Profiles 1094

Configuring ANQP IPAddress Availability Profiles 1095

Configuring ANQPNAIRealm Profiles 1096

Configuring ANQP Roaming Consortium Profiles 1098

Configuring ANQP 3GPP Cellular Network Profiles 1099

Configuring H2QP Connection Capability Profiles 1100

Configuring H2QP Operator Friendly Name Profiles 1102

Configuring H2QP Operating Class Indication Profiles 1102

Configuring H2QP WAN Metrics Profiles 1103

SDN Controller 1105

Southbound Interface 1105

SDN Controller Configuration on Mobility Conductor 1106

SDN Platform Services 1107

Northbound API 1115

OpenFlow Agent 1129

Enabling SDN Controller on Mobility Conductor 1129

Configuring OpenFlow Agent on Managed devices 1130

Viewing OpenFlow Information 1132

Loadable Service Module 1133

Service Modules 1133

Service Packages 1133

Upgrading a Service Module 1133

Troubleshooting 1135

Voice and Video 1137

Voice and Video License Requirements 1137

Configuring Voice and Video 1137

Working with QoS for Voice and Video 1148

UCC 1154

Understanding Extended Voice and Video Features 1191

Microsoft Teams 1197

WebRTC Prioritization 1197

IoT 1206

IoT Concepts 1206

IoT Configuration 1219

IoTUser Case Sample Configuration 1241

IoT Dashboard 1253

AirGroup 1255

AirGroup Enhancements 1255

Zero Configuration Networking 1258

AirGroup Solution 1258

AirGroup in ArubaOS 1259

AirGroup Services 1259

ArubaOS 8.11.1.0 User Guide 13

AirGroup Modes 1260

AirGroup Deployment Models 1261

Deprecated AirGroup Features 1261

AirGroup Features 1262

AirGroup-ClearPass Policy Manager Behavior 1267

Prerequisites to Enable AirGroup 1272

Configuring AirGroup 1275

Best Practices and Limitations 1279

Troubleshooting and Log Messages 1282

External Services Interface 1285

Sample ESI Topology 1285

Understanding the ESI Syslog Parser 1287

Configuring ESI 1289

Sample Route-Mode ESI Topology 1298

Sample NAT-mode ESI Topology 1302

Understanding BRE Syntax 1306

External User Management 1309

Before you Begin 1309

How the ArubaOS XML API Works 1309

Configuring an XML Server 1309

Creating an XML Request 1310

XML Response 1313

Using the XML API Server 1316

Behavior and Defaults 1323

Understanding Mode Support 1323

Understanding Basic System Defaults 1324

Understanding Default Management User Roles 1332

Understanding Default Open Ports 1335

DHCP with Vendor-Specific Options 1339

Configuring a Windows-Based DHCP Server 1339

Enabling DHCP Relay Agent Information Option (Option-82) 1341

Enabling DHCPv6 Relay-Option (Option 18 and Option 37) 1345

Enabling Linux DHCP Servers 1348

802.1X Configuration for IAS and Windows Clients 1349

Configuring Microsoft IAS 1349

Configuring Management Authentication Using IAS 1351

Windows XP Wireless Client Sample Configuration 1354

Revision History | 14

Revision History

The following table lists the revisions of this document.

Revision Change Description

Revision 01 Initial release.

Table 1: Revision History

Chapter 1

About this Guide

This User Guide describes the features supported in ArubaOS 8.x and provides instructions and

examples to configure Mobility Conductor, managed devices, and access points. This guide is intended

for system administrators responsible for configuring and maintaining wireless networks and assumes

administrator knowledge in Layer 2 and Layer 3 networking technologies.

Throughout this document, branch controller and local controller are termed as a managed device.

This chapter covers the following topics:

nWhat's New In ArubaOS 8.11.1.0 on page 15

nFundamentals on page 17

nSystem Requirements on page 19

nSupported Browsers on page 20

nRelated Documents on page 20

nConventions on page 21

nContacting Support on page 22

What's New In ArubaOS 8.11.1.0

This section lists the new features, enhancements, or hardware platforms introduced in ArubaOS

8.11.1.0.

New Features

Enhancements Description

Enhancement to the show ap

monitor ap-list command

A new sub-parameter, verbose is added to the show ap monitor ap-list

ap-name <ap-name> command. The output of the show ap monitor

ap-list ap-name <ap-name> verbose command displays additional

information about flags and the flag, Wis introduced to identify the Wi-Fi

direct devices. This flag will be displayed only if the detection of WIFI-

Direct P2P groups is enabled in the IDS unauthorized device profile.

Configure Dump Auto

Uploading Profile

The dump-auto-uploading-profile parameter is introduced to configure

settings for automatically uploading dump files to the controller when

Transfer Enableis open and when the Server IP is not configured in the

dump collection profile.

Installation of ArubaOS Using

ISO Mounting

The ISO mounting procedure can now be used to install ArubaOS.

Table 2: New Features in ArubaOS 8.11.1.0

ArubaOS 8.11.1.0 User Guide 15

About this Guide | 16

Enhancements Description

Support for OVS-DPDK on KVM

Hypervisor

ArubaOS now provides support for configuring OVS-DPDK on Oracle

Linux 7.9 using KVM Hypervisor.

Support for UNII-4 Channels on

AP-615

ArubaOS provides support for UNII-4 channels (169-177) on 610 Series

access points (AP-615) only when the operational mode of the AP is set to

2.4GHz-and-5GHz static mode.

Hardware Description

503 Series Access Points—AP-503 The Aruba 503 Series access points (AP-503) are high performance,

dual-radio indoor access points that support the IEEE 802.11ax

standard for High Efficiency Wi-Fi, and can be deployed in either

controller-based (ArubaOS) or controller-less (Aruba Instant) network

environments. These APs deliver high performance 2.4 GHz and 5 GHz

802.11ax Wi-Fi (Wi-Fi 6) functionality with 2x2 radios, while also

supporting 802.11a, 802.11b, 802.11g, 802.11n, and 802.11ac wireless

services.

Additional features include:

nSpectrum analysis (dedicated or hybrid mode)

nWireless air monitor

n1000Base-T uplink Ethernet port

nIEEE 802.3af (class 3) PoE support

nMesh

nThermal shutdown function

For complete technical details and installation instructions, see Aruba

503 Series Access Points Installation Guide.

Table 3: New Hardware Platforms in ArubaOS 8.11.1.0

Check with your local Aruba sales representative on new managed devices and access points availability in

your country.

Deprecated APs

The following APs are no longer supported from ArubaOS 8.11.0.0 onwards.

AP Family AP Model

200 Series AP-204, AP-205

203H Series AP-203H

203R Series AP-203R, AP-203RP

205H Series AP-205H

207 Series AP-207

210 Series AP-214, AP-215

Table 4: Deprecated AP Platforms

ArubaOS 8.11.1.0 User Guide 17

AP Family AP Model

220 Series AP-224, AP-225

228 Series AP-228

270 Series AP-274, AP-275, AP-277

320 Series AP-324, AP-325

330 Series AP-334, AP-335

340 Series AP-344, AP-345

AP-387 AP-387

Table 4: Deprecated AP Platforms

Fundamentals

Mobility Conductor can be accessed through three different interfaces for maximum visibility and

functionality:

nWebUI on page 17

nCLI on page 17

nJSON APIs on page 19

WebUI

Mobility Conductor supports up to 320 simultaneous WebUI connections. The WebUI is accessible

through a standard Web browser from a remote management console or workstation. The WebUI

includes configuration tasks. The tasks are:

nProvision New APs— Campus AP or Remote AP configuration.

nCreate a New WLAN— Create and configure new WLAN(s) and associate with an APgroup.

nDefine WIP Policy— Define WIP policies and assign to AP groups.

nBulk Configuration Upload— The Bulk Edit template (in Excel sheet) on the managed device allows

you to specify the static IP assignment for individual managed devices.

nUpgrade Controllers— Upgrade the managed devices.

nReboot Controllers— Reboot the managed devices.

nShow Upgrade Status— Display the upgrade status of the managed devices.

In addition to the tasks, the WebUI includes a dashboard that provides enhanced visibility into your

wireless network’s performance and usage. This allows you to easily locate and diagnose WLAN issues.

For details on the WebUI Dashboard, see Dashboard Monitoring.

CLI

The CLI is a text-based interface accessible from a local console connected to the serial port on the

Mobility Conductor or managed device or through a Telnet or SSH session.

By default, you access the CLI from the serial port or from an SSH session. You must explicitly enable

Telnet on your Mobility Conductor in order to access the CLI via a Telnet session.

About this Guide | 18

nWhen entering commands remember that:

ncommands are not case sensitive

nthe space bar completes your partial keyword

nthe backspace key erases your entry one letter at a time

nthe question mark ( ? ) lists available commands and options

Important Points to Remember

nThe Mobility Conductor architecture spawns a new CLI session every time a user logs in to the CLI

through Telnet, SSH, or Console. Since each CLI session is processed independently, multiple

sessions do not block one another.

nSee the ArubaOS CLI Reference Guide for more information on the new commands and parameters

that are introduced to support new functions.

nConfigurations must be performed in the context of a node in the configuration hierarchy. Users with

the necessary privileges can change the node context on the CLI prompt.

nUsers are required to commit configurations on Mobility Conductor before the configurations can be

pushed and applied to the device.

Remote Telnet or SSH Session from Mobility Conductor

An administrator can initiate a remote telnet or SSH session from the Mobility Conductor to a remote

host. The host can be a Mobility Conductor, managed device, or a non-Aruba host.

This feature is supported from the SSH session of the Mobility Conductor.

To initiate a telnet session from the Mobility Conductor to a remote host:

1. Initiate an SSH session to the Mobility Conductor.

2. Execute the telnet <host> [port <port-num>] command.

host: IPv4 or IPv6 address of the remote host.

port <port-num>: Telnet port number of the remote host. This is an optional parameter.

1. Once successfully connected, the remote host prompts the credentials. Enter the remote host

credentials.

To initiate an SSH session from the Mobility Conductor to a remote host:

1. Initiate an SSH session to the Mobility Conductor.

2. Execute the ssh <username> <ip_addr> command.

username: Username of the remote host.

<ip-addr>: IPv4 or IPv6 address of the remote host.

Once successfully connected, the remote host prompts the credentials.

3. Enter the remote host credentials.

To end the remote host session, execute the exit command. The remote host displays the following

message:

(host) [remote] #exit

Connection closed by foreign host.

(host)[mynode]#

Important Points to Remember

ArubaOS 8.11.1.0 User Guide 19

nThe Mobility Conductor architecture spawns a new CLI session every time a user logs in to the CLI

through Telnet, SSH, or Console. Since each CLI session is processed independently, multiple

sessions do not block one another.

nNew commands and parameters have been added to support new functions and provide increased

visibility. See the ArubaOS CLI Reference Guide for more details.

nConfigurations must be performed in the context of a node in the configuration hierarchy. Users with

the necessary privileges can change the node context on the CLI prompt.

nUsers are required to commit configurations on Mobility Conductor before the configurations can be

pushed and applied to the device.

Limitations

This feature has few limitations. They are:

nThis feature is supported from the SSH session of only the Mobility Conductor.

nThere is an inactivity timeout for the CLI sessions. When an administrator initiates a remote session

(inner) from the Mobility Conductor’s SSH session (outer), and the remote session takes more time

than the inactivity timeout session, the outer session times out although the inner session is active.

The administrator has to log back in to the outer session once logged off from the inner session.

nDesignated telnet client control keys do not work for remote telnet sessions. When an administrator

initiates a remote telnet session (inner) from the Mobility Conductor’s SSH session (outer), the

designated telnet client control keys functions for the outer SSH session only. The administrator

should designate unique control keys for each remote telnet sessions.

Seamless Logon

The Seamless Logon feature enables you to login from the Mobility Conductor to a managed device

without entering a password. The user can remotely login from a centralized location (Mobility

Conductor) to any managed device and execute the show and action commands. To login to a managed

device, execute the logon <device-ip> command on the Mobility Conductor CLI:

(host) [mynode] #logon 192.0.2.22

Last login: Tue Jul 12 04:34:37 2016 from 192.0.2.81

(host-md) #

JSON APIs

JSON APIs are exposed for all configuration objects in Mobility Conductor and client location information

from the ALE. Configuration APIs allow users to send configurations to Mobility Conductor and view

those modifications through their own management system (CLI or WebUI). APIs in an operational state

are also exposed. ALE APIs return client location information through the ALEserver. Though most of

this data is structured in the JSON format, some data may be arranged in a pre-formatted string. For

more details on JSONAPIs, refer to the ArubaOS NBAPIGuide. For more information about ALE APIs, refer

to the Analytics and Location Engine APIGuide.

System Requirements

Listed below are the minimum Hypervisor host system requirements for ArubaOS to run as a guest VM

and the resources required for the VMto be functional:

It is not recommend to over subscribe the processors, memory, and NIC ports on the VM.

About this Guide | 20

Host Requirements

Aruba Mobil-

ity Conductor

Virtual Appli-

ance

Virtual Mobility Controller

Quad-core Core i5 1.9 GHz CPUs or

Faster (hyper-threading enabled)

Minimum 3

cores (6 hyper-

threading cores)

Minimum 2 cores (4 hyper-

threading cores)

Memory 16 GB 8 GB

Physical NIC ports

NOTE: One NICport is shared with the

host management and the second is

reserved for datapath.

2 2

Disk space 64 GB 32 GB

Table 5: System Requirements

Other Specifications

The Mobility Conductor runs on a virtual machine that is deployed through an OVF/OVA file.

Prerequisites for deploying the ArubaOS Mobility Conductor:

nvSphere Client 5.1 or 5.5 must be installed on a Windows machine. Support for vSphere Web Client

and vCenter is available on ESXi versions 6.0 and 6.5.

nvSphere Hypervisor 5.1, 5.5, 6.0, 6.5 or 7.0 must be installed on the server.

nAn OVF/OVA template must be accessible from the ESXi host.

nVMware Enterprise Plus license must be installed on the Hypervisor.

Supported Browsers

The following browsers are officially supported for use with the ArubaOS WebUI:

Web Browser Operating System

Microsoft Edge (Microsoft Edge 92.0.902.62 and

Microsoft EdgeHTML 18.19041) or later

nWindows 10 or later

nmacOS

Firefox 107.0.1 or later nWindows 10 or later

nmacOS

Apple Safari 15.4 (17613.1.17.1.13) or later nmacOS

Google Chrome 108.0.5359.71 or later nWindows 10 or later

nmacOS

Aruba 7005, 7010, 7210, 7240XMDC, 9004, 9004(RU), 9012, 9240, ArubaOS 8.11.1.0 User guide

Related papers

Other documents