[c-nsp] Aruba AP70

Renelson Panosky panocisco77 at gmail.com
Tue Aug 28 15:44:11 EDT 2012

Hey Guys

Does anyone here are using Aruba 800 wireless controller and AP70 on
their network ?   I am setting this new wireless network with the
above equipments.  the wireless controllers are up on the network and
i can ping them, HTTPS to them however i can not get the APs to
register to the controller.

1) when i plug the APs to the switch they are getting an IP address
and I can ping them however it seemd like they're going up down (
switchports are going from amber to green).   do i need some kind of
special cable for the APs.  I went to configuration manual and follow
every step for the AP configuration and they are still not showing in

2) how do i provision the AP to communicate with the controller ?

controller config :

show run

Building Configuration...

version 2.4

enable secret "aa7891c511763a0428a019803059aeef65df5a3d3be23cc1"

enable "8L8E8N0T0Z0F8N5[5[8N"

hostname "aruba-master"

logging level warnings stm

clock summer-time UTC-5 recurring first sunday april 02:00 last sunday
october 02:00

clock timezone UTC -5

ip access-list session validuser

  any any any permit


vpn-dialer default-dialer

  ike authentication PRE-SHARE 218d0f532708d2c0a9963544c5733235dd78c9b696abed06


user-role ap-role


user-role pre-employee


user-role trusted-ap


user-role guest

--More-- (q) quit (u) pageup (/) search (n) repeat


user-role stateful-dot1x


user-role logon


aaa derivation-rules user

  set role condition essid equals "aruba-master" set-value pre-employee


aaa mgmt-authentication mode enable

aaa pubcookie-authentication


aaa dot1x enforce-machine-authentication

 mode disable


dot1x timeout wpa-key-timeout 1

interface mgmt



interface loopback

	ip address X.X.X.X


--More-- (q) quit (u) pageup (/) search (n) repeat

vlan 6

interface fastethernet 1/0

	description "fe1/0"


	switchport access vlan 6


interface fastethernet 1/1

	description "fe1/1"


	switchport access vlan 6


interface fastethernet 1/2

	description "fe1/2"


	switchport access vlan 6


interface fastethernet 1/3

	description "fe1/3"


--More-- (q) quit (u) pageup (/) search (n) repeat

	switchport access vlan 6


interface fastethernet 1/4

	description "fe1/4"


	switchport access vlan 6


interface fastethernet 1/5

	description "fe1/5"


	switchport access vlan 6


interface fastethernet 1/6

	description "fe1/6"


	switchport access vlan 6


interface fastethernet 1/7

	description "fe1/7"


--More-- (q) quit (u) pageup (/) search (n) repeat

	switchport access vlan 6


interface gigabitethernet  1/8

	description "gig1/8"


	switchport mode trunk


interface vlan 1


interface vlan 6

	ip address X.X.X.X X.X.X.X


ip default-gateway X.X.X.X

country US

ap location 0.0.0

ap-logging level informational snmpd

double-encrypt disable

--More-- (q) quit (u) pageup (/) search (n) repeat

ap-logging level informational sapd

ap-logging level warnings am

ap-logging level warnings stm

max-imalive-retries 10


opmode opensystem

mode ap_mode

authalgo opensystem

rts-threshhold 2333

tx-power 2

max-retries 4

dtim-period 1

max-clients 64

beacon-period 100

power-mgmt enable

ageout 1000

hide-ssid disable

deny-bcast disable

rf-band g

bootstrap-threshold 7

local-probe-response enable

max-tx-fail 0

forward-mode tunnel

native-vlan-id 1

--More-- (q) quit (u) pageup (/) search (n) repeat

arm assignment disable

arm client-aware enable

arm scanning disable

arm scan-time 110

arm scan-interval 10

arm multi-band-scan disable

arm voip-aware-scan enable

arm max-tx-power 4

arm rogue-ap-aware disable

voip call-admission-control disable

voip drop-sip-invite-for-cac disable

voip active-load-balancing disable

voip vocera-call-capacity 10

voip sip-call-capacity 10

voip svp-call-capacity 10

voip sccp-call-capacity 10

voip call-handoff-reservation 20

voip high-capacity-threshold 20

essid "XXX_Wireless"

vlan-id 6

weptxkey 1

ap-enable enable

  phy-type a

    channel 36

--More-- (q) quit (u) pageup (/) search (n) repeat

    rates 6,12,24

    txrates 6,9,12,18,24,36,48,54

    essid "aruba-master"

    vlan-id 6

    opmode opensystem

    deny-bcast enable

    hide-ssid disable


  phy-type g

    short-preamble enable

    channel 1

    rates 1,2

    txrates 1,2,5,11,6,9,12,18,24,36,48,54

    bg-mode mixed

    dtim-period 3



ap location 0.0.0

  phy-type enet1

    mode active-standby

    switchport mode access

    switchport access vlan 1

    switchport trunk native vlan 1

    switchport trunk allowed vlan ALL

--More-- (q) quit (u) pageup (/) search (n) repeat

    trusted disable




 general poll-interval 60000

 general poll-retries 2

 general ap-ageout-interval 30

 general sta-ageout-interval 30

 general ap-inactivity-timeout 5

 general sta-inactivity-timeout 60

 general grace-time 2000

 general laser-beam enable

 general laser-beam-debug disable

 general wired-laser-beam disable

 general stat-update enable

 general am-stats-update-interval 0

 ap-policy learn-ap enable

 ap-policy classification disable

 ap-policy protect-unsecure-ap enable

 ap-policy detect-misconfigured-ap disable

 ap-policy protect-misconfigured-ap disable

 ap-policy protect-mt-channel-split disable

 ap-policy protect-mt-ssid disable

 ap-policy detect-ap-impersonation disable

--More-- (q) quit (u) pageup (/) search (n) repeat

 ap-policy protect-ap-impersonation disable

 ap-policy beacon-diff-threshold 50

 ap-policy beacon-inc-wait-time 3

 ap-policy min-pot-ap-beacon-rate 25

 ap-policy min-pot-ap-monitor-time 2

 ap-policy protect-ibss disable

 ap-policy ap-load-balancing disable

 ap-policy ap-lb-max-retries 8

 ap-policy ap-lb-util-high-wm 90

 ap-policy ap-lb-util-low-wm 80

 ap-policy ap-lb-util-wait-time 30

 ap-policy ap-lb-user-high-wm 255

 ap-policy ap-lb-user-low-wm 230

 ap-policy persistent-known-interfering disable

 ap-config short-preamble disable

 ap-config privacy disable

 ap-config wpa disable

 station-policy protect-valid-sta disable

 station-policy handoff-assist disable

 station-policy rssi-falloff-wait-time 4

 station-policy low-rssi-threshold 20

 station-policy rssi-check-frequency 3

 station-policy detect-association-failure disable

 global-policy detect-bad-wep disable

--More-- (q) quit (u) pageup (/) search (n) repeat

 global-policy detect-interference disable

 global-policy interference-inc-threshold 100

 global-policy interference-inc-timeout 30

 global-policy interference-wait-time 30

 event-threshold fer-high-wm 0

 event-threshold fer-low-wm 0

 event-threshold frr-high-wm 16

 event-threshold frr-low-wm 8

 event-threshold flsr-high-wm 16

 event-threshold flsr-low-wm 8

 event-threshold fnur-high-wm 0

 event-threshold fnur-low-wm 0

 event-threshold frer-high-wm 16

 event-threshold frer-low-wm 8

 event-threshold ffr-high-wm 16

 event-threshold ffr-low-wm 8

 event-threshold bwr-high-wm 0

 event-threshold bwr-low-wm 0

 valid-11b-channel 1 mode enable

 valid-11b-channel 6 mode enable

 valid-11b-channel 11 mode enable

 valid-11a-channel 36 mode enable

 valid-11a-channel 40 mode enable

 valid-11a-channel 44 mode enable

--More-- (q) quit (u) pageup (/) search (n) repeat

 valid-11a-channel 48 mode enable

 valid-11a-channel 149 mode enable

 valid-11a-channel 153 mode enable

 valid-11a-channel 157 mode enable

 valid-11a-channel 161 mode enable

 valid-11a-channel 165 mode enable

 ids-policy signature-check disable

 ids-policy rate-check disable

 ids-policy dsta-check disable

 ids-policy sequence-check disable

 ids-policy mac-oui-check disable

 ids-policy eap-check disable

 ids-policy ap-flood-check disable

 ids-policy adhoc-check disable

 ids-policy wbridge-check disable

 ids-policy sequence-diff 300

 ids-policy sequence-time-tolerance 300

 ids-policy sequence-quiet-time 900

 ids-policy eap-rate-threshold 10

 ids-policy eap-rate-time-interval 60

 ids-policy eap-rate-quiet-time 900

 ids-policy ap-flood-threshold 50

 ids-policy ap-flood-inc-time 3

 ids-policy ap-flood-quiet-time 900

--More-- (q) quit (u) pageup (/) search (n) repeat

 ids-policy signature-quiet-time 900

 ids-policy dsta-quiet-time 900

 ids-policy adhoc-quiet-time 900

 ids-policy wbridge-quiet-time 900

 ids-policy mac-oui-quiet-time 900

 ids-policy rate-frame-type-param assoc channel-threshold 30

 ids-policy rate-frame-type-param assoc channel-inc-time 3

 ids-policy rate-frame-type-param assoc channel-quiet-time 900

 ids-policy rate-frame-type-param assoc node-threshold 30

 ids-policy rate-frame-type-param assoc node-time-interval 60

 ids-policy rate-frame-type-param assoc node-quiet-time 900

 ids-policy rate-frame-type-param disassoc channel-threshold 30

 ids-policy rate-frame-type-param disassoc channel-inc-time 3

 ids-policy rate-frame-type-param disassoc channel-quiet-time 900

 ids-policy rate-frame-type-param disassoc node-threshold 30

 ids-policy rate-frame-type-param disassoc node-time-interval 60

 ids-policy rate-frame-type-param disassoc node-quiet-time 900

 ids-policy rate-frame-type-param deauth channel-threshold 30

 ids-policy rate-frame-type-param deauth channel-inc-time 3

 ids-policy rate-frame-type-param deauth channel-quiet-time 900

 ids-policy rate-frame-type-param deauth node-threshold 20

 ids-policy rate-frame-type-param deauth node-time-interval 60

 ids-policy rate-frame-type-param deauth node-quiet-time 900

 ids-policy rate-frame-type-param probe-request channel-threshold 200

--More-- (q) quit (u) pageup (/) search (n) repeat

 ids-policy rate-frame-type-param probe-request channel-inc-time 3

 ids-policy rate-frame-type-param probe-request channel-quiet-time 900

 ids-policy rate-frame-type-param probe-request node-threshold 200

 ids-policy rate-frame-type-param probe-request node-time-interval 15

 ids-policy rate-frame-type-param probe-request node-quiet-time 900

 ids-policy rate-frame-type-param probe-response channel-threshold 200

 ids-policy rate-frame-type-param probe-response channel-inc-time 3

 ids-policy rate-frame-type-param probe-response channel-quiet-time 900

 ids-policy rate-frame-type-param probe-response node-threshold 150

 ids-policy rate-frame-type-param probe-response node-time-interval 15

 ids-policy rate-frame-type-param probe-response node-quiet-time 900

 ids-policy rate-frame-type-param auth channel-threshold 30

 ids-policy rate-frame-type-param auth channel-inc-time 3

 ids-policy rate-frame-type-param auth channel-quiet-time 900

 ids-policy rate-frame-type-param auth node-threshold 30

 ids-policy rate-frame-type-param auth node-time-interval 60

 ids-policy rate-frame-type-param auth node-quiet-time 900

 ids-signature "ASLEAP"

   mode enable

   frame-type beacon ssid asleap


 ids-signature "Null-Probe-Response"

   mode enable

   frame-type probe-response ssid-length 0

--More-- (q) quit (u) pageup (/) search (n) repeat


 ids-signature "AirJack"

   mode enable

   frame-type beacon ssid AirJack


 ids-signature "NetStumbler Generic"

   mode enable

   payload 0x00601d 3

   payload 0x0001 6


 ids-signature "NetStumbler Version 3.3.0x"

   mode enable

   payload 0x00601d 3

   payload 0x000102 12


 ids-signature "Deauth-Broadcast"

   mode enable

   frame-type deauth

   dst-mac ff:ff:ff:ff:ff:ff



site-survey calibration-max-packets 256

site-survey calibration-transmit-rate 500

site-survey rra-max-compute-time 600000

--More-- (q) quit (u) pageup (/) search (n) repeat

site-survey max-ha-neighbors 3

site-survey neighbor-tx-power-bump 2

site-survey ha-compute-time 0

arm min-scan-time 8

arm ideal-coverage-index 5

arm acceptable-coverage-index 2

arm wait-time 15

arm free-channel-index 25

arm backoff-time 240

arm error-rate-threshold 0

arm error-rate-wait-time 30

arm noise-threshold 0

arm noise-wait-time 120

ems server-ip

crypto isakmp groupname changeme

vpdn group l2tp

  ppp authentication PAP


--More-- (q) quit (u) pageup (/) search (n) repeat


location "Building1.floor1"


  parameters 60 buffer 32

  manager disable

  proxy-dhcp enable

  station-masquerade enable

  on-association disable

  trusted-roam disable

  ignore-l2-broadcast disable

  block-dhcp-release disable

  no new-user-roaming

  max-dhcp-requests 4

  secure 1000 shared-secret 4012c7accbe0f26bbb1703b4bf36dfa0



  local-ha disable



  home-agent parameters 1000 bindings 300

  secure-mobile spi 1000 3abd01a8027810fb5dad94d4bacadec7

  foreign-agent parameters 1100 bindings 300 pending 0 pending-time 300


--More-- (q) quit (u) pageup (/) search (n) repeat

syslocation "1501 Wilson BLVD"

syscontact "Christina Antonetti"

snmp-server new traps

vpdn group pptp

  no ppp authentication PAP

  ppp authentication MSCHAPv2


stm dos-prevention enable

stm vlan-mobility disable

stm strict-compliance enable

stm fast-roaming disable

stm sta-dos-prevention enable

stm sta-dos-block-time 3600

stm auth-failure-block-time 0

stm coverage-hole-detection disable

stm good-rssi-threshold 20

stm poor-rssi-threshold 10

stm hole-detection-interval 180

stm good-sta-ageout 30

stm idle-sta-ageout 90

stm ap-inactivity-timeout 15

--More-- (q) quit (u) pageup (/) search (n) repeat


adp discovery enable

adp igmp-join enable

adp igmp-vlan 0

voip prioritization enable

mgmt-role guest-provisioning

	description "This is Default Super User Role"

	permit local-userdb read write


mgmt-role root

	description "This is Default Super User Role"

	permit super-user


mgmt-user admin root b65b8ff25272bb5f9e17bea3f22d10e8560b34e4d81de262

no database synchronize

database synchronize rf-plan-data

--More-- (q) quit (u) pageup (/) search (n) repeat

ip igmp


ip router pim


ads netad mode disable

packet-capture-defaults tcp disable udp disable sysmsg disable other disable



More information about the cisco-nsp mailing list