[c-nsp] Aruba AP70
Renelson Panosky
panocisco77 at gmail.com
Tue Aug 28 15:44:11 EDT 2012
Hey Guys
Does anyone here are using Aruba 800 wireless controller and AP70 on
their network ? I am setting this new wireless network with the
above equipments. the wireless controllers are up on the network and
i can ping them, HTTPS to them however i can not get the APs to
register to the controller.
1) when i plug the APs to the switch they are getting an IP address
and I can ping them however it seemd like they're going up down (
switchports are going from amber to green). do i need some kind of
special cable for the APs. I went to configuration manual and follow
every step for the AP configuration and they are still not showing in
controller.
2) how do i provision the AP to communicate with the controller ?
controller config :
show run
Building Configuration...
version 2.4
enable secret "aa7891c511763a0428a019803059aeef65df5a3d3be23cc1"
enable "8L8E8N0T0Z0F8N5[5[8N"
hostname "aruba-master"
logging level warnings stm
clock summer-time UTC-5 recurring first sunday april 02:00 last sunday
october 02:00
clock timezone UTC -5
ip access-list session validuser
any any any permit
!
vpn-dialer default-dialer
ike authentication PRE-SHARE 218d0f532708d2c0a9963544c5733235dd78c9b696abed06
!
user-role ap-role
!
user-role pre-employee
!
user-role trusted-ap
!
user-role guest
--More-- (q) quit (u) pageup (/) search (n) repeat
!
user-role stateful-dot1x
!
user-role logon
!
aaa derivation-rules user
set role condition essid equals "aruba-master" set-value pre-employee
!
aaa mgmt-authentication mode enable
aaa pubcookie-authentication
!
aaa dot1x enforce-machine-authentication
mode disable
!
dot1x timeout wpa-key-timeout 1
interface mgmt
shutdown
!
interface loopback
ip address X.X.X.X
!
--More-- (q) quit (u) pageup (/) search (n) repeat
vlan 6
interface fastethernet 1/0
description "fe1/0"
trusted
switchport access vlan 6
!
interface fastethernet 1/1
description "fe1/1"
trusted
switchport access vlan 6
!
interface fastethernet 1/2
description "fe1/2"
trusted
switchport access vlan 6
!
interface fastethernet 1/3
description "fe1/3"
trusted
--More-- (q) quit (u) pageup (/) search (n) repeat
switchport access vlan 6
!
interface fastethernet 1/4
description "fe1/4"
trusted
switchport access vlan 6
!
interface fastethernet 1/5
description "fe1/5"
trusted
switchport access vlan 6
!
interface fastethernet 1/6
description "fe1/6"
trusted
switchport access vlan 6
!
interface fastethernet 1/7
description "fe1/7"
trusted
--More-- (q) quit (u) pageup (/) search (n) repeat
switchport access vlan 6
!
interface gigabitethernet 1/8
description "gig1/8"
trusted
switchport mode trunk
!
interface vlan 1
!
interface vlan 6
ip address X.X.X.X X.X.X.X
!
ip default-gateway X.X.X.X
country US
ap location 0.0.0
ap-logging level informational snmpd
double-encrypt disable
--More-- (q) quit (u) pageup (/) search (n) repeat
ap-logging level informational sapd
ap-logging level warnings am
ap-logging level warnings stm
max-imalive-retries 10
bkplms-ip 0.0.0.0
opmode opensystem
mode ap_mode
authalgo opensystem
rts-threshhold 2333
tx-power 2
max-retries 4
dtim-period 1
max-clients 64
beacon-period 100
power-mgmt enable
ageout 1000
hide-ssid disable
deny-bcast disable
rf-band g
bootstrap-threshold 7
local-probe-response enable
max-tx-fail 0
forward-mode tunnel
native-vlan-id 1
--More-- (q) quit (u) pageup (/) search (n) repeat
arm assignment disable
arm client-aware enable
arm scanning disable
arm scan-time 110
arm scan-interval 10
arm multi-band-scan disable
arm voip-aware-scan enable
arm max-tx-power 4
arm rogue-ap-aware disable
voip call-admission-control disable
voip drop-sip-invite-for-cac disable
voip active-load-balancing disable
voip vocera-call-capacity 10
voip sip-call-capacity 10
voip svp-call-capacity 10
voip sccp-call-capacity 10
voip call-handoff-reservation 20
voip high-capacity-threshold 20
essid "XXX_Wireless"
vlan-id 6
weptxkey 1
ap-enable enable
phy-type a
channel 36
--More-- (q) quit (u) pageup (/) search (n) repeat
rates 6,12,24
txrates 6,9,12,18,24,36,48,54
essid "aruba-master"
vlan-id 6
opmode opensystem
deny-bcast enable
hide-ssid disable
!
phy-type g
short-preamble enable
channel 1
rates 1,2
txrates 1,2,5,11,6,9,12,18,24,36,48,54
bg-mode mixed
dtim-period 3
!
!
ap location 0.0.0
phy-type enet1
mode active-standby
switchport mode access
switchport access vlan 1
switchport trunk native vlan 1
switchport trunk allowed vlan ALL
--More-- (q) quit (u) pageup (/) search (n) repeat
trusted disable
!
!
wms
general poll-interval 60000
general poll-retries 2
general ap-ageout-interval 30
general sta-ageout-interval 30
general ap-inactivity-timeout 5
general sta-inactivity-timeout 60
general grace-time 2000
general laser-beam enable
general laser-beam-debug disable
general wired-laser-beam disable
general stat-update enable
general am-stats-update-interval 0
ap-policy learn-ap enable
ap-policy classification disable
ap-policy protect-unsecure-ap enable
ap-policy detect-misconfigured-ap disable
ap-policy protect-misconfigured-ap disable
ap-policy protect-mt-channel-split disable
ap-policy protect-mt-ssid disable
ap-policy detect-ap-impersonation disable
--More-- (q) quit (u) pageup (/) search (n) repeat
ap-policy protect-ap-impersonation disable
ap-policy beacon-diff-threshold 50
ap-policy beacon-inc-wait-time 3
ap-policy min-pot-ap-beacon-rate 25
ap-policy min-pot-ap-monitor-time 2
ap-policy protect-ibss disable
ap-policy ap-load-balancing disable
ap-policy ap-lb-max-retries 8
ap-policy ap-lb-util-high-wm 90
ap-policy ap-lb-util-low-wm 80
ap-policy ap-lb-util-wait-time 30
ap-policy ap-lb-user-high-wm 255
ap-policy ap-lb-user-low-wm 230
ap-policy persistent-known-interfering disable
ap-config short-preamble disable
ap-config privacy disable
ap-config wpa disable
station-policy protect-valid-sta disable
station-policy handoff-assist disable
station-policy rssi-falloff-wait-time 4
station-policy low-rssi-threshold 20
station-policy rssi-check-frequency 3
station-policy detect-association-failure disable
global-policy detect-bad-wep disable
--More-- (q) quit (u) pageup (/) search (n) repeat
global-policy detect-interference disable
global-policy interference-inc-threshold 100
global-policy interference-inc-timeout 30
global-policy interference-wait-time 30
event-threshold fer-high-wm 0
event-threshold fer-low-wm 0
event-threshold frr-high-wm 16
event-threshold frr-low-wm 8
event-threshold flsr-high-wm 16
event-threshold flsr-low-wm 8
event-threshold fnur-high-wm 0
event-threshold fnur-low-wm 0
event-threshold frer-high-wm 16
event-threshold frer-low-wm 8
event-threshold ffr-high-wm 16
event-threshold ffr-low-wm 8
event-threshold bwr-high-wm 0
event-threshold bwr-low-wm 0
valid-11b-channel 1 mode enable
valid-11b-channel 6 mode enable
valid-11b-channel 11 mode enable
valid-11a-channel 36 mode enable
valid-11a-channel 40 mode enable
valid-11a-channel 44 mode enable
--More-- (q) quit (u) pageup (/) search (n) repeat
valid-11a-channel 48 mode enable
valid-11a-channel 149 mode enable
valid-11a-channel 153 mode enable
valid-11a-channel 157 mode enable
valid-11a-channel 161 mode enable
valid-11a-channel 165 mode enable
ids-policy signature-check disable
ids-policy rate-check disable
ids-policy dsta-check disable
ids-policy sequence-check disable
ids-policy mac-oui-check disable
ids-policy eap-check disable
ids-policy ap-flood-check disable
ids-policy adhoc-check disable
ids-policy wbridge-check disable
ids-policy sequence-diff 300
ids-policy sequence-time-tolerance 300
ids-policy sequence-quiet-time 900
ids-policy eap-rate-threshold 10
ids-policy eap-rate-time-interval 60
ids-policy eap-rate-quiet-time 900
ids-policy ap-flood-threshold 50
ids-policy ap-flood-inc-time 3
ids-policy ap-flood-quiet-time 900
--More-- (q) quit (u) pageup (/) search (n) repeat
ids-policy signature-quiet-time 900
ids-policy dsta-quiet-time 900
ids-policy adhoc-quiet-time 900
ids-policy wbridge-quiet-time 900
ids-policy mac-oui-quiet-time 900
ids-policy rate-frame-type-param assoc channel-threshold 30
ids-policy rate-frame-type-param assoc channel-inc-time 3
ids-policy rate-frame-type-param assoc channel-quiet-time 900
ids-policy rate-frame-type-param assoc node-threshold 30
ids-policy rate-frame-type-param assoc node-time-interval 60
ids-policy rate-frame-type-param assoc node-quiet-time 900
ids-policy rate-frame-type-param disassoc channel-threshold 30
ids-policy rate-frame-type-param disassoc channel-inc-time 3
ids-policy rate-frame-type-param disassoc channel-quiet-time 900
ids-policy rate-frame-type-param disassoc node-threshold 30
ids-policy rate-frame-type-param disassoc node-time-interval 60
ids-policy rate-frame-type-param disassoc node-quiet-time 900
ids-policy rate-frame-type-param deauth channel-threshold 30
ids-policy rate-frame-type-param deauth channel-inc-time 3
ids-policy rate-frame-type-param deauth channel-quiet-time 900
ids-policy rate-frame-type-param deauth node-threshold 20
ids-policy rate-frame-type-param deauth node-time-interval 60
ids-policy rate-frame-type-param deauth node-quiet-time 900
ids-policy rate-frame-type-param probe-request channel-threshold 200
--More-- (q) quit (u) pageup (/) search (n) repeat
ids-policy rate-frame-type-param probe-request channel-inc-time 3
ids-policy rate-frame-type-param probe-request channel-quiet-time 900
ids-policy rate-frame-type-param probe-request node-threshold 200
ids-policy rate-frame-type-param probe-request node-time-interval 15
ids-policy rate-frame-type-param probe-request node-quiet-time 900
ids-policy rate-frame-type-param probe-response channel-threshold 200
ids-policy rate-frame-type-param probe-response channel-inc-time 3
ids-policy rate-frame-type-param probe-response channel-quiet-time 900
ids-policy rate-frame-type-param probe-response node-threshold 150
ids-policy rate-frame-type-param probe-response node-time-interval 15
ids-policy rate-frame-type-param probe-response node-quiet-time 900
ids-policy rate-frame-type-param auth channel-threshold 30
ids-policy rate-frame-type-param auth channel-inc-time 3
ids-policy rate-frame-type-param auth channel-quiet-time 900
ids-policy rate-frame-type-param auth node-threshold 30
ids-policy rate-frame-type-param auth node-time-interval 60
ids-policy rate-frame-type-param auth node-quiet-time 900
ids-signature "ASLEAP"
mode enable
frame-type beacon ssid asleap
!
ids-signature "Null-Probe-Response"
mode enable
frame-type probe-response ssid-length 0
--More-- (q) quit (u) pageup (/) search (n) repeat
!
ids-signature "AirJack"
mode enable
frame-type beacon ssid AirJack
!
ids-signature "NetStumbler Generic"
mode enable
payload 0x00601d 3
payload 0x0001 6
!
ids-signature "NetStumbler Version 3.3.0x"
mode enable
payload 0x00601d 3
payload 0x000102 12
!
ids-signature "Deauth-Broadcast"
mode enable
frame-type deauth
dst-mac ff:ff:ff:ff:ff:ff
!
!
site-survey calibration-max-packets 256
site-survey calibration-transmit-rate 500
site-survey rra-max-compute-time 600000
--More-- (q) quit (u) pageup (/) search (n) repeat
site-survey max-ha-neighbors 3
site-survey neighbor-tx-power-bump 2
site-survey ha-compute-time 0
arm min-scan-time 8
arm ideal-coverage-index 5
arm acceptable-coverage-index 2
arm wait-time 15
arm free-channel-index 25
arm backoff-time 240
arm error-rate-threshold 0
arm error-rate-wait-time 30
arm noise-threshold 0
arm noise-wait-time 120
ems server-ip 0.0.0.0
crypto isakmp groupname changeme
vpdn group l2tp
ppp authentication PAP
!
--More-- (q) quit (u) pageup (/) search (n) repeat
masterip 127.0.0.1
location "Building1.floor1"
mobility
parameters 60 buffer 32
manager disable
proxy-dhcp enable
station-masquerade enable
on-association disable
trusted-roam disable
ignore-l2-broadcast disable
block-dhcp-release disable
no new-user-roaming
max-dhcp-requests 4
secure 1000 shared-secret 4012c7accbe0f26bbb1703b4bf36dfa0
!
mobility-local
local-ha disable
!
mobagent
home-agent parameters 1000 bindings 300
secure-mobile spi 1000 3abd01a8027810fb5dad94d4bacadec7
foreign-agent parameters 1100 bindings 300 pending 0 pending-time 300
!
--More-- (q) quit (u) pageup (/) search (n) repeat
syslocation "1501 Wilson BLVD"
syscontact "Christina Antonetti"
snmp-server new traps
vpdn group pptp
no ppp authentication PAP
ppp authentication MSCHAPv2
!
stm dos-prevention enable
stm vlan-mobility disable
stm strict-compliance enable
stm fast-roaming disable
stm sta-dos-prevention enable
stm sta-dos-block-time 3600
stm auth-failure-block-time 0
stm coverage-hole-detection disable
stm good-rssi-threshold 20
stm poor-rssi-threshold 10
stm hole-detection-interval 180
stm good-sta-ageout 30
stm idle-sta-ageout 90
stm ap-inactivity-timeout 15
--More-- (q) quit (u) pageup (/) search (n) repeat
mux-address 0.0.0.0
adp discovery enable
adp igmp-join enable
adp igmp-vlan 0
voip prioritization enable
mgmt-role guest-provisioning
description "This is Default Super User Role"
permit local-userdb read write
!
mgmt-role root
description "This is Default Super User Role"
permit super-user
!
mgmt-user admin root b65b8ff25272bb5f9e17bea3f22d10e8560b34e4d81de262
no database synchronize
database synchronize rf-plan-data
--More-- (q) quit (u) pageup (/) search (n) repeat
ip igmp
!
ip router pim
!
ads netad mode disable
packet-capture-defaults tcp disable udp disable sysmsg disable other disable
end
#
More information about the cisco-nsp
mailing list